Mageia: Security Advisory (MGASA-2014-0485)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2017-0083)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RUSTSEC-2022-0048 xml-rs is Unmaintained

xml-rs is a XML parser has open issues around parsing including integer overflows / panics that may or may not be an issue with untrusted data. Together with these open issues with Unmaintained status xml-rs may or may not be suited to parse untrusted data. Alternatives - quick-xml...

SUSE SLED15 / SLES15 Security Update : p11-kit (SUSE-SU-2021:4154-1)

The remote SUSE Linux SLED15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:4154-1 advisory. - An issue was discovered in p11-kit 0.21.1 through 0.23.21. Multiple integer overflows have been discovered in the array allocatio...

SUSE: Security Advisory (SUSE-SU-2021:4154-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2021:4154-1 Security update for p11-kit

This update for p11-kit fixes the following issues: - CVE-2020-29361: Fixed multiple integer overflows in rpc code bsc1180064 - Add support for CKANSSSERVER,EMAILDISTRUSTAFTER bsc1187993...

Security update for p11-kit (important)

openSUSE Security Update: Security update for p11-kit Announcement ID: openSUSE-SU-2021:4154-1 Rating: important References: 1180064 1187993 Cross-References: CVE-2020-29361 CVSS scores: CVE-2020-29361 NVD : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-29361 SUSE: 7.5...

Google TensorFlow Data Falsification Issue Vulnerability

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. Google TensorFlow suffers from a data forgery vulnerability that stems from a lack of validation of invalid file formats in the checkpoint loading infrastructure, which can be exploited by an...

Missing validation during checkpoint loading

Impact An attacker can trigger undefined behavior, integer overflows, segfaults and CHECK-fail crashes if they can change saved checkpoints from outside of TensorFlow. This is because the checkpoints loading infrastructure is missing validation for invalid file formats. Patches We have patched th...

CVE-2021-41203

TensorFlow is an open source platform for machine learning. In affected versions an attacker can trigger undefined behavior, integer overflows, segfaults and CHECK-fail crashes if they can change saved checkpoints from outside of TensorFlow. This is because the checkpoints loading infrastructure ...

PYSEC-2021-396

TensorFlow is an open source platform for machine learning. In affected versions an attacker can trigger undefined behavior, integer overflows, segfaults and CHECK-fail crashes if they can change saved checkpoints from outside of TensorFlow. This is because the checkpoints loading infrastructure ...

CVE-2021-41203 Missing validation during checkpoint loading

TensorFlow is an open source platform for machine learning. In affected versions an attacker can trigger undefined behavior, integer overflows, segfaults and CHECK-fail crashes if they can change saved checkpoints from outside of TensorFlow. This is because the checkpoints loading infrastructure ...

CVE-2021-41203

TensorFlow is an open source platform for machine learning. In affected versions an attacker can trigger undefined behavior, integer overflows, segfaults and CHECK-fail crashes if they can change saved checkpoints from outside of TensorFlow. This is because the checkpoints loading infrastructure ...

NewStart CGSL CORE 5.05 / MAIN 5.05 : grub2 Multiple Vulnerabilities (NS-SA-2021-0139)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has grub2 packages installed that are affected by multiple vulnerabilities: - A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw...

NewStart CGSL MAIN 6.02 : chrony Multiple Vulnerabilities (NS-SA-2021-0127)

The remote NewStart CGSL host, running version MAIN 6.02, has chrony packages installed that are affected by multiple vulnerabilities: - Multiple integer overflows in pktlength.c in Chrony before 1.29 allow remote attackers to cause a denial of service crash via a crafted 1 REQSUBNETSACCESSED or ...

Important: Red Hat Security Advisory: Red Hat OpenStack Platform 10.0 (redis) security update

An update for redis is now available for Red Hat OpenStack Platform 10 Newton. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...

Redis input validation error vulnerability

Hiredis is a C client for Redis databases. Hiredis suffers from a security vulnerability that allows attackers to provide maliciously crafted or corrupted RESP, mult-bulk protocol data that can lead to integer overflows. No detailed vulnerability details are currently available...

Overflow in the mint function of ConcentratedLiquidityPool causes LPs' funds to be stolen

Handle broccoli Vulnerability details Impact Similar to a previous finding in the IndexPool contract, the mint function of ConcentratedLiquidityPool allows integer overflows when checking the balance is larger or equal to the received amount of token plus the reserve. As a result, the attacker...

SUSE: Security Advisory (SUSE-SU-2021:2777-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

UBUNTU-CVE-2021-21854

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked addition arithmetic resulting in a heap-based buffer overflo...