a62-emotion (>=0.10.12 <=0.11.4), aiproteomics (=0.2.1) +97 more potentially affected by CVE-2022-23587 via tensorflow-cpu (>=1.15.0 <=2.4.4)

tensorflow-cpu PYPI version =1.15.0, =0.10.12, =2.0.0, =2.0.0, =1.0.0, =0.0.5, =0.3.0, =0.0.1, =0.8.1, =0.1.1, =1.3.0, =0.1.0.dev1, =0.0.1, =0.3.3 and more Source cves: CVE-2022-23587 Source advisory: OSV:PYSEC-2022-96...

Mageia: Security Advisory (MGASA-2019-0207)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2021-0031)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2018-0322)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2019-0332)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Medium: kernel

Issue Overview: A flaw was found in the AMD Cryptographic Co-processor driver in the Linux kernel. An attacker, able to send invalid SHA type commands, could cause the system to crash. The highest threat from this vulnerability is to system availability. CVE-2019-18808 A flaw was found in the Lin...

How to disable XXE processing?

In my last post I talked about XXE vulnerabilities found on popular open-source projects and more generally how to assess this type of issue. Today, I’ll talk about the different strategies to disable XXE processing. External XXE and internal entities are useful for building concise XML documents...

OESA-2022-1498 mosquitto security update

Mosquitto is an open source message broker that implements the MQ Telemetry Transport protocol version 3.1 and 3.1.1 MQTT provides a lightweight method of carrying out messaging using a publish/subscribe model. This makes it suitable for "machine to machine" messaging such as with low power senso...

Cisco IOS XR Software for ASR 9000 Series Routers DoS (cisco-sa-npspin-QYpwdhFD)

According to its self-reported version, Cisco IOS XR is affected by denial of service vulnerability due to incorrect handling of specific Ethernet frames that cause a spin loop that can make the network processors unresponsive. An unauthenticated, adjacent attacker can exploit these by sending...

LINE for Windows 输入验证错误漏洞

Line Corporation LINE for Windows is a Windows-based instant messaging application from Line Corporation, Japan. An input validation error vulnerability exists in LINE for Windows, which stems from a lack of media file checking before rendering, and can be exploited to send specially crafted gif...

PT-2022-15696 · Line · Line For Windows

Name of the Vulnerable Software and Affected Versions: LINE for Windows versions prior to 7.4 Description: The issue arises from the lack of media file checks before rendering, allowing an attacker to cause abnormal CPU consumption for the message recipient by sending a specially crafted gif imag...

CVE-2021-39659

In sortSimPhoneAccountsForEmergency of CreateConnectionProcessor.java, there is a possible prevention of access to emergency calling due to an unhandled exception. In rare instances, this could lead to local denial of service with User execution privileges needed. User interaction is not needed f...

QEMU: net: e1000: infinite loop while processing transmit descriptors

An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits tx descriptors in processtxdesc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in a denial o...

Huawei Smartphone 输入验证错误漏洞

The Huawei Smartphone is a smartphone from the Chinese company Huawei. The Huawei Smartphone suffers from a buffer error vulnerability that stems from an integer overflow vulnerability in the ACPU in the smartphone. An attacker could exploit this vulnerability to cause out-of-bounds access...

PT-2025-37629

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The return value of the acpi fetch acpi dev function could be NULL, potentially leading to a NULL pointer dereference within the acpi device hid function. Recommendations At the moment,...

PT-2025-8587 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A issue in the Linux kernel was discovered related to changing the MAX FRAME SIZE of a switch. If the MAX FRAME SIZE is changed while the cpu port is on, the switch panics and stops...

CVE-2021-44145

CVE-2021-44145 affects the Apache NiFi TransformXML processor (before 1.15.1). An authenticated user could configure an XSLT file that contains external entity calls, potentially revealing sensitive information due to an XXE. The issue is documented across multiple sources, with remediation advis...

The vulnerability of the module of central processors in programmable logic controllers such as MELIPC, MELSEC iQ-R, MELSEC Q, and MELSEC L allows a intruder to trigger a service failure.

The vulnerability of the microcontroller modules in programmable logic controllers such as MELIPC, MELSEC iQ-R, MELSEC Q, and MELSEC L is related to errors in processing input data length parameters. Exploiting this vulnerability can allow an attacker, operating remotely, to cause malfunctions...

CVE-2021-38917

IBM PowerVM Hypervisor FW860, FW940, and FW950 could allow an attacker that gains service access to the FSP can read and write arbitrary host system memory through a series of carefully crafted service procedures. IBM X-Force ID: 210018...

Code Injection in jackson-databind

This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource aka Anteros-DBCP...