PYSEC-2024-252

PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/varargfunctions.cpp. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...

Fedora: Security Advisory for jsr-305 (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Adobe InCopy 缓冲区错误漏洞

Adobe InCopy is a text editing software for authoring from Adobe U.S. A heap buffer overflow vulnerability exists in Adobe InCopy, which could be exploited by an attacker to execute arbitrary code in the context of the current user...

Security Bulletin: Data masking rules are not enforced when CREATE TABLE AS SELECT statement is executed in IBM Big SQL

Summary A software defect in IBM Big SQL prevents data masking rules to be enforced when a user executes CREATE TABLE AS SELECT … WITH DATA statement. The newly created table contains unmasked data. Vulnerability Details CVEID:CVE-2022-22353 DESCRIPTION: IBM Big SQL could allow an authenticated...

Security Bulletin: IBM Cloud Private is vulnerable to a Go vulnerability (CVE-2021-3121)

Summary IBM Cloud Private is vulnerable to a Go vulnerability Vulnerability Details CVEID: CVE-2021-3121 DESCRIPTION: An unspecified error with the lack of certain index validation, aka the skippy peanut butter issue in GoGo Protobuf has an unknown impact and attack vector. CVSS Base score: 5.3...

Security Bulletin: IBM Cloud Private is vulnerable to OpenSSL vulnerabilities (CVE-2020-1971 )

Summary IBM Cloud Private is vulnerable to OpenSSL vulnerabilities Vulnerability Details CVEID: CVE-2020-1971 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference. If the GENERALNAMEcmp function contain an EDIPARTYNAME, an attacker could exploit this...

Google Apps 'Defect' Leaks Private WHOIS Data Of 280,000

Google has notified hundreds of thousands of domain registrants that their private WHOIS information has been exposed in the clear, opening them up to identity theft, phishing scams and more. Researchers from Cisco Talos last night said the problem likely lies with one of Google’s registrar...

FreeBSD Security Advisory FreeBSD-SA-13:07.bind

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-13:07.bind Security Advisory The FreeBSD Project Topic: BIND remote denial of service Category: contrib Module: bind Announced: 2013-07-26 Credits: Maxim Shudrak...

FreeBSD-SA-13:07.bind

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-13:07.bind Security Advisory The FreeBSD Project Topic: BIND remote denial of service Category: contrib Module: bind Announced: 2013-07-26 Credits: Maxim Shudrak...

dns/bind9* -- servers using DNS64 can be crashed by a crafted query

ISC reports: BIND 9 nameservers using the DNS64 IPv6 transition mechanism are vulnerable to a software defect that allows a crafted query to crash the server with a REQUIRE assertion failure. Remote exploitation of this defect can be achieved without extensive effort, resulting in a...

Inserted image filenames are not escaped properly as thumbnails

When you insert an image as a thumbnail into a wiki page, the generated HTML does not properly escape the filename...