GHSA-PMQP-H87C-MR78 XML Entity Expansion and Improper Input Validation in Kubernetes API server

Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming...

Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming...

PYSEC-2021-745

TensorFlow is an end-to-end open source platform for machine learning. Passing invalid arguments e.g., discovered via fuzzing to tf.rawops.SparseCountSparseOutput results in segfault. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow...

abmarl (>=0.1.1 <=0.1.3), agrothon (>=1.1.5 <=1.3.2) +95 more potentially affected by CVE-2021-29532 via tensorflow (>=2.4.0 <=2.4.2)

tensorflow PYPI version =2.4.0, =0.1.1, =1.1.5, =2.1.0, =0.7.0, =0.0.1, =0.0.6, =0.1.0, =1.4.0, =1.2.2, =20210221.0.0, =0.7.2, =0.7.4 and more Source cves: CVE-2021-29532 Source advisory: OSV:PYSEC-2021-169...

What does WiFi stand for?

We use WiFi to connect to the Internet, but what is it, and what does it stand for? How does it have such a catchy name, and why do we sometimes have a weak Internet connection with a strong WiFi signal and vice versa? Read on to answer these questions and more. What does WiFi mean? Many people...

Open redirect

In JetBrains Code With Me bundled to the compatible IDE versions before 2021.1, a client could open a browser on a host...

Security update for redis (important)

openSUSE Security Update: Security update for redis Announcement ID: openSUSE-SU-2021:0682-1 Rating: important References: 1178205 1182657 1185729 1185730 ECO-2417 ECO-2867 PM-1547 PM-1615 PM-1622 PM-1681 SLE-11578 SLE-12821 Cross-References: CVE-2021-21309 CVE-2021-29477 CVE-2021-29478 CVSS...

CVE-2021-31409

The CVE-2021-31409 entry concerns Vaadin’s EmailValidator in the com.vaadin:vaadin-compatibility-server module (versions 8.0.0–8.12.4). A RegEx-based input validation flaw can lead to uncontrolled resource consumption (DoS) when processing malicious email addresses. The referenced advisories and ...

com.github.mvysny.karibudsl:karibu-dsl-v8compat7 (>=1.0.0 <=1.0.6), com.vaadin:vaadin-compatibility-client (>=8.0.0 <=8.12.4) +24 more potentially affected by CVE-2021-31409 via com.vaadin:vaadin-compatibility-server (>=8.0.0 <=8.12.4)

com.vaadin:vaadin-compatibility-server MAVEN version =8.0.0, =1.0.0, =8.0.0, =8.0.0, =7.3.0, =7.1.0, =7.1.0, =7.1.0, =7.1.0, =7.1.0, =7.1.0, =2.0.0, =0.8.2, =1.2.0, =1.3.0-rc01 and more Source cves: CVE-2021-31409 Source advisory: OSV:GHSA-C332-W4JM-55WV...

GHSA-C332-W4JM-55WV Regular expression Denial of Service (ReDoS) in EmailValidator class in V7 compatibility module in Vaadin 8

Unsafe validation RegEx in EmailValidator component in com.vaadin:vaadin-compatibility-server versions 8.0.0 through 8.12.4 Vaadin versions 8.0.0 through 8.12.4 allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses...

ERC-721 Enumerable Spec mismatch for return value of tokenByIndex() function

Handle 0xRajeev Vulnerability details Impact tokenByIndex is required to return the token at queried index but the implementation here returns the parameter index itself. This will prevent all querying of tokens. See reference implementation This will impact compatibility with NFT platforms that...

ERC-721 Enumerable Spec mismatch for index of tokenByIndex() function

Handle 0xRajeev Vulnerability details Impact Index starts at 0 for token array but the implementation here requires index to be greater than 0. This will prevent querying of token at index 0. See reference implementation This will impact compatibility with NFT platforms that expect full conformit...

Redis Extractor

This module connects to a Redis instance and retrieves keys and data stored. Module Options msf use auxiliary/gather/redisextractor msf auxiliaryredisextractor show actions ...actions... msf auxiliaryredisextractor set ACTION msf auxiliaryredisextractor show options ...show and set options... msf...

SUSE-RU-2021:1414-1 Recommended update for boost-legacy

This update for boost-legacy fixes the following issues: Create a new boost-legacy package with version 1.66.0. bsc1175886, jscSLE-17304, jscECO-3147 - Remove duplicate license package that we get from original Boost - Add a backport of Boost.Optional::hasvalue for LibreOffice - Use %license...

Microsoft Windows Input Validation Error Vulnerability

Microsoft Windows is a desktop operating system from Microsoft. A security vulnerability exists in the Windows application compatibility cache. An attacker could exploit this vulnerability to cause a denial of service attack...

SUSE: Security Advisory (SUSE-SU-2020:1973-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for froxlor (openSUSE-SU-2021:0415-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2021-28311

Windows Application Compatibility Cache Denial of Service Vulnerability...

CVE-2021-28311

Windows Application Compatibility Cache Denial of Service Vulnerability...

Design/Logic Flaw

Windows Application Compatibility Cache Denial of Service Vulnerability...