βΌ CVE-2020-22222 βΌ
π Read
via "National Vulnerability Database".
Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the pjActionLoadCss function.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41225 βΌ
π Read
via "National Vulnerability Database".
TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's Grappler optimizer has a use of unitialized variable. If the `train_nodes` vector (obtained from the saved model that gets optimized) does not contain a `Dequeue` node, then `dequeue_node` is left unitialized. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.π Read
via "National Vulnerability Database".
βΌ CVE-2020-22225 βΌ
π Read
via "National Vulnerability Database".
Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a SQL injection vulnerability via the pjActionLoadForm function.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41222 βΌ
π Read
via "National Vulnerability Database".
TensorFlow is an open source platform for machine learning. In affected versions the implementation of `SplitV` can trigger a segfault is an attacker supplies negative arguments. This occurs whenever `size_splits` contains more than one value and at least one value is negative. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.π Read
via "National Vulnerability Database".
βΌ CVE-2020-22224 βΌ
π Read
via "National Vulnerability Database".
Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the pjActionPreview function.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41250 βΌ
π Read
via "National Vulnerability Database".
Python discord bot is the community bot for the Python Discord community. In affected versions when a non-blacklisted URL and an otherwise triggering filter token is included in the same message the token filter does not trigger. This means that by including any non-blacklisted URL moderation filters can be bypassed. This issue has been resolved in commit 67390298852513d13e0213870e50fb3cff1424e0π Read
via "National Vulnerability Database".
βΌ CVE-2021-41228 βΌ
π Read
via "National Vulnerability Database".
TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's `saved_model_cli` tool is vulnerable to a code injection as it calls `eval` on user supplied strings. This can be used by attackers to run arbitrary code on the plaform where the CLI tool runs. However, given that the tool is always run manually, the impact of this is not severe. We have patched this by adding a `safe` flag which defaults to `True` and an explicit warning for users. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41208 βΌ
π Read
via "National Vulnerability Database".
TensorFlow is an open source platform for machine learning. In affected versions the code for boosted trees in TensorFlow is still missing validation. As a result, attackers can trigger denial of service (via dereferencing `nullptr`s or via `CHECK`-failures) as well as abuse undefined behavior (binding references to `nullptr`s). An attacker can also read and write from heap buffers, depending on the API that gets used and the arguments that are passed to the call. Given that the boosted trees implementation in TensorFlow is unmaintained, it is recommend to no longer use these APIs. We will deprecate TensorFlow's boosted trees APIs in subsequent releases. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41218 βΌ
π Read
via "National Vulnerability Database".
TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `AllToAll` can be made to execute a division by 0. This occurs whenever the `split_count` argument is 0. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41209 βΌ
π Read
via "National Vulnerability Database".
TensorFlow is an open source platform for machine learning. In affected versions the implementations for convolution operators trigger a division by 0 if passed empty filter tensor arguments. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41220 βΌ
π Read
via "National Vulnerability Database".
TensorFlow is an open source platform for machine learning. In affected versions the async implementation of `CollectiveReduceV2` suffers from a memory leak and a use after free. This occurs due to the asynchronous computation and the fact that objects that have been `std::move()`d from are still accessed. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, as this version is the only one that is also affected.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41227 βΌ
π Read
via "National Vulnerability Database".
TensorFlow is an open source platform for machine learning. In affected versions the `ImmutableConst` operation in TensorFlow can be tricked into reading arbitrary memory contents. This is because the `tstring` TensorFlow string class has a special case for memory mapped strings but the operation itself does not offer any support for this datatype. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.π Read
via "National Vulnerability Database".
βΌ CVE-2020-22223 βΌ
π Read
via "National Vulnerability Database".
Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a SQL injection vulnerability via the pjActionLoad function.π Read
via "National Vulnerability Database".
βΌ CVE-2020-22226 βΌ
π Read
via "National Vulnerability Database".
Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a SQL injection vulnerability via the pjActionSetAmount function.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41213 βΌ
π Read
via "National Vulnerability Database".
TensorFlow is an open source platform for machine learning. In affected versions the code behind `tf.function` API can be made to deadlock when two `tf.function` decorated Python functions are mutually recursive. This occurs due to using a non-reentrant `Lock` Python object. Loading any model which contains mutually recursive functions is vulnerable. An attacker can cause denial of service by causing users to load such models and calling a recursive `tf.function`, although this is not a frequent scenario. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41207 βΌ
π Read
via "National Vulnerability Database".
TensorFlow is an open source platform for machine learning. In affected versions the implementation of `ParallelConcat` misses some input validation and can produce a division by 0. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41251 βΌ
π Read
via "National Vulnerability Database".
@sap-cloud-sdk/core contains the core functionality of the SAP Cloud SDK as well as the SAP Business Technology Platform abstractions. This affects applications on SAP Business Technology Platform that use the SAP Cloud SDK and enabled caching of destinations. In affected versions and in some cases, when user information was missing, destinations were cached without user information, allowing other users to retrieve the same destination with its permissions. By default, destination caching is disabled. The security for caching has been increased. The changes are released in version 1.52.0. Users unable to upgrade are advised to disable destination caching (it is disabled by default).π Read
via "National Vulnerability Database".
π΄ SecureAuth Buys Acceptto to Deliver Low-Friction Authentication to Enterprises π΄
π Read
via "Dark Reading".
Accepttoβs contextual behavior threat intelligence technology will help SecureAuth deliver AI-driven MFA and continuous password-less authentication, SecureAuth says.π Read
via "Dark Reading".
Dark Reading
SecureAuth Buys Acceptto to Deliver Low-Friction Authentication to Enterprises
Accepttoβs contextual behavior threat intelligence technology will help SecureAuth deliver AI-driven MFA and continuous password-less authentication, SecureAuth says.
βΌ CVE-2021-37471 βΌ
π Read
via "National Vulnerability Database".
A restricted shell escape sequence is possible on Cradlepoint IBR900-600 7.2.60 devices that can lead to an attacker denying the availability of all console or SSH command-line access.π Read
via "National Vulnerability Database".
βΌ CVE-2020-23130 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2020-23129 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.π Read
via "National Vulnerability Database".