PT-2022-20916 · Ibm · Ibm Spectrum Copy Data Management

Name of the Vulnerable Software and Affected Versions: IBM Spectrum Copy Data Management versions 2.2.0.0 through 2.2.15.0 Description: The issue allows a remote attacker to view product configuration information stored in PostgreSQL, which could be used in further attacks against the system...

Design/Logic Flaw

Vulnerability in Oracle E-Business Suite component: Manage Proxies. The supported version that is affected is 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle E-Business Suite. Successful attacks of this vulnerability can...

CVE-2022-21500

Vulnerability in Oracle E-Business Suite component: Manage Proxies. The supported version that is affected is 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle E-Business Suite. Successful attacks of this vulnerability can...

PT-2022-19321 · Unknown · Fisco-Bcos

Name of the Vulnerable Software and Affected Versions: FISCO-BCOS version release-3.0.0-rc2 Description: The issue allows a malicious node to cause normal nodes to stop producing new blocks and processing new clients' requests by sending an invalid proposal with an invalid header. Recommendations...

PT-2022-11758 · Anaconda3 · Anaconda3

Name of the Vulnerable Software and Affected Versions: Anaconda3 version 2021.05 Description: The issue concerns OS command injection. When a user installs Anaconda, an attacker can create a new file and write something in usercustomize.py. This allows the execution of commands when the user open...

PT-2022-10725 · Rti · Connext Dds Secure +1

Name of the Vulnerable Software and Affected Versions: RTI Connext DDS Professional and Connext DDS Secure versions 4.2x through 6.1.0 Description: The issue arises from incorrect buffer size calculation during allocation, potentially leading to a buffer overflow. Recommendations: For versions 4....

Update now! Zyxel patches critical firewall bypass vulnerability

In a security advisory Zyxel has urged customers to update because a security flaw can lead to the circumvention of firewall protection in several Zyxel products. Zyxel is a Taiwanese producer of modems and other networking equipment and its products are sold in over 150 countries. The...

PT-2022-17289 · Tenda · Tenda Ac9

Name of the Vulnerable Software and Affected Versions: Tenda AC9 version 15.03.2.21 Description: A stack overflow issue was discovered, related to the firewallen parameter in the SetFirewallCfg function. Recommendations: For Tenda AC9 version 15.03.2.21, consider restricting access to the...

PT-2022-17285 · Tenda · Tenda Ac9

Name of the Vulnerable Software and Affected Versions: Tenda AC9 version 15.03.2.21 Description: A buffer overflow issue was discovered via the time parameter in the saveparentcontrolinfo function. This issue can be exploited, potentially leading to unintended consequences. Recommendations: For...

PT-2022-3896 · Totolink · Totolink A3600R

Name of the Vulnerable Software and Affected Versions: TOTOLink A3600R version 4.1.2cu.5182 B20201102 Description: The issue is related to a command injection vulnerability in the "Main" function of the TOTOLink A3600R router's firmware. This vulnerability is caused by the lack of input data...

PT-2022-5474 · Corel · Coreldraw Graphics Suite

Name of the Vulnerable Software and Affected Versions: CorelDRAW Graphics Suite version 23.5.0.506 Description: The issue is related to a read past the end of an allocated object when parsing GIF images, which can allow an attacker to disclose sensitive information. This can be exploited by openi...

PT-2022-6856

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 11.0.13, 17.0.1 Oracle GraalVM Enterprise Edition versions 20.3.4, 21.3.0 Description The vulnerability in the ImageIO component of Oracle Java SE and Oracle GraalVM Enterprise Edition is related to unlimited resource...

GHSA-F54P-F6JP-4RHR Heap OOB in `FusedBatchNorm` kernels

Impact The implementation of FusedBatchNorm kernels is vulnerable to a heap OOB: python import tensorflow as tf tf.rawops.FusedBatchNormGrad ybackprop=tf.constanti for i in range9,shape=1,1,3,3,dtype=tf.float32 x=tf.constanti for i in range2,shape=1,1,1,2,dtype=tf.float32 scale=1,1,...

PT-2021-21812 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.6.0 TensorFlow version 2.5.1 Description: TensorFlow is an end-to-end open source platform for machine learning. In affected versions, under certain conditions, Go code can trigger a segfault in string...

Unpatched Virtual Machine Takeover Bug Affects Google Compute Engine

An unpatched security vulnerability affecting Google's Compute Engine platform could be abused by an attacker to take over virtual machines over the network. "This is done by impersonating the metadata server from the targeted virtual machine's point of view," security researcher Imre Rad said in...

PT-2021-19398 · Opentext · Opentext Brava! Desktop

Name of the Vulnerable Software and Affected Versions: OpenText Brava! Desktop version 16.6.4.55 Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a malicious file...

PT-2021-7936 · Openwrt · Openwrt Luci

Name of the Vulnerable Software and Affected Versions: OpenWrt LuCI version 19.07 Description: The issue is related to a stored cross-site scripting XSS vulnerability in the web interface of OpenWrt LuCI. This vulnerability allows attackers to inject arbitrary Javascript code into the OpenWrt...

PT-2021-18265 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.5.0 TensorFlow version 2.4.2 TensorFlow version 2.3.3 Description: The issue arises when the splits argument of RaggedBincount does not specify a valid SparseTensor. This can trigger a heap buffer overflow,...

PT-2022-9883 · Jhead +4 · Jhead +4

Name of the Vulnerable Software and Affected Versions: jhead versions 3.04 through 3.05 Description: A Denial of Service issue exists due to a wild address read in the Get16u function in exif.c, which can cause a segmentation fault via a crafted file. Recommendations: For jhead version 3.04, upda...

OESA-2021-1053 junit security update

JUnit is a simple framework to write repeatable tests. It is an instance of the xUnit architecture for unit testing frameworks. Security Fixes: In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryFolder contains a local information disclosure vulnerability. On Unix like systems,...