1154 matches found
PT-2022-2242
Name of the Vulnerable Software and Affected Versions Microsoft Windows affected versions not specified Description The issue is related to the Remote Procedure Call Runtime in Microsoft Windows and is caused by incorrect code generation management. This allows a remote attacker to execute...
Samsung SMR 缓冲区错误漏洞
Samsung SMR is a system patch package from South Korea's Samsung Samsung. It provides patches for Samsung mobile applications. Samsung SMR suffers from a buffer overflow vulnerability that stems from incorrect size checking of the in-sapefdparsemetaDESCRIPTION function of the libsapeextractor...
PYSEC-2022-196
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. In version 0.3.1 and prior, bytestrings can have dirty bytes in them, resulting in the word-for-word comparisons giving incorrect results. Even without dirty nonzero bytes, two bytestrings can compare to equal if one en...
CVE-2022-24718 Path Traversal in ssr-pages
ssr-pages is an HTML page builder for the purpose of server-side rendering SSR. In versions prior to 0.1.4, a path traversal issue can occur when providing untrusted input to the svg property as an argument to the buildMessagePageOptions function. While there is no known workaround at this time,...
GHSA-44QP-9WWF-734R Heap overflow in Tensorflow
Impact The implementation of SparseCountSparseOutput is vulnerable to a heap overflow: python import tensorflow as tf import numpy as np tf.rawops.SparseCountSparseOutput indices=-1,-1, values=2, denseshape=1, 1, weights=1, binaryoutput=True, minlength=-1, maxlength=-1, name=None Patches We have...
CVE-2022-23582
Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a SavedModel such that TensorByteSize would trigger CHECK failures. TensorShape constructor throws a CHECK-fail if shape is partial or has a number of elements that would overflow t...
PYSEC-2022-115
Tensorflow is an Open Source Machine Learning Framework. The implementation of SparseTensorSliceDataset has an undefined behavior: under certain condition it can be made to dereference a nullptr value. The 3 input arguments to SparseTensorSliceDataset represent a sparse tensor. However, there are...
WordPress Email Template Designer – WP HTML Mail 3.0.9 Cross Site Scripting Vulnerability
WordPress Email Template Designer – WP HTML Mail plugin versions 3.0.9 and below suffer from a cross site scripting vulnerability. Exploit makes it possible for unauthenticated attackers to achieve complete site takeover. On December 23, 2021 the Wordfence Threat Intelligence team initiated the...
Listary 安全漏洞
Listary is a revolutionary Windows search utility that allows both casual and advanced users to quickly find files and launch applications. Listary suffers from a security vulnerability that stems from the fact that an attacker could create a .pipeListary.listaryService named pipe and wait for a...
OpenSearch -- Log4Shell
OpenSearch reports: A recently published security issue CVE-2021-44228 affects several versions of the broadly-used Apache Log4j library. Some software in the OpenSearch project includes versions of Log4j referenced in this CVE. While, at time of writing, the team has not found a reproduceable...
Over 1 Million Sites Impacted by Vulnerability in Starter Templates Plugin
On October 4, 2021, the Wordfence Threat Intelligence team initiated the responsible disclosure process for the Starter Templates plugin, which is installed on over 1 Million WordPress websites. The full name of the WordPress plugin is “Starter Templates — Elementor, Gutenberg & Beaver Builder...
GHSA-6HPV-V2RX-C5G6 FPE in convolutions with zero size filters
Impact The implementations for convolution operators trigger a division by 0 if passed empty filter tensor arguments. Patches We have patched the issue in GitHub commit f2c3931113eaafe9ef558faaddd48e00a6606235. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on...
November 9, 2021—Hotpatch KB5007386 (OS Build 20348.344)
None None...
PYSEC-2021-612
TensorFlow is an open source platform for machine learning. In affected versions while calculating the size of the output within the tf.range kernel, there is a conditional statement of type int64 = condition ? int64 : double. Due to C++ implicit conversion rules, both branches of the condition...
CVE-2021-41202
TensorFlow is an open source platform for machine learning. In affected versions while calculating the size of the output within the tf.range kernel, there is a conditional statement of type int64 = condition ? int64 : double. Due to C++ implicit conversion rules, both branches of the condition...
PYSEC-2021-826
TensorFlow is an open source platform for machine learning. In affected versions the code for sparse matrix multiplication is vulnerable to undefined behavior via binding a reference to nullptr. This occurs whenever the dimensions of a or b are 0 or less. In the case on one of these is 0, an empt...
PYSEC-2021-392
TensorFlow is an open source platform for machine learning. In affected versions if tf.image.resize is called with a large input argument then the TensorFlow process will crash due to a CHECK-failure caused by an overflow. The number of elements in the output tensor is too much for the int64t typ...
