CVE-2022-23580

Tensorflow is an Open Source Machine Learning Framework. During shape inference, TensorFlow can allocate a large vector based on a value from a tensor controlled by the user. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, a...

CVE-2022-23580 Abort caused by allocating a vector that is too large in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. During shape inference, TensorFlow can allocate a large vector based on a value from a tensor controlled by the user. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, a...

Argo CD Security Bug Opens Kubernetes Cloud Apps to Attackers

A high-severity security vulnerability in Argo CD can enable attackers to access targets’ application-development environments, paving the way for stealing passwords, API keys, tokens and other sensitive information. Argo CD is a continuous-delivery platform deployed as a Kubernetes controller in...

Security Bulletin: Red Hat OpenShift on IBM Cloud is affected by a Kubernetes API server security vulnerability (CVE-2021-25735)

Summary Red Hat OpenShift on IBM Cloud is affected by a security vulnerability in the Kubernetes API server that could allow node updates to bypass a validating admission webhook CVE-2021-25735 Vulnerability Details CVEID: CVE-2021-25735 Description: Kubernetes kube-apiserver could allow a remote...

PT-2022-16097 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.8.0 TensorFlow versions 2.7.1 and earlier TensorFlow versions 2.6.3 and earlier TensorFlow versions 2.5.3 and earlier Description: During shape inference, TensorFlow can allocate a large vector based on a value...

Xwiki Platform 跨站脚本漏洞

Xwiki Platform is a wiki platform for creating web collaboration applications from the French company Xwiki. Xwiki Platform is vulnerable to cross-site scripting, which can be exploited to upload SVGs containing scripts executed when performing download operations on files when using the default...

The evolution of a Mac trojan: UpdateAgent’s progression

Our discovery and analysis of a sophisticated Mac trojan in October exposed a year-long evolution of a malware family—and depicts the rising complexity of threats across platforms. The trojan, tracked as UpdateAgent, started as a relatively basic information-stealer but was observed distributing...

rpm: RPM does not require subkeys to have a valid binding signature

There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a "binding signature."1 RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer another party to add a malicious subkey t...

PT-2022-9446 · WordPress · Svg Support

Name of the Vulnerable Software and Affected Versions: SVG Support WordPress plugin versions prior to 2.3.20 Description: The issue allows high privilege users to perform Cross-Site Scripting attacks due to the lack of escaping in the CSS Class to target setting before it is outputted in an...

Bentley Systems Bentley View 安全漏洞

Bentley Systems Bentley View is a free viewer from Bentley Systems, USA. A security vulnerability exists in Bentley View that can be exploited by an attacker to execute code in the context of the current process...

Bentley Systems Bentley View 缓冲区错误漏洞

Bentley Systems Bentley View is a free viewer from Bentley Systems, USA. A buffer overflow vulnerability exists in Bentley View that can be exploited by an attacker to execute code in the context of the current process...

CVE-2021-40397

A privilege escalation vulnerability exists in the installation of Advantech WISE-PaaS/OTA Server 3.0.9. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability...

Mageia: Security Advisory (MGASA-2015-0240)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CLSA-2022-1643291562 Fix of CVE: CVE-2021-4034

CVE-2021-4034: polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector...

CVE-2021-46385

https://gitee.com/mingSoft/MCMS MCMS =5.2.5 is affected by: SQL Injection. The impact is: obtain sensitive information remote. The component is: net.mingsoft.mdiy.action.FormDataActionqueryData. The attack vector is: 0 or sleep3. ¶¶ MCMS has a sql injection vulnerability through which attacker ca...

Sql injection

https://gitee.com/mingSoft/MCMS MCMS =5.2.5 is affected by: SQL Injection. The impact is: obtain sensitive information remote. The component is: net.mingsoft.mdiy.action.FormDataActionqueryData. The attack vector is: 0 or sleep3. ¶¶ MCMS has a sql injection vulnerability through which attacker ca...

CVE-2021-46385

https://gitee.com/mingSoft/MCMS MCMS =5.2.5 is affected by: SQL Injection. The impact is: obtain sensitive information remote. The component is: net.mingsoft.mdiy.action.FormDataActionqueryData. The attack vector is: 0 or sleep3. ¶¶ MCMS has a sql injection vulnerability through which attacker ca...

CVE-2021-46383

https://gitee.com/mingSoft/MCMS MCMS =5.2.5 is affected by: SQL Injection. The impact is: obtain sensitive information remote. The component is: net.mingsoft.mdiy.action.web.DictActionlist. The attack vector is: 0 or sleep3. ¶¶ MCMS has a sql injection vulnerability through which attacker can get...

CLSA-2022-1643212149 Fix of CVE: CVE-2021-4034

CVE-2021-4034: polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector...

DEBIAN-CVE-2021-44118

SPIP 4.0.0 is affected by a Cross Site Scripting XSS vulnerability. To exploit the vulnerability, a visitor must browse to a malicious SVG file. The vulnerability allows an authenticated attacker to inject malicious code running on the client side into web pages visited by other users stored XSS...