TensorFlow vulnerable to `CHECK` fail in `DenseBincount`
Impact DenseBincount assumes its input tensor weights to either have the same shape as its input tensor input or to be length-0. A different weights shape will trigger a CHECK fail that can be used to trigger a denial of service attack. python import tensorflow as tf binary_output = True input =...
1.6AI Score
0.001EPSS
Missing validation crashes `QuantizeAndDequantizeV4Grad`
Impact The implementation of tf.raw_ops.QuantizeAndDequantizeV4Grad does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack: ```python import tensorflow as tf tf.raw_ops.QuantizeAndDequantizeV4Grad( ...
5.5CVSS
3.5AI Score
0.001EPSS
TensorFlow vulnerable to `CHECK` fail in `FakeQuantWithMinMaxVarsPerChannelGradient`
Impact When tf.quantization.fake_quant_with_min_max_vars_per_channel_gradient receives input min or max of rank other than 1, it gives a CHECK fail that can trigger a denial of service attack. python import tensorflow as tf arg_0=tf.random.uniform(shape=(1,1), dtype=tf.float32, maxval=None)...
3.2AI Score
0.001EPSS
CVE-2022-41956 Autolab is vulnerable to file disclosure via remote handin feature
Autolab is a course management service, initially developed by a team of students at Carnegie Mellon University, that enables instructors to offer autograded programming assignments to their students over the Web. A file disclosure vulnerability was discovered in Autolab's remote handin feature,...
6.6AI Score
0.001EPSS
The sound of you typing on your keyboard could reveal your password
As if password authentication's coffin needed any more nails, researchers in the UK have discovered yet another way to hammer one in. The technique, developed at Durham University, the University of Surrey, and Royal Holloway University of London, builds on previous work to produce a more accurate....
7AI Score
TensorFlow vulnerable to `CHECK` fail in `FakeQuantWithMinMaxVarsGradient`
Impact When tf.quantization.fake_quant_with_min_max_vars_gradient receives input min or max that is nonscalar, it gives a CHECK fail that can trigger a denial of service attack. python import tensorflow as tf import numpy as np arg_0=tf.constant(value=np.random.random(size=(2, 2)), shape=(2, 2),...
2.7AI Score
0.001EPSS
Missing validation results in undefined behavior in `QuantizedConv2D`
Impact The implementation of tf.raw_ops.QuantizedConv2D does not fully validate the input arguments: ```python import tensorflow as tf input = tf.constant(1, shape=[1, 2, 3, 3], dtype=tf.quint8) filter = tf.constant(1, shape=[1, 2, 3, 3], dtype=tf.quint8) bad args min_input = tf.constant([],...
5.5CVSS
1.8AI Score
0.001EPSS
Missing validation causes denial of service via `UnsortedSegmentJoin`
Impact The implementation of tf.raw_ops.UnsortedSegmentJoin does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack: ```python import tensorflow as tf tf.raw_ops.UnsortedSegmentJoin( inputs=tf.constant("this",...
5.5CVSS
3.4AI Score
0.001EPSS
TensorFlow vulnerable to segfault in `SparseBincount`
Impact If SparseBincount is given inputs for indices, values, and dense_shape that do not make a valid sparse tensor, it results in a segfault that can be used to trigger a denial of service attack. python import tensorflow as tf binary_output = True indices = tf.random.uniform(shape=[],...
3AI Score
0.001EPSS
Missing validation causes denial of service via `LoadAndRemapMatrix`
Impact The implementation of tf.raw_ops.LoadAndRemapMatrix does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack: ```python import tensorflow as tf ckpt_path = tf.constant( ...
5.5CVSS
3.1AI Score
0.001EPSS
TensorFlow vulnerable to `CHECK` fail in `ParameterizedTruncatedNormal`
Impact ParameterizedTruncatedNormal assumes shape is of type int32. A valid shape of type int64 results in a mismatched type CHECK fail that can be used to trigger a denial of service attack. python import tensorflow as tf seed = 1618 seed2 = 0 shape = tf.random.uniform(shape=[3], minval=-10000,...
