UBUNTU-CVE-2021-3631

A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to confidentiality a...

CVE-2021-3631

A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to confidentiality a...

CVE-2021-3631

A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to confidentiality a...

CVE-2021-3631

A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to confidentiality a...

CVE-2021-44840

An issue was discovered in Delta RM 1.2. Using an privileged account, it is possible to edit, create, and delete risk labels, such as Criticality and Priority Indication labels. By using the /core/table/query endpoint, and by using a POST request and indicating the affected label with tableUid...

CVE-2021-44840

An issue was discovered in Delta RM 1.2. Using an privileged account, it is possible to edit, create, and delete risk labels, such as Criticality and Priority Indication labels. By using the /core/table/query endpoint, and by using a POST request and indicating the affected label with tableUid...

Design/Logic Flaw

An issue was discovered in Delta RM 1.2. Using an privileged account, it is possible to edit, create, and delete risk labels, such as Criticality and Priority Indication labels. By using the /core/table/query endpoint, and by using a POST request and indicating the affected label with tableUid...

CVE-2021-44840

Delta RM 1.2 contains a vulnerability where a privileged user can edit, create, and delete the following risk labels (Priority Indication, Quality Evaluation, Progress Margin, Priority) via the /core/table/query endpoint using a POST request with the affected label identified by tableUid and the ...

Cross site scripting

The Media-Tags WordPress plugin through 3.2.0.2 does not sanitise and escape any of its Labels settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtnl capability is disallowed...

CVE-2021-24834

The YOP Poll WordPress plugin before 6.3.1 is affected by a stored Cross-Site Scripting vulnerability which exists in the Create Poll - Options module where a user with a role as low as author is allowed to execute arbitrary script code within the context of the application. This vulnerability is...

graphviz: off-by-one in parse_reclbl() in lib/common/shapes.c

A flaw was found in graphviz. A wrong assumption in recordinit function leads to an off-by-one write in parsereclbl function, allowing an attacker who can provide graph input to potentially execute code when the label of a node is invalid and shorter than two characters. The highest threat from...

CVE-2021-24608

The Formidable Form Builder – Contact Form, Survey & Quiz Forms Plugin for WordPress plugin before 5.0.07 does not sanitise and escape its Form's Labels, allowing high privileged users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2021-0651

In loadLabel of PackageItemInfo.java, there is a possible way to DoS a device by having a long label in an app due to incorrect input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product:...

A simpler, more integrated approach to data governance

It’s no secret that the volume of data created by organizations and people multiplies daily. And, in the digital—and hybrid work—world we live in, that data is spread across more tools, platforms, devices, and clouds than ever before, creating regulatory challenges and security risks. Organizatio...

GHSA-5HJ3-VJJF-F5M7 Heap OOB in `SdcaOptimizerV2`

Impact An attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to tf.rawops.SdcaOptimizerV2: python import tensorflow as tf tf.rawops.SdcaOptimizerV2 sparseexampleindices=1, sparsefeatureindices=1, sparsefeaturevalues=1.0,2.0,...

Heap OOB in `SdcaOptimizerV2`

Impact An attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to tf.rawops.SdcaOptimizerV2: python import tensorflow as tf tf.rawops.SdcaOptimizerV2 sparseexampleindices=1, sparsefeatureindices=1, sparsefeaturevalues=1.0,2.0,...

PYSEC-2021-585

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to tf.rawops.SdcaOptimizerV2. The implementation does not check that the length of...

CVE-2021-37672

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to tf.rawops.SdcaOptimizerV2. The implementation does not check that the length of...

Information Disclosure

libvirt is vulnerable to information disclosure. An attacker is able to access files of other users when the system generates SELiinux MCS category pairs for VMs' dynamic labels...

CVE-2021-3631

A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to confidentiality a...