libpng: LIBPNG has a heap buffer overflow in png_set_quantize

A heap based buffer overflow flaw has been discovered in LibPNG. Prior to version 1.6.55, an out-of-bounds read vulnerability exists in the pngsetquantize API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported b...

EUVD-2021-2217

Malware in sbrugna...

EUVD-2021-0361

Malware in sbrugna...

EUVD-2021-0432

Malware in sbrugna...

CVE-2021-37635

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of sparse reduction operations in TensorFlow can trigger accesses outside of bounds of heap allocated data. The implementation fails to validate that each reduction group does not overfl...

Huawei EulerOS: Security Advisory for perl (EulerOS-SA-2024-1418)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.11.1 : perl (EulerOS-SA-2024-1418)

According to the versions of the perl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In Perl before 5.38.2, Sparseunipropstring in regcomp.c can write to unallocated space because a property name associated with a \p...

BIT-TENSORFLOW-2020-15198 Heap buffer overflow in Tensorflow

In Tensorflow before version 2.3.1, the SparseCountSparseOutput implementation does not validate that the input arguments form a valid sparse tensor. In particular, there is no validation that the indices tensor has the same shape as the values one. The values in these tensors are always accessed...

BIT-TENSORFLOW-2021-29532 Heap out of bounds read in `RaggedCross`

TensorFlow is an end-to-end open source platform for machine learning. An attacker can force accesses outside the bounds of heap allocated arrays by passing in invalid tensor values to tf.rawops.RaggedCross. This is because the...

BIT-TENSORFLOW-2021-29559 Heap OOB access in unicode ops

TensorFlow is an end-to-end open source platform for machine learning. An attacker can access data outside of bounds of heap allocated array in tf.rawops.UnicodeEncode. This is because the...

BIT-TENSORFLOW-2021-29609 Incomplete validation in `SparseAdd`

TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in SparseAdd results in allowing attackers to exploit undefined behavior dereferencing null pointers as well as write outside of bounds of heap allocated data. The...

BIT-TENSORFLOW-2021-37651 Heap buffer overflow in `FractionalAvgPoolGrad` in TensorFlow

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for tf.rawops.FractionalAvgPoolGrad can be tricked into accessing data outside of bounds of heap allocated buffers. The implementation does not validate that the input tensor is non-empt...

BIT-TENSORFLOW-2021-37685 Heap OOB in TensorFlow Lite

TensorFlow is an end-to-end open source platform for machine learning. In affected versions TFLite's expanddims.cc contains a vulnerability which allows reading one element outside of bounds of heap allocated data. If axis is a large negative value e.g., -100000, then after the first if it would...

BIT-TENSORFLOW-2021-41205 Heap OOB read in all `tf.raw_ops.QuantizeAndDequantizeV*` ops

TensorFlow is an open source platform for machine learning. In affected versions the shape inference functions for the QuantizeAndDequantizeV operations can trigger a read outside of bounds of heap allocated array. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit ...

BIT-TENSORFLOW-2021-41210 Heap OOB read in `tf.raw_ops.SparseCountSparseOutput`

TensorFlow is an open source platform for machine learning. In affected versions the shape inference functions for SparseCountSparseOutput can trigger a read outside of bounds of heap allocated array. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow...

CVE-2022-23088

CVE-2022-23088 affects FreeBSD’s net80211 802.11 beacon handling. The issue is a heap-buffer overflow caused by not validating the length of the IEEE 802.11s Mesh ID before copying it to a heap buffer, which can allow remote code execution when a FreeBSD Wi‑Fi client is in scanning mode and proce...

Huawei EulerOS: Security Advisory for perl (EulerOS-SA-2024-1110)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP11 : perl (EulerOS-SA-2024-1110)

According to the versions of the perl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In Perl before 5.38.2, Sparseunipropstring in regcomp.c can write to unallocated space because a property name associated with a \p... regular...

CentOS 7 : curl (RHSA-2023:7743)

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:7743 advisory. - A use after free vulnerability exists in curl 7.87.0. Curl can be asked to tunnel virtually all protocols it supports through an HTTP proxy. HTTP proxies can...

CVE-2023-47038

A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer...