378 matches found
php security, bug fix, and enhancement update
8.0.20-3 - snmp3 calls using authPriv or authNoPriv immediately return false 2104630 8.0.20-2 - fix patch41 not applied use system nikic/php-parser when available 8.0.20-1 - rebase to 8.0.20 2095752 - clean unneeded dependency on useradd command 2095447 - add upstream patch to initialize pcre...
CVE-2022-3563
A vulnerability classified as problematic has been found in Linux Kernel. Affected is the function read50controllercapcomplete of the file tools/mgmt-tester.c of the component BlueZ. The manipulation of the argument caplen leads to null pointer dereference. It is recommended to apply a patch to f...
PT-2024-11771
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to temporary data corruption in the collapse range of the smb3 module. The collapse range does not discard the affected cached region, which can risk temporarily...
PT-2024-11779
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue arises when the GDDV returns a package with a buffer of zero length, causing kmemdup to return ZERO SIZE PTR 0x10. This leads to a NULL pointer dereference problem in data vaul...
CVE-2014-125017
A vulnerability classified as critical was found in FFmpeg 2.0. This vulnerability affects the function rpzadecodestream. The manipulation leads to memory corruption. The attack can be initiated remotely. The name of the patch is Fixes Invalid Writes. It is recommended to apply a patch to fix thi...
CVE-2014-125002 FFmpeg dnxhdenc.c dnxhd_init_rc memory corruption
A vulnerability was found in FFmpeg 2.0. It has been classified as problematic. Affected is the function dnxhdinitrc of the file libavcodec/dnxhdenc.c. The manipulation leads to memory corruption. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue...
CVE-2021-38693 Path Traversal in thttpd
A path traversal vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero, QTS, QVR Pro Appliance. If exploited, this vulnerability allows attackers to read the contents of unexpected files and expose sensitive data. We have already fixed this vulnerability in the...
CVE-2022-1289
CVE-2022-1289 affects tildearrow Furnace and stems from an incomplete fix of CVE-2022-1211, enabling a remote Denial of Service that requires user interaction. The issue is addressed by patch 0eb02422d5161767e9983bdaa5c429762d3477ce. Documented impact highlights partial availability disruption (a...
GHSA-PFJJ-M3JJ-9JC9 Undefined behavior in `SparseTensorSliceDataset`
Impact The implementation of SparseTensorSliceDataset has an undefined behavior: under certain condition it can be made to dereference a nullptr value: python import tensorflow as tf import numpy as np tf.rawops.SparseTensorSliceDataset indices=, values=, denseshape=1,1 The 3 input arguments...
GHSA-247X-2F9F-5WP7 Stack overflow in TensorFlow
Impact The GraphDef format in TensorFlow does not allow self recursive functions. The runtime assumes that this invariant is satisfied. However, a GraphDef containing a fragment such as the following can be consumed when loading a SavedModel: library function signature name: "SomeOp" description:...
Updated xterm packages fix security vulnerability
xterm through Patch 370, when Sixel support is enabled, allows attackers to trigger a buffer overflow in setsixel in graphicssixel.c via crafted text. CVE-2022-24130...
PT-2022-12396 · Unknown +1 · Libiec61850 +1
Name of the Vulnerable Software and Affected Versions: libiec61850 version 1.5.0 Description: A NULL pointer dereference in AcseConnection parseMessage at src/mms/iso acse/acse.c can lead to a segmentation fault or application crash. Recommendations: For libiec61850 version 1.5.0, consider applyi...
PT-2025-8568
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A subtraction overflow bug has been resolved in the Linux kernel. The issue occurs when hole end is small enough to cause a subtraction overflow, or when addr + 2 min alignment overflows...
PT-2025-8399
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue has been identified in the Linux kernel, specifically in the blk-throttle component. This issue occurs when a bio block I/O request is throttled and the BIO...
GHSA-7RG2-QXMF-HHX9 Session fixation in express-openid-connect
Overview Versions 2.3.0 up to and including 2.5.1 do not regenerate the session id and session cookie when user logs in. This behavior opens up the application to various session fixation vulnerabilities. Am I affected? You are affected by this vulnerability if you are using express-openid-connec...
in bookstackapp/bookstack
Description The dompdf chroot option in Bookstack App is set to basepath, which is the Laravel root folder /var/www/bookstack. An attacker can hence load any image file in the Laravel folder /var/www/bookstack or its subdirectories via PDF exports. Proof of Concept 1: Place an image file in...
PYSEC-2021-794
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of division in TFLite is vulnerable to a division by 0 error. There is no check that the divisor tensor does not contain zero elements. We have patched the issue in GitHub commit...
CVE-2021-37682
TensorFlow is an end-to-end open source platform for machine learning. In affected versions all TFLite operations that use quantization can be made to use unitialized values. For example. The issue stems from the fact that quantization.params is only valid if quantization.type is different that...
PYSEC-2021-289
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.UnicodeEncode. The implementation reads the first dimension of the inputsplits tensor before validating that th...
CVE-2021-37667
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.UnicodeEncode. The implementation reads the first dimension of the inputsplits tensor before validating that th...