454 matches found
Fedora: Security Advisory for snapd (FEDORA-2022-82bea71e5a)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Wrong pragma
Lines of code Vulnerability details Impact Use a buggy version of solidity with immutable. Proof of Concept The contract use immutable, and this solidity version defined in the pragma has some issues with them, as you can see here. Recommended Mitigation Steps Use at least 0.8.9 --- The text was...
PYSEC-2022-142
Tensorflow is an Open Source Machine Learning Framework. If a graph node is invalid, TensorFlow can leak memory in the implementation of ImmutableExecutorState::Initialize. Here, we set item-kernel to nullptr but it is a simple OpKernel pointer so the memory that was previously allocated to it...
PYSEC-2022-87
Tensorflow is an Open Source Machine Learning Framework. If a graph node is invalid, TensorFlow can leak memory in the implementation of ImmutableExecutorState::Initialize. Here, we set item-kernel to nullptr but it is a simple OpKernel pointer so the memory that was previously allocated to it...
CVE-2022-23578
Tensorflow is an Open Source Machine Learning Framework. If a graph node is invalid, TensorFlow can leak memory in the implementation of ImmutableExecutorState::Initialize. Here, we set item-kernel to nullptr but it is a simple OpKernel pointer so the memory that was previously allocated to it...
PT-2022-16095 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.8.0 TensorFlow versions 2.7.1 and earlier TensorFlow versions 2.6.3 and earlier TensorFlow versions 2.5.3 and earlier Description: The issue arises when a graph node is invalid, causing TensorFlow to leak memory...
Mageia: Security Advisory (MGASA-2021-0207)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Out-of-bounds Write in actix-web
An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can unsoundly coerce an immutable reference into a mutable reference, leading to memory corruption...
SAILFISH System to Find State-Inconsistency Bugs in Smart Contracts
A group of academics from the University of California, Santa Barbara, has demonstrated what it calls a "scalable technique" to vet smart contracts and mitigate state-inconsistency bugs, discovering 47 zero-day vulnerabilities on the Ethereum blockchain in the process. Smart contracts are program...
CVE-2018-25024
An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can unsoundly coerce an immutable reference into a mutable reference, leading to memory corruption...
UBUNTU-CVE-2018-25024
An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can unsoundly coerce an immutable reference into a mutable reference, leading to memory corruption...
Best practices in WAF gateways to meet the demands of digital transformation
Every day, digital transformation is changing every organization’s threat landscape. As a result, they are facing a dilemma about where and how to deploy their application security solution. One of the most common approaches that organizations take is to deploy a reverse proxy security solution i...
PYSEC-2021-834
TensorFlow is an open source platform for machine learning. In affected versions the ImmutableConst operation in TensorFlow can be tricked into reading arbitrary memory contents. This is because the tstring TensorFlow string class has a special case for memory mapped strings but the operation...
Siemens SINEMA Remote Connect Server
1. EXECUTIVE SUMMARY CVSS v3 7.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SINEMA Remote Connect Server Vulnerabilities: Modification of Assumed-Immutable Data, Improper Access Control, Exposure of Sensitive Information to an Unauthorized Actor, Improper...
GHSA-9WGH-VJJ7-7433 Mutable reference with immutable provenance in image
A mutable reference to a struct was constructed by dereferencing a pointer obtained from slice::asptr. Instead, slice::asmutptr should have been called on the mutable slice argument. The former performs an implicit reborrow as an immutable shared reference which does not allow writing through the...
ERC20Rewards.sol: Consider making rewardsToken immutable
Handle hickuphh3 Vulnerability details Impact While it might seem like a good feature to have, being able to switch reward tokens will only be useful for tokens which are equivalent in value probably stablecoins, pegged tokens since it carries over unclaimed rewards from the previous reward...
merge-change 软件包安全漏洞
merge-change is an open source simple library for deep merging of objects and other types, also for patching and immutable new. The merge-change package has a security vulnerability that makes the package susceptible to prototype contamination via the utils.set function...
5 Steps to Improving Ransomware Resiliency
The ransomware landscape is evolving, and ransomware is now one of the most popular for cybercriminals and damaging types of malwares. The JBS, Colonial Pipeline and Kaseya attacks are the recent high-profile examples of the impact of ransomware and the monumental consequences it can have: Shifts...
CVE-2020-24516
Modification of assumed-immutable data in subsystem in IntelR CSME versions before 13.0.47, 13.30.17, 14.1.53, 14.5.32, 15.0.22 may allow an unauthenticated user to potentially enable escalation of privilege via physical access...
Privilege escalation
Modification of assumed-immutable data in subsystem in IntelR CSME versions before 13.0.47, 13.30.17, 14.1.53, 14.5.32, 15.0.22 may allow an unauthenticated user to potentially enable escalation of privilege via physical access...