Design/Logic Flaw

The use of the RSA algorithm without OAEP, or any other padding scheme, in telnetdstartup, allows an unauthenticated attacker on the local area network to achieve a significant degree of control over the "plaintext" to which an arbitrary blob of ciphertext will be decrypted by OpenSSL's...

CVE-2022-0618

A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HTTP/2 frame. This vulnerability is caused by a logical error when parsing a HTTP/2 HEADERS or HTTP/2 PUSHPROMISE frame where the frame contains padding information...

CVE-2022-0618

A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HTTP/2 frame. This vulnerability is caused by a logical error when parsing a HTTP/2 HEADERS or HTTP/2 PUSHPROMISE frame where the frame contains padding information...

PT-2022-17157 · Openssl · Openssl

Name of the Vulnerable Software and Affected Versions: OpenSSL versions prior to K2 22.5.9.163 OpenSSL versions prior to K3C 32.1.15.93 Description: The issue allows an unauthenticated attacker on the local area network to gain control over the plaintext to which an arbitrary blob of ciphertext...

Miscomputation when performing AES encryption in rust-crypto

The following Rust program demonstrates some strangeness in AES encryption - if you have an immutable key slice and then operate on that slice, you get different encryption output than if you operate on a copy of that key. For these functions, we expect that extending a 16 byte key to a 32 byte k...

RUSTSEC-2022-0011 Miscomputation when performing AES encryption in rust-crypto

The following Rust program demonstrates some strangeness in AES encryption - if you have an immutable key slice and then operate on that slice, you get different encryption output than if you operate on a copy of that key. For these functions, we expect that extending a 16 byte key to a 32 byte k...

Security Bulletin: OpenSSL vulnerabilities affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center)

Summary Multiple OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL, used by IBM Spectrum Control formerly Tivoli Storage Productivity Center, has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2019-1552 DESCRIPTION: OpenSSL has internal defaults for a directo...

Security Bulletin: OpenSSL vulnerability affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-1559)

Summary An OpenSSL vulnerability was disclosed on February 26, 2019 by the OpenSSL Project. OpenSSL, used by IBM Spectrum Control formerly Tivoli Storage Productivity Center, has addressed the applicable CVE. Vulnerability Details CVE-ID: CVE-2019-1559 Description: OpenSSL could allow a remote...

GHSA-F5PG-7WFW-84Q9 CBC padding oracle issue in AWS S3 Crypto SDK for golang

Summary The golang AWS S3 Crypto SDK is impacted by an issue that can result in loss of confidentiality and message forgery. The attack requires write access to the bucket in question, and that the attacker has access to an endpoint that reveals decryption failures without revealing the plaintext...

GHSA-7F33-F4F5-XWGW In-band key negotiation issue in AWS S3 Crypto SDK for golang

Summary The golang AWS S3 Crypto SDK is impacted by an issue that can result in loss of confidentiality and message forgery. The attack requires write access to the bucket in question, and that the attacker has access to an endpoint that reveals decryption failures without revealing the plaintext...

Division by zero in TFLite

Impact An attacker can craft a TFLite model that would trigger a division by zero in the implementation of depthwise convolutions. The parameters of the convolution can be user controlled and are also used within a division operation to determine the size of the padding that needs to be added...

CVE-2022-21741

Tensorflow is an Open Source Machine Learning Framework. Impact An attacker can craft a TFLite model that would trigger a division by zero in the implementation of depthwise convolutions. The parameters of the convolution can be user controlled and are also used within a division operation to...

PYSEC-2022-120

Tensorflow is an Open Source Machine Learning Framework. Impact An attacker can craft a TFLite model that would trigger a division by zero in the implementation of depthwise convolutions. The parameters of the convolution can be user controlled and are also used within a division operation to...

PYSEC-2022-65

Tensorflow is an Open Source Machine Learning Framework. Impact An attacker can craft a TFLite model that would trigger a division by zero in the implementation of depthwise convolutions. The parameters of the convolution can be user controlled and are also used within a division operation to...

CVE-2022-21741

Tensorflow is an Open Source Machine Learning Framework. Impact An attacker can craft a TFLite model that would trigger a division by zero in the implementation of depthwise convolutions. The parameters of the convolution can be user controlled and are also used within a division operation to...

CVE-2022-21741 Division by zero in TFLite

Tensorflow is an Open Source Machine Learning Framework. Impact An attacker can craft a TFLite model that would trigger a division by zero in the implementation of depthwise convolutions. The parameters of the convolution can be user controlled and are also used within a division operation to...

PYSEC-2022-112

Tensorflow is an Open Source Machine Learning Framework. The implementation of StringNGrams can be used to trigger a denial of service attack by causing an out of memory condition after an integer overflow. We are missing a validation on padwitdh and that result in computing a negative value for...

PT-2022-15082 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.8.0 TensorFlow versions 2.7.1, 2.6.3, and 2.5.3 are also affected Description: An attacker can craft a TFLite model to trigger a division by zero in the implementation of depthwise convolutions. The parameters o...

Mageia: Security Advisory (MGASA-2019-0103)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2016-0196)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...