Regular Expression Denial of Service (ReDoS)

Overview org.webjars.npm:diff is a javascript text differencing implementation. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the parsePatch and applyPatch functions if the user input passed without sanitisation. An attacker can cause the proce...

EUVD-2019-15767

Malware in sbrugna...

CVE-2022-41883

TensorFlow is an open source platform for machine learning. When ops that have specified input sizes receive a differing number of inputs, the executor will crash. We have patched the issue in GitHub commit f5381e0e10b5a61344109c1b7c174c68110f7629. The fix will be included in TensorFlow 2.11. We...

CVE-2022-29193

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.TensorSummaryV2 does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack...

CVE-2022-49697

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix requestsock leak in sk lookup helpers A customer reported a requestsocket leak in a Calico cloud environment. We found that a BPF program was doing a socket lookup with takes a refcnt on the socket and that it was findin...

CVE-2022-41901

CVE-2022-41901 affects TensorFlow. The issue is a CHECK fail in tf.raw_ops.SparseMatrixNNZ triggered when input tensor is not a rank-0 matrix, which can cause a crash (denial of service). Fixed in GitHub commit f856d02e5322821aad155dad9b3acab1e9f5d693; the fix will be included in TensorFlow 2.11 ...

wesng

This is an offensive tool for Windows vulnerability exploitation. It is a Python-based tool called Windows Exploit Suggester - Next Generation WES-NG, which provides a list of vulnerabilities the OS is vulnerable to, including any exploits for these vulnerabilities. The tool uses the output of...

PT-2018-12628 · Red Hat · Openshift Container Platform

Name of the Vulnerable Software and Affected Versions: OpenShift Container Platform versions prior to 3.7 Description: The issue is related to an out-of-bounds write that can occur when patching an OpenShift object using the oc patch functionality. This can be exploited to cause a denial of servi...

CVE-2018-1000156

GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITORPROGRAM invocation using ed can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's...

Cisco NX-OS System Software Command Injection Vulnerability in Multiple Cisco Products (CNVD-2017-36141)

Cisco Nexus 5000 Series Switches are the Cisco Nexus series of data center-class switches from Cisco, Inc.Cisco NX-OS System Software is the data center operating system that runs on them. A command injection vulnerability exists in the CLI of Cisco NX-OS System Software in multiple Cisco product...

OpenBSD patch arbitrary command execution vulnerability

OpenBSD is a BSD-based operating system. OpenBSD fails to properly filter filter input patch streams, allowing a remote attacker to create specially crafted patch files that the target user processes and can run arbitrary commands...

FreeBSD patch remote command execution vulnerability

FreeBSD is a BSD-based operating system. FreeBSD patch fails to properly filter filter input patch streams, allowing remote attackers to create specially crafted patch files that the target user processes and can run arbitrary commands...