669 matches found
PYSEC-2021-518
TensorFlow is an end-to-end open source platform for machine learning. The implementations of the Minimum and Maximum TFLite operators can be used to read data outside of bounds of heap allocated objects, if any of the two input tensor arguments are empty. This is because the broadcasting...
PYSEC-2021-518
TensorFlow is an end-to-end open source platform for machine learning. The implementations of the Minimum and Maximum TFLite operators can be used to read data outside of bounds of heap allocated objects, if any of the two input tensor arguments are empty. This is because the broadcasting...
Regular Expression Denial of Service (ReDoS) in es6-crawler-detect
This affects the package es6-crawler-detect before 3.1.3. No limitation of user agent string length supplied to regex operators...
CVE-2020-19641
An issue was discovered in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B. Authenticated attackers with the "Operator" Privilege can gain admin privileges via a crafted request to '/goform/formUserMng'...
Purple Fox Rootkit Can Now Spread Itself to Other Windows Computers
Purple Fox, a Windows malware previously known for infecting machines by using exploit kits and phishing emails, has now added a new technique to its arsenal that gives it worm-like propagation capabilities. The ongoing campaign makes use of a "novel spreading technique via indiscriminate port...
CVE-2020-28501
This affects the package es6-crawler-detect before 3.1.3. No limitation of user agent string length supplied to regex operators...
Design/Logic Flaw
This affects the package es6-crawler-detect before 3.1.3. No limitation of user agent string length supplied to regex operators...
Gatekeeper - First Open-Source DDoS Protection System
Gatekeeper is the first open source DoS protection system. It is designed to scale to any peak bandwidth, so it can withstand DoS attacks both of today and of tomorrow. In spite of the geographically distributed architecture of Gatekeeper, the network policy that describes all decisions that have...
Security update for MozillaThunderbird (important)
openSUSE Security Update: Security update for MozillaThunderbird Announcement ID: openSUSE-SU-2021:0209-1 Rating: important References: 1181414 Cross-References: CVE-2020-15685 CVE-2020-26976 CVE-2021-23953 CVE-2021-23954 CVE-2021-23960 CVE-2021-23964 Affected Products: openSUSE Leap 15.2 An upda...
Hezbollah Hacker Group Targeted Telecoms, Hosting, ISPs Worldwide
A "persistent attacker group" with alleged ties to Hezbollah has retooled its malware arsenal with a new version of a remote access Trojan RAT to break into companies worldwide and extract valuable information. In a new report published by the ClearSky research team on Thursday, the Israeli...
RHEL 7 : firefox (RHSA-2021:0290)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:0290 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...
Mozilla: Type confusion when using logical assignment operators in JavaScript switch statements
The Mozilla Foundation Security Advisory describes this flaw as: Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruption and a potentially exploitable crash...
Mozilla: Type confusion when using logical assignment operators in JavaScript switch statements
The Mozilla Foundation Security Advisory describes this flaw as: Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruption and a potentially exploitable crash...
Mozilla: Type confusion when using logical assignment operators in JavaScript switch statements
The Mozilla Foundation Security Advisory describes this flaw as: Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruption and a potentially exploitable crash...
Mozilla: Type confusion when using logical assignment operators in JavaScript switch statements
The Mozilla Foundation Security Advisory describes this flaw as: Using the new logical assignment operators in a JavaScript switch statement could have caused a type confusion, leading to a memory corruption and a potentially exploitable crash...
RUSTSEC-2020-0082 ordered_float:NotNan may contain NaN after panic in assignment operators
After using an assignment operators such as NotNan::addassign, NotNan::mulassign, etc., it was possible for the resulting NotNan value to contain a NaN. This could cause undefined behavior in safe code, because the safe NotNan::cmp method contains internal unsafe code that assumes the value is...
CVE-2020-28053
HashiCorp Consul and Consul Enterprise 1.2.0 up to 1.8.5 allowed operators with operator:read ACL permissions to read the Connect CA private key configuration. Fixed in 1.6.10, 1.7.10, and 1.8.6...
ratdatabase.ru Cross Site Scripting vulnerability OBB-1468350
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
gloriaandcarl.ca Cross Site Scripting vulnerability OBB-1457759
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
Microsoft and Other Tech Companies Take Down TrickBot Botnet
Days after the US Government took steps to disrupt the notorious TrickBot botnet, a group of cybersecurity and tech companies has detailed a separate coordinated effort to take down the malware's back-end infrastructure. The joint collaboration, which involved Microsoft's Digital Crimes Unit,...