EUVD-2023-1969

Malicious code in bioql PyPI...

EUVD-2024-35876

Malicious code in bioql PyPI...

EUVD-2023-43029

Malicious code in bioql PyPI...

CVE-2023-41265

An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows a remote attacker to elevate their privilege by tunnelin...

CVE-2020-15208

In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a DCHECK which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can...

PT-2025-18291 · Xwiki · Xwiki

Name of the Vulnerable Software and Affected Versions: XWiki versions 13.5-rc-1 through 15.10.12 XWiki versions 16.0.0-rc-1 through 16.4.3 XWiki versions 16.5.0-rc-1 through 16.7.x Description: The issue is related to an open redirect vulnerability in the HTML conversion request filter. This allo...

Linux Kernel Bug Opens Door to Wider Cyberattacks

An information-disclosure security vulnerability has been discovered in the Linux kernel, which can be exploited to expose information in the kernel stack memory of vulnerable devices. Specifically, the bug CVE-2020-28588 exists in the /proc/pid/syscall functionality of 32-bit ARM devices running...

Google Makes 2 Years of Android Security Updates Mandatory for Device Makers

When it comes to security updates, Android is a real mess. Even after Google timely rolls out security patches for its Android platform, a major part of the Android ecosystem remains exposed to hackers because device manufacturers do not deliver patches regularly and on a timely basis to their...

Mixed Reviews on Microsoft myBulletins Patch Service

Microsoft today released its new myBulletins service, an interface where IT administrators can customize security patch update information. While providing users with a slick GUI that allows for extensive filtering of patch information by the products in use inside an enterprise or small company,...

Oracle Database Server MDSYS.SDO_CS缓冲区溢出漏洞

Oracle Database Server是一款商业性质的功能强大的数据库服务程序。 Oracle Database Server处理MDSYS.SDOCS.TRANSFORM函数存在缓冲区溢出，远程攻击者可以利用漏洞以应用程序进程权限执行任意指令。 Oracle Database Server提供的MDSYS.SDOCS包包含子程序用于与协作系统工作。此包TRANSFORM过程处理存在缓冲区溢出，任何对MDSYS.SDOCS有执行权限的Oracle数据库用户可利用此漏洞。 Oracle Oracle9i Standard Edition 9.2 .6 Oracle Oracle9i...