CVE-2021-24035

A lack of filename validation when unzipping archives prior to WhatsApp for Android v2.21.8.13 and WhatsApp Business for Android v2.21.8.13 could have allowed path traversal attacks that overwrite WhatsApp files...

jenkins: lack of type validation in agent related REST API

A flaw was found in Jenkins. Due to lack of validation of type of object created after loading the data submitted to the config.xml REST API endpoint of a node, an attackers with Computer/Configure permission are able to replace a node with one of a different type...

PYSEC-2021-709

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.FusedBatchNorm is vulnerable to a heap buffer overflow. If the tensors are empty, the same implementation can trigger undefined behavior by dereferencing null pointers. The...

PYSEC-2021-737

TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in SparseReshape results in a denial of service based on a CHECK-failure. The...

PYSEC-2021-646

TensorFlow is an end-to-end open source platform for machine learning. Missing validation between arguments to tf.rawops.Conv3DBackprop operations can result in heap buffer overflows. This is because the...

PYSEC-2021-703

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.AvgPool3DGrad is vulnerable to a heap buffer overflow. The...

PYSEC-2021-646

TensorFlow is an end-to-end open source platform for machine learning. Missing validation between arguments to tf.rawops.Conv3DBackprop operations can result in heap buffer overflows. This is because the...

PYSEC-2021-658

TensorFlow is an end-to-end open source platform for machine learning. An attacker can force accesses outside the bounds of heap allocated arrays by passing in invalid tensor values to tf.rawops.RaggedCross. This is because the...

CVE-2021-29520

TensorFlow is an end-to-end open source platform for machine learning. Missing validation between arguments to tf.rawops.Conv3DBackprop operations can result in heap buffer overflows. This is because the...

CVE-2021-29566

TensorFlow is an end-to-end open source platform for machine learning. An attacker can write outside the bounds of heap allocated arrays by passing invalid arguments to tf.rawops.Dilation2DBackpropInput. This is because the...

CVE-2021-29578

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.FractionalAvgPoolGrad is vulnerable to a heap buffer overflow. The...

PT-2021-18271 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.5.0 TensorFlow version 2.4.2 TensorFlow version 2.3.3 TensorFlow version 2.2.3 TensorFlow version 2.1.4 Description: Missing validation between arguments to tf.raw ops.Conv3DBackprop operations can result in hea...

CVE-2021-31459

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2021-25678

A vulnerability has been identified in Solid Edge SE2020 All versions SE2020MP13, Solid Edge SE2020 All versions SE2020MP14, Solid Edge SE2021 All Versions SE2021MP4. Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds...

CVE-2020-26997

A vulnerability has been identified in Solid Edge SE2020 All versions SE2020MP13, Solid Edge SE2020 All versions SE2020MP14, Solid Edge SE2021 All Versions SE2021MP4. Affected applications lack proper validation of user-supplied data when parsing PAR files. This could lead to pointer dereferences...

dpdk: librte_vhost Malicious guest could cause segfault by sending invalid Virtio descriptor

A flaw was found in DPDK version 19.11 and above that allows a malicious guest to cause a segmentation fault of the vhost-user backend application running on the host, which could result in a loss of connectivity for the other guests running on that host. This is caused by a missing validity chec...

npm onion-oled-js 命令注入漏洞

npm onion-oled-js is an application from the American company npm. A JS library is provided that exposes a collection of functions that wrap the oled-exp executable that controls the onion omega OLED display. A security vulnerability exists in onion-oled-js that can be exploited by an attacker to...

Charlie Fish portprocesses 命令注入漏洞

Charlie Fish PortProcesses is Charlie Fish an open source application . Provides the function of listing port processes. portprocesses before 1.0.5 A security vulnerability exists that can be exploited by an attacker to potentially execute arbitrary commands. Due to the use of child processes to...

The vulnerability in the recv_files function of the Rsync file transfer and synchronization utility’s receiver.c module allows a attacker to compromise data integrity.

The vulnerability in the recvfiles function in the receiver.c file of the Rsync file transfer and synchronization utility is related to the lack of checks on the file name. Exploiting this vulnerability could allow a remote attacker to compromise the integrity of the data...

Npm port-killer 操作系统命令注入漏洞

Npm port-killer is an application from Npm. It provides a function to terminate a process running on a given port. An operating system command injection vulnerability exists in Npm port-killer, which uses sub-processes to execute functions without input checking...