CVE-2022-35991

TensorFlow is an open source platform for machine learning. When TensorListScatter and TensorListScatterV2 receive an elementshape of a rank greater than one, they give a CHECK fail that can trigger a denial of service attack. We have patched the issue in GitHub commit...

OESA-2025-2678 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. NFKC normalization in Python is slow on Windows. As a consequence,...

Oracle MySQL Cluster (July 2025 CPU)

The versions of MySQL Cluster installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2025 CPU advisory. - Vulnerability in the MySQL Cluster product of Oracle MySQL component: Cluster: General. Supported versions that are affected are 8.0.0-8.0.43,...

CVE-2025-50103

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: LDAP Auth. Supported versions that are affected are 9.0.0-9.3.0. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

CVE-2025-50080

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Stored Procedure. Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to...

Tuesday, July 15, 2025 Security Releases

Tuesday, July 15, 2025 Security Releases Security releases available Updates are now available for the 24.x, 22.x, 20.x Node.js release lines for the following issues. Windows Device Names CON, PRN, AUX Bypass Path Traversal Protection in path.normalize CVE-2025-27210 - high An incomplete fix has...

CVE-2025-53689

Blind XXE Vulnerabilities in jackrabbit-spi-commons and jackrabbit-core in Apache Jackrabbit 2.23.2 due to usage of an unsecured document build to load privileges. Users are recommended to upgrade to versions 2.20.17 Java 8, 2.22.1 Java 11 or 2.23.2 Java 11, beta versions, which fix this issue...

CVE-2021-37653

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a crash via a floating point exception in tf.rawops.ResourceGather. The implementation computes the value of a value, batchsize, and then divides by it without checking that this...

[SECURITY] Fedora 40 Update: python3.8-3.8.20-2.fc40

Python 3.8 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.8, see other distributions that support it, such as an older Fedora release...

CVE-2021-37637

TensorFlow is an end-to-end open source platform for machine learning. It is possible to trigger a null pointer dereference in TensorFlow by passing an invalid input to tf.rawops.CompressElement. The implementation was accessing the size of a buffer obtained from the return of a separate function...

CVE-2021-37656

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.RaggedTensorToSparse. The implementation has an incomplete validation of the splits values: it does not check...

SUSE-SU-2025:20034-1 Security update for python-requests

This update for python-requests fixes the following issues: - Update to 2.32.2 To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed getconnection to a new public API, getconnectionwithtlscontext. Existing custom HTTPAdapters will need to...

CVE-2024-21204

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: PS. Supported versions that are affected are 8.4.0 and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

UBUNTU-CVE-2024-8373

Improper sanitization of the value of the srcset attribute in HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/ContentSpoofing . This issue affects all versions of...

CVE-2024-8373 AngularJS improper sanitization in '<source>' element

Improper sanitization of the value of the srcset attribute in HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/ContentSpoofing . This issue affects all versions of...

Security Bulletin: Red Hat OpenShift on IBM Cloud is affected by a cri-o security vulnerability (CVE-2024-3154)

Summary Red Hat OpenShift on IBM Cloud is affected by a security vulnerability found in the cri-o component which could allow a remote authenticated attacker to execute arbitrary commands on the system CVE-2024-3154. Vulnerability Details CVEID: CVE-2024-3154 Description: CRI-O could allow a remo...

BIT-TENSORFLOW-2021-29535 Heap buffer overflow in `QuantizedMul`

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in QuantizedMul by passing in invalid thresholds for the quantization. This is because the...

SUSE-RU-2022:3275-1 Recommended update for python-aiohttp, python-typing_extensions

This update for python-aiohttp, python-typingextensions fixes the following issues: - Include in SLE-15 bsc1197831 - Fixed required/optional keys with old-style TypedDict - Test in separate multibuild flavor to break depcycles with full python stdlib - Clean requirements specifications for python...

Polkit pkexec Local Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Local Privilege Escalation in polkits pkexec', 'Description' = %q A bug exists in the polkit pkexec binary in how it processes arguments. If the...

Security Bulletin: IBM Cloud Kubernetes Service is affected by a Kubernetes kubelet and kube-proxy security vulnerability (CVE-2020-8558)

Summary IBM Cloud Kubernetes Service is affected by a security vulnerability in the Kubernetes kubelet and kube-proxy that could allow neighboring nodes to bypass localhost boundary CVE-2020-8558 Vulnerability Details CVEID: CVE-2020-8558 Description: Kubernetes kube-proxy could allow a remote...