506 matches found
Rancher Labs Rancher 安全漏洞
Rancher Labs Rancher is an open source enterprise container management platform from Rancher Labs, U.S.A. An access control error vulnerability exists in versions of Rancher Labs Rancher prior to 2.5.10, which could be exploited by remote attackers to impersonate an arbitrary user...
ai.hyacinth.framework:core-service-admin-server (>=0.5.0 <=0.5.24), ai.hyacinth.framework:core-service-gateway-server (>=0.5.0 <=0.5.24) +1082 more potentially affected by CVE-2022-22965 via org.springframework.boot:spring-boot-starter-webflux (>=2.0.0.RELEASE <=2.5.11)
org.springframework.boot:spring-boot-starter-webflux MAVEN version =2.0.0.RELEASE, =0.5.0, =0.5.0, =0.5.0, =2.1.0, =2.1.2.RELEASE, =1.3, =0.5.0, =3.1.37, =3.1.13, =3.1.85, =3.1.13, =3.1.13, =3.1.295 - ch.mobi.mobitor:mobitor-doc =3.1.13 - city.smartb.f2:f2-spring-boot-starter-function-http =0.1.0...
CVE-2021-29216
A remote cross-site scripting vulnerability was discovered in HPE OneView Global Dashboard versions: Prior to 2.5. HPE has provided a software update to resolve this vulnerability in HPE OneView Global Dashboard...
PYSEC-2022-148
Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a use after free behavior when decoding PNG images. After png::CommonFreeDecode gets called, the values of decode.width and decode.height are in an unspecified state. The fix will be included in TensorFlow 2.8.0. ...
PT-2022-16112 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.8.0 TensorFlow versions 2.7.1 and earlier TensorFlow versions 2.6.3 and earlier TensorFlow versions 2.5.3 and earlier Description: The issue occurs when building an XLA compilation cache with default settings,...
PYSEC-2022-39
OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. Affected versions of the desktop application were found to be vulnerable to denial of service via an undisclosed vulnerability in the QT image parsing...
CVE-2021-42748
In Beaver Builder through 2.5.0.3, attackers can bypass the visibility controls protection mechanism via the REST API...
WordPress 插件跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the Smart...
Gradio 路径遍历漏洞
Gradio is an open source Python library that is a way to demonstrate machine learning models through a friendly web interface. versions of Gradio prior to 2.5.0 have a path traversal vulnerability that can be exploited by an attacker to access any file on the host...
alphapulldown (>=0.21.2 <=0.22.3), analytics-lib (>=0.0.1 <=0.0.2) +60 more potentially affected by CVE-2021-41195 via tensorflow (>=2.5.0 <=2.5.1)
tensorflow PYPI version =2.5.0, =0.21.2, =0.0.1, =1.1.0, =0.1.6, =0.8.1, =3.3.0, =0.0.24, =1.0.0, =2.0.2, =0.6.0, =0.8.0 and more Source cves: CVE-2021-41195 Source advisory: OSV:GHSA-CQ76-MXRC-VCHH...
PYSEC-2021-829
TensorFlow is an open source platform for machine learning. In affected versions the implementation of SplitV can trigger a segfault is an attacker supplies negative arguments. This occurs whenever sizesplits contains more than one value and at least one value is negative. The fix will be include...
CVE-2021-38899
IBM Cloud Pak for Data 2.5 could allow a local user with special privileges to obtain highly sensitive information. IBM X-Force ID: 209575...
CVE-2021-3581
Buffer Access with Incorrect Length Value in zephyr. Zephyr versions = =2.5.0 contain Buffer Access with Incorrect Length Value CWE-805. For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8q65-5gqf-fmw5...
alphapulldown (>=0.21.2 <=0.22.3), analytics-lib (>=0.0.1 <=0.0.2) +52 more potentially affected by CVE-2021-37675 via tensorflow (=2.5.0)
tensorflow PYPI version =2.5.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow and may be impacted: - alphapulldown =0.21.2, =0.0.1, =1.1.0, =0.8.1, =3.3.0, =0.0.24, =1.0.0, =2.0.2, =0.6.0, =0.7.0, =1.4.0 - fancyimpute =0.6.0 and more Source...
ACRN 安全漏洞
ACRN is an open source project released by the Linux Foundation, a hypervisor designed for IoT and embedded devices. An irteallocbitmap buffer overflow vulnerability exists in dmarfreeirte in hypervisor/arch/x86/vtd.c in versions prior to ACRN 2.5. No detailed vulnerability details are provided a...
GHSA-WVJW-P9F5-VQ28 Segfault in `tf.raw_ops.SparseCountSparseOutput`
Impact Passing invalid arguments e.g., discovered via fuzzing to tf.rawops.SparseCountSparseOutput results in segfault. Patches We have patched the issue in GitHub commit 82e6203221865de4008445b13c69b6826d2b28d9. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on...
GHSA-XQFJ-CR6Q-PC8W Crash in `tf.transpose` with complex inputs
Impact Passing a complex argument to tf.transpose at the same time as passing conjugate=True argument results in a crash: python import tensorflow as tf tf.transposeconjugate=True, a=complex1 Patches We have received a patch for the issue in GitHub commit 1dc6a7ce6e0b3e27a7ae650bfc05b195ca793f88...
GHSA-3W67-Q784-6W7C Division by zero in TFLite's implementation of `GatherNd`
Impact The reference implementation of the GatherNd TFLite operator is vulnerable to a division by zero error: cc ret.dimstocounti = remainflatsize / paramsshape.Dimsi; An attacker can craft a model such that params input would be an empty tensor. In turn, paramsshape.Dims. would be zero, in at...
GHSA-PH87-FVJR-V33W CHECK-fail in `tf.raw_ops.RFFT`
Impact An attacker can cause a denial of service by exploiting a CHECK-failure coming from the implementation of tf.rawops.RFFT: python import tensorflow as tf inputs = tf.constant1, shape=1, dtype=tf.float32 fftlength = tf.constant0, shape=1, dtype=tf.int32 tf.rawops.RFFTinput=inputs,...
GHSA-3QXP-QJQ7-W4HF CHECK-fail in tf.raw_ops.EncodePng
Impact An attacker can trigger a CHECK fail in PNG encoding by providing an empty input tensor as the pixel data: python import tensorflow as tf image = tf.zeros0, 0, 3 image = tf.castimage, dtype=tf.uint8 tf.rawops.EncodePngimage=image This is because the implementation only validates that the...