CVE-2022-29209 Type confusion leading to `CHECK`-failure based denial of service in TensorFlow

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the macros that TensorFlow uses for writing assertions e.g., CHECKLT, CHECKGT, etc. have an incorrect logic when comparing sizet and int values. Due to type conversion rules, several of t...

Hubzilla file inclusion vulnerability

Hubzilla is an open source platform for creating interconnected websites with a decentralized identity, communications and permissions framework built using common web server technology.Hubzilla version 7.2 previously contained a security vulnerability that could be exploited by remote attackers ...

Cerebrate has an unspecified vulnerability

Cerebrate is an open source platform. Designed to act as an interconnected orchestrator for trusted contact information providers and other security tools, a security vulnerability exists in Cerebrate 1.4, which stems from the possibility of XSS occurring in the bookmark component. No detailed...

Cerebrate has an unspecified vulnerability (CNVD-2022-77055)

Cerebrate is an open source platform. Designed to act as an interconnection orchestrator for trusted contact information providers and other security tools, a security vulnerability exists in Cerebrate 1.4, which stems from a faulty shared group ACL allowing non-privileged users to edit and modif...

Cerebrate 安全漏洞

Cerebrate is an open source platform. Designed to act as an interconnection orchestrator for trusted contact information providers and other security tools, a security vulnerability exists in Cerebrate 1.4, which stems from a faulty shared group ACL allowing non-privileged users to edit and modif...

Cerebrate 安全漏洞

Cerebrate is an open source platform. Designed to act as an interconnected orchestrator for trusted contact information providers and other security tools, a security vulnerability exists in Cerebrate 1.4, which stems from the possibility of username enumeration. No detailed vulnerability details...

CVE-2022-21703 Cross Site Request Forgery in Grafana

Grafana is an open-source platform for monitoring and observability. Affected versions are subject to a cross site request forgery vulnerability which allows attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users for example,...

Google Tensorflow 代码问题漏洞

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. Google TensorFlow has a code issue vulnerability that stems from the simplifyBroadcast function in the MLIR-TFRT infrastructure in TensorFlow being prone to segmentation errors. No detailed...

Discourse 安全漏洞

Discourse is an open source community discussion platform. The platform includes community, email, and chat room features.A security vulnerability exists in Discourse, which could be exploited by attackers to poison the cache of anonymous i.e., not logged in users, resulting in a partial denial o...

Discourse Injection Vulnerability

Discourse is an open source community discussion platform that includes community, email, and chat room features. The platform includes community, email, and chat room features.An injection vulnerability exists in Discourse, which stems from a lack of validation in the user-controllable...

Google TensorFlow Buffer Overflow Vulnerability (CNVD-2022-09855)

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. Google TensorFlow suffers from a buffer overflow vulnerability that stems from the inability of the ""tf.rawops.RaggedGather"" parameter in the software to determine a valid ragged tensor code,...

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab that stems from not properly...

Pear Admin Think 代码问题漏洞

Pear Admin Think is an open source rapid development platform based on thinkphp6, with simple code generation features, you can quickly build your functional business. A security vulnerability exists in Pear Admin Think that allows an attacker to upload malicious files to remotely execute arbitra...

Discourse has unspecified vulnerabilities

Discourse is an open source community discussion platform. The platform includes features such as community, email and chat rooms. A security vulnerability exists in versions of Discourse prior to 2.7.7, which can be exploited by an attacker to cause the post creator of a whispered post to be...

CVE-2021-32788 Post creator of a whisper post can be revealed to non-staff users in Discourse

Discourse is an open source discussion platform. In versions prior to 2.7.7 there are two bugs which led to the post creator of a whisper post being revealed to non-staff users. 1: Staff users that creates a whisper post in a personal message is revealed to non-staff participants of the personal...

Unspecified vulnerability in Nextcloud (CNVD-2021-51803)

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability in Nextcloud Server in versions prior to 19.0.13, 20.011, and 21.0.3 can be exploited by an attacker to enumerate potentially valid...

Apollos Apps licensing issue vulnerability

Apollos Apps is an open source platform for distributing church-related applications. Apollos Apps suffers from an authorization issue vulnerability that stems from the fact that new user registrations only need to know basic personal information about anyone name, birthday, gender, etc. in order...

Unspecified Vulnerability in Nextcloud (CNVD-2021-39030)

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Server that can be exploited by an attacker to access basic information about a server user by accessing a public...

Unspecified Vulnerability in Apache Fineract

Apache Fineract is a set of open source digital financial services platform from the U.S. Apache Apache Foundation. The platform can provide users with data management, loan and savings portfolio management and real-time financial data and other functions. A security vulnerability exists in Apach...

CVE-2021-29526

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in tf.rawops.Conv2D. This is because the implementationhttps://github.com/tensorflow/tensorflow/blob/988087bd83f144af14087fe4fecee2d250d93737/tensorflow/core/kernels/convops.ccL261-L263...