Google TensorFlow 数字错误漏洞

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A denial-of-service vulnerability exists in Google TensorFlow, which stems from the fact that if Conv2D is specified as an empty input and the filter and padding sizes are valid, the output is all zeros...

Security Bulletin: Security vulnerabilities in IBM SDK for Node.js might affect the configuration editor used by IBM Business Automation Workflow and IBM Business Process Manager (BPM)

Summary Security vulnerabilities have been reported for IBM SDK for Node.js. IBM Business Automation Workflow and IBM BPM include a stand-alone tool for editing configuration properties files that is based on IBM SDK for Node.js. Vulnerability Details CVEID: CVE-2019-9517 DESCRIPTION: Multiple...

BELL-CVE-2022-2905 CVE-2022-2905 does not affect BellSoft software

Bulletin has no description...

DEBIAN-CVE-2022-31152

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix specification specifies a list of event authorization rules which must be checked when determining if an event should be accepted into a room. In versions of Synapse up to and including...

PYSEC-2022-262

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix specification specifies a list of event authorization rules which must be checked when determining if an event should be accepted into a room. In versions of Synapse up to and including...

CVE-2022-37397

An issue was discovered in the YugabyteDB 2.6.1 when using LDAP-based authentication in YCQL with Microsoft’s Active Directory. When anonymous or unauthenticated LDAP binding is enabled, it allows bypass of authentication with an empty password...

CVE-2022-37397

An issue was discovered in the YugabyteDB 2.6.1 when using LDAP-based authentication in YCQL with Microsoft’s Active Directory. When anonymous or unauthenticated LDAP binding is enabled, it allows bypass of authentication with an empty password...

golang.org/x/crypto: empty plaintext packet causes panic

There's an input validation flaw in golang.org/x/crypto's readCipherPacket function. An unauthenticated attacker who sends an empty plaintext packet to a program linked with golang.org/x/crypto/ssh could cause a panic, potentially leading to denial of service...

GSD-2022-1004920 xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue

xen/netback: avoid entering xenvifrxnextskb with an empty rx queue This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.9.324 by commit...

GSD-2022-1004869 xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue

xen/netback: avoid entering xenvifrxnextskb with an empty rx queue This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.289 by commit...

GSD-2022-1004801 xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue

xen/netback: avoid entering xenvifrxnextskb with an empty rx queue This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.253 by commit...

GSD-2022-1004417 xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue

xen/netback: avoid entering xenvifrxnextskb with an empty rx queue This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.56 by commit...

CVE-2022-26117

An empty password in configuration file vulnerability CWE-258 in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.3 and below may allow an authenticated attacker to access the MySQL databases via the CLI...

CVE-2022-26117

An empty password in configuration file vulnerability CWE-258 in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.3 and below may allow an authenticated attacker to access the MySQL databases via the CLI...

Design/Logic Flaw

An empty password in configuration file vulnerability CWE-258 in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.3 and below may allow an authenticated attacker to access the MySQL databases via the CLI...

USN-5506-1 nss vulnerabilities

Tavis Ormandy discovered that NSS incorrectly handled an empty pkcs7 sequence. A remote attacker could possibly use this issue to cause NSS to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 21.10. CVE-2022-22747 Ronald Crane...

PT-2022-3643 · Fortinet · Fortinac

Name of the Vulnerable Software and Affected Versions: FortiNAC versions 8.3.7 and below FortiNAC versions 8.5.2 and below FortiNAC versions 8.5.4 FortiNAC version 8.6.0 FortiNAC versions 8.6.5 and below FortiNAC versions 8.7.6 and below FortiNAC versions 8.8.11 and below FortiNAC versions 9.1.5...

CLSA-2022-1655901847 Fix CVE(s): CVE-2022-2042

SECURITY UPDATE: Using uninitialized value and freed memory in spell command - debian/patches/CVE-2022-2042.patch: Initialize "attr" and check for empty line early - CVE-2022-2042...

Malicious code in sfdc-empty-chart (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6fc2d8b9c06b3b6ca1875897ebcf993a20d30c3d0c480503ac33251c1cc93aea Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-6050 Malicious code in sfdc-empty-chart (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6fc2d8b9c06b3b6ca1875897ebcf993a20d30c3d0c480503ac33251c1cc93aea Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...