Lucene search
K

506 matches found

CNNVD
CNNVD
added 2022/04/04 12:0 a.m.4 views

Rancher Labs Rancher 安全漏洞

Rancher Labs Rancher is an open source enterprise container management platform from Rancher Labs, U.S.A. An access control error vulnerability exists in versions of Rancher Labs Rancher prior to 2.5.10, which could be exploited by remote attackers to impersonate an arbitrary user...

8.8CVSS5.9AI score0.01071EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2022/03/31 6:30 p.m.12 views

ai.hyacinth.framework:core-service-admin-server (>=0.5.0 <=0.5.24), ai.hyacinth.framework:core-service-gateway-server (>=0.5.0 <=0.5.24) +1082 more potentially affected by CVE-2022-22965 via org.springframework.boot:spring-boot-starter-webflux (>=2.0.0.RELEASE <=2.5.11)

org.springframework.boot:spring-boot-starter-webflux MAVEN version =2.0.0.RELEASE, =0.5.0, =0.5.0, =0.5.0, =2.1.0, =2.1.2.RELEASE, =1.3, =0.5.0, =3.1.37, =3.1.13, =3.1.85, =3.1.13, =3.1.13, =3.1.295 - ch.mobi.mobitor:mobitor-doc =3.1.13 - city.smartb.f2:f2-spring-boot-starter-function-http =0.1.0...

9.8CVSS7.1AI score0.99677EPSS
Exploits102
OSV
OSV
added 2022/02/24 10:15 p.m.6 views

CVE-2021-29216

A remote cross-site scripting vulnerability was discovered in HPE OneView Global Dashboard versions: Prior to 2.5. HPE has provided a software update to resolve this vulnerability in HPE OneView Global Dashboard...

6.1CVSS5.8AI score0.00556EPSS
Exploits0References1
PyPA
PyPA
added 2022/02/04 11:15 p.m.8 views

PYSEC-2022-148

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a use after free behavior when decoding PNG images. After png::CommonFreeDecode gets called, the values of decode.width and decode.height are in an unspecified state. The fix will be included in TensorFlow 2.8.0. ...

7.6CVSS7AI score0.00725EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2022/02/04 12:0 a.m.3 views

PT-2022-16112 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.8.0 TensorFlow versions 2.7.1 and earlier TensorFlow versions 2.6.3 and earlier TensorFlow versions 2.5.3 and earlier Description: The issue occurs when building an XLA compilation cache with default settings,...

6.5CVSS6.3AI score0.00774EPSS
Exploits1References12
PyPA
PyPA
added 2022/01/18 10:15 p.m.7 views

PYSEC-2022-39

OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. Affected versions of the desktop application were found to be vulnerable to denial of service via an undisclosed vulnerability in the QT image parsing...

7.5CVSS6.9AI score0.00787EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/01/10 2:10 p.m.3 views

CVE-2021-42748

In Beaver Builder through 2.5.0.3, attackers can bypass the visibility controls protection mechanism via the REST API...

5.3CVSS5.8AI score0.00995EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/12/27 12:0 a.m.52 views

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the Smart...

4.8CVSS4.9AI score0.00598EPSS
Exploits2References1
CNNVD
CNNVD
added 2021/12/15 12:0 a.m.46 views

Gradio 路径遍历漏洞

Gradio is an open source Python library that is a way to demonstrate machine learning models through a friendly web interface. versions of Gradio prior to 2.5.0 have a path traversal vulnerability that can be exploited by an attacker to access any file on the host...

7.7CVSS5.7AI score0.03794EPSS
Exploits1References3
vulnersOsv
vulnersOsv
added 2021/11/10 7:36 p.m.3 views

alphapulldown (>=0.21.2 <=0.22.3), analytics-lib (>=0.0.1 <=0.0.2) +60 more potentially affected by CVE-2021-41195 via tensorflow (>=2.5.0 <=2.5.1)

tensorflow PYPI version =2.5.0, =0.21.2, =0.0.1, =1.1.0, =0.1.6, =0.8.1, =3.3.0, =0.0.24, =1.0.0, =2.0.2, =0.6.0, =0.8.0 and more Source cves: CVE-2021-41195 Source advisory: OSV:GHSA-CQ76-MXRC-VCHH...

5.5CVSS6AI score0.00205EPSS
Exploits1
OSV
OSV
added 2021/11/05 11:15 p.m.11 views

PYSEC-2021-829

TensorFlow is an open source platform for machine learning. In affected versions the implementation of SplitV can trigger a segfault is an attacker supplies negative arguments. This occurs whenever sizesplits contains more than one value and at least one value is negative. The fix will be include...

