UVI-2021-1002097 ice: Avoid crash from unnecessary IDA free

ice: Avoid crash from unnecessary IDA free This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.14.15 by commit...

CVE-2021-41208

TensorFlow is an open source platform for machine learning. In affected versions the code for boosted trees in TensorFlow is still missing validation. As a result, attackers can trigger denial of service via dereferencing nullptrs or via CHECK-failures as well as abuse undefined behavior binding...

PT-2021-23174 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.7.0 TensorFlow versions 2.6.1 and earlier TensorFlow versions 2.5.2 and earlier TensorFlow versions 2.4.4 and earlier Description: The issue arises from a conditional statement within the tf.range kernel, where...

PT-2021-23183 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.7.0 TensorFlow versions 2.6.1 and earlier TensorFlow versions 2.5.2 and earlier TensorFlow versions 2.4.4 and earlier Description: The shape inference functions for SparseCountSparseOutput can trigger a read...

SUSE-SU-2021:3523-1 Security update for util-linux

This update for util-linux fixes the following issues: Update to version 2.33.2 to provide seamless update from SLE12 SP5 to SLE15 SP2: - CVE-2021-37600: Fixed an integer overflow which could lead to a buffer overflow in getsemelements in sys-utils/ipcutils.c bsc1188921. - agetty: Fix 8-bit...

SUSE-SU-2021:3463-1 Security update for util-linux

This update for util-linux fixes the following issues: - CVE-2021-37600: Fixed an integer overflow which could lead to buffer overflow in getsemelements. bsc1188921 - Prevent outdated pam files bsc1082293, bsc1081947c68. - Do not trim read-only volumes bsc1106214. - libmount: To prevent incorrect...

PT-2021-4361 · Moxa · Moxa Mxview

Name of the Vulnerable Software and Affected Versions: Moxa MXView versions 3.x through 3.2.2 Description: The issue is related to an insecure transmission of credentials in the Moxa MXView network management software. It also involves a path traversal vulnerability that may allow an attacker to...

PYSEC-2021-333

sqlparse is a non-validating SQL parser module for Python. In sqlparse versions 0.4.0 and 0.4.1 there is a regular Expression Denial of Service in sqlparse vulnerability. The regular expression may cause exponential backtracking on strings containing many repetitions of '\r\n' in SQL comments. On...

PT-2022-5232

Name of the Vulnerable Software and Affected Versions SQLite versions 1.0.12 through 3.39.x before 3.39.2 Description The issue is related to an array-bounds overflow in the SQLite API library, which can be triggered by a remote attacker using a long sequence of string data processed by the print...

PT-2021-19546 · Mcafee · Mcafee Data Loss Prevention Endpoint

Name of the Vulnerable Software and Affected Versions: McAfee Data Loss Prevention DLP Endpoint for Windows versions prior to 11.6.200 Description: A buffer overflow issue allows a local attacker to execute arbitrary code with elevated privileges by placing carefully constructed Ami Pro .sam file...

ROS-2-1811

2.1811 Mozilla Firefox browser vulnerability CVE-2021-29970, CVE-2021-29976 1. Vulnerability description: CVE-2021-29970 A vulnerability in the Mozilla Firefox browser, is related to a release error in accessibility functions when processing HTML content. Exploitation of the vulnerability could...

ROS-2-2148

2.2148 Apache Ant utility vulnerability CVE-2021-36374, CVE-2021-36373 1. Vulnerability Description: CVE-2021-36374 A vulnerability in the Apache Ant utility, is related to the application improperly controlling internal resource consumption when processing ZIP archives. Exploitation of the...

ROS-2-2130

2.2130 Vulnerability in Mozilla Firefox browser CVE-2021-29967 1. Vulnerability description: A vulnerability in the Mozilla Firefox browser that allows an attacker to execute arbitrary code on the target system.Identifier of the Information Security Threats Data Bank of the FSTEC of Russia : 2...

ROS-2-2180

2.2180 Vulnerability in Mozilla Firefox browser CVE-2021-29967 1. Vulnerability description: A vulnerability in the Mozilla Firefox browser that allows an attacker to execute arbitrary code on the target system.Identifier of the Information Security Threats Data Bank of the FSTEC of Russia : 2...

PT-2021-11130 · Rconfig · Rconfig

Name of the Vulnerable Software and Affected Versions: rConfig versions 3.9.5 Description: An arbitrary file deletion issue allows attackers to delete files by sending a crafted request to "/lib/ajaxHandlers/ajaxDeleteAllLoggingFiles.php" and specifying a path in the path parameter and an extensi...

Unbreakable Enterprise kernel security update

4.14.35-2047.506.10 - Revert 'rds/ib: reap tx completions during connection shutdown' Manjunath Patil Orabug: 33220435 - Revert 'rds/ib: handle posted ACK during connection shutdown' Manjunath Patil Orabug: 33220435 - Revert 'rds/ib: recover rds connection from interrupt loss scenario' Manjunath...

PT-2021-7925 · Exiv2 +9 · Exiv2 +9

Name of the Vulnerable Software and Affected Versions: Exiv2 versions v0.27.4 and earlier Description: The issue is related to an out-of-bounds read in Exiv2, which can be triggered when the utility is used to write metadata into a crafted image file. This could potentially allow an attacker to...

GHSA-7F92-RR6W-CQ64 Storage corruption due to variables overwritten by re-entrancy locks

Background When attempting to use the v0.2.14 release, @pandadefi discovered an issue using the @nonreentrant decorator. Impact Reentrancy protection storage slots get allocated to the same slots as storage variables, leading to the corruption of storage variables when using the @nonreentrant...

PT-2021-7768 · 3S Smart Software Solutions · Codesys Development System

Name of the Vulnerable Software and Affected Versions: CODESYS Development System versions 3.5.16 through 3.5.17 Description: A unsafe deserialization vulnerability exists in the ObjectManager.plugin ProfileInformation.ProfileData functionality. This vulnerability can be triggered by a specially...

Malicious Package

Overview acookie is a malicious package. It uses a preinstall script to steal environment variables. Remediation Avoid using all malicious instances of the acookie package. Credit: Snyk Research...