PYSEC-2021-205

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger undefined behavior by binding to null pointer in tf.rawops.ParameterizedTruncatedNormal. This is because the...

PYSEC-2021-205

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger undefined behavior by binding to null pointer in tf.rawops.ParameterizedTruncatedNormal. This is because the...

PYSEC-2021-694

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger undefined behavior by binding to null pointer in tf.rawops.ParameterizedTruncatedNormal. This is because the...

CVE-2021-29568

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger undefined behavior by binding to null pointer in tf.rawops.ParameterizedTruncatedNormal. This is because the...

Google TensorFlow 代码问题漏洞

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. A buffer overflow vulnerability exists in Google TensorFlow 2.4.2, 2.3.3, 2.2.3, 2.1.4, which can be exploited by an attacker to trigger undefined behavior via a null pointer bound to...

CVE-2021-22331

There is a JavaScript injection vulnerability in certain Huawei smartphones. A module does not verify some inputs sufficiently. Attackers can exploit this vulnerability by sending a malicious application request to launch JavaScript injection. This may compromise normal service. Affected product...

Command Execution Vulnerability in the Firewall Gateway Management System of Shenzhen Hechen Communication Technology Co.

Yoyo is a registered trademark of Shenzhen Hechen Communication Technology Co., Ltd, founded in 1998, the main products are Mailgard Yoyo series mail servers, mail archiving, spam filtering gateway, mail gateway, global mail gateway, mail load balancing gateway, firewalls, VPNs, etc. Yoyo is the...

Denial of service

A denial of service vulnerability was found in nttyreceivecharspecial in drivers/tty/ntty.c of the Linux kernel. In this flaw a local attacker with a normal user privilege could delay the loop due to a changing ldata-readhead, and a missing sanity check and cause a threat to the system availabili...

Design/Logic Flaw

There is a use-after-free vulnerability in a Huawei product. A module cannot deal with specific operations in special scenarios. Attackers can exploit this vulnerability by performing malicious operations. This can cause memory use-after-free, compromising normal service. Affected product include...

Arbitrary File Download Vulnerability in Northeast Normal University Ideal Software Corporation's Smart Education Cloud Platform

Founded in 2001, Northeast Normal University Ideal Software Co., Ltd. is mainly engaged in the theoretical research of basic education informatization, the research, development, promotion and application of basic education resources and software, the training of teachers' education informatizati...

Design/Logic Flaw

There is an out-of-bound read vulnerability in Taurus-AL00A 10.0.0.1C00E1R1P1. A module does not verify the some input. Attackers can exploit this vulnerability by sending malicious input through specific app. This could cause out-of-bound, compromising normal service...

Double free

There is a pointer double free vulnerability in Taurus-AL00A 10.0.0.1C00E1R1P1. There is a lack of muti-thread protection when a function is called. Attackers can exploit this vulnerability by performing malicious operation to cause pointer double free. This may lead to module crash, compromising...

Cyber Essentials and the New Normal

TL;DR Cyber Essentials has changed and aspects of the new normal are catching many by surprise. Increased levels of evidence and stricter controls determining a pass or a fail are in place. Be prepared for the increased hurdles Ask for assistance before starting the process if you are uncertain o...

graduation_design

This is a Python script for a web intrusion detection system using machine learning. The script uses the scikit-learn library to implement a supervised learning approach. It collects and preprocesses normal requests and attack payloads, and uses a Support Vector Machine SVM to classify new reques...

CVE-2020-9093

There is a use after free vulnerability in Taurus-AL00A versions 10.0.0.1C00E1R1P1. A module does not deal with specific message properly, which makes a function refer to memory after it has been freed. Attackers can exploit this vulnerability by running a crafted application with common privileg...

Huawei Taurus-AL00A Resource Management Error Vulnerability

Huawei Taurus-AL00A is a smartphone from Huawei of China.Huawei Taurus-AL00A is vulnerable to a resource management error. A module fails to properly process a message, and a function references freed memory. An attacker could use this vulnerability to trick a user into running a carefully...

Huawei Taurus-AL00A 资源管理错误漏洞

Huawei Taurus-AL00A is a smartphone from Huawei of China.Huawei Taurus-AL00A is vulnerable to a resource management error. A module fails to properly process a message, and a function references freed memory. An attacker could use this vulnerability to trick a user into running a carefully...

Unspecified Vulnerability in Mozilla Firefox for Android (CNVD-2021-00395)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Firefox for Android suffers from a security vulnerability that stems from a cookie set when downloading a file being shared between normal and private browsing modes. No details of the vulnerability ar...

Huawei FusionCompute 权限许可和访问控制问题漏洞

FusionCompute is Huawei's self-developed computing virtualization software. An elevation of privilege vulnerability exists in FusionCompute 6.3.0, 6.3.1, 6.5.0, 6.5.1, 8.0.0. The vulnerability stems from improper privilege management. An attacker with normal privileges could exploit the...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Firefox for Android suffers from a security vulnerability that stems from a cookie set when downloading a file being shared between normal and private browsing modes. No details of the vulnerability ar...