‼ CVE-2021-34534 ‼
📖 Read
via "National Vulnerability Database".
Windows MSHTML Platform Remote Code Execution Vulnerability📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36938 ‼
📖 Read
via "National Vulnerability Database".
Windows Cryptographic Primitives Library Information Disclosure Vulnerability📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36949 ‼
📖 Read
via "National Vulnerability Database".
Microsoft Azure Active Directory Connect Authentication Bypass Vulnerability📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37640 ‼
📖 Read
via "National Vulnerability Database".
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.raw_ops.SparseReshape` can be made to trigger an integral division by 0 exception. The [implementation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/reshape_util.cc#L176-L181) calls the reshaping functor whenever there is at least an index in the input but does not check that shape of the input or the target shape have both a non-zero number of elements. The [reshape functor](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/reshape_util.cc#L40-L78) blindly divides by the dimensions of the target shape. Hence, if this is not checked, code will result in a division by 0. We have patched the issue in GitHub commit 4923de56ec94fff7770df259ab7f2288a74feb41. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1 as this is the other affected version.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36948 ‼
📖 Read
via "National Vulnerability Database".
Windows Update Medic Service Elevation of Privilege Vulnerability📖 Read
via "National Vulnerability Database".
‼ CVE-2020-18458 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Request Forgery (CSRF) vulnerability exists in DamiCMS v6.0.6 that can add an admin account via admin.php?s=/Admin/doadd.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-26424 ‼
📖 Read
via "National Vulnerability Database".
Windows TCP/IP Remote Code Execution Vulnerability📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33762 ‼
📖 Read
via "National Vulnerability Database".
Azure CycleCloud Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36943.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-26430 ‼
📖 Read
via "National Vulnerability Database".
Azure Sphere Denial of Service Vulnerability📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37636 ‼
📖 Read
via "National Vulnerability Database".
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.raw_ops.SparseDenseCwiseDiv` is vulnerable to a division by 0 error. The [implementation](https://github.com/tensorflow/tensorflow/blob/a1bc56203f21a5a4995311825ffaba7a670d7747/tensorflow/core/kernels/sparse_dense_binary_op_shared.cc#L56) uses a common class for all binary operations but fails to treat the division by 0 case separately. We have patched the issue in GitHub commit d9204be9f49520cdaaeb2541d1dc5187b23f31d9. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36946 ‼
📖 Read
via "National Vulnerability Database".
Microsoft Dynamics Business Central Cross-site Scripting Vulnerability📖 Read
via "National Vulnerability Database".
‼ CVE-2020-18451 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability exists in DamiCMS v6.0.6 via the title parameter in the doadd function in LabelAction.class.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36932 ‼
📖 Read
via "National Vulnerability Database".
Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-26433, CVE-2021-36926, CVE-2021-36933.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36941 ‼
📖 Read
via "National Vulnerability Database".
Microsoft Word Remote Code Execution Vulnerability📖 Read
via "National Vulnerability Database".
‼ CVE-2020-18460 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Request Forgery (CSRF) vulnerability exists in 711cms v1.0.7 that can add an admin account via admin.php?c=Admin&m=content.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36943 ‼
📖 Read
via "National Vulnerability Database".
Azure CycleCloud Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-33762.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-34537 ‼
📖 Read
via "National Vulnerability Database".
Windows Bluetooth Driver Elevation of Privilege Vulnerability📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37643 ‼
📖 Read
via "National Vulnerability Database".
TensorFlow is an end-to-end open source platform for machine learning. If a user does not provide a valid padding value to `tf.raw_ops.MatrixDiagPartOp`, then the code triggers a null pointer dereference (if input is empty) or produces invalid behavior, ignoring all values after the first. The [implementation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/linalg/matrix_diag_op.cc#L89) reads the first value from a tensor buffer without first checking that the tensor has values to read from. We have patched the issue in GitHub commit 482da92095c4d48f8784b1f00dda4f81c28d2988. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36958 ‼
📖 Read
via "National Vulnerability Database".
Windows Print Spooler Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-36936, CVE-2021-36947.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37639 ‼
📖 Read
via "National Vulnerability Database".
TensorFlow is an end-to-end open source platform for machine learning. When restoring tensors via raw APIs, if the tensor name is not provided, TensorFlow can be tricked into dereferencing a null pointer. Alternatively, attackers can read memory outside the bounds of heap allocated data by providing some tensor names but not enough for a successful restoration. The [implementation](https://github.com/tensorflow/tensorflow/blob/47a06f40411a69c99f381495f490536972152ac0/tensorflow/core/kernels/save_restore_tensor.cc#L158-L159) retrieves the tensor list corresponding to the `tensor_name` user controlled input and immediately retrieves the tensor at the restoration index (controlled via `preferred_shard` argument). This occurs without validating that the provided list has enough values. If the list is empty this results in dereferencing a null pointer (undefined behavior). If, however, the list has some elements, if the restoration index is outside the bounds this results in heap OOB read. We have patched the issue in GitHub commit 9e82dce6e6bd1f36a57e08fa85af213e2b2f2622. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.📖 Read
via "National Vulnerability Database".
❌ Rogue Marketplace AlphaBay Reboots ❌
📖 Read
via "Threat Post".
Illicit underground marketplace relaunches years after takedown.📖 Read
via "Threat Post".
Threat Post
Rogue Marketplace AlphaBay Reboots
Illicit underground marketplace relaunches years after takedown.