13 matches found
PT-2025-37980
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the XFS file system related to the handling of ENODATA errors. Specifically, the code does not properly differentiate between ENODATA errors...
kernel: ipv6: fix potential "struct net" leak in inet6_rtm_getaddr()
A flaw was discovered in the Linux kernel's IPv6 implementation, specifically within the inet6rtmgetaddr function. The issue arises when user space provides a valid IFATARGETNETNSID value but omits the IFAADDRESS and IFALOCAL attributes. In such cases, the function returns an -EINVAL error while...
CVE-2023-46270
MacPaw The Unarchiver before 4.3.6 contains vulnerability related to missing quarantine attributes for extracted items...
frr: crash from specially crafted MP_UNREACH_NLRI-containing BGP UPDATE message
A flaw was found in frr. A crash can occur when processing a crafted BGP UPDATE message with a MPUNREACHNLRI attribute and additional NLRI data that lacks mandatory path attributes...
SUSE CVE-2023-46753
An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur for a crafted BGP UPDATE message without mandatory attributes, e.g., one with only an unknown transit attribute...
New MVC Shop 1.0 SQL Injection / Missing Attributes
Title: new-mvc-shop-1.0 - SQLi + SameSite attribute weak security PHPSESSID Hijacking Author: nu11secur1ty Date: 05.29.2023 Vendor: https://chikoiquan.tanhongit.com/ Software: https://github.com/tanhongit/new-mvc-shop/releases/tag/v1.0 Reference: https://portswigger.net/web-security/sql-injection...
SUSE CVE-2017-12153
A security flaw was discovered in the nl80211setrekeydata function in net/wireless/nl80211.c in the Linux kernel through 4.13.3. This function does not check whether the required attributes are present in a Netlink request. This request can be issued by a user with the CAPNETADMIN capability and...
GHSA-9P77-MMRW-69C7 Null-dereference in Tensorflow
Impact When decoding a tensor from protobuf, TensorFlow might do a null-dereference if attributes of some mutable arguments to some operations are missing from the proto. This is guarded by a DCHECK: cc const auto attr = attrs.Findarg-s; DCHECKattr != nullptr; if attr-valuecase == AttrValue::kLis...
PYSEC-2022-79
Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, TensorFlow might do a null-dereference if attributes of some mutable arguments to some operations are missing from the proto. This is guarded by a DCHECK. However, DCHECK is a no-op in production builds...
PYSEC-2022-134
Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, TensorFlow might do a null-dereference if attributes of some mutable arguments to some operations are missing from the proto. This is guarded by a DCHECK. However, DCHECK is a no-op in production builds...
PYSEC-2022-134
Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, TensorFlow might do a null-dereference if attributes of some mutable arguments to some operations are missing from the proto. This is guarded by a DCHECK. However, DCHECK is a no-op in production builds...
Security Bulletin: Log Analysis is vulnerable to a client side scripting attack due to missing HTTPOnly and Secure attribute in the cookie
Summary A remote attacker is able to obtain sensitive information cause by the failure to set the HttpOnly and Secure attribute in the cookie. This allow attacker to intercept the transmission and obtain information from the cookie in clear text Vulnerability Details CVEID: CVE-2019-4214...
UBUNTU-CVE-2017-12153
A security flaw was discovered in the nl80211setrekeydata function in net/wireless/nl80211.c in the Linux kernel through 4.13.3. This function does not check whether the required attributes are present in a Netlink request. This request can be issued by a user with the CAPNETADMIN capability and...