GHSA-GPFH-JVF9-7WG5 Use after free / memory leak in `CollectiveReduceV2`

Impact The async implementation of CollectiveReduceV2 suffers from a memory leak and a use after free: python import tensorflow as tf tf.rawops.CollectiveReduceV2 input=, groupsize=-10, -10, -10, groupkey=-10, -10, instancekey=-10, orderingtoken=, mergeop='Mul', finalop='Div' This occurs due to t...

Google TensorFlow Resource Management Error Vulnerability (CNVD-2021-92552)

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A resource management error vulnerability exists in Google TensorFlow due to a memory leak and post-release usage issue in the asynchronous implementation of CollectiveReduceV2. This occurs due to...

CVE-2021-24801

The WP Survey Plus WordPress plugin through 1.0 does not have any authorisation and CSRF checks in place in its AJAX actions, allowing any user to call them and add/edit/delete Surveys. Furthermore, due to the lack of sanitization in the Surveys' Title, this could also lead to Stored Cross-Site...

Wordpress plugin WP Survey Plus 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports the erection of personal blog sites on PHP and MySQL servers. WordPress Plugin is a WordPress open source application plugin. access control error vulnerability in Wordpress...

PYSEC-2021-827

TensorFlow is an open source platform for machine learning. In affected versions the async implementation of CollectiveReduceV2 suffers from a memory leak and a use after free. This occurs due to the asynchronous computation and the fact that objects that have been std::moved from are still...

PYSEC-2021-629

TensorFlow is an open source platform for machine learning. In affected versions the async implementation of CollectiveReduceV2 suffers from a memory leak and a use after free. This occurs due to the asynchronous computation and the fact that objects that have been std::moved from are still...

PYSEC-2021-629

TensorFlow is an open source platform for machine learning. In affected versions the async implementation of CollectiveReduceV2 suffers from a memory leak and a use after free. This occurs due to the asynchronous computation and the fact that objects that have been std::moved from are still...

CVE-2021-41220

TensorFlow is an open source platform for machine learning. In affected versions the async implementation of CollectiveReduceV2 suffers from a memory leak and a use after free. This occurs due to the asynchronous computation and the fact that objects that have been std::moved from are still...

CVE-2021-41220 Use after free in `CollectiveReduceV2`

TensorFlow is an open source platform for machine learning. In affected versions the async implementation of CollectiveReduceV2 suffers from a memory leak and a use after free. This occurs due to the asynchronous computation and the fact that objects that have been std::moved from are still...

Google TensorFlow 资源管理错误漏洞

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A resource management error vulnerability exists in Google TensorFlow due to a memory leak and post-release usage issue in the asynchronous implementation of CollectiveReduceV2. This occurs due to...

CVE-2021-39333

The Hashthemes Demo Importer Plugin = 1.1.1 for WordPress contained several AJAX functions which relied on a nonce which was visible to all logged-in users for access control, allowing them to execute a function that truncated nearly all database tables and removed the contents of...

WordPress 访问控制错误漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. An access control error vulnerability exists in WordPress Plugins, which stems from The Stylish Pric...

Modern-Async 资源管理错误漏洞

Modern-Async is a modern JavaScript tool library for asynchronous operations using Async/Await and Promise. A resource management error vulnerability exists in modern-async that arises from improper design or implementation during code development for a networked system or product...

PT-2021-22526 · Accesspress · Accesspress-Parallax +6

Name of the Vulnerable Software and Affected Versions: AccessPress Demo Importer versions 1.0.6 and earlier accesspress-basic versions 3.2.1 and earlier accesspress-lite versions 2.92 and earlier accesspress-mag versions 2.6.5 and earlier accesspress-parallax version 4.5 accesspress-root version...

WordPress 插件 SQL注入漏洞

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. SQL injection vulnerability exists in versions prior to WordPress Poll Maker plugin 3.4.2, which stems from the plug...

WordPress 代码问题漏洞

WordPress is a blogging platform developed by the WordPress Wordpress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. uninstall is one of the plugins used to completely uninstall WordPress. WordPress Plugin A code issue exists due to a missin...

Fedora: Security Advisory for python-pycares (FEDORA-2021-a48cf28c13)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Moderate: Red Hat Security Advisory: Red Hat AMQ Broker 7.9.0 release and security update

Red Hat AMQ Broker 7.9.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

PT-2021-22549 · WordPress · Credova Financial

Name of the Vulnerable Software and Affected Versions: Credova Financial WordPress plugin versions up to, and including, 1.4.8 Description: The Credova Financial WordPress plugin discloses a site's associated Credova API account username and password in plaintext via an AJAX action whenever a sit...

CVE-2021-24652

The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10 performs incorrect checks before allowing any logged in user to perform some ajax based requests, allowing any user to modify, delete or add ultpoptions values...