CVE-2021-37646 Bad alloc in `StringNGrams` caused by integer conversion in TensorFlow

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of tf.rawops.StringNGrams is vulnerable to an integer overflow issue caused by converting a signed integer value to an unsigned one and then allocating memory based on this value. The...

LSN-0079-1: Kernel Live Patch Security Notice

It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations. A local attacker could use this to possibly execute arbitrary code.CVE-2021-3600 It was discovered that the virtual file system...

USN-5014-1: Linux kernel vulnerability

It was discovered that the virtual file system implementation in the Linux kernel contained an unsigned to signed integer conversion error. A local attacker could use this to cause a denial of service system crash or execute arbitrary code...

USN-5016-1: Linux kernel vulnerabilities

It was discovered that the virtual file system implementation in the Linux kernel contained an unsigned to signed integer conversion error. A local attacker could use this to cause a denial of service system crash or execute arbitrary code. CVE-2021-33909 Or Cohen and Nadav Markus discovered a...

EIP Stack Group OpENer Ethernet/IP UDP handler information disclosure vulnerability

Summary An information disclosure vulnerability exists in the Ethernet/IP UDP handler functionality of EIP Stack Group OpENer 2.3 and development commit 8c73bf3. A specially crafted network request can lead to an out-of-bounds read. Tested Versions EIP Stack Group OpENer 2.3 EIP Stack Group OpENe...

CVE-2020-15225

django-filter is a generic system for filtering Django QuerySets based on user selections. In django-filter before version 2.4.0, automatically generated NumberFilter instances, whose value was later converted to an integer, were subject to potential DoS from maliciously input using exponential...

SoftMaker Office TextMaker Document Record 0x003f integer conversion vulnerability

Summary An exploitable signed conversion vulnerability exists in the TextMaker document parsing functionality of SoftMaker Office 2021’s TextMaker application. A specially crafted document can cause the document parser to miscalculate a length used to allocate a buffer, later upon usage of this...

GHSA-X7GM-RFGV-W973 Potential DoS with NumberFilter conversion to integer values.

Impact Automatically generated NumberFilter instances, whose value was later converted to an integer, were subject to potential DoS from maliciously input using exponential format with sufficiently large exponents. Patches Version 2.4.0+ applies a MaxValueValidator with a a default limitvalue of...

Design/Logic Flaw

An issue was discovered in adns before 1.5.2. adnsrrinfo mishandles a bogus datap. The general pattern for formatting integers is to sprintf into a fixed-size buffer. This is correct if the input is in the right range; if it isn't, the buffer may be overrun depending on the sizes of the types on...

NewStart CGSL MAIN 4.05 : libguestfs Vulnerability (NS-SA-2019-0110)

The remote NewStart CGSL host, running version MAIN 4.05, has libguestfs packages installed that are affected by a vulnerability: - An integer conversion flaw was found in the way OCaml's String handled its length. Certain operations on an excessively long String could trigger a buffer overflow o...

Remote Code Execution (RCE)

stunnel is vulnerable to remote code execution RCE attacks. The vulnerability exists as stunnel 4.21 through 4.54, when CONNECT protocol negotiation and NTLM authentication are enabled, does not correctly perform integer conversion, which allows remote proxy servers to execute arbitrary code via ...

Mozilla Thunderbird Integer Overflow Vulnerability (MFSA2018-26, MFSA2018-28) - Windows

Mozilla Thunderbird is prone to an integer overflow vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Fedora 27 : php (2018-12f92ff831)

PHP version 7.1.16 29 Mar 2018 Core: - Fixed bug php76025 Segfault while throwing exception in errorhandler. Dmitry, Laruence - Fixed bug php76044 'date: illegal option -- -' in ./configure on FreeBSD. Anatol FPM: - Fixed bug php75605 Dumpable FPM child processes allow bypassing opcache access...

Scientific Linux Security Update : libguestfs on SL6.x x86_64 (20170321)

Security Fixes : - An integer conversion flaw was found in the way OCaml's String handled its length. Certain operations on an excessively long String could trigger a buffer overflow or result in an information leak. CVE-2015-8869 Note: The libguestfs packages in this advisory were rebuilt with a...

Scientific Linux Security Update : ocaml on SL6.x i386/x86_64 (20170321)

Security Fixes : - An integer conversion flaw was found in the way OCaml's String handled its length. Certain operations on an excessively long String could trigger a buffer overflow or result in an information leak. CVE-2015-8869 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descripti...

CentOS 6 : ocaml (CESA-2017:0565)

An update for ocaml is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

ocaml security update

CentOS Errata and Security Advisory CESA-2017:0565 An update for ocaml is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

libguestfs, ocaml, perl, python, ruby security update

CentOS Errata and Security Advisory CESA-2017:0564 An update for libguestfs is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severi...

RHEL 6 : libguestfs (RHSA-2017:0564)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2017:0564 advisory. The libguestfs packages contain a library, which is used for accessing and modifying virtual machine VM disk images. Security Fixes: An integer...

RHEL 6 : ocaml (RHSA-2017:0565)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2017:0565 advisory. OCaml is a high-level, strongly-typed, functional, and object-oriented programming language from the ML family of languages. The ocaml packages conta...