Lucene search
K

114 matches found

FreeBSD
FreeBSD
added 2023/08/30 12:0 a.m.33 views

electron24 -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-4427. Security: backported fix for CVE-2023-4428. Security: backported fix for CVE-2023-4430. Security: backported fix for CVE-2023-4572...

8.8CVSS8.4AI score0.3398EPSS
Exploits0References4
FreeBSD
FreeBSD
added 2023/06/14 12:0 a.m.38 views

electron22 -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2023-2724. Security: backported fix for CVE-2023-2723. Security: backported fix for CVE-2023-2725. Security: backported fix for CVE-2023-2721. Security: backported fix for CVE-2023-3079...

8.8CVSS7AI score0.32724EPSS
Exploits5References11
UbuntuCve
UbuntuCve
added 2023/06/07 12:0 a.m.28 views

CVE-2023-32636

A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect gli...

7.5CVSS6.8AI score0.0078EPSS
Exploits0References4
The Hacker News
The Hacker News
added 2023/03/28 3:41 a.m.3 views

Apple Issues Urgent Security Update for Older iOS and iPadOS Models

Apple on Monday backported fixes for an actively exploited security flaw to older iPhone and iPad models. The issue, tracked as CVE-2023-23529 , concerns a type confusion bug in the WebKit browser engine that could lead to arbitrary code execution. It was originally addressed by the tech giant wi...

8.8CVSS6.8AI score0.09426EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2023/03/08 4:1 a.m.5 views

SUSE CVE-2022-45142

The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding "!= 0" comparisons to the result of memcmp. When these patches were backported to the heimdal-7.7.1 and heimdal-7.8.0 branches and possibly other branches a logic inversion sneaked...

7.5CVSS6.6AI score0.00491EPSS
Exploits0References3
OSV
OSV
added 2023/03/06 11:15 p.m.6 views

AZL-25604 CVE-2022-45142 affecting package heimdal for versions less than 7.7.1-2

The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding "!= 0" comparisons to the result of memcmp. When these patches were backported to the heimdal-7.7.1 and heimdal-7.8.0 branches and possibly other branches a logic inversion sneaked...

7.5CVSS6.8AI score0.00491EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 4:35 a.m.3 views

SUSE CVE-2017-1000394

Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the commons-fileupload library with the denial-of-service vulnerability known as CVE-2016-3092. The fix for that vulnerability has been backported to the version of the library bundled with Jenkins...

7.5CVSS7.7AI score0.01146EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:43 a.m.4 views

SUSE CVE-2021-29559

TensorFlow is an end-to-end open source platform for machine learning. An attacker can access data outside of bounds of heap allocated array in tf.rawops.UnicodeEncode. This is because the...

7.1CVSS6.9AI score0.00198EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:42 a.m.5 views

SUSE CVE-2021-29596

TensorFlow is an end-to-end open source platform for machine learning. The implementation of the EmbeddingLookup TFLite operator is vulnerable to a division by zero...

7.8CVSS7.4AI score0.00201EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:42 a.m.3 views

SUSE CVE-2021-29600

TensorFlow is an end-to-end open source platform for machine learning. The implementation of the OneHot TFLite operator is vulnerable to a division by zero errorhttps://github.com/tensorflow/tensorflow/blob/f61c57bd425878be108ec787f4d96390579fb83e/tensorflow/lite/kernels/onehot.ccL68-L72. An...

7.8CVSS7.4AI score0.00201EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:39 a.m.3 views

SUSE CVE-2021-37637

TensorFlow is an end-to-end open source platform for machine learning. It is possible to trigger a null pointer dereference in TensorFlow by passing an invalid input to tf.rawops.CompressElement. The implementation was accessing the size of a buffer obtained from the return of a separate function...

5.5CVSS5AI score0.0016EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 3:39 a.m.2 views

SUSE CVE-2021-37655

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a read from outside of bounds of heap allocated data by sending invalid arguments to tf.rawops.ResourceScatterUpdate. The implementation has an incomplete validation of the...

7.3CVSS5.8AI score0.00167EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 3:24 a.m.2 views

SUSE CVE-2022-35974

TensorFlow is an open source platform for machine learning. If QuantizeDownAndShrinkRange is given nonscalar inputs for inputmin or inputmax, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...

7.5CVSS8.1AI score0.00423EPSS
Exploits0References3
OSV
OSV
added 2022/11/27 12:30 a.m.7 views

GHSA-HRPP-H998-J3PP qs vulnerable to Prototype Pollution

qs before 6.10.3 allows attackers to cause a Node process hang because an proto key can be used. In many typical web framework use cases, an unauthenticated remote attacker can place the attack payload in the query string of the URL that is used to visit the application, such as...

7.5CVSS7.1AI score0.14663EPSS
Exploits2References16
Cvelist
Cvelist
added 2022/11/26 12:0 a.m.31 views

CVE-2022-24999

qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an proto key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string ...

7.7AI score0.14663EPSS
Exploits2References5
OSV
OSV
added 2022/11/26 12:0 a.m.37 views

CVE-2022-24999

qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an proto key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string ...

7.5CVSS8.3AI score0.14663EPSS
Exploits2References7
Debian CVE
Debian CVE
added 2022/09/16 9:35 p.m.4 views

CVE-2022-35988

TensorFlow is an open source platform for machine learning. When tf.linalg.matrixrank receives an empty input a, the GPU kernel gives a CHECK fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit c55b476aa0e0bd4ee99d0f3ad18d9d706cd1260a. The fix...

7.5CVSS6.7AI score0.00405EPSS
Exploits0
OSV
OSV
added 2022/05/24 10:10 p.m.2 views

GHSA-PQHM-4WVF-2JG8 Missing validation results in undefined behavior in `QuantizedConv2D`

Impact The implementation of tf.rawops.QuantizedConv2D does not fully validate the input arguments: python import tensorflow as tf input = tf.constant1, shape=1, 2, 3, 3, dtype=tf.quint8 filter = tf.constant1, shape=1, 2, 3, 3, dtype=tf.quint8 bad args mininput = tf.constant, shape=0,...

5.5CVSS5.8AI score0.00332EPSS
Exploits1References9
OSV
OSV
added 2022/05/14 1:4 a.m.2 views

GHSA-F7F6-XRWC-9C57 Improper Input Validation in Jenkins

Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the commons-fileupload library with the denial-of-service vulnerability known as CVE-2016-3092. The fix for that vulnerability has been backported to the version of the library bundled with Jenkins...

7.5CVSS6.9AI score0.01146EPSS
Exploits0References4
OSV
OSV
added 2022/04/13 4:15 p.m.3 views

ALPINE-CVE-2015-20107

In Python aka CPython up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input if they lack validation of user-provided...

7.6CVSS7.1AI score0.07017EPSS
Exploits1References1
Rows per page
Query Builder