4603 matches found
GHSA-6F84-42VF-PPWP Division by 0 in `QuantizedMul`
Impact An attacker can trigger a division by 0 in tf.rawops.QuantizedMul: python import tensorflow as tf x = tf.zeros4, 1, dtype=tf.quint8 y = tf.constant, dtype=tf.quint8 minx = tf.constant0.0 maxx = tf.constant0.0010000000474974513 miny = tf.constant0.0 maxy = tf.constant0.0010000000474974513...
GHSA-2FRX-J9HJ-6C65 User enumeration in authentication mechanisms
Description ----------- The ability to enumerate users was possible without relevant permissions due to different exception messages depending on whether the user existed or not. Resolution ---------- We now ensure that a generic message is returned whether the user exists or not if the password ...
Prevent user enumeration using Guard or the new Authenticator-based Security
Description ----------- The ability to enumerate users was possible without relevant permissions due to different exception messages depending on whether the user existed or not. It was also possible to enumerate users by using a timing attack, by comparing time elapsed when authenticating an...
PT-2021-19788 · Unknown · Express-Cart
Name of the Vulnerable Software and Affected Versions: express-cart versions 1.1.10 and earlier Description: The issue allows Reflected XSS for an admin via a user input field for product options. It is noted that exploitation would rely on an admin hacking their own website. Recommendations: For...
CVE-2021-3392 affecting package qemu-kvm 4.2.0-48
CVE-2021-3392 affecting package qemu-kvm 4.2.0-48. A patched version of the package is available...
CVE-2021-29483
CVE-2021-29483 affects the ManageWiki extension for MediaWiki. The wikiconfig API leaked private configuration variable values to all users. The issue has been patched in the ManageWiki patch linked in the CVE and advisories; if patching isn’t possible, a workaround is to disable the wikiconfig A...
PT-2021-12084 · Unknown · Golang-Nanoauth
Name of the Vulnerable Software and Affected Versions: golang-nanoauth versions v0.0.0-20160722212129-ac0cc4484ad4 through v0.0.0-20200131131040-063a3fb69896 Description: The issue concerns a global bypass of authentication in the golang-nanoauth library. When the ListenAndServe function is calle...
PT-2021-8023 · Linux +3 · Linux Kernel +3
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.12.0-rc4-syzkaller Description: The vulnerability is related to a divide error in the nft limit init function, which is caused by the div u64 function dividing a 64-bit unsigned integer by a 32-bit unsigned...
PT-2021-2653 · Linux +9 · Linux Kernel +9
Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 5.11.12 Description: The issue is related to incorrect computation of branch displacements in BPF JIT compilers, allowing them to execute arbitrary code within the kernel context. This affects files...
CVE-2020-8648 affecting package kernel 5.4.91-6
CVE-2020-8648 affecting package kernel 5.4.91-6. A patched version of the package is available...
CVE-2020-11725 affecting package kernel 5.4.91-6
CVE-2020-11725 affecting package kernel 5.4.91-6. A patched version of the package is available...
CVE-2020-12655 affecting package kernel 5.4.91-6
CVE-2020-12655 affecting package kernel 5.4.91-6. A patched version of the package is available...
CVE-2020-12653 affecting package kernel 5.4.91-6
CVE-2020-12653 affecting package kernel 5.4.91-6. A patched version of the package is available...
SaltStack Salt API Unauthenticated RCE through wheel_async client
This module leverages an authentication bypass and directory traversal vulnerabilities in Saltstack Salt's REST API to execute commands remotely on the master as the root user. Every 60 seconds, salt-master service performs a maintenance process check that reloads and executes all the grains on t...
PT-2021-4110 · Genivia +1 · Genivi Diagnostic Log/Trace +1
Name of the Vulnerable Software and Affected Versions: GENIVI Diagnostic Log and Trace DLT versions 2.10.0 through 2.18.6 Description: The issue is related to the incorrect handling of special characters in configuration files, which can cause a vulnerable component to crash. This can lead to...
PT-2021-17484 · Netasq +2 · Netasq +2
Name of the Vulnerable Software and Affected Versions: Stormshield Network Security versions 1.0.0 through 4.2.0 Netasq versions 9.1.0 through 9.1.11 Description: The issue affects the ClamAV Engine component, which can be subject to a Denial of Service DoS when parsing malformed png files, leadi...
CVE-2020-11608 affecting package kernel 5.4.91-6
CVE-2020-11608 affecting package kernel 5.4.91-6. A patched version of the package is available...
CVE-2020-10711 affecting package kernel 5.4.91-6
CVE-2020-10711 affecting package kernel 5.4.91-6. A patched version of the package is available...
CVE-2020-12768 affecting package kernel 5.4.91-6
CVE-2020-12768 affecting package kernel 5.4.91-6. A patched version of the package is available...
CVE-2020-12659 affecting package kernel 5.4.91-6
CVE-2020-12659 affecting package kernel 5.4.91-6. A patched version of the package is available...