Google TensorFlow 缓冲区错误漏洞

Google TensorFlow is an end-to-end open source machine learning platform. A heap out-of-bounds read vulnerability exists in the Minimum and Maximum operators in Google TensorFlow. No detailed vulnerability details are currently available...

PT-2021-18341 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.5.0 TensorFlow versions 2.4.2 and earlier TensorFlow versions 2.3.3 and earlier TensorFlow versions 2.2.3 and earlier TensorFlow versions 2.1.4 and earlier Description: The implementations of the Minimum and...

NIST and HIPAA: Is There a Password Connection?

When dealing with user data, it's essential that we design our password policies around compliance. These policies are defined both internally and externally. While companies uphold their own password standards, outside forces like HIPAA and NIST have a heavy influence. Impacts are defined by...

InveighZero - Windows C# LLMNR/mDNS/NBNS/DNS/DHCPv6 Spoofer/Man-In-The-Middle Tool

InveighZero is a C LLMNR/NBNS/mDNS/DNS/DHCPv6 spoofer and man-in-the-middle tool designed to assist penetration testers/red teamers that find themselves limited to a Windows system. This version shares many features with the PowerShell version of Inveigh. Privileged Mode Features elevated admin...

CVE-2021-21341

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is vulnerability which may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of...

Signature validation bypass in ServiceStack

ServiceStack before 5.9.2 mishandles JWT signature verification unless an application has a custom ValidateToken function that establishes a valid minimum length for a signature...

GHSA-V5RV-HPXG-8X49 Signature validation bypass in ServiceStack

ServiceStack before 5.9.2 mishandles JWT signature verification unless an application has a custom ValidateToken function that establishes a valid minimum length for a signature...

How Does Your AD Password Policy Compare to NIST's Password Recommendations?

End-user passwords are one of the weakest components of your overall security protocols. Most users tend to reuse passwords across work and personal accounts. They may also choose relatively weak passwords that satisfy company password policies but can be easily guessed or brute-forced. Your user...

Security Bulletin: IBM Cloud Pak System addressed vulnerabilities (CVE-2019-11479, CVE-2019-11478, CVE-2019-11477)

Summary IBM Cloud Pak System identified vulnerabilities in SAN VC supporting products. IBM announced a new release for IBM Cloud Pak System in response to vulnerabilities. Vulnerability Details CVEID: CVE-2019-11477 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an...

Buffer Error Vulnerability in Multiple Qualcomm Products

A Qualcomm chip is a chip from Qualcomm Incorporated USA. a way to miniaturize circuits mainly semiconductor devices, but also passive components, etc. and are manufactured from time to time on the surface of semiconductor wafers. A buffer error vulnerability exists in multiple Qualcomm products...

GaussDB Kernel: Configuring the Minimum Audit Log File Retention Period

The parameter auditfileremaintime specifies the minimum period for storing audit logs. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This...

HPSBHF03701 rev. 2 - Intel® Ethernet 700 Series Controller November 2020 Security Update

Potential Security Impact Escalation of Privilege, Denial of Service Source: HP, HP Product Security Response Team PSRT Reported by: Intel VULNERABILITY SUMMARY Intel has informed HP of potential security vulnerabilities identified in the Intel® Ethernet 700 Series Controllers which might allow...

CVE-2020-28042

ServiceStack before 5.9.2 mishandles JWT signature verification unless an application has a custom ValidateToken function that establishes a valid minimum length for a signature...

CVE-2020-28042

ServiceStack before 5.9.2 mishandles JWT signature verification unless an application has a custom ValidateToken function that establishes a valid minimum length for a signature...

Code injection

ServiceStack before 5.9.2 mishandles JWT signature verification unless an application has a custom ValidateToken function that establishes a valid minimum length for a signature...

CVE-2020-28042

ServiceStack before 5.9.2 mishandles JWT signature verification unless an application has a custom ValidateToken function that establishes a valid minimum length for a signature...

Brocade Fabric OS and SANnav Vulnerabilities - Lenovo Support US

No description provided...

Linux: minclass in pam_pwquality.so

The pampwquality module can be plugged into the password stack of a given service to provide some plug-in strength-checking for passwords. The code was originally based on pamcracklib module and the module is backwards compatible with its options. - minclass: The minimum number of required classe...

HPSBHF03669 rev. 2 - Intel® 2020.1 IPU BIOS Security Updates

Potential Security Impact Escalation of Privilege, Denial of Service Source: HP, HP Product Security Response Team PSRT Reported By: Intel® VULNERABILITY SUMMARY HP has been notified by Intel of a potential security vulnerabilities in BIOS firmware for Intel® processors that may allow escalation ...

[SECURITY] Fedora 31 Update: light-1.2.2-1.fc31

Light is a program to control backlight controllers under GNU/Linux, it is the successor of lightscript, which was a bash script with the same purpose, and tries to maintain the same functionality. Features - Works excellent where other software have been proven unusable or problematic, thanks to...