1.9AI Score
0.001EPSS
The sound of you typing on your keyboard could reveal your password
As if password authentication's coffin needed any more nails, researchers in the UK have discovered yet another way to hammer one in. The technique, developed at Durham University, the University of Surrey, and Royal Holloway University of London, builds on previous work to produce a more accurate....
7AI Score
Integer overflows in Tensorflow
Impact The implementations of SparseCwise ops are vulnerable to integer overflows. These can be used to trigger large allocations (so, OOM based denial of service) or CHECK-fails when building new TensorShape objects (so, assert failures based denial of service): ```python import tensorflow as...
6.5CVSS
3AI Score
0.002EPSS
Integer overflows in Tensorflow
Impact The implementation of AddManySparseToTensorsMap is vulnerable to an integer overflow which results in a CHECK-fail when building new TensorShape objects (so, an assert failure based denial of service): ```python import tensorflow as tf import numpy as np...
6.5CVSS
2.3AI Score
0.002EPSS
TensorFlow vulnerable to `CHECK` failures in `UnbatchGradOp`
Impact The UnbatchGradOp function takes an argument id that is assumed to be a scalar. A nonscalar id can trigger a CHECK failure and crash the program. ```python import numpy as np import tensorflow as tf id is not scalar tf.raw_ops.UnbatchGrad(original_input=...
0.3AI Score
0.001EPSS
Missing validation causes denial of service via `SparseTensorToCSRSparseMatrix`
Impact The implementation of tf.raw_ops.SparseTensorToCSRSparseMatrix does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack: ```python import tensorflow as tf indices = tf.constant(53, shape=[3], dtype=tf.int64) values.....
5.5CVSS
4.3AI Score
0.001EPSS
Segfault and OOB write due to incomplete validation in `EditDistance` in TensorFlow
Impact The implementation of tf.raw_ops.EditDistance has incomplete validation. Users can pass negative values to cause a segmentation fault based denial of service: ```python import tensorflow as tf hypothesis_indices = tf.constant(-1250999896764, shape=[3, 3], dtype=tf.int64) hypothesis_values...
7.1CVSS
1.5AI Score
0.001EPSS
Code injection in `saved_model_cli` in TensorFlow
Impact TensorFlow's saved_model_cli tool is vulnerable to a code injection: saved_model_cli run --input_exprs 'x=print("malicious code to run")' --dir ./ --tag_set serve --signature_def serving_default This can be used to open a reverse shell saved_model_cli...
7.8CVSS
1AI Score
0.001EPSS
TensorFlow vulnerable to segfault in `BlockLSTMGradV2`
Impact The implementation of BlockLSTMGradV2 does not fully validate its inputs. - wci, wcf, wco, b must be rank 1 - w, cs_prev,h_prevmust be rank 2 -x` must be rank 3 This results in a a segfault that can be used to trigger a denial of service attack. ```python import tensorflow as tf...
1.4AI Score
0.001EPSS
chromium -- multiple security fixes
Chrome Releases reports: This update includes 7 security fixes: [1491459] High CVE-2023-6348: Type Confusion in Spellcheck. Reported by Mark Brand of Google Project Zero on 2023-10-10 [1494461] High CVE-2023-6347: Use after free in Mojo. Reported by Leecraso and Guang Gong of 360 Vulnerability...
7.9AI Score
0.053EPSS
About the security content of iOS 17.2 and iPadOS 17.2
About the security content of iOS 17.2 and iPadOS 17.2 This document describes the security content of iOS 17.2 and iPadOS 17.2. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches...
7.8AI Score
0.002EPSS
University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c) without preventing argument injection, which might allow...
7.5CVSS
7.8AI Score
0.953EPSS
Fedora: Security Advisory for exim (FEDORA-2023-f1c8e4c1cc)
The remote host is missing an update for...
7.6AI Score
0.001EPSS
OAuthenticator is an OAuth token library for the JupyerHub login handler. CILogonOAuthenticator is provided by the OAuthenticator package, and lets users log in to a JupyterHub via CILogon. This is primarily used to restrict a JupyterHub only to users of a given institute. The allowed_idps...
6.5CVSS
6.4AI Score
0.001EPSS
Stable Channel Update for Desktop
The Stable channel has been updated to 119.0.6045.199 for Mac and Linux and 119.0.6045.199/.200 for Windows, which will roll out over the coming days/weeks. A full list of changes in this build is available in the log. Security Fixes and Rewards Note: Access to bug details and links may be kept...
8.1AI Score
0.053EPSS
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-23:17.pf Security Advisory The FreeBSD Project Topic: TCP spoofing vulnerability in pf(4) Category: core Module: pf Announced: 2023-12-05 Credits: Yuxiang Yang,.....
6.9AI Score
0.0005EPSS
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.0 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available/known public exploitation Vendor: FXC Equipment: AE1021, AE1021PE Vulnerability: OS Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability...
9.2AI Score
0.003EPSS
6.9AI Score
0.029EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Izmir Katip Celebi University UBYS allows Stored XSS.This issue affects UBYS: before...
5.4CVSS
5.5AI Score
0.001EPSS
github-slug-action vulnerable to arbitrary code execution
Impact This action uses the github.head_ref parameter in an insecure way. This vulnerability can be triggered by any user on GitHub on any workflow using the action on pull requests. They just need to create a pull request with a branch name, which can contain the attack payload. (Note that...
3AI Score
0.001EPSS
New 5G Modem Flaws Affect iOS Devices and Android Models from Major Brands
A collection of security flaws in the firmware implementation of 5G mobile network modems from major chipset vendors such as MediaTek and Qualcomm impact USB and IoT modems as well as hundreds of smartphone models running Android and iOS. Of the 14 flaws – collectively called 5Ghoul (a combination....
7.5CVSS
7.3AI Score
0.0004EPSS
9.8AI Score
0.003EPSS
PostgreSQL 15.x < 15.4 Protection Mechanism Failure
The version of PostgreSQL installed on the remote host is 15 prior to 15.4. As such, it is potentially affected by a vulnerability : PostgreSQL 15 introduced the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT...
5AI Score
SAML XML Signature wrapping in PySAML2
Impact All users of pysaml2 that use the default CryptoBackendXmlSec1 backend and need to verify signed SAML documents are impacted. pysaml2 <= 6.4.1 does not validate the SAML document against an XML schema. This allows invalid XML documents to trick the verification process, by presenting...
6.5CVSS
2.4AI Score
0.001EPSS
Researchers at the University of Cambridge reported a vulnerability affecting Fisheye and Crucible where special characters, known as Unicode bidirectional override characters, are not rendered or displayed in the affected applications. These special characters are typically not displayed by the...
2.8AI Score
0.002EPSS
Consumer cyberthreats: predictions for 2024
In our previous summary of consumer predictions, we delved into tactics that we expected scammers and cybercriminals to use in 2023. As anticipated, they capitalized on major events and cultural crazes, using tricks that ranged from fake Barbie doll deals to exploiting the buzz around long-awaited....
7.3AI Score
django-ucamlookup Cross-site Scripting vulnerability
A vulnerability classified as problematic was found in University of Cambridge django-ucamlookup up to 1.9.1. Affected by this vulnerability is an unknown functionality of the component Lookup Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading...
1.8AI Score
0.001EPSS
** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic was found in University of Cambridge django-ucamlookup up to 1.9.1. Affected by this vulnerability is an unknown functionality of the component Lookup Handler. The manipulation leads to cross.....
