CVE-2022-25836

CVE-2022-25836 affects Bluetooth Low Energy Pairing in Bluetooth Core Specification v4.0–v5.3. An unauthenticated MITM can exploit two pairing devices with adjacent access by negotiating Legacy Passkey Pairing (Initiator) and Secure Connections Passkey Pairing (Responder), then brute-forcing the ...

PT-2022-5922

Name of the Vulnerable Software and Affected Versions Bluetooth Core Specification versions 4.0 through 5.3 Linux kernel affected versions not specified Description The issue is related to errors in the authentication procedure of the Bluetooth Low Energy driver in the Linux kernel. It may allow ...

Bluetooth Core Specification 安全漏洞

The Bluetooth Core Specification is a specification. Defines the technical building blocks used by developers to create the interoperable devices that make up the thriving Bluetooth ecosystem. Overseen by the Bluetooth Special Interest Group SIG and regularly updated and enhanced by the Bluetooth...

Amazon Linux 2022 : gcc (ALAS2022-2022-222)

The version of gcc installed on the remote host is prior to 11.3.1-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-222 advisory. - An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering...

EulerOS 2.0 SP8 : binutils (EulerOS-SA-2022-2789)

According to the versions of the binutils packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Assertion fail in the displaydebugnames function in binutils/dwarf.c may lead to program crash and denial of service.CVE-2022-38126 An issue was...

netty: control chars in header names may lead to HTTP request smuggling

A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling...

Adobe: DOM XSS at `https://adobedocs.github.io/OAE_PartnerAPI/?configUrl={site}` due to outdated Swagger UI

Vulnerability description not provided...

EulerOS Virtualization 3.0.6.6 : binutils (EulerOS-SA-2022-2487)

According to the versions of the binutils packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - DISPUTED An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visua...

[SECURITY] Fedora 37 Update: libofx-0.10.7-2.fc37

This is the LibOFX library. It is a API designed to allow applications to very easily support OFX command responses, usually provided by financial institutions. See http://www.ofx.net/ofx/default.asp for details and specification...

[SECURITY] Fedora 37 Update: libdwarf-0.4.2-1.fc37

Library to access the DWARF debugging file format which supports source level debugging of a number of procedural languages, such as C, C++, and Fortran. Please see http://www.dwarfstd.org for DWARF specification...

Go-tuf Improperly handles multiple key IDs for the same public keys in attacker-controlled metadata

Issue If an attacker is able to control a threshold of keys to insert the same public key more than once with different key IDs into signed, trusted metadata on a TUF repository, then go-tuf clients 0.3.2 are susceptible to an attack where attackers can cause the same signature from the same publ...

GHSA-3633-5H82-39PQ Go-tuf Improperly handles multiple key IDs for the same public keys in attacker-controlled metadata

Issue If an attacker is able to control a threshold of keys to insert the same public key more than once with different key IDs into signed, trusted metadata on a TUF repository, then go-tuf clients 0.3.2 are susceptible to an attack where attackers can cause the same signature from the same publ...

Amazon Linux 2022 : cpp, gcc, gcc-c++ (ALAS2022-2022-057)

It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-057 advisory. A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. An attacker could exploit this to deceiv...

CVE-2022-31152

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix specification specifies a list of event authorization rules which must be checked when determining if an event should be accepted into a room. In versions of Synapse up to and including...

SUSE: Security Advisory (SUSE-SU-2022:2960-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-20201105.2267)

The version of AHV installed on the remote host is prior to 20201105.2267. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-20201105.2267 advisory. - NSS Network Security Services versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when...

Tabnabbing on spec-disrespecting browsers

Some browsers do not comply with the 2021 HTML specification, meaning that an attacker can redirect the parent window. This applies to links in descriptions // Create a new card // Add https://someevilsite.com to card // Now the site can do the following:...

[SECURITY] Fedora 36 Update: pack-0.27.0-3.fc36

pack is a CLI implementation of the Platform Interface Specification for Cloud Native Buildpacks...

Fedora: Security Advisory for golang-github-appc-goaci (FEDORA-2022-5ef0bd9a27)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for golang-github-appc-spec (FEDORA-2022-5ef0bd9a27)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...