Vulnerability of the xt_compat_target_from_user() function (net/netfilter/x_tables.c) in the netfilter subsystem of Linux operating systems, allowing a hacker to cause a service failure or gain increased privileges

The vulnerability of the xtcompattargetfromuser function net/netfilter/xtables.c in the netfilter subsystem of Linux systems is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to cause a system failure or increase their privileges by...

GHSA-2GRH-HM3W-W7HV Race condition in tokio

When aborting a task with JoinHandle::abort, the future is dropped in the thread calling abort if the task is not currently being executed. This is incorrect for tasks spawned on a LocalSet. This can easily result in race conditions as many projects use Rc or RefCell in their Tokio tasks for bett...

GHSA-6P5R-G9MQ-GGH2 Reference binding to nullptr in `MatrixSetDiagV*` ops

Impact An attacker can cause undefined behavior via binding a reference to null pointer in all operations of type tf.rawops.MatrixSetDiagV: python import tensorflow as tf tf.rawops.MatrixSetDiagV3 input=1,2,3, diagonal=1,1, k=, align='RIGHTLEFT' The implementation has incomplete validation that t...

CVE-2021-30987

An access issue was addressed with improved access restrictions. This issue is fixed in macOS Monterey 12.1. A device may be passively tracked via BSSIDs...

kernel: out-of-bounds write in xt_compat_target_from_user() in net/netfilter/x_tables.c

A flaw was discovered in processing setsockopt IPTSOSETREPLACE or IP6TSOSETREPLACE for 32 bit processes on 64 bit systems. This flaw will allow local user to gain privileges or cause a DoS through user name space. This action is usually restricted to root-privileged users but can also be leverage...

CVE-2021-1104

The CVE-2021-1104 entry relates to the RISC-V Instruction Set Manual, where an ambiguity in the Machine Trap Vector Base Address (MTVEC) register’s initial state is not defined. This ambiguity is stated to potentially enable information disclosure, data tampering, and denial of service. The conso...

GHSA-2C25-XFPQ-8W9R Cross-site scripting in jfinal

An issue was discovered in JFinal framework v4.9.10 and below. The "set" method of the "Controller" class of jfinal framework is not strictly filtered, which will lead to XSS vulnerabilities in some cases...

PYSEC-2021-280

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type tf.rawops.MatrixSetDiagV. The implementation has incomplete validation that the value of k is a...

PYSEC-2021-769

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type tf.rawops.MatrixSetDiagV. The implementation has incomplete validation that the value of k is a...

PYSEC-2021-571

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type tf.rawops.MatrixSetDiagV. The implementation has incomplete validation that the value of k is a...

@enonic/semantic-ui-react-form (>=2.1.0 <=2.3.0) potentially affected by CVE-2019-10747 +1 more via set-value (=4.0.0)

set-value NPM version =4.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on set-value and may be impacted: - @enonic/semantic-ui-react-form =2.1.0, =2.3.0 Source cves: CVE-2019-10747, CVE-2021-23440 Source advisory: SNYK:JS-SETVALUE-1540541...

@alitajs/cordova (>=2.0.0 <=2.3.2), @alitajs/create-alita (=1.0.0-beta.1) +138 more potentially affected by CVE-2019-10747 +1 more via set-value (>=3.0.0 <=3.0.2)

set-value NPM version =3.0.0, =2.0.0, =2.0.0, =1.1.21, =1.1.9, =1.0.0, =1.4.0, =1.1.21, =1.0.0-alpha.115, =1.0.0-alpha.1, =1.0.0-alpha.3, =0.0.1, =0.0.1, =1.2.0, =1.2.1 and more Source cves: CVE-2019-10747, CVE-2021-23440 Source advisory: SNYK:JS-SETVALUE-1540541...

Prototype Pollution

Overview set-value is a package that creates nested values and any intermediaries using dot notation 'a.b.c' paths. Affected versions of this package are vulnerable to Prototype Pollution. A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in th...

CVE-2021-36942

Windows LSA Spoofing Vulnerability Recent assessments: jbaines-r7 at January 25, 2022 4:35pm UTC reported: Recently, I was attempting to combine James Forshaw’s remote EFSRPC file write “bug” with a local privilege escalation that I’d discovered. I was getting strange results. Working on one...

PT-2021-21774 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.6.0 TensorFlow versions 2.5.1 and earlier TensorFlow versions 2.4.3 and earlier TensorFlow versions 2.3.4 and earlier Description: An attacker can cause undefined behavior via binding a reference to null pointer...

Google TensorFlow 缓冲区错误漏洞

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A security vulnerability exists in Google TensorFlow, which could be exploited by an attacker to bind a reference to a null pointer in all operations of type tf.rawops.MatrixSetDiagV to cause undefined...

CVE-2021-23421

All versions of package merge-change are vulnerable to Prototype Pollution via the utils.set function...

DEBIAN-CVE-2020-21681

A global buffer overflow in the setcolor component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service DOS via converting a xfig file into ge format...

CVE-2020-21681

A global buffer overflow in the setcolor component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service DOS via converting a xfig file into ge format...

cloud-init: randomly generated passwords logged in clear-text to world-readable file

A flaw was found in cloud-init. When a system is configured through cloud-init and the "Set Passwords" module is used with "chpasswd" directive and "RANDOM", the randomly generated password for the relative user is written in clear-text in a file readable by any existing user of the system. The...