CVE-2020-15210

In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b a...

PT-2020-14281 · Google +1 · Tensorflow +1

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 1.15.4 TensorFlow versions prior to 2.0.3 TensorFlow versions prior to 2.1.2 TensorFlow versions prior to 2.2.1 TensorFlow versions prior to 2.3.1 Description: If a TFLite saved model uses the same tensor as both...

Information Disclosure

chromium-browser is vulnerable to information disclosure. The vulnerability exists in the fetch API of the WebKit component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site...

Information Disclosure

firefox is vulnerable to information disclosure. The vulnerability exists as Response header name interning does not have same-origin protections and these headers are stored in a global registry. This allows stored header names to be available cross-origin. This vulnerability affects Firefox 55...

Information Disclosure

firefox is vulnerable to information disclosure. When a Web Extension contains the all-urls permission and performed a fetch request with mode set to same-origin, an attacker will be able to read local files...

Policy Violation

thunderbird is vulnerable to policy violation. A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta http-equiv="refresh" on a page to cause a redirection to another site using performance.getEntries. This is a same-origin policy violation and could allow...

CVE-2020-7358

In AppSpider installer versions prior to 7.2.126, the AppSpider installer calls an executable which can be placed in the appropriate directory by an attacker with access to the local machine. This would prevent the installer from distinguishing between a valid executable called during an...

libsndfile:sndfile_fuzzer: Nested bug in the same thread, aborting. with empty stacktrace

Detailed Report: https://oss-fuzz.com/testcase?key=5087344745775104 Project: libsndfile Fuzzing Engine: libFuzzer Fuzz Target: sndfilefuzzer Job Type: libfuzzermsanlibsndfile Platform Id: linux Crash Type: Nested bug in the same thread, aborting. Crash Address: Crash State: NULL Sanitizer: memory...

USVN Cross-Site Request Forgery Vulnerability

USVN is a web interface written in PHP for configuring Subversion repositories. A cross-site request forgery vulnerability exists in versions prior to USVN 1.0.10. The vulnerability stems from the lack of SameSite Strict functionality. No detailed vulnerability details are provided at this time...

GHSA-6QQJ-RX4W-R3CJ CSRF Vulnerability in jquery-ujs

Versions 1.0.3 and earlier of jquery-ujs are vulnerable to an information leakage attack that may enable attackers to launch CSRF attacks, as it allows attackers to send CSRF tokens to external domains. When an attacker controls the href attribute of an anchor tag, or the action attribute of a fo...

GHSA-363H-VJ6Q-3CMJ Rosetta-Flash JSONP Vulnerability in hapi

This description taken from the pull request provided by Patrick Kettner. Versions 6.1.0 and earlier of hapi are vulnerable to a rosetta-flash attack, which can be used by attackers to send data across domains and break the browser same-origin-policy. Recommendation - Update hapi to version 6.1.1...

PT-2020-15707

Name of the Vulnerable Software and Affected Versions: TP-Link TL-WA855RE version V5 20200415-rel37464 Description: TP-Link TL-WA855RE devices allow an unauthenticated attacker on the same network to submit a TDDP RESET POST request, leading to a factory reset and reboot. This allows the attacker...

DEBIAN-CVE-2020-17538

A buffer overflow vulnerability in GetNumSameData in contrib/lips4/gdevlips.c of Artifex Software GhostScript from v9.18 to v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51...

readingsameday.co.uk Cross Site Scripting vulnerability OBB-1256501

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Lindy 42633 Elevation of Privilege Vulnerability

The Lindy 42633 is a 4-port USB 2.0 Gigabit network server. An elevation of privilege vulnerability exists in the Lindy 42633 2.078.000. The vulnerability stems from the ability to discover the administrative password by sniffing unencrypted UDP traffic. An attacker on the same network could use...

TP-Link TL-PS310U Denial of Service Vulnerability

The TP-Link TL-PS310U is a single USB 2.0 port MFP and storage server. A denial of service vulnerability exists in versions prior to TP-Link TL-PS310U 2.079.000.t0210, which can be exploited by an attacker on the same network with a long input value to cause the device to deny service...

TP-Link TL-PS310U Authentication Bypass Vulnerability

The TP-Link TL-PS310U is a single USB 2.0 port MFP and storage server. An authentication bypass vulnerability exists in versions prior to TP-Link TL-PS310U 2.079.000.t0210, which can be exploited by an attacker on the same network to bypass authentication via a Web management request that lacks...

Lindy 42633 Denial of Service Vulnerability

The Lindy 42633 is a 4-port USB 2.0 Gigabit network server. A denial of service vulnerability exists in the Lindy 42633 2.078.000. An attacker on the same network can exploit this vulnerability by entering a long value to cause the device to deny service...

CVE-2020-15059

Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to bypass authentication via a web-administration request that lacks a password parameter...

CVE-2020-15060

Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to conduct persistent XSS attacks by leveraging administrative privileges to set a crafted server name...