The vulnerability of the Exim message transfer agent, related to insufficient validation of input data, allows attackers to circumvent security restrictions set by users.

The vulnerability of the Exim message transfer agent is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to circumvent security restrictions set by the user...

ofcms v1.1.4 backend existence of arbitrary file reading vulnerability

OFCMS is a content management system developed based on java technology. OFCMS v1.1.4 there are arbitrary file reading vulnerabilities in the background, the vulnerability stems from the program fails to properly validate the user data, remote attackers can use the vulnerability to read the...

The vulnerability of the Squid proxy server arises from insufficient validation of the data entered by users during the sending of HTTP responses. This allows attackers to trigger a service failure.

The vulnerability of the Squid proxy server exists due to insufficient validation of the data entered by users when sending HTTP responses. Exploiting this vulnerability allows a malicious actor to cause service interruptions remotely...

HPE Fixes Critical Zero-Day in SIM

Hewlett Packard Enterprise HPE has fixed a critical zero-day remote code execution RCE flaw in its HPE Systems Insight Manager SIM software for Windows that it originally disclosed in December. HPE SIM is a tool that enables remote support automation and management for a variety of HPE servers,...

Fedora: Security Advisory for python-pydantic (FEDORA-2021-4d3de3183f)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for python-pydantic (FEDORA-2021-f8bb3ba3ec)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Foxit PhantomPDF 安全漏洞

Foxit PhantomPDF is a PDF document reader from the Chinese company Foxit. A security vulnerability exists in Foxit PhantomPDF that stems from a lack of proper validation of user-supplied data, which could allow a remote attacker to execute arbitrary code...

Cisco WebEx Network Recording Player ARF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cisco WebEx Network Recording Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...

The vulnerability of the Windows Desktop Bridge application converter in Microsoft Windows operating systems allows a hacker to trigger a service failure.

The vulnerability of the Windows Desktop Bridge application converter in Microsoft Windows operating systems is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service failures...

Apple Safari 跨站脚本漏洞

Apple Safari is a web browser from Apple, Inc. and is the default browser that comes with Mac OS X and iOS operating systems. A cross-site scripting vulnerability exists in Apple Safari. The vulnerability stems from a lack of proper validation of client-side data by the web application. An attack...

Gris CMS 跨站脚本漏洞

Gris CMS is a flat file CMS for developers and Markdown enthusiasts. A cross-site scripting vulnerability exists in Gris CMS v0.1, which stems from a lack of proper validation of client data in the web application, and can be exploited by an attacker to inject malicious JavaScript code to steal...

Undefined behavior and `CHECK`-fail in `FractionalMaxPoolGrad`

Impact The implementation of tf.rawops.FractionalMaxPoolGrad triggers an undefined behavior if one of the input tensors is empty: python import tensorflow as tf originput = tf.constant2, 3, shape=1, 1, 1, 2, dtype=tf.int64 origoutput = tf.constant, dtype=tf.int64 outbackprop = tf.zeros2, 3, 6, 6,...

[SECURITY] Fedora 34 Update: python-pydantic-1.7.4-1.fc34

Data validation and settings management using python type hinting...

[SECURITY] Fedora 33 Update: python-pydantic-1.6.2-1.fc33

Data validation and settings management using python type hinting...

WordPress plugin SQL injection vulnerability (CNVD-2021-37479)

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . A SQL injection vulnerability exists in Goto WordPress...

Huawei CloudEngine Buffer Overflow Vulnerability

Huawei CloudEngine 12800 and others are products of Huawei, China.Huawei CloudEngine 12800 is a 12800 series data center switch.Huawei Cloudengine 5800 is a 5800 series data center switch.Huawei Cloudengine 6800 is a 6800 series data center switch. Huawei CloudEngine has a buffer error...

Huawei CloudEngine 缓冲区错误漏洞

Huawei CloudEngine 12800 and others are products of Huawei, China.Huawei CloudEngine 12800 is a 12800 series data center switch.Huawei Cloudengine 5800 is a 5800 series data center switch.Huawei Cloudengine 6800 is a 6800 series data center switch. Huawei CloudEngine has a buffer error...

The vulnerability of the VideoLAN VLC media player lies in its lack of proper input data validation, allowing a hacker to execute arbitrary code.

The vulnerability of the VideoLAN VLC media player exists due to insufficient checking of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially created playback list...

openSUSE Security Update : Chromium (openSUSE-2021-629)

This update for chromium fixes the following issues : - Chromium was updated to 90.0.4430.93 boo1184764,boo1185047,boo1185398 - CVE-2021-21227: Insufficient data validation in V8. - CVE-2021-21232: Use after free in Dev Tools. - CVE-2021-21233: Heap buffer overflow in ANGLE. - CVE-2021-21228:...

Out-of-bounds

TensorFlow is an end-to-end open source platform for machine learning. The implementations of the Minimum and Maximum TFLite operators can be used to read data outside of bounds of heap allocated objects, if any of the two input tensor arguments are empty. This is because the broadcasting...