14 matches found
EUVD-2021-11031
Malware in sbrugna...
EUVD-2022-29547
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2021-24119
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level administrator attackers to obtain information...
SUSE CVE-2022-24675
encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data...
Important: runc
Issue Overview: Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid. CVE-2022-1705 Uncontrolled...
golang: encoding/pem: fix stack overflow in Decode
A buffer overflow flaw was found in Golang's library encoding/pem. This flaw allows an attacker to use a large PEM input more than 5 MB, causing a stack overflow in Decode, which leads to a loss of availability...
golang: encoding/pem: fix stack overflow in Decode
A buffer overflow flaw was found in Golang's library encoding/pem. This flaw allows an attacker to use a large PEM input more than 5 MB, causing a stack overflow in Decode, which leads to a loss of availability...
DEBIAN-CVE-2021-24116
In wolfSSL through 4.6.0, a side-channel vulnerability in base64 PEM file decoding allows system-level administrator attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped,...
User Enumeration
Overview Affected versions of this package are vulnerable to User Enumeration. In wolfSSL through 4.6.0, a side-channel vulnerability in base64 PEM file decoding allows system-level administrator attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attac...
UBUNTU-CVE-2021-24119
In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level administrator attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single...
Code injection
In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level administrator attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single...
UBUNTU-CVE-2021-24116
In wolfSSL through 4.6.0, a side-channel vulnerability in base64 PEM file decoding allows system-level administrator attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped,...
Trusted Firmware M 安全漏洞
ARM Trusted Firmware M TFM is an open source software from ARM UK. It provides a set of highly configurable software components to create a trusted execution environment. A security vulnerability exists in Trusted Firmware Mbed TLS that stems from a side-channel vulnerability in base64 PEM file...
wolfSSL 安全漏洞
Wolfssl CyaSSL is a small, portable embedded SSL programming library for use by embedded systems developers from Wolfssl, Inc. in the United States. A security vulnerability exists in wolfSSL due to an observable timing difference in base64 PEM decoding. A local user could gain access to sensitiv...