Design/Logic Flaw

TensorFlow is an open source platform for machine learning. In affected versions while calculating the size of the output within the tf.range kernel, there is a conditional statement of type int64 = condition ? int64 : double. Due to C++ implicit conversion rules, both branches of the condition...

CVE-2021-41202 Overflow/crash in `tf.range`

TensorFlow is an open source platform for machine learning. In affected versions while calculating the size of the output within the tf.range kernel, there is a conditional statement of type int64 = condition ? int64 : double. Due to C++ implicit conversion rules, both branches of the condition...

CVE-2021-41199 Overflow/crash in `tf.image.resize` when size is large

TensorFlow is an open source platform for machine learning. In affected versions if tf.image.resize is called with a large input argument then the TensorFlow process will crash due to a CHECK-failure caused by an overflow. The number of elements in the output tensor is too much for the int64t typ...

Unbreakable Enterprise kernel security update

4.1.12-124.57.1 - target; fix print statement warning John Donnelly Orabug: 33495661 - enic;: fix warning on moduleparam disablevlan0, John Donnelly Orabug: 33495661 - bnx2fc: correct BNX2FCTMTIMEOUT to be 60 sec John Donnelly Orabug: 33495661 - target: Fix linux-4.1.y specific compile warning...

Grief Ransomware Targets NRA

A ransomware group tied to Russia claims to have stolen data from the National Rifle Association NRA in a ransomware attack on the controversial gun-rights group, which has declined to comment on the situation. The Grief ransomware gang listed the NRA as a victim of its nefarious activity on its...

WordPress MainWP Child Reports plugin SQL injection vulnerability

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress MainWP Child Reports plugin has a SQL injection vulnerability in versions prior to 2.0.8, which stems...

fillZrxQuote doesn't return correct values when zrxSellTokenAddress == zrxBuyTokenAddress

Handle harleythedog Vulnerability details Impact Suppose that swapByQuote is called with zrxSellTokenAddress == zrxBuyTokenAddress, and neither of these addresses "signifiesETHOrZero". The contract first transfers amountToSell of these tokens from the sender's account into the contract and update...

Download Monitor < 4.4.5 - Admin+ SQL Injection

The plugin does not properly validate and escape the "orderby" GET parameter before using it in a SQL statement when viewing the logs, leading to an SQL Injection issue PoC There need to be at least one log for the payload to trigger...

Stream < 3.8.2 - Admin+ SQL Injection

The plugin does not sanitise and validate the order GET parameter from the Stream Records admin dashboard before using it in a SQL statement, leading to an SQL injection issue. PoC https://example.com/wp-admin/admin.php?page=wpstream=+AND+SELECT+9940+FROM+SELECTSLEEP5vqNl...

Setting Factory.bondPercentDiv to zero cause Denial of Service in Auction.bondForRebalance()

Handle pants Vulnerability details The function Factory.setBondPercentDiv allows the owner to set the state variable Factory.bondPercentDiv to zero. Impact If Factory.bondPercentDiv equals zero then the function Auction.bondForRebalance will always revert due to a division by zero: bondAmount =...

CVE-2020-28119

Cross site scripting vulnerability in 53KF 2.0.0.2 that allows for arbitrary code to be executed via crafted HTML statement inserted into chat window...

Cross site scripting

Cross site scripting vulnerability in 53KF 2.0.0.2 that allows for arbitrary code to be executed via crafted HTML statement inserted into chat window...

CVE-2020-28119

Cross site scripting vulnerability in 53KF 2.0.0.2 that allows for arbitrary code to be executed via crafted HTML statement inserted into chat window...

Apple Pay Can be Abused to Make Contactless Payments From Locked iPhones

Cybersecurity researchers have disclosed an unpatched flaw in Apple Pay that attackers could abuse to make an unauthorized Visa payment with a locked iPhone by taking advantage of the Express Travel mode set up in the device's wallet. "An attacker only needs a stolen, powered on iPhone. The...

Sql injection

The Orders functionality in the WP iCommerce WordPress plugin through 1.1.1 has an orderid parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. The feature is available to low privilege users such as contributors...

Security Bulletin: Multiple IBM Db2 Server Vulnerabilities Affect IBM Emptoris Supplier Lifecycle Mgmt

Summary Multiple IBM Db2 Server vulnerabilities affect IBM Emptoris Supplier Lifecycle Mgmt. Vulnerability Details CVEID: CVE-2021-20579 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user who can create a view or inline...

Security Bulletin: IBM Db2 Server Vulnerability Affects IBM Emptoris Supplier Lifecycle Mgmt (CVE-2021-29702)

Summary An IBM Db2 Server vulnerability affects IBM Emptoris Supplier Lifecycle Mgmt. Vulnerability Details CVEID: CVE-2021-29702 DESCRIPTION: Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.1.4 and 11.5.5 is vulnerable to a denial of service as the server terminates abnormally whe...

The vulnerability in the `parser_parse_function_statement` function of the `js-parser-statm.c` component of the JavaScript engine for the Internet of Things, JerryScript, and the IoT.js platform, related to the insufficient use of the `assert()` function, allows a attacker to trigger a service failure.

The vulnerability of the parserparsefunctionstatement function in the js-parser-statm.c component of the JavaScript engine for the Internet of Things, JerryScript, and the IoT.js platform is related to incorrect comparisons. Exploiting this vulnerability could allow a remote attacker to cause a...

Acronis: No server side check on terms of service page which leads to bypass

Hi team, I have found that there is no server side check implemented on the "Acronis Terms of Service and Privacy Statement" Page that is shown after filling the registration form which results in bypassing it without even accepting it. Steps To Reproduce: 1. Register as a new user by filling out...

Improper Access Control in agentejo/cockpit

✍️ Description A local file inclusion vulnerability allows attackers to bypass the need for API Keys when querying private custom API endpoints 🕵️‍♂️ Proof of Concept 1. On the server create a custom API endpoint in /var/www/html/config/api/custom.php as follows: param'test'; if !$test return...