GHSA-3W67-Q784-6W7C Division by zero in TFLite's implementation of `GatherNd`

Impact The reference implementation of the GatherNd TFLite operator is vulnerable to a division by zero error: cc ret.dimstocounti = remainflatsize / paramsshape.Dimsi; An attacker can craft a model such that params input would be an empty tensor. In turn, paramsshape.Dims. would be zero, in at...

PYSEC-2021-184

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a segfault and denial of service via accessing data outside of bounds in tf.rawops.QuantizedBatchNormWithGlobalNormalization. This is because the...

PYSEC-2021-214

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.AvgPool3DGrad is vulnerable to a heap buffer overflow. The...

PYSEC-2021-453

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in tf.rawops.Conv2DBackpropInput. This is because the...

CVE-2021-29603

TensorFlow is an end-to-end open source platform for machine learning. A specially crafted TFLite model could trigger an OOB write on heap in the TFLite implementation of...

CVE-2021-29443

jose is an npm library providing a number of cryptographic operations. In vulnerable versions AESCBCHMACSHA2 Algorithm A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 decryption would always execute both HMAC tag verification and CBC decryption, if either failed JWEDecryptionFailed would be thrown. A...

Authentication flaw

A local authentication bypass vulnerability was discovered in some Aruba Instant Access Point IAP products in versions: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x: 6.5.4.15 and below; Aruba Instant 8.3.x: 8.3.0.11 and below; Aruba Instant 8.4.x: 8.4.0.5 and below; Aruba...

Apple Issues Urgent Patch Update for Another Zero‑Day Under Attack

Merely weeks after releasing out-of-band patches for iOS, iPadOS, macOS and watchOS, Apple has issued yet another security update for iPhone, iPad, and Apple Watch to fix a critical zero-day weakness that it says is being actively exploited in the wild. Tracked as CVE-2021-1879 , the vulnerabilit...

WordPress GiveWP 2.9.7 Cross Site Scripting Vulnerability

Exploit Title: GiveWP 2.9.7 Reflected Cross-Site Scripting Exploit Author: Austin Bentley Vendor Homepage: https://givewp.com/ Software Link: https://wordpress.org/plugins/give/ Version: 2.9.7 Tested on: Windows 7 CVE: CVE-2021-24213 Exploitation requirements: Admin must visit payload URL. Defaul...

SOYAL 701Server 9.0.1 Insecure Permissions

Summary 701 Server is the program used to set up and configure LAN and IP based access control systems, from the COM port used to the quantity and type of controllers connected. It is also used for programming some of the more complex controllers such as the AR-716E and the AR-829E. Description T...

More on the Chinese Zero-Day Microsoft Exchange Hack

Nick Weaver has an excellent post on the Microsoft Exchange hack: The investigative journalist Brian Krebs has produced a handy timeline of events and a few things stand out from the chronology. The attacker was first detected by one group on Jan. 5 and another on Jan. 6, and Microsoft acknowledg...

Microsoft Exchange attacks cause panic as criminals go shell collecting

Only last week we posted a blog about multiple zero-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks. Seeing how this disclosure came with a patch being available, under normal circumstances you would see some companies update...

SAP Commerce Critical Security Bug Allows RCE

SAP is warning of a critical vulnerability in its SAP Commerce platform for e-commerce businesses. If exploited, the flaw could allow for remote code execution RCE that ultimately could compromise or disrupt the application. SAP Commerce organizes data – such as product information – to be...

Nokogiri::XML::Schema trusts input by default, exposing risk of XXE vulnerability

Severity Nokogiri maintainers have evaluated this as Low Severity CVSS3 2.6. Description In Nokogiri versions = 1.11.0.rc3, XML Schemas parsed by Nokogiri::XML::Schema are trusted by default, allowing external resources to be accessed over the network, potentially enabling XXE or SSRF attacks. Th...

Hotfix XS80E009 - For Citrix Hypervisor 8.0

Who Should Install This Hotfix? This is a hotfix for customers running Citrix Hypervisor 8.0. All customers who are affected by the issues described inCTX266932 - Citrix Hypervisor Multiple Security Updatesshould install this hotfix. Information About this Hotfix Component| Details ---|---...

Vulnerabilities fixed in IBM Security Directory Server

Vulnerabilities have been fixed in IBM Security Directory Server. The vulnerabilities allow a malicious party to access system data. IBM has released updates to fix the vulnerabilities. More information can be found on the page below: https://www.ibm.com/support/pages/node/6356607...

PYSEC-2020-139

In Tensorflow before version 2.4.0, when the boxes argument of tf.image.cropandresize has a very large value, the CPU kernel implementation receives it as a C++ nan floating point value. Attempting to operate on this is undefined behavior which later produces a segmentation fault. The issue is...

PT-2020-15646 · United Planet · Intrexx

Name of the Vulnerable Software and Affected Versions: Intrexx versions prior to 9.4.0 Description: The issue is related to a cross-site scripting XSS vulnerability in the search functionality. This allows remote attackers to inject arbitrary web script or HTML via the request parameter...

PYSEC-2020-120

In Tensorflow before version 2.3.1, the SparseCountSparseOutput implementation does not validate that the input arguments form a valid sparse tensor. In particular, there is no validation that the indices tensor has rank 2. This tensor must be a matrix because code assumes its elements are access...

PYSEC-2020-328

In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a denial of service by causing an out of memory allocation in the implementation of segment sum. Since code uses the last element of the tensor holding them to determine the dimensionality of output tensor,...