27 matches found
EUVD-2026-38381
MessagePack-CSharp: Multi-dimensional array formatters allocate from unchecked dimensions...
CVE-2026-48515
MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, MessagePack-CSharp's multi-dimensional array formatters read dimension lengths directly from the payload and allocate T,, T,,, or T,,, before validating that the dimension product matches the encoded element count. T...
CVE-2026-48515 MessagePack-CSharp: Multi-dimensional array formatters allocate from unchecked dimensions
MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, MessagePack-CSharp's multi-dimensional array formatters read dimension lengths directly from the payload and allocate T,, T,,, or T,,, before validating that the dimension product matches the encoded element count. T...
CVE-2026-48515
Summary: CVE-2026-48515 affects MessagePack-CSharp. Before versions 2.5.301 and 3.1.7, multi-dimensional array formatters allocate T[,] / T[,,] / T[,,,] using dimension lengths read from the payload before validating the encoded element count, enabling large heap allocations. Impact: potential hi...
PT-2026-51399
Name of the Vulnerable Software and Affected Versions MessagePack for C versions prior to 2.5.301 MessagePack for C versions prior to 3.1.7 Description Multi-dimensional array formatters read dimension lengths directly from the payload and allocate T,, T,,, or T,,, before validating that the...
ZERO-APT: A Closed-Loop Adversarial Framework for LLM-Driven Automated Penetration Testing under Intelligent Defense
LLM-driven automated penetration testing agents are typically evaluated against static targets that neither detect nor respond to attacks, so their behavior under intelligent defense remains untested. The causal consistency of multi-step attack chains likewise hinges on unstable LLM reasoning, an...
XekRung Technical Report
We present XekRung, a frontier large language model for cybersecurity, designed to provide comprehensive security capabilities. To achieve this, we develop diverse data synthesis pipelines tailored to the cybersecurity domain, enabling the scalable construction of high-quality training data and...
MiracleLinux 7 : libcmis-0.5.1-2.el7, libpagemaker-0.0.3-1.el7, mdds-0.12.1-1.el7, libreoffice-5.0.6.2-3.el7 (AXSA:2016-852:01)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2016-852:01 advisory. libcmis LibCMIS is a C client library for working with CM content management interfaces. The primary supported interface which gave the library its...
EUVD-2022-6918
Malicious code in bioql PyPI...
Beyond Uniform Criteria: Scenario-Adaptive Multi-Dimensional Jailbreak Evaluation
Precise jailbreak evaluation is vital for LLM red teaming and jailbreak research. Current approaches employ binary classification e.g., string matching, toxic text classifiers, LLM-driven methods, yielding only "yes/no" labels without quantifying harm intensity. Existing multi-dimensional...
Qualys TotalCloud Wins “Best Cloud Security Product” at 2025 SC Awards Europe
We’re proud to announce that Qualys TotalCloud has been named “Best Cloud Security Product” at the 2025 SC Awards Europe —a recognition of our relentless drive to unify, simplify, and modernize cloud security for enterprises across the globe. In today’s complex multi-cloud world, securing...
GSDFuse: Capturing Cognitive Inconsistencies from Multi-Dimensional Weak Signals in Social Media Steganalysis
The ubiquity of social media platforms facilitates malicious linguistic steganography, posing significant security risks. Steganalysis is profoundly hindered by the challenge of identifying subtle cognitive inconsistencies arising from textual fragmentation and complex dialogue structures, and th...
CVE-2022-35992
TensorFlow is an open source platform for machine learning. When TensorListFromTensor receives an elementshape of a rank greater than one, it gives a CHECK fail that can trigger a denial of service attack. We have patched the issue in GitHub commit 3db59a042a38f4338aa207922fa2f476e000a6ee. The fi...
CVE-2022-35998
TensorFlow is an open source platform for machine learning. If EmptyTensorList receives an input elementshape with more than one dimension, it gives a CHECK fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...
GHSA-VM7X-4QHJ-RRCQ TensorFlow vulnerable to `CHECK` fail in `TensorListScatter` and `TensorListScatterV2`
Impact When TensorListScatter and TensorListScatterV2 receive an elementshape of a rank greater than one, they give a CHECK fail that can trigger a denial of service attack. python import tensorflow as tf arg0=tf.random.uniformshape=2, 2, 2, dtype=tf.float16, maxval=None...
GHSA-QHW4-WWR7-GJC5 TensorFlow vulnerable to `CHECK` fail in `EmptyTensorList`
Impact If EmptyTensorList receives an input elementshape with more than one dimension, it gives a CHECK fail that can be used to trigger a denial of service attack. python import tensorflow as tf tf.rawops.EmptyTensorListelementshape=tf.onesdtype=tf.int32, shape=1, 0,...
Google TensorFlow 安全漏洞
Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A denial-of-service vulnerability exists in Google TensorFlow, which originates when EmptyTensorList receives an input elementshape with multiple dimensions and it gives an assertion of failure. An...
PT-2022-23096 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier Description: The issue arises when EmptyTensorList receives an input element shape with more...
Apache Kylin Input Validation Error Vulnerability
Apache Kylin is an open source distributed analytic data warehouse from the Apache Foundation. The product mainly provides SQL query interface on top of Hadoop/Spark and multi-dimensional analysis OLAP and other functions. Apache kylin has an input validation error vulnerability, which stems from...
Weak Password Vulnerability in Tianrongxin Network Audit System
TA-Net supports multi-dimensional fine-grained network behavior and traffic audit analysis. There is a weak password vulnerability in TA-Net Audit System, which can be exploited by attackers to obtain sensitive information...