15 matches found
The Semantic Trap: Do Fine-Tuned LLMs Learn Vulnerability Root Cause or Just Functional Pattern?
LLMs demonstrate promising performance in software vulnerability detection after fine-tuning. However, it remains unclear whether these gains reflect a genuine understanding of vulnerability root causes or merely an exploitation of functional patterns. In this paper, we identify a critical failur...
Exploit for Code Injection in Vmware Spring_Framework
Spring Boot CVE-2022-22965 Docker PoC for CVE-2022-22965 with...
All Vulnerabilities for code.justla.me Patched via Open Bug Bounty
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| code.justla.me ---|--- Open Bug Bounty...
CVE-2020-15212
In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor. Users having access to segmentidsdata can alter outputindex and then write to outside of outputdata...
CVE-2020-15212
In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor. Users having access to segmentidsdata can alter outputindex and then write to outside of outputdata...
CVE-2020-15211
In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indice...
CVE-2020-15213
In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a denial of service by causing an out of memory allocation in the implementation of segment sum. Since code uses the last element of the tensor holding them to determine the dimensionality of output tensor,...
Out-of-bounds
In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indice...
CVE-2020-15212 Out of bounds access in tensorflow-lite
In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor. Users having access to segmentidsdata can alter outputindex and then write to outside of outputdata...
CVE-2020-15213 Denial of service in tensorflow-lite
In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a denial of service by causing an out of memory allocation in the implementation of segment sum. Since code uses the last element of the tensor holding them to determine the dimensionality of output tensor,...
CVE-2020-15211 Out of bounds access in tensorflow-lite
In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indice...
GHSA-QFCV-5WHW-7PCW Exposure of Sensitive Information to an Unauthorized Actor in AEgir
Impact aegir publish and aegir build may leak secrets from environmental variables in the browser bundle published to npm. Patches The code has been patched, users should upgrade to = 21.10.1 Workarounds Run printenv to check your environment variables and revoke any secrets. For more information...
WordPress Avenir-Soft Direct Download 1.0 XSS / CSRF Vulnerability
WordPress Avenir-Soft Direct Download plugin version 1.0 suffers from cross site request forgery and cross site scripting vulnerabilities. Exploit Title: Wordpress Avenir-Soft Direct Download Plug-in XSS/CSRF Exploit Author: Ashiyane Digital Security Team Vendor Homepage:...
RedLevel Advisory #015 - Redoable 1.2 Cross-Site Scripting Vulnerability (patch included)
note to editors: this patch resolves this vulnerability: http://redlevel.org/wp-content/uploads/patch.zip !-- Redoable 1.2 - Cross-Site Scripting Vulnerability --------------- