Google TensorFlow 代码问题漏洞

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. Google TensorFlow suffers from a code issue vulnerability that stems from TensorFlow triggering null pointer dereferences if default settings are used when building the XLA compilation cache. No...

CVE-2020-9058

Z-Wave devices based on Silicon Labs 500 series chipsets using CRC-16 encapsulation, including but likely not limited to the Linear LB60Z-1 version 3.5, Dome DM501 version 4.26, and Jasco ZW4201 version 4.05, do not implement encryption or replay protection...

Code injection

Z-Wave devices based on Silicon Labs 500 series chipsets using CRC-16 encapsulation, including but likely not limited to the Linear LB60Z-1 version 3.5, Dome DM501 version 4.26, and Jasco ZW4201 version 4.05, do not implement encryption or replay protection...

CVE-2020-9058

Z-Wave devices based on Silicon Labs 500 series chipsets using CRC-16 encapsulation, including but likely not limited to the Linear LB60Z-1 version 3.5, Dome DM501 version 4.26, and Jasco ZW4201 version 4.05, do not implement encryption or replay protection...

CVE-2020-9057

CVE-2020-9057 covers Z-Wave devices using Silicon Labs 100/200/300 series chipsets that do not support encryption. The vulnerability stems from the Z-Wave specification for these legacy chips, allowing an attacker in radio range to take control of or cause a DoS, and to capture/replay traffic. Fi...

CVE-2021-40110 Apache James IMAP vulnerable to a ReDoS

In Apache James, using Jazzer fuzzer, we identified that an IMAP user can craft IMAP LIST commands to orchestrate a Denial Of Service using a vulnerable Regular expression. This affected Apache James prior to 3.6.1 We recommend upgrading to Apache James 3.6.1 or higher , which enforce the use of...

OESA-2021-1478 openblas security update

An optimized BLAS library based on GotoBLAS2 1.13 BSD version. Security Fixes: An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. Specially crafted inputs passed to these...

Cannot use most piecewise linear functions with current implementation

Handle cmichel Vulnerability details The ThreePieceWiseLinearPriceCurve.adjustParams function uses three functions f1, f2, f3 where yi = fixi. It computes the y-axis intersect b2 = f20, b3 = f30 for each of these but uses unsigned integers for this, which means these values cannot become negative...

rong comment in getFee

Handle cmichel Vulnerability details The ThreePieceWiseLinearPriceCurve.getFee comment states that the total + the input must be less than the cap: If dollarCap == 0, then it is not capped. Otherwise, then the total + the total input must be less than the cap. The code only checks if the input is...

Fedora: Security Advisory for lapack (FEDORA-2021-0d4b58060d)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for lapack (FEDORA-2021-aec9d01057)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Blackmagic Design DaVinci Resolve R3D DPDecoder Service frame decoding heap-based buffer overflow vulnerability

Summary When parsing a file that is submitted to the DPDecoder service as a job, the service will use the combination of decoding parameters that were submitted with the job along with fields that were parsed for the submitted video by the R3D SDK to calculate the size of a heap buffer. Due to an...

Blackmagic Design DaVinci Resolve R3D DPDecoder Service frame parsing uninitialized uuid object vulnerability

Summary When parsing a file that is submitted to the DPDecoder service as a job, the R3D SDK will mistakenly skip over the assignment of a property containing an object referring to a UUID that was parsed from a frame within the video container. Upon destruction of the object that owns it, the...

[SECURITY] Fedora 35 Update: lapack-3.10.0-4.fc35

LAPACK Linear Algebra PACKage is a standard library for numerical linear algebra. LAPACK provides routines for solving systems of simultaneous linear equations, least-squares solutions of linear systems of equations, eigenvalue problems, and singular value problems. Associated matrix factorizatio...

[SECURITY] Fedora 34 Update: lapack-3.9.0-7.fc34

LAPACK Linear Algebra PACKage is a standard library for numerical linear algebra. LAPACK provides routines for solving systems of simultaneous linear equations, least-squares solutions of linear systems of equations, eigenvalue problems, and singular value problems. Associated matrix factorizatio...

Adobe Premiere Pro memory corruption vulnerability

Adobe Premiere Pro is a suite of non-linear editing video editing software from Adobe. Adobe Premiere Pro in version 15.4 and earlier is vulnerable to a memory corruption vulnerability that stems from an incorrect restriction on operations within the scope of a memory buffer vulnerability. An...

[SECURITY] Fedora 34 Update: python-mpmath-1.2.1-2.fc34

Mpmath is a pure-Python library for multiprecision floating-point arithmetic. It provides an extensive set of transcendental functions, unlimited exponent sizes, complex numbers, interval arithmetic, numerical integration and differentiation, root-finding, linear algebra, and much more. Almost an...

PT-2021-22895 · Openblas +10 · Openblas +10

Name of the Vulnerable Software and Affected Versions: lapack versions 3.10.0 and earlier OpenBLAS versions 0.3.18 and earlier Description: An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions. Specially crafted inputs passed to these functions could cause an...

I Am Parting With My Crypto Library

The time has come for me to find a new home for my paper cryptography library. Its about 150 linear feet of books, conference proceedings, journals, and monographs -- mostly from the 1980s, 1990s, and 2000s. My preference is that it goes to an educational institution, but will consider a corporat...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2021-20517)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera,...