Crash caused by integer conversion to unsigned

Impact An attacker can cause a denial of service in boostedtreescreatequantilestreamresource by using negative arguments: python import tensorflow as tf from tensorflow.python.ops import genboostedtreesops import numpy as np v= tf.Variable0.0, 0.0, 0.0, 0.0, 0.0...

Dozens of STARTTLS Related Flaws Found Affecting Popular Email Clients

Security researchers have disclosed as many as 40 different vulnerabilities associated with an opportunistic encryption mechanism in mail clients and servers that could open the door to targeted man-in-the-middle MitM attacks, permitting an intruder to forge mailbox content and steal credentials...

Integer overflow

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause a denial of service in boostedtreescreatequantilestreamresource by using negative arguments. The implementation does not validate that numstreams only contains non-negative numbers. I...

ASB-A-185126149

In onResume of VoicemailSettingsFragment.java, there is a possible way to retrieve a trackable identifier without permissions due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for...

Violation of implicit constraints in batched operations may break protocol assumptions

Handle 0xRajeev Vulnerability details Impact The Ladle batching of operations is a complex task as noted by the project lead which has implicit constraints on what operations can be bundled together in a batch, which operations can/have-to appear how many times and in what order/sequence etc. Som...

Kiali Authentication Bypass vulnerability

An authentication bypass vulnerability was found in Kiali in versions before 1.31.0 when the authentication strategy OpenID is used. When RBAC is enabled, Kiali assumes that some of the token validation is handled by the underlying cluster. When OpenID implicit flow is used with RBAC turned off,...

GHSA-GGJR-2F7V-VHQ4 Kiali Authentication Bypass vulnerability

An authentication bypass vulnerability was found in Kiali in versions before 1.31.0 when the authentication strategy OpenID is used. When RBAC is enabled, Kiali assumes that some of the token validation is handled by the underlying cluster. When OpenID implicit flow is used with RBAC turned off,...

CVE-2021-20278

An authentication bypass vulnerability was found in Kiali in versions before 1.31.0 when the authentication strategy OpenID is used. When RBAC is enabled, Kiali assumes that some of the token validation is handled by the underlying cluster. When OpenID implicit flow is used with RBAC turned off,...

CVE-2021-20278

An authentication bypass vulnerability was found in Kiali in versions before 1.31.0 when the authentication strategy OpenID is used. When RBAC is enabled, Kiali assumes that some of the token validation is handled by the underlying cluster. When OpenID implicit flow is used with RBAC turned off,...

Authentication flaw

An authentication bypass vulnerability was found in Kiali in versions before 1.31.0 when the authentication strategy OpenID is used. When RBAC is enabled, Kiali assumes that some of the token validation is handled by the underlying cluster. When OpenID implicit flow is used with RBAC turned off,...

CVE-2021-20278

An authentication bypass vulnerability was found in Kiali in versions before 1.31.0 when the authentication strategy OpenID is used. When RBAC is enabled, Kiali assumes that some of the token validation is handled by the underlying cluster. When OpenID implicit flow is used with RBAC turned off,...

CVE-2021-20278

Kiali has an authentication bypass vulnerability affecting versions before 1.31.0 when using OpenID with implicit flow and RBAC turned off. The issue arises because token validation is expected to be handled by the underlying cluster only when RBAC is enabled; with RBAC disabled and OpenID implic...

PT-2021-13870 · Kiali · Kiali

Name of the Vulnerable Software and Affected Versions: Kiali versions prior to 1.31.0 Description: An authentication bypass issue was found when the authentication strategy OpenID is used. The problem arises when Kiali assumes some token validation is handled by the underlying cluster with RBAC...

Nextcloud: Notification implicit PendingIntent in com.nextcloud.client allows to access contacts

When the victim downloads files in nextcloud.A notification will be triggered. The content of the notification is "Downloaded".This notification is used to remind the user that the download is complete.The pendingintent in this notification is an implicit intent. At this time a malicious app with...

OESA-2021-1107 glib2 security update

GLib is a bundle of three formerly five low-level system libraries written in C and developed mainly by GNOME. GLib's code was separated from GTK, so it can be used by software other than GNOME and has been developed in parallel ever since. Security Fixes: An issue was discovered in GNOME GLib...

CVE-2021-25352

Using PendingIntent with implicit intent in Bixby Voice prior to version 3.0.52.14 allows attackers to execute privileged action by hijacking and modifying the intent...

Information disclosure

Using PendingIntent with implicit intent in Bixby Voice prior to version 3.0.52.14 allows attackers to execute privileged action by hijacking and modifying the intent...

CVE-2021-25352

Affected product/component: Samsung Bixby Voice. Vulnerability: Privilege escalation via hijacking/modifying a PendingIntent with implicit intents. Root cause: Implicit PendingIntent handling allows an attacker to execute privileged actions when interacting with Bixby Voice. Affected versions: pr...

CVE-2021-25352

Using PendingIntent with implicit intent in Bixby Voice prior to version 3.0.52.14 allows attackers to execute privileged action by hijacking and modifying the intent...

CVE-2021-20278

An authentication bypass vulnerability was found in Kiali when the authentication strategy OpenID is used. When RBAC is enabled, Kiali assumes that some of the token validation is handled by the underlying cluster. When OpenID implicit flow is used with RBAC turned off, this token validation...