PT-2021-18340 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.5.0 TensorFlow version 2.4.2 TensorFlow version 2.3.3 TensorFlow version 2.2.3 TensorFlow version 2.1.4 Description: The reference implementation of the GatherNd TFLite operator is vulnerable to a division by ze...

PT-2021-18297 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.5.0 TensorFlow versions 2.1.4 through 2.4.2 Description: An attacker can trigger an integer division by zero undefined behavior in tf.raw ops.QuantizedBiasAdd. This is because the implementation of the Eigen...

PT-2021-18319 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.5.0 TensorFlow versions 2.4.2 and earlier TensorFlow versions 2.3.3 and earlier TensorFlow versions 2.2.3 and earlier TensorFlow versions 2.1.4 and earlier Description: An attacker can trigger undefined behavior...

PT-2021-18316 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.5.0 TensorFlow versions 2.4.2 and earlier TensorFlow versions 2.3.3 and earlier TensorFlow versions 2.2.3 and earlier TensorFlow versions 2.1.4 and earlier Description: An attacker can trigger a null pointer...

PT-2021-18287 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.5.0 TensorFlow versions 2.4.2 and earlier TensorFlow versions 2.3.3 and earlier TensorFlow versions 2.2.3 and earlier TensorFlow versions 2.1.4 and earlier Description: An attacker can cause a heap buffer overfl...

PT-2021-18332 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.5.0 TensorFlow versions 2.4.2 and earlier TensorFlow versions 2.3.3 and earlier TensorFlow versions 2.2.3 and earlier TensorFlow versions 2.1.4 and earlier Description: Due to lack of validation in tf.raw...

CVE-2021-28678

A flaw was found in python-pillow. BlpImagePlugin did not properly check that reads after jumping to file offsets returned data. This could lead to a denial-of-service where the decoder could be run a large number of times on empty data. Mitigation To mitigate this feature on Red Hat Quay keep th...

PT-2021-17899 · Pillow +9 · Pillow +9

Name of the Vulnerable Software and Affected Versions: Pillow versions prior to 8.2.0 Description: An issue was discovered in Pillow where the BlpImagePlugin did not properly check that reads, after jumping to file offsets, returned data for BLP data. This could lead to a denial of service DoS...

OESA-2021-1164 glib2 security update

GLib is a bundle of three formerly five low-level system libraries written in C and developed mainly by GNOME. GLib's code was separated from GTK, so it can be used by software other than GNOME and has been developed in parallel ever since. Security Fixes: An issue was discovered in GNOME GLib...

Privilege Escalation

linux-pam:edge is vulnerable to Privilege Escalation. A flaw is found in the way it handles empty passwords for non-existing users. When the user doesn't exist PAM try to authenticate with root and in the case of an empty password it successfully authenticate...

Security Bulletin: Vulnerabilities in WebSphere Application Server affect IBM Rational products based on IBM Jazz technology

Summary There are vulnerabilities in IBM WebSphere Application Server bundled with IBM Jazz Team Server based Applications that affect the following products: Collaborative Lifecycle Management CLM, Rational DOORS Next Generation RDNG, Rational Engineering Lifecycle Manager RELM, Rational Team...

envoyproxy/envoy: crash with empty HTTP/2 metadata map

A flaw was found in envoyproxy. An attacker, able to craft an HTTP2 request that specifies an empty metadata map, can crash envoy resulting in a denial of service due to the null reference. The highest threat from this vulnerability is to system availability...

PT-2021-12084 · Unknown · Golang-Nanoauth

Name of the Vulnerable Software and Affected Versions: golang-nanoauth versions v0.0.0-20160722212129-ac0cc4484ad4 through v0.0.0-20200131131040-063a3fb69896 Description: The issue concerns a global bypass of authentication in the golang-nanoauth library. When the ListenAndServe function is calle...

CVE-2021-23372

All versions of package mongo-express are vulnerable to Denial of Service DoS when exporting an empty collection as CSV, due to an unhandled exception, leading to a crash...

Design/Logic Flaw

All versions of package mongo-express are vulnerable to Denial of Service DoS when exporting an empty collection as CSV, due to an unhandled exception, leading to a crash...

CVE-2021-23372 Denial of Service (DoS)

All versions of package mongo-express are vulnerable to Denial of Service DoS when exporting an empty collection as CSV, due to an unhandled exception, leading to a crash...

CVE-2021-23372

All versions of package mongo-express are vulnerable to Denial of Service DoS when exporting an empty collection as CSV, due to an unhandled exception, leading to a crash...

CVE-2021-24219

The Thrive Optimize WordPress plugin before 1.4.13.3, Thrive Comments WordPress plugin before 1.4.15.3, Thrive Headline Optimizer WordPress plugin before 1.3.7.3, Thrive Leads WordPress plugin before 2.3.9.4, Thrive Ultimatum WordPress plugin before 2.3.9.4, Thrive Quiz Builder WordPress plugin...

VulnCheck KEV: CVE-2019-13372

/web/Lib/Action/IndexAction.class.php in D-Link Central WiFi Manager CWM100 before v1.03R0100BETA6 allows remote attackers to execute arbitrary PHP code via a cookie because a cookie's username field allows eval injection, and an empty password bypasses authentication...

PT-2021-15763

Name of the Vulnerable Software and Affected Versions: Thrive Optimize WordPress plugin versions prior to 1.4.13.3 Thrive Comments WordPress plugin versions prior to 1.4.15.3 Thrive Headline Optimizer WordPress plugin versions prior to 1.3.7.3 Thrive Leads WordPress plugin versions prior to 2.3.9...