GSD-2021-1000284 crypto: sa2ul - Fix memory leak of rxd

crypto: sa2ul - Fix memory leak of rxd This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.12.4 by commit b7bd0657c2036add71981d88a7fae50188150b6...

UVI-2021-1000072 openvswitch: fix stack OOB read while fragmenting IPv4 packets

openvswitch: fix stack OOB read while fragmenting IPv4 packets This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.12.3 by commit...

PYSEC-2021-510

TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in tf.rawops.Dequantize, an attacker can trigger a read from outside of bounds of heap allocated data. The...

UBUNTU-CVE-2021-3489

The eBPF RINGBUF bpfringbufreserve function in the Linux kernel did not check that the allocated size was smaller than the ringbuf size, allowing an attacker to perform out-of-bounds writes within the kernel and therefore, arbitrary code execution. This issue was fixed via commit 4b81ccebaeee "bp...

RUSTSEC-2021-0027 Loading a bgzip block can write out of bounds if size overflows.

Affected versions of bam set the length of an internal buffer using self.compressed.setlenblocksize - HEADERSIZE - MINEXTRASIZE and then wrote into it. While blocksize was constrained to a proper maximum, when it was too small the subtraction could overflow negatively to a large number past the...

PYSEC-2020-130

In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, to mimic Python's indexing with negative values, TFLite uses ResolveAxis to convert negative values to positive indices. However, the only check that the converted index is now valid is only present in debug builds. If the...

PYSEC-2020-323

In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a DCHECK which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can...

PYSEC-2020-322

In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, to mimic Python's indexing with negative values, TFLite uses ResolveAxis to convert negative values to positive indices. However, the only check that the converted index is now valid is only present in debug builds. If the...

PYSEC-2020-126

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the fill argument of tf.strings.asstring, a malicious attacker is able to trigger a format string vulnerability due to the way the internal format use in a printf call is constructed. This may result in segmentati...

PYSEC-2020-116

In Tensorflow before versions 2.2.1 and 2.3.1, the implementation of dlpack.todlpack can be made to use uninitialized memory resulting in further memory corruption. This is because the pybind11 glue code assumes that the argument is a tensor. However, there is nothing stopping users from passing ...

DEBIAN-CVE-2020-15900

A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow overriding of file access controls. The 'rsearch' calculation for the 'post' size resulted in a size that was too large, and could underflow to max uint32t. This was fixed...

UBUNTU-CVE-2019-1010263

Perl Crypt::JWT prior to 0.023 is affected by: Incorrect Access Control. The impact is: allow attackers to bypass authentication by providing a token by crafting with hmac. The component is: JWT.pm, line 614. The attack vector is: network connectivity. The fixed version is: after commit...

ALPINE-CVE-2019-1010057

nfdump 1.6.16 and earlier is affected by: Buffer Overflow. The impact is: The impact could range from a denial of service to local code execution. The component is: nfx.c:546, nffileinline.c:83, minilzo.c redistributed. The attack vector is: nfdump must read and process a specially crafted file...

DEBIAN-CVE-2019-1010305

libmspack 0.9.1alpha is affected by: Buffer Overflow. The impact is: Information Disclosure. The component is: function chmdreadheaders in libmspackfile libmspack/mspack/chmd.c. The attack vector is: the victim must open a specially crafted chm file. The fixed version is: after commit...

UBUNTU-CVE-2018-1000876

binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfdgetdynamicrelocupperbound,bfdcanonicalizedynamicreloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to be...

CVE-2018-1000660

TOCK version prior to commit 42f7f36e74088036068d62253e1d8fb26605feed. For example dfde28196cd12071fcf6669f7654be7df482b85d contains a Insecure Permissions vulnerability in Function getpackagename in the file kernel/src/tbfheader.rs, variable "pub packagename: &'static str," in the file process.r...

UBUNTU-CVE-2018-1999015

FFmpeg before commit 5aba5b89d0b1d73164d3b81764828bb8b20ff32a contains an out of array read vulnerability in ASFF format demuxer that can result in heap memory reading. This attack appear to be exploitable via specially crafted ASF file that has to provided as input. This vulnerability appears to...

CVE-2018-1000207

MODX Revolution version =2.6.4 contains a Incorrect Access Control vulnerability in Filtering user parameters before passing them into phpthumb class that can result in Creating file with custom a filename and content. This attack appear to be exploitable via Web request. This vulnerability appea...

unboundid-ldapsdk: Incorrect Access Control vulnerability in process function in SimpleBindRequest class

UnboundID LDAP SDK version from commit 801111d8b5c732266a5dbd4b3bb0b6c7b94d7afb up to commit 8471904a02438c03965d21367890276bc25fa5a6, where the issue was reported and fixed contains an Incorrect Access Control vulnerability in process function in SimpleBindRequest class doesn't check for empty...

UBUNTU-CVE-2013-6876

The 1 ptyinitterminal and 2 pipeinitterminal functions in main.c in s3dvt 0.2.2 and earlier allows local users to gain privileges by leveraging setuid permissions and usage of bash 4.3 and earlier. NOTE: this vulnerability was fixed with commit ad732f00b411b092c66a04c359da0f16ec3b387, but the...