Google TensorFlow 安全漏洞

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A security vulnerability exists in Google TensorFlow versions prior to 2.9.0, 2.8.1, 2.7.2, and 2.6.4, which stems from an application calling a tf .compat.v1. operation. An attacker could exploit this...

PT-2022-19457 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.9.0 TensorFlow versions prior to 2.8.1 TensorFlow versions prior to 2.7.2 TensorFlow versions prior to 2.6.4 Description: There is a potential for segfault / denial of service in TensorFlow by calling...

[SECURITY] Fedora 34 Update: rubygem-nokogiri-1.11.7-3.fc34

Nokogiri parses and searches XML/HTML very quickly, and also has correctly implemented CSS3 selector support as well as XPath support. Nokogiri also features an Hpricot compatibility layer to help ease the change to using correct CSS and XPath...

co.cask.tephra:tephra-examples (>=0.6.2 <=0.7.1), co.cask.tephra:tephra-hbase-compat-1.0-cdh (>=0.6.0 <=0.7.1) +356 more potentially affected by CVE-2016-5393 via org.apache.hadoop:hadoop-common (>=2.6.0 <=2.6.4)

org.apache.hadoop:hadoop-common MAVEN version =2.6.0, =0.6.2, =0.6.0, =1.7.0, =1.1.0, =1.1.0, =7.2.1, =3.0.0, =3.0.0, =7.2.1, =3.0.0, =3.0.0, =3.0.0, =3.6.7 and more Source cves: CVE-2016-5393 Source advisory: OSV:GHSA-7Q56-MP4C-GGGG...

Exploit for Path Traversal in Vmware Cloud_Foundation

CVE-2021-21972 VMware vCenter Server Remote Code Execution Vul...

com.lightbend.akka:akka-stream-alpakka-geode_2.11 (>=0.10 <=2.0.2), com.lightbend.akka:akka-stream-alpakka-geode_2.12 (>=0.10 <=6.0.2) +71 more potentially affected by CVE-2017-9796 via org.apache.geode:geode-core (>=1.10.0 <=1.2.1)

org.apache.geode:geode-core MAVEN version =1.10.0, =0.10, =0.10, =2.0.0, =0.1.9, =2.4.0, =1.22.0, =1.14.0, =1.10.0, =1.10.0, =1.10.0, =1.12.0, =1.11.0, =1.15.4 and more Source cves: CVE-2017-9796 Source advisory: OSV:GHSA-Q7CP-R6CJ-HPF5...

org.cloudfoundry.identity:cloudfoundry-identity-api (>=3.0.0 <=3.20.0), org.cloudfoundry.identity:cloudfoundry-identity-app (>=3.0.0 <=3.20.0) +1 more potentially affected by CVE-2017-4973 via org.cloudfoundry.identity:cloudfoundry-identity-server (>=3.0.0 <=3.6.0)

org.cloudfoundry.identity:cloudfoundry-identity-server MAVEN version =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.20.0 Source cves: CVE-2017-4973 Source advisory: OSV:GHSA-PGJC-GC7G-P2C6...

Powershell Exec, Windows x64 Bind Named Pipe Stager

Execute an x64 payload from a command via PowerShell. Listen for a pipe connection Windows x64 Module Options msf use payload/cmd/windows/powershell/x64/peinject/bindnamedpipe msf payloadbindnamedpipe show actions ...actions... msf payloadbindnamedpipe set ACTION msf payloadbindnamedpipe show...

Powershell Exec, Bind TCP Stager (Windows x86)

Execute an x86 payload from a command via PowerShell. Listen for a connection Windows x86 Module Options msf use payload/cmd/windows/powershell/dllinject/bindtcp msf payloadbindtcp show actions ...actions... msf payloadbindtcp set ACTION msf payloadbindtcp show options ...show and set options...

Powershell Exec, Windows Executable Download (http,https,ftp) and Execute

Execute an x86 payload from a command via PowerShell. Download an EXE from an HTTPS/FTP URL and execute it Module Options msf use payload/cmd/windows/powershell/downloadexec msf payloaddownloadexec show actions ...actions... msf payloaddownloadexec set ACTION msf payloaddownloadexec show options...

OPENSUSE-SU-2022:0132-1 Security update for php-composer

This update for php-composer fixes the following issues: php-composer was updated to version 1.10.26: Security: Fixed command injection vulnerability in HgDriver/GitDriver: CVE-2022-24828 boo1198494 Update to version 1.10.25 Fix regression with PHP 8.1.0 and 8.1.1 Update to version 1.10.24 Fixed...

Apple Magic Bluetooth Mouse 2 (A1657) on iPad can't be recognized by Windows VDA

Apple Magic Bluetooth Mouse 2 A1657 connected via Bluetooth on iPad can't be recognized by Windows VDA...

Fedora: Security Advisory for rubygem-nokogiri (FEDORA-2022-d231cb5e1f)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to an unspecified vulnerability in Java SE ( CVE-2022-21340)

Summary An unspecified vulnerability in Java SE - CVE-2022-21340 related to the Libraries Component has been identified that affects IBM Watson Assistant for IBM Cloud Pak for Data. Java SE is used by IBM Watson Assistant for IBM Cloud Pak for Data as part of its platform for developement of core...

[SECURITY] Fedora 36 Update: rubygem-nokogiri-1.13.4-1.fc36

Nokogiri parses and searches XML/HTML very quickly, and also has correctly implemented CSS3 selector support as well as XPath support. Nokogiri also features an Hpricot compatibility layer to help ease the change to using correct CSS and XPath...

mariadb:10.5 security, bug fix, and enhancement update

galera 26.4.9-4 - Use downstream garbd-wrapper and garbd.service to ensure compatibility - Add upstream versions of garbd-wrapper called garbd-systemd and garbd.service in case user want's to use them 26.4.9-3 - Explicitly require the 'procps-ng' package - Otherwise it will not require it in the...

PyGreSQL Might Be Vulnerable to Encoding-Based SQL Injection

PyGreSQL 3.8 did not use PostgreSQL’s safe string and bytea functions in its own escaping functions. As a result, applications written to use PyGreSQL’s escaping functions are vulnerable to SQL injections when processing certain multi-byte character sequences. Because the safe functions require a...

GHSA-XV6X-43GQ-4HFJ PyGreSQL Might Be Vulnerable to Encoding-Based SQL Injection

PyGreSQL 3.8 did not use PostgreSQL’s safe string and bytea functions in its own escaping functions. As a result, applications written to use PyGreSQL’s escaping functions are vulnerable to SQL injections when processing certain multi-byte character sequences. Because the safe functions require a...

org.apache.tiles:tiles-assembly (>=2.1.0 <=2.1.1), org.apache.tiles:tiles-compat (>=2.1.0 <=2.1.1) +5 more potentially affected by CVE-2009-1275 via org.apache.tiles:tiles-core (>=2.1.0 <=2.1.1)

org.apache.tiles:tiles-core MAVEN version =2.1.0, =2.1.0, =2.1.0, =2.1.0, =2.1.0, =2.1.0, =2.1.0, =2.1.1 - org.parancoe:parancoe-plugin-tiles =2.0.1 Source cves: CVE-2009-1275 Source advisory: OSV:GHSA-2C6Q-RGVJ-66RX...

DL1 bug fix update

An update is available for ipa, python-jwcrypto, custodia, bind-dyndb-ldap, python-qrcode, softhsm, slapi-nis, python-yubico, python-kdcproxy, opendnssec, ipa-healthcheck, pyusb. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...