PT-2021-21783 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.6.0 TensorFlow versions 2.5.1 and earlier TensorFlow versions 2.4.3 and earlier TensorFlow versions 2.3.4 and earlier Description: An attacker can cause undefined behavior via binding a reference to null pointer...

PT-2021-21791 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.6.0 TensorFlow versions 2.5.1 and earlier TensorFlow versions 2.4.3 and earlier TensorFlow versions 2.3.4 and earlier Description: An attacker can trigger a denial of service via a CHECK-fail in tf.raw...

PT-2021-21756 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.6.0 TensorFlow versions 2.5.1 and earlier TensorFlow versions 2.4.3 and earlier TensorFlow versions 2.3.4 and earlier Description: In affected versions, if the arguments to tf.raw ops.RaggedGather don't determin...

PT-2021-21789 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.6.0 TensorFlow versions 2.5.1 and earlier TensorFlow versions 2.4.3 and earlier TensorFlow versions 2.3.4 and earlier Description: An attacker can cause undefined behavior via binding a reference to null pointer...

PT-2021-21762 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.6.0 TensorFlow version 2.5.1 TensorFlow version 2.4.3 TensorFlow version 2.3.4 Description: The issue arises when a user does not supply arguments that determine a valid sparse tensor, causing the tf.raw...

PT-2021-18162 · D Link · D-Link Dsp-W215

Name of the Vulnerable Software and Affected Versions: D-Link DSP-W215 version 1.10 Description: A Null Pointer Dereference issue exists, which could allow a remote malicious user to cause a denial of service via usr/bin/lighttpd. This can be triggered by sending an HTTP request without a URL in...

Brocade Fabric OS 授权问题漏洞

Brocade Fabric OS FOS is a set of embedded operating systems used in devices such as switches and routers from Brocade USA. Brocade Fabric OS has a security vulnerability. An attacker could exploit the vulnerability to bypass restrictions via empty passwords in order to escalate their privileges...

CVE-2020-4821

IBM InfoSphere Data Replication 11.4 and IBM InfoSphere Change Data Capture for z/OS 10.2.1, under certain configurations, could allow a user to bypass authentication mechanisms using an empty password string. IBM X-Force ID: 189834...

CVE-2020-4821

IBM InfoSphere Data Replication 11.4 and IBM InfoSphere Change Data Capture for z/OS 10.2.1, under certain configurations, could allow a user to bypass authentication mechanisms using an empty password string. IBM X-Force ID: 189834...

Authentication flaw

IBM InfoSphere Data Replication 11.4 and IBM InfoSphere Change Data Capture for z/OS 10.2.1, under certain configurations, could allow a user to bypass authentication mechanisms using an empty password string. IBM X-Force ID: 189834...

CVE-2020-4821

IBM InfoSphere Data Replication 11.4 and IBM InfoSphere Change Data Capture for z/OS 10.2.1, under certain configurations, could allow a user to bypass authentication mechanisms using an empty password string. IBM X-Force ID: 189834...

IBM Cognos Controller Permissions Licensing and Access Control Issues Vulnerability

IBM Cognos Controller is a business intelligence and planning solution from IBM Corporation. The product has features such as process automation, financial audit control, and creation and management of financial reports.IBM Cognos Controller is vulnerable to privilege permission and access contro...

openSUSE 15 Security Update : avahi (openSUSE-SU-2021:1845-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1845-1 advisory. - avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via /etc/network/if-up.d/avahi-daemon, and allows...

IBM Cognos Controller 授权问题漏洞

IBM Cognos Controller is a business intelligence and planning solution from IBM Corporation. The product has features such as process automation, financial audit control, and creation and management of financial reports.IBM Cognos Controller is vulnerable to privilege permission and access contro...

CVE-2020-0417

In setNiNotification of GpsNetInitiatedHandler.java, there is a possible permissions bypass due to an empty mutable PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

CVE-2020-0417

In setNiNotification of GpsNetInitiatedHandler.java, there is a possible permissions bypass due to an empty mutable PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

WOWRestro < 1.1 - CSRF Bypass

The plugin does not properly check for CSRF in numerous of its AJAX actions, allowing attacker to make logged in users call them and perform unwanted actions, such as add/remove an item from their basket and empty it as well. To empty a user basket:...

WOWRestro < 1.1 - CSRF Bypass

The plugin does not properly check for CSRF in numerous of its AJAX actions, allowing attacker to make logged in users call them and perform unwanted actions, such as add/remove an item from their basket and empty it as well. PoC To empty a user basket:...

Trojan-Dropper.Win32.SVB.cz Authentication Bypass / Code Execution

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/d57536189430fd75e45f53845e9b3f94.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Dropper.Win32.SVB.cz Vulnerability: Authentication Bypass RCE Description: The malware listen...

GSD-2021-1000771 wireguard: allowedips: free empty intermediate nodes when removing single node

wireguard: allowedips: free empty intermediate nodes when removing single node This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.43 by commi...