CVE-2021-20156

Trendnet AC2600 TEW-827DRU version 2.08B01 contains an improper access control configuration that could allow for a malicious firmware update. It is possible to manually install firmware that may be malicious in nature as there does not appear to be any signature validation done to determine if i...

GHSA-6W7G-P4JH-RF92 "Verify All" Returns Success Despite Validation Failures in Singularity

Impact The --all / -a option to singularity verify returns success even when some objects in a SIF container are not signed, or cannot be verified. The SIF objects that are not verified are reported in WARNING log messages, but a Container Verified message and exit code of 0 are returned. Workflo...

CVE-2021-43083

Apache PLC4X - PLC4C Only the C language implementation was effected was vulnerable to an unsigned integer underflow flaw inside the tcp transport. Users should update to 0.9.1, which addresses this issue. However, in order to exploit this vulnerability, a user would have to actively connect to a...

CVE-2021-43083

Apache PLC4X - PLC4C Only the C language implementation was effected was vulnerable to an unsigned integer underflow flaw inside the tcp transport. Users should update to 0.9.1, which addresses this issue. However, in order to exploit this vulnerability, a user would have to actively connect to a...

Integer overflow

Apache PLC4X - PLC4C Only the C language implementation was effected was vulnerable to an unsigned integer underflow flaw inside the tcp transport. Users should update to 0.9.1, which addresses this issue. However, in order to exploit this vulnerability, a user would have to actively connect to a...

CVE-2021-43083 Apache PLC4X 0.9.0 Buffer overflow in PLC4C via crafted server response

Apache PLC4X - PLC4C Only the C language implementation was effected was vulnerable to an unsigned integer underflow flaw inside the tcp transport. Users should update to 0.9.1, which addresses this issue. However, in order to exploit this vulnerability, a user would have to actively connect to a...

Fix of CVE: CVE-2018-18605, CVE-2019-12972, CVE-2016-4490, CVE-2018-6543, CVE-2018-19931, CVE-2018-10535, CVE-2019-17450, CVE-2018-7643, CVE-2016-4487, CVE-2016-4492, CVE-2018-20002, CVE-2018-1000876, CVE-2019-9073, CVE-2019-9075, CVE-2018-20671, CVE-2016-4488, CVE-2018-7568, CVE-2018-7642, CVE-2018-10373, CVE-2018-6323, CVE-2016-2226, CVE-2016-4493, CVE-2018-19932, CVE-2018-6759, CVE-2019-9077, CVE-2018-18607, CVE-2018-8945, CVE-2018-7208, CVE-2016-6131, CVE-2018-13033, CVE-2018-20623, CVE-2019-14444, CVE-2018-18309, CVE-2018-18606, CVE-2018-7569, CVE-2016-4489

CVE-2018-6323: Fix unsigned integer overflow - CVE-2018-19931: Fix heap-based buffer overflow in bfdelf32swapphdrin - CVE-2018-6543: Fix integer overflow - CVE-2018-20671: Fix integer overflow vulnerability - CVE-2018-6759: Fix segmentation fault - CVE-2018-7208: Fix segmentation fault -...

DEBIAN-CVE-2020-16155

The CPAN::Checksums package 2.12 for Perl does not uniquely define signed data...

CVE-2020-16155

The CPAN::Checksums package 2.12 for Perl does not uniquely define signed data...

A review of Azure Sphere vulnerabilities: Unsigned code execs, kernel bugs, escalation chains and firmware downgrades

Summary of all the vulnerabilities reported by Cisco Talos in Microsoft Azure Sphere By Claudio Bozzato and Lilith . In May 2020, Microsoft kicked off the Azure Sphere Security Research Challenge, a three-month initiative aimed at finding bugs in Azure Sphere. In the first three months,... This i...

CVE-2021-34420

The Zoom Client for Meetings for Windows installer before version 5.5.4 does not properly verify the signature of files with .msi, .ps1, and .bat extensions. This could lead to a malicious actor installing malicious software on a customer’s computer...

Zoom Client 数据伪造问题漏洞

ZOOM Client is a video conferencing client application from ZOOM USA that supports multiple platforms. A data forgery issue vulnerability exists in the windows installer of Zoom Client for Meetings versions prior to 5.5.4, which originates from not properly verifying the signatures of files with...

lasso: XML signature wrapping vulnerability when parsing SAML responses

An XML Signature Wrapping XSW vulnerability was found in Lasso. This flaw allows an attacker to modify a valid SAML response to include an unsigned SAML assertion, which may be used to impersonate another valid user recognized by the service using Lasso. The highest threat from this vulnerability...

kernel: local escalation of privileges in handling of eBPF programs

An out-of-bounds access flaw was found in the Linux kernel’s implementation of the eBPF code verifier, where an incorrect register bounds calculation while checking unsigned 32-bit instructions in an eBPF program occurs.. By default accessing the eBPF verifier is only accessible to privileged use...

coreos-installer: incorrect signature verification on gzip-compressed install images

An improper signature verification vulnerability was found in coreos-installer. A specially crafted gzip installation image can bypass the image signature verification and as a consequence can lead to the installation of unsigned content. An attacker able to modify the original installation image...

Incorrect Signature Verification

coreos-installer is using incorrect signature verification. A specially crafted gzip installation image can bypass the image signature verification and as a consequence can lead to the installation of unsigned content. An attacker able to modify the original installation image can write arbitrary...

OSV-2021-1518 UNKNOWN READ in bool OT::OffsetTo<OT::ClipBox, OT::IntType<unsigned int, 3u>, true>::serialize_c

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40540 Crash type: UNKNOWN READ Crash state: bool OT::OffsetTo, true::serializec OT::ClipList::serializecliprecords OT::ClipList::subset...

coreos-installer: incorrect signature verification on gzip-compressed install images

An improper signature verification vulnerability was found in coreos-installer. A specially crafted gzip installation image can bypass the image signature verification and as a consequence can lead to the installation of unsigned content. An attacker able to modify the original installation image...

coreos-installer: incorrect signature verification on gzip-compressed install images

An improper signature verification vulnerability was found in coreos-installer. A specially crafted gzip installation image can bypass the image signature verification and as a consequence can lead to the installation of unsigned content. An attacker able to modify the original installation image...

coreos-installer: incorrect signature verification on gzip-compressed install images

An improper signature verification vulnerability was found in coreos-installer. A specially crafted gzip installation image can bypass the image signature verification and as a consequence can lead to the installation of unsigned content. An attacker able to modify the original installation image...