5.5CVSS6.1AI score0.00181EPSS
Exploits1References2
OSV
OSV
added 2021/09/20 5:15 p.m.2 views

CVE-2021-38899

IBM Cloud Pak for Data 2.5 could allow a local user with special privileges to obtain highly sensitive information. IBM X-Force ID: 209575...

4.4CVSS5.8AI score0.00264EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2021/09/04 12:0 a.m.4 views

CVE-2021-3581

Buffer Access with Incorrect Length Value in zephyr. Zephyr versions = =2.5.0 contain Buffer Access with Incorrect Length Value CWE-805. For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8q65-5gqf-fmw5...

8.8CVSS5.3AI score0.00337EPSS
Exploits0References2Affected Software1
vulnersOsv
vulnersOsv
added 2021/08/25 2:41 p.m.5 views

alphapulldown (>=0.21.2 <=0.22.3), analytics-lib (>=0.0.1 <=0.0.2) +52 more potentially affected by CVE-2021-37675 via tensorflow (=2.5.0)

tensorflow PYPI version =2.5.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow and may be impacted: - alphapulldown =0.21.2, =0.0.1, =1.1.0, =0.8.1, =3.3.0, =0.0.24, =1.0.0, =2.0.2, =0.6.0, =0.7.0, =1.4.0 - fancyimpute =0.6.0 and more Source...

5.5CVSS5.8AI score0.0016EPSS
Exploits0
CNNVD
CNNVD
added 2021/07/02 12:0 a.m.7 views

ACRN 安全漏洞

ACRN is an open source project released by the Linux Foundation, a hypervisor designed for IoT and embedded devices. An irteallocbitmap buffer overflow vulnerability exists in dmarfreeirte in hypervisor/arch/x86/vtd.c in versions prior to ACRN 2.5. No detailed vulnerability details are provided a...

7.8CVSS5.9AI score0.00664EPSS
Exploits0References2
OSV
OSV
added 2021/05/21 2:29 p.m.9 views

GHSA-WVJW-P9F5-VQ28 Segfault in `tf.raw_ops.SparseCountSparseOutput`

Impact Passing invalid arguments e.g., discovered via fuzzing to tf.rawops.SparseCountSparseOutput results in segfault. Patches We have patched the issue in GitHub commit 82e6203221865de4008445b13c69b6826d2b28d9. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on...

2.5CVSS6.1AI score0.00194EPSS
Exploits1References7
OSV
OSV
added 2021/05/21 2:28 p.m.8 views

GHSA-XQFJ-CR6Q-PC8W Crash in `tf.transpose` with complex inputs

Impact Passing a complex argument to tf.transpose at the same time as passing conjugate=True argument results in a crash: python import tensorflow as tf tf.transposeconjugate=True, a=complex1 Patches We have received a patch for the issue in GitHub commit 1dc6a7ce6e0b3e27a7ae650bfc05b195ca793f88...

2.5CVSS6AI score0.0023EPSS
Exploits1References9
OSV
OSV
added 2021/05/21 2:26 p.m.3 views

GHSA-3W67-Q784-6W7C Division by zero in TFLite's implementation of `GatherNd`

Impact The reference implementation of the GatherNd TFLite operator is vulnerable to a division by zero error: cc ret.dimstocounti = remainflatsize / paramsshape.Dimsi; An attacker can craft a model such that params input would be an empty tensor. In turn, paramsshape.Dims. would be zero, in at...

2.5CVSS6.9AI score0.00201EPSS
Exploits1References8
OSV
OSV
added 2021/05/21 2:25 p.m.19 views

GHSA-PH87-FVJR-V33W CHECK-fail in `tf.raw_ops.RFFT`

Impact An attacker can cause a denial of service by exploiting a CHECK-failure coming from the implementation of tf.rawops.RFFT: python import tensorflow as tf inputs = tf.constant1, shape=1, dtype=tf.float32 fftlength = tf.constant0, shape=1, dtype=tf.int32 tf.rawops.RFFTinput=inputs,...

2.5CVSS5.8AI score0.00189EPSS
Exploits1References7
OSV
OSV
added 2021/05/21 2:22 p.m.2 views

GHSA-3QXP-QJQ7-W4HF CHECK-fail in tf.raw_ops.EncodePng

Impact An attacker can trigger a CHECK fail in PNG encoding by providing an empty input tensor as the pixel data: python import tensorflow as tf image = tf.zeros0, 0, 3 image = tf.castimage, dtype=tf.uint8 tf.rawops.EncodePngimage=image This is because the implementation only validates that the...

2.5CVSS6.2AI score0.00189EPSS
Exploits1References7
Rows per page
Query Builder