EUVD-2019-16170

Malware in sbrugna...

CVE-2024-31142

Because of a logical error in XSA-407 Branch Type Confusion, the mitigation is not applied properly when it is intended to be used. XSA-434 Speculative Return Stack Overflow uses the same infrastructure, so is equally impacted. For more details, see: https://xenbits.xen.org/xsa/advisory-407.html...

CVE-2024-31142 x86: Incorrect logic for BTC/SRSO mitigations

Because of a logical error in XSA-407 Branch Type Confusion, the mitigation is not applied properly when it is intended to be used. XSA-434 Speculative Return Stack Overflow uses the same infrastructure, so is equally impacted. For more details, see: https://xenbits.xen.org/xsa/advisory-407.html...

Fedora 40 : xen (2024-a46df5ba2f)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-a46df5ba2f advisory. x86: Native Branch History Injection XSA-456, CVE-2024-2201 update to xen 4.18.2, remove patches now included upstream x86 HVM hypercalls may trigge...

CVE-2022-2789

Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulnerable to CWE-345 Insufficient Verification of Data Authenticity, and can display logic that is different than the compiled logic...

Incorrect Logic

x86 pv is using an incorrect logic. The vulnerability exists due to insufficient care with non-coherent mappings which allows an attacker to perform unwanted actions...

Arbitrary Code Injection

smarty/smarty is vulnerable to arbitrary code injection. The vulnerability exists due to incorrect logic in block name and include file name assignments in setting buffer for template function which allows an attacker to inject and execute malicious code...

Incorrect Logic

tensorflow is using incorrect logic. Comparison of sizet and int values is not done correctly which results in incorrect macros for writing assertions such as CHECKLT, CHECKGT, etc...

Google TensorFlow suffers from an unspecified vulnerability (CNVD-2022-44211)

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. A security vulnerability exists in Google TensorFlow versions prior to 2.9.0, prior to 2.8.1, prior to 2.7.2, and prior to 2.6.4, which stems from incorrect logic when comparing sizet when writi...

CVE-2022-29209 Type confusion leading to `CHECK`-failure based denial of service in TensorFlow

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the macros that TensorFlow uses for writing assertions e.g., CHECKLT, CHECKGT, etc. have an incorrect logic when comparing sizet and int values. Due to type conversion rules, several of t...

areOperatorsImported has incorrect logic

This issue has been created to upgrade a QA report submission to a medium severity finding. From 0xliumin: areOperatorsImported has incorrect logic Right now, this function returns false if the implementation AND the selector don't match. It's possible to provide a destination with either a...

CVE-2020-28874

reset-password.php in ProjectSend before r1295 allows remote attackers to reset a password because of incorrect business logic. Errors are not properly considered an invalid token parameter...