Improper Input Validation

Overview rexml is an An XML toolkit for Ruby. Affected versions of this package are vulnerable to Improper Input Validation. When parsing and serializing a crafted XML document, REXML gem including the one bundled with Ruby can create a wrong XML document whose structure is different from the...

nphysics3d is unmaintained

The maintainer has advised that this crate is passively-maintained and that it is being superseded by the Rapier project...

PT-2021-14648 · Jenkins · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.274 and earlier, LTS versions 2.263.1 and earlier Description: The issue allows users with Agent/Configure permission to choose agent names that cause Jenkins to override the global config.xml file. If the global config.xml...

PT-2020-6829 · Unknown · C-Bus Toolkit

Name of the Vulnerable Software and Affected Versions: C-Bus Toolkit versions 1.15.9 and prior Description: A vulnerability exists that could allow remote code execution when an unprivileged user modifies a file. This issue is related to incorrect permission assignment for critical resources, whi...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Sophos Unified_Threat_Management_Software

SSHTron SSHTron is a multiplayer lightcycle game that runs through SSH. 通过下面命令连接到游戏: $ ssh 192.168.1.111:2022 Controls: WASD or vim keybindings to move do not use your arrow keys. Escape or Ctrl+C to exit. Want to choose color yourself? 有7种颜色可供选择: Red, Green, Yellow, Blue, Magenta, Cyan and White...

Driver Disk for Cisco enic 4.0.0.11 - For Citrix Hypervisor 8.x CR

Who Should Install this Driver Disk? Customers running a Citrix Hypervisor 8.x release who use Cisco's enic driver and wish to use the latest version of the following: Driver Module| Version ---|--- enic| 4.0.0.11 Issues Resolved In this Driver Disk Includes general enhancements and bug fixes...

PYSEC-2020-291

In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indice...

PYSEC-2020-291

In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indice...

CVE-2020-15214

In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a write out bounds / segmentation fault if the segment ids are not sorted. Code assumes that the segment ids are in increasing order, using the last element of the tensor holding them to determine the...

CVE-2020-15210

In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b a...

GHSA-9MQP-7V2H-2382 Denial of Service in Tensorflow

Impact The SparseFillEmptyRowsGrad implementation has incomplete validation of the shapes of its arguments: https://github.com/tensorflow/tensorflow/blob/0e68f4d3295eb0281a517c3662f6698992b7b2cf/tensorflow/core/kernels/sparsefillemptyrowsop.ccL235-L241 Although reverseindexmapt and gradvaluest ar...

jetty: double release of resource can lead to information disclosure

In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in case of too large response headers, Jetty throws an exception to produce an HTTP 431 error. When this happens, the ByteBuffer containing the HTTP response headers is released back to the ByteBufferPool twice. Because of this doub...

PT-2020-20037 · Nextcloud +1 · Nextcloud Desktop Client +1

Name of the Vulnerable Software and Affected Versions: Nextcloud Desktop Client version 2.6.4 Description: The issue concerns a cleartext storage of sensitive information, which exposed details about used proxies and their authentication credentials. Recommendations: For Nextcloud Desktop Client...

CVE-2020-16139

A denial-of-service in Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers restart the device remotely through sending specially crafted packets. Note: We cannot prove this vulnerability exists. Out of an abundance of caution, this CVE is being assigned to better...

CVE-2020-16138

A denial-of-service issue in Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers to remotely disable the device until it is power cycled. Note: We cannot prove this vulnerability exists. Out of an abundance of caution, this CVE is being assigned to better serve our...

PT-2020-3544

Name of the Vulnerable Software and Affected Versions Java SE versions 7u261, 8u251, 11.0.7, 14.0.1 Java SE Embedded version 8u251 Description The issue is related to insufficient input validation in the 2D component of Oracle Java SE and Java SE Embedded. It allows an unauthenticated attacker wi...

Moderate: Red Hat Bug Fix Advisory: OpenShift Container Platform 4.3.9 bug fix update

Red Hat OpenShift Container Platform release 4.3.9 is now available with updates to packages and images that fix several bugs. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This...

Low: Red Hat Bug Fix Advisory: OpenShift Container Platform 4.3.2 bug fix update

Red Hat OpenShift Container Platform release 4.3.2 is now available with updates to packages and images that fix several bugs. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This...

Moderate: Red Hat Bug Fix Advisory: OpenShift Container Platform 4.3 RPM release advisory

Red Hat OpenShift Container Platform release 4.3.0, which fixes several bugs and includes various enhancements, is now available. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This...

PT-2020-15299 · Cloudbees +1 · Health Advisor +1

Name of the Vulnerable Software and Affected Versions: Health Advisor by CloudBees Plugin versions 3.0 and earlier Description: A cross-site request forgery issue allows attackers to send an email with fixed content to a specified recipient. The problem arises because the plugin does not perform...