CentOS 8 : firefox (CESA-2021:3157)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2021:3157 advisory. - Mozilla: Uninitialized memory in a canvas object could have led to memory corruption CVE-2021-29980 - Mozilla: Incorrect instruction reordering durin...

RHEL 8 : firefox (RHSA-2021:3157)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:3157 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

RHEL 8 : thunderbird (RHSA-2021:3155)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:3155 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.13.0. Security Fixes: Mozilla:...

RHEL 8 : firefox (RHSA-2021:3156)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:3156 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

RHEL 8 : thunderbird (RHSA-2021:3162)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:3162 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.13.0. Security Fixes: Mozilla:...

RHEL 8 : thunderbird (RHSA-2021:3161)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:3161 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.13.0. Security Fixes: Mozilla:...

CVE-2021-37689

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a crash and denial of service. This is caused by the MLIR optimization of L2NormalizeReduceAxis...

CVE-2021-37689

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a crash and denial of service. This is caused by the MLIR optimization of L2NormalizeReduceAxis...

PYSEC-2021-602

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a crash and denial of service. This is caused by the MLIR optimization of L2NormalizeReduceAxis...

PYSEC-2021-311

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a crash and denial of service. This is caused by the MLIR optimization of L2NormalizeReduceAxis...

PYSEC-2021-602

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a crash and denial of service. This is caused by the MLIR optimization of L2NormalizeReduceAxis...

Null pointer dereference

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a crash and denial of service. This is caused by the MLIR optimization of L2NormalizeReduceAxis...

CVE-2021-37689

CVE-2021-37689 : In TensorFlow’s TFLite MLIR optimizations, the L2NormalizeReduceAxis path dereferences a vector iterator without checking for elements, enabling a local attack to crash the process (DoS) via a crafted TFLite model. A patch was applied in the referenced GitHub commit (d6b57f461b39...

CVE-2021-37689 Null pointer dereference in TensorFlow Lite MLIR optimizations

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a crash and denial of service. This is caused by the MLIR optimization of L2NormalizeReduceAxis...

Mozilla Firefox Type Obfuscation Vulnerability (CNVD-2021-90101)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S. Mozilla Firefox is vulnerable to a type obfuscation vulnerability that stems from a faulty JIT optimization and a type obfuscation error. A remote attacker could trick a victim into opening a carefully construct...

Security fix for the ALT Linux 10 package thunderbird version 91.0-alt1

Aug. 12, 2021 Andrey Cherepanov 91.0-alt1 - New version. - Security fixes: + CVE-2021-29986 Race condition when resolving DNS names could have led to memory corruption + CVE-2021-29981 Live range splitting could have led to conflicting assignments in the JIT + CVE-2021-29988 Memory corruption as ...

Ubuntu 18.04 LTS / 20.04 LTS : Firefox vulnerabilities (USN-5037-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5037-1 advisory. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could...

PT-2021-21808 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.6.0 TensorFlow versions 2.5.1 and earlier TensorFlow versions 2.4.3 and earlier TensorFlow versions 2.3.4 and earlier Description: An attacker can craft a TFLite model that would trigger a null pointer...

Denial Of Service (DoS)

firefox is vulnerable to denial of service. An exploitable crash is possible from incorrect instruction reordering during JIT optimization...

kernel security, bug fix, and enhancement update

4.18.0-305.12.14.OL8 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32 and...