PYSEC-2021-637

TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's savedmodelcli tool is vulnerable to a code injection as it calls eval on user supplied strings. This can be used by attackers to run arbitrary code on the plaform where the CLI tool runs. However, given...

Mozilla: Out-of-bounds write with malicious MAR file

When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading to a potentially exploitable crash. This requires running the Mozilla Updater manually on the local system with the malicious MAR file in order to occur. Thi...

BootStomp - A Bootloader Vulnerability Finder

BootStomp is a boot-loader bug finder. It looks for two different class of bugs: memory corruption and state storage vulnerabilities. For more info please refer to the BootStomp paper at https://seclab.cs.ucsb.edu/academic/publishing/bootstomp-security-bootloaders-mobile-devices-2017 To run...

Siemens SIMATIC S7-1500 Denial of Service Vulnerability (CNVD-2016-00931)

The Siemens SIMATIC S7-1500 is a controller family with a modular structure. A denial of service vulnerability exists in Siemens SIMATIC S7-1500 versions prior to 1.8.3 when processing specially crafted TCP packets. An attacker can exploit the vulnerability to cause the CPU to automatically reboo...

Windows Malicious Software Removal Tool x64 - v5.105 (KB890830)

After the download, this tool runs one time to check your computer for infection by specific, prevalent malicious software including Blaster, Sasser, and Mydoom and helps remove any infection that is found. If an infection is found, the tool will display a status report the next time that you sta...