CVE-2022-36027 Segfault TFLite converter on per-channel quantized transposed convolutions in TensorFlow

TensorFlow is an open source platform for machine learning. When converting transposed convolutions using per-channel weight quantization the converter segfaults and crashes the Python process. We have patched the issue in GitHub commit aa0b852a4588cea4d36b74feb05d93055540b450. The fix will be...

TensorFlow segfault TFLite converter on per-channel quantized transposed convolutions

Impact When converting transposed convolutions using per-channel weight quantization the converter segfaults and crashes the Python process. python import tensorflow as tf class QuantConv2DTransposedtf.keras.layers.Layer: def buildself, inputshape: self.kernel = self.addweight"kernel", 3, 3,...

Siemens Simcenter Femap and Parasolid Out-of-Bounds Reading Vulnerability (CNVD-2022-62989)

Parasolid is a 3D geometric modeling tool that supports a variety of techniques, including solid modeling, direct editing, and free-form/sheet modeling.Simcenter Femap is an advanced simulation application for creating, editing, and examining finite element models of complex products or...

Mapbox buffer overflow vulnerability

Mapbox is a location data platform for mobile and Web applications from Mapbox, Inc. A buffer overflow vulnerability exists in versions prior to Mapbox gl-native 10.6.1, which stems from excessive image height and width values when creating new images, and can be exploited to cause Mapbox process...

Windows sxs!CNodeFactory::XMLParser_Element_doc_assembly_assemblyIdentity Heap Buffer Overflow

Windows: Heap buffer overflow in sxs!CNodeFactory::XMLParserElementdocassemblyassemblyIdentity SUMMARY A heap buffer overflow issue exists in Windows 11 and earlier versions. A malicious application may be able to execute arbitrary code with SYSTEM privileges. VULNERABILITY DETAILS In 2020, Proje...

CVE-2022-2723

A vulnerability was found in SourceCodester Employee Management System. It has been classified as critical. Affected is an unknown function of the file /process/eprocess.php. The manipulation of the argument mailuid/pwd leads to sql injection. It is possible to launch the attack remotely. The...

Huawei EulerOS: Security Advisory for polkit (EulerOS-SA-2022-2187)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.9.1 : polkit (EulerOS-SA-2022-2187)

According to the versions of the polkit packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustio...

Ubuntu 20.04 LTS / 22.04 LTS : libtirpc vulnerability (USN-5538-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5538-1 advisory. It was discovered that libtirpc incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. Tenable ha...

Siemens PADS Standard/Plus Viewer Out-of-Bounds Reading Vulnerability (CNVD-2022-51612)

PADS Standard and Standard Plus provide PCB schematic design and layout functionality in an intuitive and easy-to-use environment.An out-of-bounds read vulnerability exists in Siemens PADS Standard/Plus Viewer, which could be exploited by an attacker to disclose information in the context of the...

Siemens PADS Standard/Plus Viewer堆栈损坏漏洞

PADS Standard and Standard Plus provide PCB schematic design and layout functionality in an intuitive and easy-to-use environment.A stack corruption vulnerability exists in Siemens PADS Standard/Plus Viewer, which can be exploited by an attacker to disclose information in the context of the curre...

Siemens PADS Standard/Plus Viewer Out-of-Bounds Reading Vulnerability (CNVD-2022-51616)

PADS Standard and Standard Plus provide PCB schematic design and layout functionality in an intuitive and easy-to-use environment.An out-of-bounds read vulnerability exists in Siemens PADS Standard/Plus Viewer, which could be exploited by an attacker to execute code in the context of the current...

Siemens PADS Standard/Plus Viewer Out-of-Bounds Reading Vulnerability (CNVD-2022-51619)

PADS Standard and Standard Plus provide PCB schematic design and layout functionality in an intuitive and easy-to-use environment.An out-of-bounds read vulnerability exists in Siemens PADS Standard/Plus Viewer, which could be exploited by an attacker to execute code in the context of the current...

CVE-2022-34286

A vulnerability has been identified in PADS Standard/Plus Viewer All versions. The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted PCB files. This could allow an attacker to execute code in the context of the current...

Dlinject - Inject A Shared Library (I.E. Arbitrary Code) Into A Live Linux Process, Without Ptrace

Inject a shared library i.e. arbitrary code into a live linux process, without ptrace. Inspired by Cexigua and linux-inject, among other things. Usage .. . | /| | || || / | .. / | | | | |/ \ | |/ / \ \ \ | \ | |/|| /| |\ \ | /| // | / /| / / /|| / source:...

SAP 3D Visual Enterprise Viewer CGM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th...

Huawei EulerOS: Security Advisory for polkit (EulerOS-SA-2022-1874)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CISA Provides Criteria and Process for Updates to the KEV Catalog

CISA has updated the Known Exploited Vulnerabilities KEV catalog webpage as well as the FAQs for Binding Operational Directive BOD 22-01, Reducing the Significant Risk of Known Exploited Vulnerabilities, which established the KEV catalog. The updates provide information on the criteria and proces...

Out-of-Bounds Read

thunderbird is vulnerable to out of bounds read. A locally-installed hostile program could send WMCOPYDATA messages which the library incorrectly processes, leading to an out-of-bounds read...

Jenkins WMI Windows Agents Plugin Access Control Error Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.The Jenkins WMI Windows Agents Plugin is...