CVE-2021-37674

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a denial of service via a segmentation fault in tf.rawops.MaxPoolGrad caused by missing validation. The implementation misses some validation for the originput and origoutput tensor...

CVE-2021-37674

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a denial of service via a segmentation fault in tf.rawops.MaxPoolGrad caused by missing validation. The implementation misses some validation for the originput and origoutput tensor...

PT-2021-21792 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.6.0 TensorFlow versions 2.5.1 and earlier TensorFlow versions 2.4.3 and earlier TensorFlow versions 2.3.4 and earlier Description: An attacker can trigger a denial of service via a segmentation fault in tf.raw...

PT-2021-21784 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.6.0 TensorFlow versions 2.5.1 and earlier TensorFlow versions 2.4.3 and earlier TensorFlow versions 2.3.4 and earlier Description: An attacker can cause undefined behavior via binding a reference to null pointer...

PT-2021-6060 · Foxit · Foxit Pdf Editor

Name of the Vulnerable Software and Affected Versions: Foxit PDF Editor affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a malicio...

CVE-2021-34845

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2021-34842

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2021-37160

A firmware validation issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. There is no firmware validation e.g., cryptographic signature validation during a File Upload for a firmware update...

Swisslog Healthcare Nexus Panel 数据伪造问题漏洞

Swisslog Healthcare Nexus Panel is a medical device from Swisslog Healthcare. A code download without integrity check vulnerability exists in Nexus Control Panel versions prior to 7.2.5.7. The vulnerability stems from no file validation during the upload of an update. No details of the...

CVE-2021-37594

In FreeRDP before 2.4.0 on Windows, wfcliprdrserverfilecontentsrequest in client/Windows/wfcliprdr.c has missing input checks for a FILECONTENTSSIZE File Contents Request PDU...

Foxit PDF Reader 资源管理错误漏洞

Foxit PDF Reader is a PDF reader from the Chinese company Foxit. Foxit PDF Reader suffers from a Resource Management Error vulnerability, which is caused by failing to validate the existence of an object before performing an operation on it, and can be exploited by an attacker to execute code in...

kernel: size_t-to-int conversion vulnerability in the filesystem layer

An out-of-bounds write flaw was found in the Linux kernel's seqfile in the Filesystem layer. This flaw allows a local attacker with a user privilege to gain access to out-of-bound memory, leading to a system crash, leak of internal kernel information and can escalate privileges. The issue results...

kernel: size_t-to-int conversion vulnerability in the filesystem layer

An out-of-bounds write flaw was found in the Linux kernel's seqfile in the Filesystem layer. This flaw allows a local attacker with a user privilege to gain access to out-of-bound memory, leading to a system crash, leak of internal kernel information and can escalate privileges. The issue results...

UBUNTU-CVE-2021-20110

Due to Manage Engine Asset Explorer Agent 1.0.34 not validating HTTPS certificates, an attacker on the network can statically configure their IP address to match the Asset Explorer's Server IP address. This will allow an attacker to send a NEWSCAN request to a listening agent on the network as we...

netty: possible request smuggling in HTTP/2 due missing validation

In Netty io.netty:netty-codec-http2 before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by Http2MultiplexHandler as it is propagated up. This is fine as long as the...

PbootCMS 安全漏洞

PbootCMS is an open source enterprise building content management system CMS developed using the PHP language. PbootCMS has a security vulnerability, the vulnerability stems from the platform's message board function does not validate the data, an attacker can exploit the vulnerability to execute...

The vulnerability of the qsvghandler.cpp component of the cross-platform development framework for Qt software, related to the lack of a mechanism for checking input data, allows attackers to trigger service failures.

The vulnerability of the qsvghandler.cpp component of the cross-platform framework for developing Qt software is related to the lack of a mechanism for checking input data. Exploiting this vulnerability allows an attacker to trigger a service failure by using an altered SVG image...

CVE-2021-23403

All versions of package ts-nodash are vulnerable to Prototype Pollution via the Merge function due to lack of validation input...

The vulnerability in the `add_probe` function of the `modutils/modprobe.c` file of the UNIX utility suite BusyBox, related to a lack of input validation mechanism, allows an attacker to compromise data integrity.

The vulnerability of the addprobe function in the modutils/modprobe.c file of the BusyBox command-line utility suite in UNIX systems is related to the lack of a mechanism for checking input data. Exploiting this vulnerability allows an attacker to manipulate data integrity using the slash / as pa...

The vulnerabilities of the functions ReadDCMImage, ReadPWPImage, ReadCALSImage, and ReadPICTImage in the console image editor ImageMagick components, related to the lack of data validation, allow attackers to trigger service interruptions.

The vulnerability of the functions ReadDCMImage, ReadPWPImage, ReadCALSImage, and ReadPICTImage in the ImageMagick console graphic editor’s code components coders/dcm.c, coders/pwp.c, coders/cals.c, and coders/p Pict.c is related to the lack of data validation during function execution. Exploitin...