libjpeg Heap Buffer Overflow Vulnerability

libjpeg is a free library written entirely in C to handle the JPEG image data format. libjpeg 2020021 and earlier versions of linebuffer.cpp contain a heap buffer overflow vulnerability in LineBuffer::FetchRegion. No detailed vulnerability details are currently available...

OESA-2021-1342 jackson security update

JSON processor written in Java., it also offers full node-based Tree Model, as well as full Object/Json Mapper data binding functionality. Security Fixes: A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities similar CVE-2016-3720 also...

多款Apple产品安全漏洞

Apple iOS and others are products of Apple Inc.Apple iOS is an operating system developed for mobile devices.Apple iPadOS is an operating system for iPad tablets.Apple macOS Monterey is the 18th major version of macOS, the operating system for the Macintosh desktop. A security vulnerability exist...

UBUNTU-CVE-2021-36977

matio aka MAT File I/O Library 1.5.20 and 1.5.21 has a heap-based buffer overflow in H5MMmemcpy called from H5MMmalloc and H5Cloadentry, related to use of HDF5 1.12.0...

MITRE ATT&CK® mappings released for built-in Azure security controls

The Security Stack Mappings for Azure research project was published today, introducing a library of mappings that link built-in Azure security controls to the MITRE ATT&CK® techniques they mitigate against. Microsoft once again worked with the Center for Threat-Informed Defense and other Center...

CVE-2021-23398

All versions of package react-bootstrap-table are vulnerable to Cross-site Scripting XSS via the dataFormat parameter. The problem is triggered when an invalid React element is returned, leading to dangerouslySetInnerHTML being used, which does not sanitize the output...

Solid Edge SE 缓冲区错误漏洞

Siemens Solid Edge is a 3D CAD software from Siemens, Germany. The software can be used for part design, assembly design, sheet metal design, welding design and other industries. An out-of-bounds write vulnerability exists in Siemens Solid Edge. The vulnerability is due to a lack of proper...

The vulnerability of the XML syntax analyzer in the Apache PDFBox Java library allows attackers to perform XXE attacks.

The vulnerability of the XML syntax analyzer in the Apache PDFBox Java library is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability allows a malicious actor to perform XXE attacks using a specially created XFDF file...

DEBIAN-CVE-2020-28019

Exim 4 before 4.94.2 has Improper Initialization that can lead to recursion-based stack consumption or other consequences. This occurs because use of certain getc functions is mishandled when a client uses BDAT instead of DATA...

CVE-2020-27006

A vulnerability has been identified in JT2Go All versions V13.1.0.1, Teamcenter Visualization All versions V13.1.0.1. Affected applications lack proper validation of user-supplied data when parsing of PCT files. This could result in a memory corruption condition. An attacker could leverage this...

Korzio Djv 命令注入漏洞

Korzio Djv is Korzio individual developers of a Javascript-based software used to dynamically verify the Json data format . A command injection vulnerability exists in versions prior to djv 2.1.4, which stems from the lack of proper validation of client-side data by the web application. An attack...

Denial Of Service (DoS)

tensorflow is vulnerable to denial of service. Lack of validation in data format attributes srcformat and dstformat allows an attacker to crash the application and potentially obtain confidential information...

PYSEC-2020-333

In affected versions of TensorFlow the tf.rawops.DataFormatVecPermute API does not validate the srcformat and dstformat attributes. The code assumes that these two arguments define a permutation of NHWC. This can result in uninitialized memory accesses, read outside of bounds and even crashes. Th...

PYSEC-2020-140

In affected versions of TensorFlow the tf.rawops.DataFormatVecPermute API does not validate the srcformat and dstformat attributes. The code assumes that these two arguments define a permutation of NHWC. This can result in uninitialized memory accesses, read outside of bounds and even crashes. Th...

PYSEC-2020-333

In affected versions of TensorFlow the tf.rawops.DataFormatVecPermute API does not validate the srcformat and dstformat attributes. The code assumes that these two arguments define a permutation of NHWC. This can result in uninitialized memory accesses, read outside of bounds and even crashes. Th...

CVE-2020-26267 Lack of validation in data format attributes in TensorFlow

In affected versions of TensorFlow the tf.rawops.DataFormatVecPermute API does not validate the srcformat and dstformat attributes. The code assumes that these two arguments define a permutation of NHWC. This can result in uninitialized memory accesses, read outside of bounds and even crashes. Th...

CVE-2020-26267

In affected versions of TensorFlow the tf.rawops.DataFormatVecPermute API does not validate the srcformat and dstformat attributes. The code assumes that these two arguments define a permutation of NHWC. This can result in uninitialized memory accesses, read outside of bounds and even crashes. Th...

GHSA-C9F3-9WFR-WGH7 Lack of validation in data format attributes in TensorFlow

Impact The tf.rawops.DataFormatVecPermute API does not validate the srcformat and dstformat attributes. The code assumes that these two arguments define a permutation of NHWC. However, these assumptions are not checked and this can result in uninitialized memory accesses, read outside of bounds a...

PT-2020-16390 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 1.15.5 TensorFlow versions prior to 2.0.4 TensorFlow versions prior to 2.1.3 TensorFlow versions prior to 2.2.2 TensorFlow versions prior to 2.3.2 TensorFlow versions prior to 2.4.0 Description: The tf.raw...

PyYAML: command execution through python/object/apply constructor in FullLoader

A vulnerability was discovered in the PyYAML library, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the fullload method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. ...