6AI Score
0.001EPSS
Session fixation in fastify-passport
Applications using @fastify/passport for user authentication, in combination with @fastify/session as the underlying session management mechanism, are vulnerable to session fixation attacks from network and same-site attackers. Details fastify applications rely on the @fastify/passport library for....
5.9AI Score
0.001EPSS
Negative charge in shopping cart in Shopizer
Impact Using API or Controller based versions negative quantity is not adequately validated hence creating incorrect shopping cart and order total. Patches Adding a back-end verification to check that quantity parameter isn't negative. If so, it is set to 1. Patched in 2.11.0 Workarounds Without...
6.5CVSS
2.9AI Score
0.001EPSS
CSRF token fixation in fastify-passport
The CSRF protection enforced by the @fastify/csrf-protection library, when combined with @fastify/passport, can be bypassed by network and same-site attackers. Details fastify/csrf-protection implements the synchronizer token pattern (using plugins @fastify/session and @fastify/secure-session) by.....
6.2AI Score
0.001EPSS
ReDoS in Sec-Websocket-Protocol header
Impact A specially crafted value of the Sec-Websocket-Protocol header can be used to significantly slow down a ws server. Proof of concept ```js for (const length of [1000, 2000, 4000, 8000, 16000, 32000]) { const value = 'b' + ' '.repeat(length) + 'x'; const start = process.hrtime.bigint();...
5.3CVSS
2.2AI Score
0.002EPSS
Bypass of CSRF protection in the presence of predictable userInfo
Description The CSRF protection enforced by the @fastify/csrf-protection library in combination with @fastify/cookie can be bypassed from network and same-site attackers under certain conditions. @fastify/csrf-protection supports an optional userInfo parameter that binds the CSRF token to the...
6.3AI Score
0.001EPSS
Session fixation in fastify-passport
Applications using @fastify/passport for user authentication, in combination with @fastify/session as the underlying session management mechanism, are vulnerable to session fixation attacks from network and same-site attackers. Details fastify applications rely on the @fastify/passport library for....
5.9AI Score
0.001EPSS
CSRF token fixation in fastify-passport
The CSRF protection enforced by the @fastify/csrf-protection library, when combined with @fastify/passport, can be bypassed by network and same-site attackers. Details fastify/csrf-protection implements the synchronizer token pattern (using plugins @fastify/session and @fastify/secure-session) by.....
6.2AI Score
0.001EPSS
Bypass of CSRF protection in the presence of predictable userInfo
Description The CSRF protection enforced by the @fastify/csrf-protection library in combination with @fastify/cookie can be bypassed from network and same-site attackers under certain conditions. @fastify/csrf-protection supports an optional userInfo parameter that binds the CSRF token to the...
6.3AI Score
0.001EPSS
OAuthenticator is an OAuth token library for the JupyerHub login handler. CILogonOAuthenticator is provided by the OAuthenticator package, and lets users log in to a JupyterHub via CILogon. This is primarily used to restrict a JupyterHub only to users of a given institute. The allowed_idps...
6.5CVSS
1.5AI Score
0.001EPSS
Experts Uncover Passive Method to Extract Private RSA Keys from SSH Connections
A new study has demonstrated that it's possible for passive network attackers to obtain private RSA host keys from a vulnerable SSH server by observing when naturally occurring computational faults that occur while the connection is being established. The Secure Shell (SSH) protocol is a method...
7AI Score
[SECURITY] Fedora 39 Update: exim-4.96.2-1.fc39
Exim is a message transfer agent (MTA) developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal....
7.2AI Score
0.001EPSS
JSPUI spellcheck and autocomplete tools vulnerable to Cross Site Scripting
Impact The JSPUI spellcheck "Did you mean" HTML escapes the data-spell attribute in the link, but not the actual displayed text. Similarly, the JSPUI autocomplete HTML does not properly escape text passed to it. Both are vulnerable to XSS. This vulnerability only impacts the JSPUI. This...
-0.1AI Score
0.001EPSS