Undefined behavior when users supply invalid resource handles

### Impact Multiple TensorFlow operations misbehave in eager mode when the resource handle provided to them is invalid: ```python import tensorflow as tf tf.raw_ops.QueueIsClosedV2(handle=[]) ``` ```p ...

Continue Reading
Missing validation causes denial of service via `LSTMBlockCell`

### Impact The implementation of [`tf.raw_ops.LSTMBlockCell`](https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/rnn/lstm_ops.cc) does not f ...

Continue Reading
Improper Input Validation in k8s.io/ingress-nginx

A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the spec.rules[].http.paths[].path field of an Ingress object (in the networking.k8s.io ...

Continue Reading
Privilege escalation in easyappointments

The Easy!Appointments API authorization is checked against the user's existence, without validating the permissions. As a result, a low privileged user (eg. provider) can create a new admin user via t ...

Continue Reading
SQL injetction

# Description SQL injection exists in the camptocamp/terraboard. Among all APIs there is an API routed to `/api/search/attribute`, whose corresponding method is [api.SearchAttribute](https://github.co ...

Continue Reading
OS Command Injection in git-pull-or-clone

The package git-pull-or-clone before 2.0.2 is vulnerable to Command Injection due to the use of the --upload-pack feature of git which is also supported for git clone. The source includes the use of t ...

Continue Reading
Malicious HTML+XHR Artifact Privilege Escalation in Argo Workflows

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. * The attacker creates a workflow that produces a HTML artifact that contains a HTML fi ...

Continue Reading
CVE-2021-46440

Storing passwords in a recoverable format in the DOCUMENTATION plugin component of Strapi before 3.6.9 and 4.x before 4.1.5 allows an attacker to access a victim's HTTP request, get the victim's cooki ...

Continue Reading

Back to Main

Subscribe for the latest news: