Google TensorFlow 缓冲区错误漏洞

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A security vulnerability exists in Google TensorFlow, which could be exploited by an attacker to bind a reference to a null pointer in all operations of type tf.rawops.MatrixSetDiagV to cause undefined...

PT-2021-21774 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.6.0 TensorFlow versions 2.5.1 and earlier TensorFlow versions 2.4.3 and earlier TensorFlow versions 2.3.4 and earlier Description: An attacker can cause undefined behavior via binding a reference to null pointer...

Cumulative Update 26 for Microsoft Dynamics 365 Business Central April'19 on-premises (Application Build 14.27.47563, Platform Build 14.0.47540)

None None...

CVE-2020-36432

An issue was discovered in the algds crate through 2020-08-25 for Rust. There is a drop of uninitialized memory in Matrix::new...

CVE-2020-36432

An issue was discovered in the algds crate through 2020-08-25 for Rust. There is a drop of uninitialized memory in Matrix::new...

Memory corruption

An issue was discovered in the algds crate through 2020-08-25 for Rust. There is a drop of uninitialized memory in Matrix::new...

CVE-2020-36432

An issue was discovered in the algds crate through 2020-08-25 for Rust. There is a drop of uninitialized memory in Matrix::new...

CVE-2020-36432

CVE-2020-36432 affects the alg_ds crate for Rust (up to 2020-08-25). The issue is a drop of uninitialized memory in Matrix::new(), caused by Matrix::fill_with() using a *ptr = value pattern that assumes an initialized struct at the address, leading to dropping of uninitialized memory. Public refe...

[SECURITY] Fedora 34 Update: matrix-synapse-1.38.1-1.fc34

Matrix is an ambitious new ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix from the core development team at matrix.org, written in Python/Twisted. It is intended to showcase the concept of Matrix and let folks see the spec in...

Fedora: Security Advisory for matrix-synapse (FEDORA-2021-a627cfd31e)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

jenkins-2-plugins/matrix-auth: Incorrect permission checks in Matrix Authorization Strategy Plugin

A flaw was found in Jenkins Matrix Authorization Strategy Plugin. The jenkins plugin does not correctly perform permission checks, as consequences this allows attackers with Item/Read permission on nested items to access them, even if they lack Item/Read permission for parent folders. The highest...

The evolution of a matrix: How ATT&CK for Containers was built

Note: The content of this post is being released jointly with the Center for Threat-Informed Defense. It is co-authored with Chris Ante and Matthew Bajzek. The Center post can be found here. As containers become a major part of many organizations’ IT workloads, it becomes crucial to consider the...

The evolution of a matrix: How ATT&CK for Containers was built

Note: The content of this post is being released jointly with the Center for Threat-Informed Defense. It is co-authored with Chris Ante and Matthew Bajzek. The Center post can be found here. As containers become a major part of many organizations’ IT workloads, it becomes crucial to consider the...

DEBIAN-CVE-2021-36773

uBlock Origin before 1.36.2 and nMatrix before 4.4.9 support an arbitrary depth of parameter nesting for strict blocking, which allows crafted web sites to cause a denial of service unbounded recursion that can trigger memory consumption and a loss of all blocking functionality...

[ASA-202106-51] matrix-appservice-irc: insufficient validation

Arch Linux Security Advisory ASA-202106-51 ========================================== Severity: Medium Date : 2021-06-22 CVE-ID : CVE-2021-32659 Package : matrix-appservice-irc Type : insufficient validation Remote : Yes Link : https://security.archlinux.org/AVG-2076 Summary ======= The package...

GHSA-35G4-QX3C-VJHX Automatic room upgrade handling can be used maliciously to bridge a room non-consentually

Impact If a bridge has room upgrade handling turned on in the configuration the roomUpgradeOpts key when instantiating a new Bridge instance., any m.room.tombstone event it encounters will be used to unbridge the current room and bridge into the target room. However, the target room m.room.create...

@rocket.chat/hubot-freddie (=0.0.7), @types/matrix-appservice-bridge (=2.0.0) +6 more potentially affected by CVE-2021-32659 via matrix-appservice-bridge (>=0.1.5 <=1.13.2)

matrix-appservice-bridge NPM version =0.1.5, =0.0.2, =0.0.1, =0.0.2, =1.0.0, =1.15.0 - matrix-puppet-hangouts =0.0.4 Source cves: CVE-2021-32659 Source advisory: OSV:GHSA-35G4-QX3C-VJHX...

Matrix libolm Buffer Overflow Vulnerability

Matrix libolm is a cryptographic library. a security vulnerability exists in Matrix libolm, which can be exploited by attackers for remote code execution...

CVE-2021-32659

Matrix-appservice-bridge is the bridging service for the Matrix communication program's application services. In versions 2.6.0 and earlier, if a bridge has room upgrade handling turned on in the configuration the roomUpgradeOpts key when instantiating a new Bridge instance., any m.room.tombstone...

CVE-2021-32659

Matrix-appservice-bridge is the bridging service for the Matrix communication program's application services. In versions 2.6.0 and earlier, if a bridge has room upgrade handling turned on in the configuration the roomUpgradeOpts key when instantiating a new Bridge instance., any m.room.tombstone...