In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `data_splits` argument of `tf.raw_ops.StringNGrams` lacks validation. Successful exploitation could lead to arbitrary code execution. This affects Linux, macOS, and Windows installations for certain OpenSSL parameters.Īdobe Flash Player Desktop Runtime 32.0.0.371 and earlier, Adobe Flash Player for Google Chrome 32.0.0.371 and earlier, and Adobe Flash Player for Microsoft Edge and Internet Explorer 32.0.0.330 and earlier have an use after free vulnerability. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files.Īn Elevation of Privilege issue was discovered in Aviatrix VPN Client before 2.10.7, because of an incomplete fix for CVE-2020-7224.
However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.Īpache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. A Remote Code Execution (RCE) vulnerability in the WebUI component of the eQ-3 HomeMatic CCU2 firmware up to and including version 2.57.5 and CCU3 firmware up to and including version 3.57.5 allows remote unauthenticated attackers to execute system commands as root via a simple HTTP request.Ī vulnerability has been identified in SINEMA Server (All versions within the JSON data was a functional attack method.ĭom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks.
0 kommentar(er)
