Directory Traversal

Overview onnxruntime is a performance-focused scoring engine for Open Neural Network Exchange ONNX models. Affected versions of this package are vulnerable to Directory Traversal due to insufficient validation of external TensorProto data paths. The external data loading path validation did not...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an issue with the nftablesaddchain function where objects are reclaimed and then reused,...

Penetrating the Hostile: Detecting DeFi Protocol Exploits through Cross-Contract Analysis

Decentralized finance DeFi protocols are crypto projects developed on the blockchain to manage digital assets. Attacks on DeFi have been frequent and have resulted in losses exceeding $80 billion. Current tools detect and locate possible vulnerabilities in contracts by analyzing the state changes...

SUSE CVE-2018-19046

keepalived 2.0.8 didn't check for existing plain files when writing data to a temporary file upon a call to PrintData or PrintStats. If a local attacker had previously created a file with the expected name e.g., /tmp/keepalived.data or /tmp/keepalived.stats, with read access for the attacker and...

PostgreSQL Code Execution Vulnerability (CNVD-2019-16483)

PostgreSQL is a free object-relational database management system from the PostgreSQL organization. The system supports most of the SQL standards and provides many other features, such as foreign keys, triggers, views, and so on. A security vulnerability exists in PostgreSQL because the...