1149 matches found
CVE-2022-23582
Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a SavedModel such that TensorByteSize would trigger CHECK failures. TensorShape constructor throws a CHECK-fail if shape is partial or has a number of elements that would overflow t...
PYSEC-2022-115
Tensorflow is an Open Source Machine Learning Framework. The implementation of SparseTensorSliceDataset has an undefined behavior: under certain condition it can be made to dereference a nullptr value. The 3 input arguments to SparseTensorSliceDataset represent a sparse tensor. However, there are...
WordPress Email Template Designer – WP HTML Mail 3.0.9 Cross Site Scripting Vulnerability
WordPress Email Template Designer – WP HTML Mail plugin versions 3.0.9 and below suffer from a cross site scripting vulnerability. Exploit makes it possible for unauthenticated attackers to achieve complete site takeover. On December 23, 2021 the Wordfence Threat Intelligence team initiated the...
Listary 安全漏洞
Listary is a revolutionary Windows search utility that allows both casual and advanced users to quickly find files and launch applications. Listary suffers from a security vulnerability that stems from the fact that an attacker could create a .pipeListary.listaryService named pipe and wait for a...
OpenSearch -- Log4Shell
OpenSearch reports: A recently published security issue CVE-2021-44228 affects several versions of the broadly-used Apache Log4j library. Some software in the OpenSearch project includes versions of Log4j referenced in this CVE. While, at time of writing, the team has not found a reproduceable...
Over 1 Million Sites Impacted by Vulnerability in Starter Templates Plugin
On October 4, 2021, the Wordfence Threat Intelligence team initiated the responsible disclosure process for the Starter Templates plugin, which is installed on over 1 Million WordPress websites. The full name of the WordPress plugin is “Starter Templates — Elementor, Gutenberg & Beaver Builder...
GHSA-6HPV-V2RX-C5G6 FPE in convolutions with zero size filters
Impact The implementations for convolution operators trigger a division by 0 if passed empty filter tensor arguments. Patches We have patched the issue in GitHub commit f2c3931113eaafe9ef558faaddd48e00a6606235. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on...
November 9, 2021—Hotpatch KB5007386 (OS Build 20348.344)
November 9, 2021—Hotpatch KB5007386 OS Build 20348.344 Improvements and fixes public preview This update contains miscellaneous security improvements to internal OS functionality. No additional issues were documented for this release. If you installed earlier updates, only the new fixes contained...
PYSEC-2021-612
TensorFlow is an open source platform for machine learning. In affected versions while calculating the size of the output within the tf.range kernel, there is a conditional statement of type int64 = condition ? int64 : double. Due to C++ implicit conversion rules, both branches of the condition...
CVE-2021-41202
TensorFlow is an open source platform for machine learning. In affected versions while calculating the size of the output within the tf.range kernel, there is a conditional statement of type int64 = condition ? int64 : double. Due to C++ implicit conversion rules, both branches of the condition...
PYSEC-2021-826
TensorFlow is an open source platform for machine learning. In affected versions the code for sparse matrix multiplication is vulnerable to undefined behavior via binding a reference to nullptr. This occurs whenever the dimensions of a or b are 0 or less. In the case on one of these is 0, an empt...
PYSEC-2021-844
TensorFlow is an open source platform for machine learning. In affected versions the implementation of tf.math.segment operations results in a CHECK-fail related abort and denial of service if a segment id in segmentids is large. This is similar to CVE-2021-29584 and similar other reported...
PYSEC-2021-392
TensorFlow is an open source platform for machine learning. In affected versions if tf.image.resize is called with a large input argument then the TensorFlow process will crash due to a CHECK-failure caused by an overflow. The number of elements in the output tensor is too much for the int64t typ...
CVE-2021-41187 SQL Injection in DHIS2 Tracker API
DHIS 2 is an information system for data capture, management, validation, analytics and visualization. A SQL injection security vulnerability has been found in specific versions of DHIS2. This vulnerability affects the API endpoints for /api/trackedEntityInstances and api/events in DHIS2. The...
