Discourse Injection Vulnerability

Discourse is an open source community discussion platform that includes community, email, and chat room features. The platform includes community, email, and chat room features.An injection vulnerability exists in Discourse, which stems from a lack of validation in the user-controllable...

Google TensorFlow Buffer Overflow Vulnerability (CNVD-2022-09855)

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. Google TensorFlow suffers from a buffer overflow vulnerability that stems from the inability of the ""tf.rawops.RaggedGather"" parameter in the software to determine a valid ragged tensor code,...

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab that stems from not properly...

Pear Admin Think 代码问题漏洞

Pear Admin Think is an open source rapid development platform based on thinkphp6, with simple code generation features, you can quickly build your functional business. A security vulnerability exists in Pear Admin Think that allows an attacker to upload malicious files to remotely execute arbitra...

Discourse has unspecified vulnerabilities

Discourse is an open source community discussion platform. The platform includes features such as community, email and chat rooms. A security vulnerability exists in versions of Discourse prior to 2.7.7, which can be exploited by an attacker to cause the post creator of a whispered post to be...

CVE-2021-32788 Post creator of a whisper post can be revealed to non-staff users in Discourse

Discourse is an open source discussion platform. In versions prior to 2.7.7 there are two bugs which led to the post creator of a whisper post being revealed to non-staff users. 1: Staff users that creates a whisper post in a personal message is revealed to non-staff participants of the personal...

Unspecified vulnerability in Nextcloud (CNVD-2021-51803)

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability in Nextcloud Server in versions prior to 19.0.13, 20.011, and 21.0.3 can be exploited by an attacker to enumerate potentially valid...

Apollos Apps licensing issue vulnerability

Apollos Apps is an open source platform for distributing church-related applications. Apollos Apps suffers from an authorization issue vulnerability that stems from the fact that new user registrations only need to know basic personal information about anyone name, birthday, gender, etc. in order...

Unspecified Vulnerability in Nextcloud (CNVD-2021-39030)

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Server that can be exploited by an attacker to access basic information about a server user by accessing a public...

Unspecified Vulnerability in Apache Fineract

Apache Fineract is a set of open source digital financial services platform from the U.S. Apache Apache Foundation. The platform can provide users with data management, loan and savings portfolio management and real-time financial data and other functions. A security vulnerability exists in Apach...

CVE-2021-29526

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in tf.rawops.Conv2D. This is because the implementationhttps://github.com/tensorflow/tensorflow/blob/988087bd83f144af14087fe4fecee2d250d93737/tensorflow/core/kernels/convops.ccL261-L263...

Null pointer dereference

TensorFlow is an end-to-end open source platform for machine learning. In eager mode default in TF 2.0 and later, session operations are invalid. However, users could still call the raw ops associated with them and trigger a null pointer dereference. The...

PYSEC-2021-444

TensorFlow is an end-to-end open source platform for machine learning. Calling tf.rawops.RaggedTensorToVariant with arguments specifying an invalid ragged tensor results in a null pointer dereference. The implementation of RaggedTensorToVariant...

PYSEC-2021-456

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in tf.rawops.QuantizedMul. This is because the...

PYSEC-2021-451

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in tf.rawops.AddManySparseToTensorsMap. This is because the...

PYSEC-2021-461

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK failure by passing an empty image to tf.rawops.DrawBoundingBoxes. This is because the...

PYSEC-2021-472

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in tf.rawops.QuantizeAndDequantizeV4Grad. This is because the...

CVE-2021-29593 Division by zero in TFLite's implementation of `BatchToSpaceNd`

TensorFlow is an end-to-end open source platform for machine learning. The implementation of the BatchToSpaceNd TFLite operator is vulnerable to a division by zero...

CVE-2021-29549 Division by 0 in `QuantizedAdd`

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a runtime division by zero error and denial of service in tf.rawops.QuantizedBatchNormWithGlobalNormalization. This is because the...

Google TensorFlow 数字错误漏洞

Google TensorFlow is an end-to-end open source machine learning platform. A security vulnerability exists in SVDF in Google TensorFlow. No details of the vulnerability are provided at this time...