41 matches found
DEBIAN-CVE-2023-52678
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Confirm list is non-empty before utilizing listfirstentry in kfdtopology.c Before using listfirstentry, make sure to check that list is not empty, if list is empty return -ENODATA. Fixes the below:...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure to verify that a list is non-empty before using listfirstentry in kfdtopology.c. The vulnerability...
SUSE CVE-2021-29515
TensorFlow is an end-to-end open source platform for machine learning. The implementation of MatrixDiag operationshttps://github.com/tensorflow/tensorflow/blob/4c4f420e68f1cfaf8f4b6e8e3eb857e9e4c3ff33/tensorflow/core/kernels/linalg/matrixdiagop.ccL195-L197 does not validate that the tensor...
buildah: Default inheritable capabilities for linux container should be empty
A flaw was found in buildah, where containers were incorrectly started with non-empty default permissions. A bug was found in Moby Docker Engine where containers were incorrectly started with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs wi...
podman: Default inheritable capabilities for linux container should be empty
A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby Docker Engine, where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to...
AZL-11513 CVE-2022-27651 affecting package buildah for versions less than 1.18.0-8
A flaw was found in buildah where containers were incorrectly started with non-empty default permissions. A bug was found in Moby Docker Engine where containers were incorrectly started with non-empty inheritable Linux process capabilities, enabling an attacker with access to programs with...
CVE-2022-27650
A flaw was found in crun where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby Docker Engine where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to...
AZL-36934 CVE-2022-27651 affecting package buildah for versions less than 1.41.4-2
A flaw was found in buildah where containers were incorrectly started with non-empty default permissions. A bug was found in Moby Docker Engine where containers were incorrectly started with non-empty inheritable Linux process capabilities, enabling an attacker with access to programs with...
CVE-2022-27649
A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby Docker Engine, where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to...
DEBIAN-CVE-2022-27649
A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby Docker Engine, where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to...
crun 安全漏洞
crun is an OCI Open Container Initiative container runtime library written in C. The vulnerability is caused by a vulnerability in a product that incorrectly starts containers with non-empty default privileges. A security vulnerability exists in crun that stems from an affected product incorrectl...
PT-2021-21791 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.6.0 TensorFlow versions 2.5.1 and earlier TensorFlow versions 2.4.3 and earlier TensorFlow versions 2.3.4 and earlier Description: An attacker can trigger a denial of service via a CHECK-fail in tf.raw...
Denial Of Service (DoS)
tensorflow is vulnerable to denial of service. A NULL pointer dereference occurs in MatrixDiag ops as the implementation does not validate that the tensor arguments are non-empty...
PYSEC-2021-641
TensorFlow is an end-to-end open source platform for machine learning. The implementation of MatrixDiag operationshttps://github.com/tensorflow/tensorflow/blob/4c4f420e68f1cfaf8f4b6e8e3eb857e9e4c3ff33/tensorflow/core/kernels/linalg/matrixdiagop.ccL195-L197 does not validate that the tensor...
PYSEC-2021-152
TensorFlow is an end-to-end open source platform for machine learning. The implementation of MatrixDiag operationshttps://github.com/tensorflow/tensorflow/blob/4c4f420e68f1cfaf8f4b6e8e3eb857e9e4c3ff33/tensorflow/core/kernels/linalg/matrixdiagop.ccL195-L197 does not validate that the tensor...
PYSEC-2021-443
TensorFlow is an end-to-end open source platform for machine learning. The implementation of MatrixDiag operationshttps://github.com/tensorflow/tensorflow/blob/4c4f420e68f1cfaf8f4b6e8e3eb857e9e4c3ff33/tensorflow/core/kernels/linalg/matrixdiagop.ccL195-L197 does not validate that the tensor...
PYSEC-2021-152
TensorFlow is an end-to-end open source platform for machine learning. The implementation of MatrixDiag operationshttps://github.com/tensorflow/tensorflow/blob/4c4f420e68f1cfaf8f4b6e8e3eb857e9e4c3ff33/tensorflow/core/kernels/linalg/matrixdiagop.ccL195-L197 does not validate that the tensor...
yxcms V1.3.9 Arbitrary File Deletion Vulnerability in 'tpdel' Function
YXcms is a website management system based on PHP+MySql with a lightweight MVC design model. The yxcms V1.3.9 'tpdel' function is vulnerable to arbitrary file deletion. Since the function only passes a non-empty judgment on the string Mname fname, as long as the path is correct, arbitrary files c...
PT-2016-6216 · Red Hat +4 · Libvirt +5
Name of the Vulnerable Software and Affected Versions: libvirt versions prior to 2.0.0 Description: The issue allows remote attackers to bypass authentication and establish a VNC session by connecting to the server when the password on a VNC server is set to an empty string. Recommendations: For...
UBUNTU-CVE-2014-9323
The xdrstatusvector function in Firebird before 2.1.7 and 2.5.x before 2.5.3 SU1 allows remote attackers to cause a denial of service NULL pointer dereference, segmentation fault, and crash via an opresponse action with a non-empty status...