1154 matches found
Undefined behavior in Tensorflow
Impact If a user passes an invalid argument to dlpack.todlpack the expected validations will cause variables to bind to nullptr while setting a status variable to the error condition. However, this status argument is not properly checked:...
Denial of Service in Tensorflow
Impact The RaggedCountSparseOutput does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the splits tensor has the minimum required number of elements. Code uses this quantity to initialize a different data structure:...
GHSA-JC87-6VPP-7FF3 Heap buffer overflow in Tensorflow
Impact The SparseCountSparseOutput implementation does not validate that the input arguments form a valid sparse tensor. In particular, there is no validation that the indices tensor has the same shape as the values one. The values in these tensors are always accessed in parallel:...
Heap buffer overflow in Tensorflow
Impact The SparseCountSparseOutput implementation does not validate that the input arguments form a valid sparse tensor. In particular, there is no validation that the indices tensor has the same shape as the values one. The values in these tensors are always accessed in parallel:...
Denial of Service in Tensorflow
Impact The SparseFillEmptyRowsGrad implementation has incomplete validation of the shapes of its arguments: https://github.com/tensorflow/tensorflow/blob/0e68f4d3295eb0281a517c3662f6698992b7b2cf/tensorflow/core/kernels/sparsefillemptyrowsop.ccL235-L241 Although reverseindexmapt and gradvaluest ar...
FreeBSD : ilmbase, openexr -- v2.5.3 is a patch release with various bug/security fixes (b1d6b383-dd51-11ea-a688-7b12871ef3ad)
Cary Phillips reports : v2.5.3 - Patch release with various bug/security fixes ... : - Various sanitizer/fuzz-identified issues related to handling of invalid input C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML databa...
All-Dynamics Software enlogic:show Digital Signage System 2.0.2 Session Fixation
Summary Bring communication with your customers, guests or employees to a new level. You can design content individually and uncomplicated centrally and simply present it in different locations. Whether on large displays, steles, digital signs or on a projector, with enlogic:show your content wil...
ilmbase, openexr -- v2.5.3 is a patch release with various bug/security fixes
Cary Phillips reports: v2.5.3 - Patch release with various bug/security fixes ...: Various sanitizer/fuzz-identified issues related to handling of invalid input...
Cross-Site Scripting in Kaminari
Impact In Kaminari before 1.2.1, there is a vulnerability that would allow an attacker to inject arbitrary code into pages with pagination links. This has been fixed in 1.2.1. Releases The 1.2.1 gem including the patch has already been released. All past released versions are affected by this...
OpenEXR/ilmbase 2.5.2 -- patch release with various bug/security fixes
Cary Phillips reports: openexr 2.5.2 is a patch release with various bug/security and build/install fixes: Invalid input could cause a heap-use-after-free error in DeepScanLineInputFile::DeepScanLineInputFile Invalid chunkCount attributes could cause heap buffer overflow in getChunkOffsetTableSiz...
Hackers Exploit Critical Flaw in Ghost Platform with Cryptojacking Attack
Hackers targeted the publishing platform Ghost over the weekend, launching a cryptojacking attack against its servers that led to widespread outages. The attack stemmed from the exploit of critical vulnerabilities in SaltStack, used in Ghost’s server management infrastructure. Ghost is a free,...
Critical Patch Released for 'Wormable' SMBv3 Vulnerability — Install It ASAP!
Microsoft today finally released an emergency software update to patch the recently disclosed very dangerous vulnerability in SMBv3 protocol that could let attackers launch wormable malware , which can propagate itself from one vulnerable computer to another automatically. The vulnerability,...
March 2020 Patch Tuesday – 115 Vulns, 26 Critical, Microsoft Word and Workstation Patches
This month’s Microsoft Patch Tuesday addresses 115 vulnerabilities with 26 of them labeled as Critical. Of the 26 Critical vulns, 17 are for browser and scripting engines, 4 are for Media Foundation, 2 are for GDI+ and the remaining 3 are for LNK files, Microsoft Word and Dynamics Business...
LearnDash WordPress LMS 3.1.2 Cross Site Scripting
Exploit Title: LearnDash WordPress LMS Plugin 3.1.2 - Reflective Cross-Site Scripting Date: 2020-01-14 Vendor Homepage: https://www.learndash.com Vendor Changelog: https://learndash.releasenotes.io/release/uCskc-version-312 Exploit Author: Jinson Varghese Behanan Author Advisory:...
Microsoft Zero-Day Actively Exploited, Patch Forthcoming
An unpatched remote code-execution vulnerability in Internet Explorer is being actively exploited in the wild, Microsoft has announced. It’s working on a patch. In the meantime, workarounds are available. The bug CVE-2020-0674 which is listed as critical in severity for IE 11, and moderate for IE...
Exploit for CVE-2019-12180
CVE-2019-12180 Advisory & PoC SoapUI and ReadyAPI allow you t...
Tracking CVE-2019-11043 PHP Vulnerability – An Uncommon Chain of Events
On October 22, security researcher Omar Ganiev published a tweet regarding remote code execution vulnerability in PHP-FPM the FastCGI Process Manager running on the Nginx server. The tweet includes a link to a GitHub repository with an explanation of the vulnerability and a PoC proof-of-concept f...
New Critical Exim Flaw Exposes Email Servers to Remote Attacks — Patch Released
A critical security vulnerability has been discovered and fixed in the popular open-source Exim email server software, which could allow a remote attacker to simply crash or potentially execute malicious code on targeted servers. Exim maintainers today released an urgent security update—Exim...
Upgrade cannot proceed because Maintenance Expiration Date of the license must be later than the patch Release Date
After attempting a software upgrade the following error is displayed:...
Google Researchers Disclose PoCs for 4 Remotely Exploitable iOS Flaws
Google's cybersecurity researchers have finally disclosed details and proof-of-concept exploits for 4 out of 5 security vulnerabilities that could allow remote attackers to target Apple iOS devices just by sending a maliciously-crafted message over iMessage. All the vulnerabilities, which require...