CLSA-2021-1635459139 Fix CVE(s): CVE-2018-6323, CVE-2017-8421, CVE-2017-15024, CVE-2017-15025, CVE-2017-15022, CVE-2017-15020, CVE-2017-15021, CVE-2017-15225, CVE-2018-18483, CVE-2017-15996, CVE-2018-18484, CVE-2017-12799, CVE-2017-16831, CVE-2017-16832, CVE-2018-1000876, CVE-2018-7208, CVE-2019-14250, CVE-2017-12967, CVE-2019-9075, CVE-2017-17080, CVE-2019-9074, CVE-2018-17794, CVE-2017-17125, CVE-2017-17124, CVE-2017-17121, CVE-2017-6969, CVE-2017-17123, CVE-2018-17358, CVE-2017-6965, CVE-2017-6966, CVE-2018-12641, CVE-2018-8945, CVE-2017-7299, CVE-2018-12699, CVE-2018-10372, CVE-2018-10373, CVE-2019-17451, CVE-2019-17450, CVE-2018-18701, CVE-2018-18700, CVE-2017-7210, CVE-2018-20623, CVE-2017-15938, CVE-2017-15939, CVE-2017-9039, CVE-2017-9038, CVE-2017-14940, CVE-2018-17985, CVE-2018-12700, CVE-2017-9742, CVE-2017-9745, CVE-2017-9744, CVE-2017-9747, CVE-2017-7209, CVE-2017-9749, CVE-2017-9748, CVE-2018-9138, CVE-2017-16828, CVE-2017-16827, CVE-2017-16826, CVE-2017-7614, CVE-2018-6759, CVE-2016-4491, CVE-2017-9044, CVE-2017-9746, CVE-2017-9042, CVE-2017-9040, CVE-2017-9041, CVE-2017-9752, CVE-2017-9753, CVE-2017-9750, CVE-2017-9751, CVE-2017-9756, CVE-2016-4493, CVE-2017-9754, CVE-2017-9755, CVE-2016-4492, CVE-2018-19932, CVE-2017-12458, CVE-2017-12459, CVE-2018-18606, CVE-2018-18607, CVE-2018-18605, CVE-2017-12452, CVE-2017-12453, CVE-2017-12450, CVE-2017-12451, CVE-2017-12456, CVE-2016-4490, CVE-2017-12454, CVE-2017-12455, CVE-2019-14444, CVE-2016-2226, CVE-2017-7224, CVE-2017-7225, CVE-2017-7226, CVE-2017-7227, CVE-2018-18309, CVE-2017-7223, CVE-2017-12449, CVE-2017-12448, CVE-2016-4488, CVE-2016-4489, CVE-2018-17359, CVE-2016-4487, CVE-2018-20671, CVE-2018-20002, CVE-2017-14128, CVE-2017-14129, CVE-2018-7568, CVE-2018-7569, CVE-2017-7302, CVE-2017-7301, CVE-2017-7300, CVE-2018-12934, CVE-2017-8394, CVE-2018-7643, CVE-2018-7642, CVE-2018-17360, CVE-2019-12972, CVE-2018-13033, CVE-2018-19931, CVE-2018-10534, CVE-2018-10535, CVE-2019-9077, CVE-2019-9071, CVE-2019-9070, CVE-2019-9073, CVE-2017-14333, CVE-2018-12698, CVE-2017-14130, CVE-2018-12697, CVE-2018-6543, CVE-2017-9954, CVE-2017-12457, CVE-2017-14939, CVE-2017-14938, CVE-2017-14932, CVE-2017-14930, CVE-2017-8398, CVE-2017-8393, CVE-2017-8395, CVE-2017-14529, CVE-2017-8397, CVE-2017-8396, CVE-2017-13710, CVE-2016-6131
SECURITY UPDATE: - CVE-.patch: backported many upstream patches to fix security issues. - CVE-2016-2226, CVE-2016-4487, CVE-2016-4488, CVE-2016-4489, CVE-2016-4490, CVE-2016-4492, CVE-2016-4493, CVE-2016-6131, CVE-2016-4491, CVE-2017-6965, CVE-2017-6966, CVE-2017-6969, CVE-2017-7209, CVE-2017-721...
Command injection
A remote arbitrary command execution vulnerability was discovered in HPE Aruba Instant IAP versions: Aruba Instant 6.4.x.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x.x: 6.5.4.18 and below; Aruba Instant 8.5.x.x: 8.5.0.11 and below; Aruba Instant 8.6.x.x: 8.6.0.6 and below; Aruba Instant...
Samsung SMR 安全漏洞
Samsung SMR is a system patch package from Samsung South Korea. It provides patches for Samsung mobile applications. A security vulnerability exists in versions prior to Samsung SMR Oct-2021 Release 1, which originates from an exception handling of multisimbarshowonqspanel in SystemUI, which allo...
GHSA-69J6-29VR-P3J9 Authentication bypass for viewing and deletions of snapshots
Today we are releasing Grafana 7.5.11, and 8.1.6. These patch releases include an important security fix for an issue that affects all Grafana versions from 2.0.1. Grafana Cloud instances have already been patched and an audit did not find any usage of this attack vector. Grafana Enterprise...
FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Hidden Backdoor Account (Write Access)
Summary FatPipe Networks invented the concept of router-clustering, which provides the highest level of reliability, redundancy, and speed of Internet traffic for Business Continuity and communications. FatPipe WARP achieves fault tolerance for companies by creating an easy method of combining tw...
CVE-2021-37729
A remote path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software versions: Prior to 8.6.0.0-2.2.0.4; Prior to 8.7.1.3, 8.6.0.9, 8.5.0.12, 8.3.0.16, 6.5.4.19, 6.4.4.25. Aruba has released patches for Aruba SD-WAN Software and Gateways and...