183 matches found
CVE-2020-15191
In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an invalid argument to dlpack.todlpack the expected validations will cause variables to bind to nullptr while setting a status variable to the error condition. However, this status argument is not properly checked. Hence, code...
CVE-2020-15191
In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an invalid argument to dlpack.todlpack the expected validations will cause variables to bind to nullptr while setting a status variable to the error condition. However, this status argument is not properly checked. Hence, code...
USN-4411-1 linux, linux-aws, inux-azure, linux-gcp, linux-kvm, linux-oracle, linux-raspi, linux-riscv vulnerabilities
It was discovered that the elf handling code in the Linux kernel did not initialize memory before using it in certain situations. A local attacker could use this to possibly expose sensitive information kernel memory. CVE-2020-10732 Matthew Sheets discovered that the SELinux network label handlin...
CVE-2020-10058
Multiple syscalls in the Kscan subsystem perform insufficient argument validation, allowing code executing in userspace to potentially gain elevated privileges. See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions...
CVE-2020-10028
Multiple syscalls with insufficient argument validation See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions...
CVE-2020-10058
Multiple syscalls in the Kscan subsystem perform insufficient argument validation, allowing code executing in userspace to potentially gain elevated privileges. See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions...
Design/Logic Flaw
Multiple syscalls with insufficient argument validation See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions...
CVE-2020-10058
CVE-2020-10058 affects Zephyr Project RTOS (Kscan subsystem). The issue arises from insufficient parameter validation in multiple Kscan syscalls, enabling a local user to potentially gain elevated privileges. Publicly documented details from CNVD-2020-35003 confirm Zephyr 2.1.0 and later are affe...
CVE-2020-10058 Multiple Syscalls In kscan Subsystem Performs No Argument Validation
Multiple syscalls in the Kscan subsystem perform insufficient argument validation, allowing code executing in userspace to potentially gain elevated privileges. See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions...
CVE-2020-10028 Multiple Syscalls In GPIO Subsystem Performs No Argument Validation
Multiple syscalls with insufficient argument validation See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions...
CVE-2020-10028
CVE-2020-10028 concerns Zephyr RTOS, specifically the GPIO subsystem, where multiple syscalls perform no argument validation. Root cause: insufficient validation on syscall parameters, enabling possible improper access or misuse. Affected: Zephyr versions 1.14.0 and later, including 2.1.0 and lat...
The vulnerability of the docker-compose-remote-api package from the package manager NPM allows a attacker to execute arbitrary commands.
The vulnerability of the docker-compose-remote-api package from the package manager NPM is related to insufficient validation of arguments passed in commands. Exploiting this vulnerability allows an attacker to execute arbitrary commands on the target system remotely...
The vulnerability of the microprogrammed wireless access point software for Moxa AWK-3121 lies in insufficient validation of arguments passed in commands, allowing attackers to execute arbitrary commands with root privileges.
The vulnerability of the microprogrammed wireless access point software for Moxa AWK-3121 lies in insufficient verification of the arguments passed in the command. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands with root privileges, using a specially crafted...
The vulnerability in the web interface of the Cisco Webex Video Mesh software allows a malicious actor to execute arbitrary commands.
The vulnerability of the Cisco Webex Video Mesh software control web interface is related to insufficient checking of arguments passed in commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...
The vulnerability of the command-line interface of the FortiExtender signal booster software arises from insufficient validation of arguments passed in commands, allowing attackers to execute arbitrary commands.
The vulnerability of the command-line interface of the FortiExtender signal booster software relates to insufficient checking of arguments passed in commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
The vulnerability of the xpack.security.audit.enabled component of the Kibana data visualization service allows a perpetrator to execute arbitrary commands.
The vulnerability of the xpack.security.audit.enabled component of the Kibana data visualization service is related to insufficient validation of arguments passed to commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...
The vulnerability of D-Link DIR-655, D-Link DIR-866L, D-Link DIR-652, and D-Link DHP-1565 router microprogramming software lies in insufficient checking of arguments passed in commands, allowing attackers to execute arbitrary code.
The vulnerability of D-Link DIR-655, D-Link DIR-866L, D-Link DIR-652, and D-Link DHP-1565 router microprogramming software is related to insufficient testing of the arguments passed in the command. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending a...
The vulnerability in the Web UI of the Cisco IOS XE operating system, which allows a hacker to execute arbitrary commands with elevated privileges
The vulnerability of the Cisco IOS XE operating system’s Web UI is related to insufficient checking of arguments passed in commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands with elevated privileges remotely...
The vulnerability of the command-line interface of the network operating system NX-OS, which allows a hacker to escalate their privileges and execute arbitrary commands.
The vulnerability of the command-line interface CLI of the NX-OS network operating system is related to insufficient checking of arguments passed to certain CLI commands. Exploiting this vulnerability can allow an attacker to increase their privileges and execute arbitrary commands...
The vulnerability of the command-line interface of the Cisco NX-OSS network operating system in Cisco devices allows a attacker to gain access to internal services.
The vulnerability of the command-line interface of the Cisco NX-OSS network operating system devices relates to insufficient checking of arguments passed in commands. Exploiting this vulnerability can allow attackers to gain access to internal services...