CVE-2021-29571

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.MaxPoolGradWithArgmax can cause reads outside of bounds of heap allocated data if attacker supplies specially crafted inputs. The...

CVE-2021-29533

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK failure by passing an empty image to tf.rawops.DrawBoundingBoxes. This is because the...

Google TensorFlow 代码问题漏洞

Google TensorFlow is an end-to-end open source machine learning platform. A denial of service vulnerability exists in TensorFlow. An attacker can exploit this vulnerability by passing empty images to tf.rawops.DrawBoundingBoxes to cause a CHECK failure denial of service...

CVE-2021-27673

Cross Site Scripting XSS in the "adminboxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "cID" parameter when creating a new HTML component...

CVE-2021-27672

SQL Injection in the "adminboxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to obtain sesnitive database information by injecting SQL commands into the "cID" parameter when creating a new HTML component...

[SECURITY] Fedora 34 Update: gnome-boxes-40~rc-1.fc34

gnome-boxes lets you easily create, setup, access, and use: remote machines remote virtual machines local virtual machines When technology permits, set up access for applications on local virtual machines...

Fedora: Security Advisory for gnome-boxes (FEDORA-2021-303f6623fa)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2020-8292

Rocket.Chat server before 3.9.0 is vulnerable to a self cross-site scripting XSS vulnerability via the drag & drop functionality in message boxes...

CVE-2020-8292

Rocket.Chat server before 3.9.0 is vulnerable to a self cross-site scripting XSS vulnerability via the drag & drop functionality in message boxes...

Cross site scripting

Rocket.Chat server before 3.9.0 is vulnerable to a self cross-site scripting XSS vulnerability via the drag & drop functionality in message boxes...

CVE-2020-29587

SimplCommerce 1.0.0-rc uses the Bootbox.js library, which allows creation of programmatic dialog boxes using Bootstrap modals. The Bootbox.js library intentionally does not perform any sanitization of user input, which results in a DOM XSS, because it uses the jQuery .html function to directly...

多款Amino产品信任管理问题漏洞

The Amino Communications AK45x series, among others, is a family of television set-top box devices from Amino UK. Amino Communications has a trust management issue vulnerability that stems from the use of hard-coded passwords, which can be exploited by a local attacker to view and interact with t...

Amino Communications 命令注入漏洞

The Amino Communications AK45x series is a family of television set-top box devices from Amino UK. Amino Communications suffers from a command injection vulnerability that can be exploited by an attacker to execute arbitrary commands with root-level privileges...

Amino Communications 多款产品信任管理问题漏洞

The Amino Communications AK45x series, among others, is a family of television set-top box devices from Amino UK. Amino Communications has a trust management issue vulnerability in a number of its products, which arises from a root user hard-coded SSH key that can be exploited by an attacker to...

cheap-cardboard-boxes.co.uk Cross Site Scripting vulnerability OBB-1482603

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

PYSEC-2020-296

In Tensorflow before version 2.4.0, when the boxes argument of tf.image.cropandresize has a very large value, the CPU kernel implementation receives it as a C++ nan floating point value. Attempting to operate on this is undefined behavior which later produces a segmentation fault. The issue is...

PYSEC-2020-139

In Tensorflow before version 2.4.0, when the boxes argument of tf.image.cropandresize has a very large value, the CPU kernel implementation receives it as a C++ nan floating point value. Attempting to operate on this is undefined behavior which later produces a segmentation fault. The issue is...

PT-2020-14326 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.4.0 Description: The issue arises when the boxes argument of tf.image.crop and resize has a very large value, causing the CPU kernel implementation to receive it as a C++ nan floating point value. This leads to...

Hardcoded credentials

THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1 set-top boxes have their TELNET service hardcoded to start on boot, which allows an attacker on the local network to achieve root access via the TELNET protocol...

Code injection

The RSS application on THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1 set-top boxes doesn't validate the SSL certificates of RSS servers, which allows a man-in-the-middle attacker to modify the data delivered to the client...