Google Tensorflow Input Validation Error Vulnerability (CNVD-2022-09896)

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. Google TensorFlow is vulnerable to an input validation error that could be exploited by an attacker to create an operation that contains a tensor with enough elements to cause an integer overflow...

Google Tensorflow Resource Management Error Vulnerability (CNVD-2022-09860)

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. Google TensorFlow suffers from a resource management error vulnerability that stems from the GraphDef format in TensorFlow not allowing self-recursive functions. No detailed vulnerability detail...

Google Tensorflow code issue vulnerability (CNVD-2022-09892)

Google TensorFlow is an end-to-end open-source platform for machine learning from Google, a U.S. company. Google TensorFlow is vulnerable to a code issue that could be exploited by an attacker to cause a crash...

Google Tensorflow code issue vulnerability (CNVD-2022-09867)

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. Google TensorFlow suffers from a code issue vulnerability that stems from TensorFlow triggering null pointer dereferences if default settings are used when building the XLA compilation cache. No...

Google Tensorflow numeric error vulnerability (CNVD-2022-09879)

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A numerical error vulnerability exists in Google Tensorflow, which could be exploited by an attacker to create a TFLite model that triggers a division in the "BiasAndClamp" implementation. The...

Google Tensorflow buffer overflow vulnerability (CNVD-2022-09899)

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A buffer overflow vulnerability exists in Google TensorFlow, which stems from a typo in TensorFlow's SpecializeType that could be exploited by an attacker to read and write outside the bounds of the dat...

arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +170 more potentially affected by CVE-2022-23581 via tensorflow-gpu (>=1.10.1 <=2.5.1)

tensorflow-gpu PYPI version =1.10.1, =0.21.0, =0.23.0, =0.9.2, =0.1.0, =0.0.1, =0.0.9, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - brainhance =0.0.1 - cctv-analysis =0.0.2 and more Source cves: CVE-2022-23581 Source advisory: OSV:GHSA-FQ86-3F29-PX2C...

CVE-2021-25029

The CLUEVO LMS, E-Learning Platform WordPress plugin before 1.8.1 does not sanitise and escape Course's module, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

Cross site scripting

The CLUEVO LMS, E-Learning Platform WordPress plugin before 1.8.1 does not sanitise and escape Course's module, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2021-25029

CVE-2021-25029 affects the WordPress CLUEVO LMS plugin prior to version 1.8.1. The vulnerability arises because the plugin does not sanitize and escape data in the Course module, enabling stored Cross‑Site Scripting (XSS) by high-privilege users even when unfiltered_html is disallowed. Impact is ...

CVE-2021-25029 Cluevo < 1.8.1 - Admin+ Stored Cross Site Scripting

The CLUEVO LMS, E-Learning Platform WordPress plugin before 1.8.1 does not sanitise and escape Course's module, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

Wordpress Plugin CLUEVO LMS, E-Learning Platform 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists i...

CVE-2022-23592

Tensorflow is an Open Source Machine Learning Framework. TensorFlow's type inference can cause a heap out of bounds read as the bounds checking is done in a DCHECK which is a no-op during production. An attacker can control the inputidx variable such that ix would be larger than the number of...

CVE-2022-23593

Tensorflow is an Open Source Machine Learning Framework. The simplifyBroadcast function in the MLIR-TFRT infrastructure in TensorFlow is vulnerable to a segfault hence, denial of service, if called with scalar shapes. If all shapes are scalar, then maxRank is 0, so we build an empty SmallVector...

CVE-2022-23566

Tensorflow is an Open Source Machine Learning Framework. TensorFlow is vulnerable to a heap OOB write in Grappler. The setoutput function writes to an array at the specified index. Hence, this gives a malicious user a write primitive. The fix will be included in TensorFlow 2.8.0. We will also...

CVE-2022-23577

Tensorflow is an Open Source Machine Learning Framework. The implementation of GetInitOp is vulnerable to a crash caused by dereferencing a null pointer. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, ...

CVE-2022-23584

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a use after free behavior when decoding PNG images. After png::CommonFreeDecode&decode gets called, the values of decode.width and decode.height are in an unspecified state. The fix will be included in TensorFlow...

CVE-2022-23586

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a SavedModel such that assertions in function.cc would be falsified and crash the Python interpreter. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this comm...

CVE-2022-23575

Tensorflow is an Open Source Machine Learning Framework. The implementation of OpLevelCostEstimator::CalculateTensorSize is vulnerable to an integer overflow if an attacker can create an operation which would involve a tensor with large enough number of elements. The fix will be included in...

CVE-2022-23583

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a SavedModel such that any binary op would trigger CHECK failures. This occurs when the protobuf part corresponding to the tensor arguments is modified such that the dtype no longer...