PYSEC-2021-844
TensorFlow is an open source platform for machine learning. In affected versions the implementation of tf.math.segment operations results in a CHECK-fail related abort and denial of service if a segment id in segmentids is large. This is similar to CVE-2021-29584 and similar other reported...
CVE-2021-41187 SQL Injection in DHIS2 Tracker API
DHIS 2 is an information system for data capture, management, validation, analytics and visualization. A SQL injection security vulnerability has been found in specific versions of DHIS2. This vulnerability affects the API endpoints for /api/trackedEntityInstances and api/events in DHIS2. The...
CLSA-2021-1635459139 Fix CVE(s): CVE-2018-6323, CVE-2017-8421, CVE-2017-15024, CVE-2017-15025, CVE-2017-15022, CVE-2017-15020, CVE-2017-15021, CVE-2017-15225, CVE-2018-18483, CVE-2017-15996, CVE-2018-18484, CVE-2017-12799, CVE-2017-16831, CVE-2017-16832, CVE-2018-1000876, CVE-2018-7208, CVE-2019-14250, CVE-2017-12967, CVE-2019-9075, CVE-2017-17080, CVE-2019-9074, CVE-2018-17794, CVE-2017-17125, CVE-2017-17124, CVE-2017-17121, CVE-2017-6969, CVE-2017-17123, CVE-2018-17358, CVE-2017-6965, CVE-2017-6966, CVE-2018-12641, CVE-2018-8945, CVE-2017-7299, CVE-2018-12699, CVE-2018-10372, CVE-2018-10373, CVE-2019-17451, CVE-2019-17450, CVE-2018-18701, CVE-2018-18700, CVE-2017-7210, CVE-2018-20623, CVE-2017-15938, CVE-2017-15939, CVE-2017-9039, CVE-2017-9038, CVE-2017-14940, CVE-2018-17985, CVE-2018-12700, CVE-2017-9742, CVE-2017-9745, CVE-2017-9744, CVE-2017-9747, CVE-2017-7209, CVE-2017-9749, CVE-2017-9748, CVE-2018-9138, CVE-2017-16828, CVE-2017-16827, CVE-2017-16826, CVE-2017-7614, CVE-2018-6759, CVE-2016-4491, CVE-2017-9044, CVE-2017-9746, CVE-2017-9042, CVE-2017-9040, CVE-2017-9041, CVE-2017-9752, CVE-2017-9753, CVE-2017-9750, CVE-2017-9751, CVE-2017-9756, CVE-2016-4493, CVE-2017-9754, CVE-2017-9755, CVE-2016-4492, CVE-2018-19932, CVE-2017-12458, CVE-2017-12459, CVE-2018-18606, CVE-2018-18607, CVE-2018-18605, CVE-2017-12452, CVE-2017-12453, CVE-2017-12450, CVE-2017-12451, CVE-2017-12456, CVE-2016-4490, CVE-2017-12454, CVE-2017-12455, CVE-2019-14444, CVE-2016-2226, CVE-2017-7224, CVE-2017-7225, CVE-2017-7226, CVE-2017-7227, CVE-2018-18309, CVE-2017-7223, CVE-2017-12449, CVE-2017-12448, CVE-2016-4488, CVE-2016-4489, CVE-2018-17359, CVE-2016-4487, CVE-2018-20671, CVE-2018-20002, CVE-2017-14128, CVE-2017-14129, CVE-2018-7568, CVE-2018-7569, CVE-2017-7302, CVE-2017-7301, CVE-2017-7300, CVE-2018-12934, CVE-2017-8394, CVE-2018-7643, CVE-2018-7642, CVE-2018-17360, CVE-2019-12972, CVE-2018-13033, CVE-2018-19931, CVE-2018-10534, CVE-2018-10535, CVE-2019-9077, CVE-2019-9071, CVE-2019-9070, CVE-2019-9073, CVE-2017-14333, CVE-2018-12698, CVE-2017-14130, CVE-2018-12697, CVE-2018-6543, CVE-2017-9954, CVE-2017-12457, CVE-2017-14939, CVE-2017-14938, CVE-2017-14932, CVE-2017-14930, CVE-2017-8398, CVE-2017-8393, CVE-2017-8395, CVE-2017-14529, CVE-2017-8397, CVE-2017-8396, CVE-2017-13710, CVE-2016-6131
SECURITY UPDATE: - CVE-.patch: backported many upstream patches to fix security issues. - CVE-2016-2226, CVE-2016-4487, CVE-2016-4488, CVE-2016-4489, CVE-2016-4490, CVE-2016-4492, CVE-2016-4493, CVE-2016-6131, CVE-2016-4491, CVE-2017-6965, CVE-2017-6966, CVE-2017-6969, CVE-2017-7209, CVE-2017-721...