UBUNTU-CVE-2020-36518

jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects...

Google TensorFlow numeric error vulnerability (CNVD-2022-14992)

TensorFlow is an end-to-end open source platform for machine learning from Google USA. Google TensorFlow is vulnerable to a numeric error vulnerability that could be exploited by an attacker to craft a TFLite model that would trigger a division by zero in a deep convolutional implementation...

CLSA-2022-1644855718 Fix of CVE: CVE-2022-0351, CVE-2022-0368, CVE-2022-0359, CVE-2022-0361

CVE-2022-0351: fix crash caused by too depth recursion - CVE-2022-0359: fix illegal memory access with large tabstop in ex mode - CVE-2022-0361: fix illegal memory access when copying lines in visual mode - CVE-2022-0368: fix illegal memory access when undo makes visual area invalid...

Google TensorFlow 数字错误漏洞

TensorFlow is an end-to-end open source platform for machine learning from Google USA. Google TensorFlow is vulnerable to a numeric error vulnerability that could be exploited by an attacker to craft a TFLite model that would trigger a division by zero in a deep convolutional implementation...

Prototype Pollution

Overview putil-merge is a Lightweight solution for merging multiple objects into one. Also it supports deep merge. Affected versions of this package are vulnerable to Prototype Pollution. The merge function does not check the values passed into the argument. An attacker can supply a malicious val...

Multiple vulnerabilities in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux

Overview Deep Security and Cloud One - Workload Security Agent for Linux provided by Trend Micro Incorporated contain multiple vulnerabilities listed below. Directory Traversal CWE-22 - CVE-2022-23119 Code Injection CWE-94 - CVE-2022-23120 As of 2022 January 24, a Proof-of-Concept PoC code...

Vulnerabilities fixed in Trend Micro Deep Security

Two vulnerabilities have been fixed in Trend Micro Deep Security Agent for Linux. The vulnerability with attribute CVE-2022-23119 can be exploited if access is gained to the Deep Security Manager or on devices on which the agent is not yet not yet activated or configured. The vulnerability with...

CVE-2022-23120

A code injection vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to escalate privileges and run arbitrary code in the context of root. Please note: an attacker must first obtain access to the target agent in...

CVE-2022-23119

A directory traversal vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to read arbitrary files from the file system. Please note: an attacker must first obtain compromised access to the target Deep Security...

CVE-2022-23119

A directory traversal vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to read arbitrary files from the file system. Please note: an attacker must first obtain compromised access to the target Deep Security...

CVE-2022-23119

A directory traversal vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to read arbitrary files from the file system. Please note: an attacker must first obtain compromised access to the target Deep Security...

CVE-2022-23120

A code injection vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to escalate privileges and run arbitrary code in the context of root. Please note: an attacker must first obtain access to the target agent in...

Code injection

A code injection vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to escalate privileges and run arbitrary code in the context of root. Please note: an attacker must first obtain access to the target agent in...

Directory traversal

A directory traversal vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to read arbitrary files from the file system. Please note: an attacker must first obtain compromised access to the target Deep Security...

CVE-2022-23120

CVE-2022-23120 is a code-injection vulnerability in Trend Micro Deep Security and Cloud One – Workload Security Agent for Linux, affecting version 20 and below. The issue allows local privilege escalation to root by exploiting an input/validation weakness when handling directory traversal sequenc...

CVE-2022-23119

CVE-2022-23119 affects Trend Micro Deep Security and Cloud One – Workload Security Agent for Linux (DS Agent) version 20 and earlier. The vulnerability is a directory traversal flaw in the agent/DSM workflow that could allow an attacker to read arbitrary files from the file system. Exploitation r...

CVE-2022-23119

A directory traversal vulnerability in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux version 20 and below could allow an attacker to read arbitrary files from the file system. Please note: an attacker must first obtain compromised access to the target Deep Security...

moleculer-rabbitmq-extend-delay (=1.1.12) potentially affected by CVE-2020-7715 +1 more via deep-get-set (=1.1.1)

deep-get-set NPM version =1.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on deep-get-set and may be impacted: - moleculer-rabbitmq-extend-delay =1.1.12 Source cves: CVE-2020-7715, CVE-2022-21231 Source advisory: SNYK:JS-DEEPGETSET-2342655...

Prototype Pollution

Overview deep-get-set is a Set and get values on objects via dot-notation strings. Affected versions of this package are vulnerable to Prototype Pollution via the 'deep' function. Note: This vulnerability derives from an incomplete fix of CVE-2020-7715 POC: js let deep = require'deep-get-set';...

CVE-2022-22157

A traffic classification vulnerability in Juniper Networks Junos OS on the SRX Series Services Gateways may allow an attacker to bypass Juniper Deep Packet Inspection JDPI rules and access unauthorized networks or resources, when 'no-syn-check' is enabled on the device. JDPI incorrectly classifie...