PYSEC-2021-486

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in tf.rawops.SparseSplit. This is because the...

CVE-2021-29558

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in tf.rawops.SparseSplit. This is because the...

PT-2021-18309 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.5.0 TensorFlow version 2.4.2 TensorFlow version 2.3.3 TensorFlow version 2.2.3 TensorFlow version 2.1.4 Description: An attacker can cause a heap buffer overflow in tf.raw ops.SparseSplit because the...

ALPINE-CVE-2020-27823

A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

DEBIAN-CVE-2020-27823

A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

AZL-44814 CVE-2020-27823 affecting package openjpeg2 for versions less than 2.3.1-12

A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

PT-2024-11061 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to an offset overflow in the index converting function idx to offset in the Linux kernel's tools/power turbostat. The function returns a 32-bit signed integer, but...

SQL Injection

illuminate/database is vulnerable to sql injection. The vulnerability exists through the lack of sanitization and direct use of user-provided query via the limit and offset functions...

CVE-2020-27009

A vulnerability has been identified in APOGEE PXC Compact BACnet All versions V3.5.5, APOGEE PXC Compact P2 Ethernet All versions V2.8.20, APOGEE PXC Modular BACnet All versions V3.5.5, APOGEE PXC Modular P2 Ethernet All versions V2.8.20, Nucleus NET All versions V5.2, Nucleus Source Code Version...

ICSA-21-110-02_Rockwell Automation Stratix Switches

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Exploitable remotely/ Low attack complexity Vendor: Rockwell Automation Equipment: Stratix Switches Vulnerabilities: Insufficiently Protected Credentials, Insufficient Verification of Data Authenticity, Use of Out-of-Range Pointer Offset, Insertion of...

EulerOS Virtualization 2.9.1 : open-iscsi (EulerOS-SA-2021-1718)

According to the version of the open-iscsi package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. The code that reassembles fragmented packets fails...

CVE-2020-11247

Out of bound memory read while unpacking data due to lack of offset length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables...

Design/Logic Flaw

Out of bound memory read while unpacking data due to lack of offset length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables...

CVE-2020-11247

Out of bound memory read while unpacking data due to lack of offset length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables...

CVE-2020-11247

CVE-2020-11247 affects Qualcomm Snapdragon family components (Auto, Compute, Connectivity, IoT, Wearables, etc.) with an out-of-bounds memory read when unpacking data caused by missing offset length checks. The issue is documented across multiple feeds (NVD, Red Hat, CVE.org, NCSC) and is associa...

The vulnerability in the kernel/bpf/verifier.c file of the Linux operating system allows a hacker to gain unauthorized access to protected information.

The vulnerability in the kernel/bpf/verifier.c file of the Linux operating system is related to a single-bit offset error. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...

Design/Logic Flaw

DISPUTED Module/Settings/UserExport.php in Friendica through 2021.01 allows settings/userexport to be used by anonymous users, as demonstrated by an attempted access to an array offset on a value of type null, and excessive memory consumption. NOTE: the vendor states "the feature still requires a...

CVE-2021-30141

Module/Settings/UserExport.php in Friendica through 2021.01 allows settings/userexport to be used by anonymous users, as demonstrated by an attempted access to an array offset on a value of type null, and excessive memory consumption. NOTE: the vendor states "the feature still requires a valid...

PT-2021-18628 · Friendica · Friendica

Name of the Vulnerable Software and Affected Versions: Friendica versions through 2021.01 Description: The issue allows the settings/userexport feature to be accessed by anonymous users, potentially leading to excessive memory consumption and attempted access to an array offset on a value of type...

Qualcomm 芯片 缓冲区错误漏洞

A Qualcomm chip is a chip from Qualcomm Incorporated USA. A way of miniaturizing circuits mainly semiconductor devices, but also passive components, etc., and is manufactured from time to time on the surface of semiconductor wafers. A security vulnerability exists in a number of Qualcomm products...