PYSEC-2021-760

TensorFlow is an end-to-end open source platform for machine learning. The code for tf.rawops.UncompressElement can be made to trigger a null pointer dereference. The implementation obtains a pointer to a CompressedElement from a Variant tensor and then proceeds to dereference it for decompressin...

PYSEC-2021-271

TensorFlow is an end-to-end open source platform for machine learning. The code for tf.rawops.UncompressElement can be made to trigger a null pointer dereference. The implementation obtains a pointer to a CompressedElement from a Variant tensor and then proceeds to dereference it for decompressin...

PYSEC-2021-271

TensorFlow is an end-to-end open source platform for machine learning. The code for tf.rawops.UncompressElement can be made to trigger a null pointer dereference. The implementation obtains a pointer to a CompressedElement from a Variant tensor and then proceeds to dereference it for decompressin...

PYSEC-2021-760

TensorFlow is an end-to-end open source platform for machine learning. The code for tf.rawops.UncompressElement can be made to trigger a null pointer dereference. The implementation obtains a pointer to a CompressedElement from a Variant tensor and then proceeds to dereference it for decompressin...

CVE-2021-37649

TensorFlow is an end-to-end open source platform for machine learning. The code for tf.rawops.UncompressElement can be made to trigger a null pointer dereference. The implementation obtains a pointer to a CompressedElement from a Variant tensor and then proceeds to dereference it for decompressin...

PT-2021-21764 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.6.0 TensorFlow versions 2.5.1 and earlier TensorFlow versions 2.4.3 and earlier TensorFlow versions 2.3.4 and earlier Description: The code for tf.raw ops.UncompressElement can be made to trigger a null pointer...

Hackers Exploiting New Auth Bypass Bug Affecting Millions of Arcadyan Routers

Unidentified threat actors are actively exploiting a critical authentication bypass vulnerability to hijack home routers as part of an effort to co-opt them to a Mirai-variant botnet used for carrying out DDoS attacks, merely two days after its public disclosure. Tracked as CVE-2021-20090 CVSS...

Chinese Hackers Implant PlugX Variant on Compromised MS Exchange Servers

A Chinese cyberespionage group known for targeting Southeast Asia leveraged flaws in the Microsoft Exchange Server that came to light earlier this March to deploy a previously undocumented variant of a remote access trojan RAT on compromised systems. Attributing the intrusions to a threat actor...

Apache Tomcat 授权问题漏洞

Apache Tomcat is the United States Apache Apache Foundation of a lightweight Web application server. The program implements support for Servlets and JavaServer Page JSP. Apache Tomcat suffers from an authorization issue vulnerability that stems from a vulnerability in the JNDI realm of Apache...

Security update for ucode-intel (important)

openSUSE Security Update: Security update for ucode-intel Announcement ID: openSUSE-SU-2021:1933-1 Rating: important References: 1179833 1179836 1179837 1179839 Cross-References: CVE-2020-24489 CVE-2020-24511 CVE-2020-24512 CVE-2020-24513 CVSS scores: CVE-2020-24489 NVD : 8.8...

DarkSide Ransomware: Best Practices for Preventing Business Disruption from Ransomware Attacks

Summary This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge ATT &CK® framework, Version 9. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. The Cybersecurity and Infrastructure Security Agency CISA and the Federal Bureau of...

Linux Variant of REvil Ransomware Targets VMware’s ESXi, NAS Devices

UPDATE Cybercriminals behind a string of high-profile ransomware attacks, including one extorting $11 million from JBS Foods last month, have ported their malware code to the Linux operating system. The unusual move is an attempt to target VMware’s ESXi virtual machine management software and...

UBUNTU-CVE-2020-36403

HTSlib through 1.10.2 allows out-of-bounds write access in vcfparseformat called from vcfparse and vcfread...

HTSlib 缓冲区错误漏洞

HTSlib is a library file for the C language. A buffer error vulnerability exists in HTSlib versions 1.10 through 1.10.2, which stems from the program allowing out-of-bounds write access to the vcf parsing format...

SUSE-SU-2021:14758-1 Security update for microcode_ctl

This update for microcodectl fixes the following issues: Updated to Intel CPU Microcode 20210525 release: - CVE-2020-24513: A domain bypass transient execution vulnerability was discovered on some Intel Atom processors that use a micro-architectural incident channel. bsc1179833 - CVE-2020-24511:...

Spam Downpour Drips New IcedID Banking Trojan Variant

Researchers have seen a new variant of the IcedID banking trojan sliding in via two new spam campaigns. Written in English and carrying .ZIP files full of the malware – or links to such ZIP files – the new twist on the old banking trojan is a tweaked downloader, which the threat actors moved from...

OPENSUSE-SU-2021:0876-1 Security update for ucode-intel

This update for ucode-intel fixes the following issues: Updated to Intel CPU Microcode 20210608 release. - CVE-2020-24513: A domain bypass transient execution vulnerability was discovered on some Intel Atom processors that use a micro-architectural incident channel. INTEL-SA-00465 bsc1179833 See...

Security update for ucode-intel (important)

openSUSE Security Update: Security update for ucode-intel Announcement ID: openSUSE-SU-2021:0876-1 Rating: important References: 1179833 1179836 1179837 1179839 Cross-References: CVE-2020-24489 CVE-2020-24511 CVE-2020-24512 CVE-2020-24513 CVSS scores: CVE-2020-24489 SUSE: 8.8...

Moobot Milks Tenda Router Bugs for Propagation

A variant of the Mirai botnet called Moobot saw a big spike in activity recently, with researchers picking up widespread scanning in their telemetry for a known vulnerability in Tenda routers. It turns out that it was being pushed out from a new cyber-underground malware domain, known as Cyberium...

DEBIAN-CVE-2021-28689

x86: Speculative vulnerabilities with bare non-shim 32-bit PV guests 32-bit x86 PV guest kernels run in ring 1. At the time when Xen was developed, this area of the i386 architecture was rarely used, which is why Xen was able to use it to implement paravirtualisation, Xen's novel approach to...