PYSEC-2021-637

TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's savedmodelcli tool is vulnerable to a code injection as it calls eval on user supplied strings. This can be used by attackers to run arbitrary code on the plaform where the CLI tool runs. However, given...

Admin can abuse grantSlingshot and steal user funds

Handle kenzo Vulnerability details After user has .approved ApprovalHandler, admin can grantSlingshot himself, and then call ApprovalHandler.transferFrom with parameters that will transfer all tokens to himself before the user calls Slingshot's executeTrades. Although this vulnerability requires ...

DEBIAN-CVE-2021-42715

An issue was discovered in stb stbimage.h 1.33 through 2.27. The HDR loader parsed truncated end-of-file RLE scanlines as an infinite sequence of zero-length runs. An attacker could potentially have caused denial of service in applications using stbimage by submitting crafted HDR files...

UBUNTU-CVE-2021-42715

An issue was discovered in stb stbimage.h 1.33 through 2.27. The HDR loader parsed truncated end-of-file RLE scanlines as an infinite sequence of zero-length runs. An attacker could potentially have caused denial of service in applications using stbimage by submitting crafted HDR files...

Exploit for Off-by-one Error in Sudo_Project Sudo

CVE-2021-3156 CVE-2021-3156 exploit Introducti...

CVE-2021-32664 Reflected XSS in Combodo/iTop

Combodo iTop is an open source web based IT Service Management tool. In affected versions there is a XSS vulnerability on "run query" page when logged as administrator. This has been resolved in versions 2.6.5 and 2.7.5...

CVE-2021-32664

CVE-2021-32664 (Combodo iTop) is an XSS vulnerability on the run query page when authenticated as administrator. The primary description notes affected versions and fixes: it was resolved in iTop versions 2.6.5 and 2.7.5. Connected sources corroborate iTop-specific issues and mitigations across m...

Combodo iTop 跨站脚本漏洞

Combodo iTop is a French company Combodo ITIL-based development and for the daily operation of the IT environment of open source Web applications. The program provides incident management, configuration management and problem management. A cross-site scripting vulnerability exists in Combodo iTop...

PT-2021-19842 · Comodo +1 · Itop +1

Name of the Vulnerable Software and Affected Versions: Combodo iTop versions prior to 2.6.5 Combodo iTop versions prior to 2.7.5 Description: The issue is related to a XSS vulnerability on the "run query" page when logged in as an administrator. This vulnerability has been resolved in versions...

CVE-2021-22961

A code injection vulnerability exists within the firewall software of GlassWire v2.1.167 that could lead to arbitrary code execution from a file in the user path on first execution...

Demo: How to Build a Container Registry from a Container

What came first the container or the container registry? Find out and learn how to build, run, and scan your very own container registry from a container itself on your laptop...

Demo: How to Build a Container Registry from a Container

What came first the container or the container registry? Find out and learn how to build, run, and scan your very own container registry from a container itself on your laptop...

DEBIAN-CVE-2020-27372

A buffer overflow vulnerability exists in Brandy Basic V Interpreter 1.21 in the runinterpreter function...

UBUNTU-CVE-2020-27372

A buffer overflow vulnerability exists in Brandy Basic V Interpreter 1.21 in the runinterpreter function...

OSV-2021-1437 Heap-buffer-overflow in unpack_32bit

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39799 Crash type: Heap-buffer-overflow WRITE 4 Crash state: unpack32bit exrdecodingrun Imf31::checkCoreFile...

Brandy 缓冲区错误漏洞

Brandy is a Basic V Interpreter. A buffer error vulnerability exists in Brandy Basic V Interpreter that stems from the product's failure to properly handle data boundaries when the runinterpreter function is run. The following products and versions are affected: Brandy Basic V Interpreter version...

PT-2021-7979 · Unknown +3 · Stb Image.H +3

Name of the Vulnerable Software and Affected Versions: stb image.h versions 1.33 through 2.27 Description: The issue is related to the HDR loader in stb image.h, which parses truncated end-of-file RLE scanlines as an infinite sequence of zero-length runs. This could allow a remote attacker to cau...

CVE-2021-34780

Multiple vulnerabilities exist in the Link Layer Discovery Protocol LLDP implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause it to reload unexpectedly Cause LLDP database...

CVE-2021-0691

In the SELinux policy configured in systemapp.te, there is a possible way for systemapp to gain code execution in other processes due to an overly-permissive SELinux policy. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed fo...

October 5, 2021, update for Office 2016 (KB4462197)

October 5, 2021, update for Office 2016 KB4462197 This article describes update 4462197 for Microsoft Office 2016 that was released on October 5, 2021.Be aware that the update in the Microsoft Download Center applies to the Microsoft Installer .msi-based edition of Office 2016. It doesn't apply t...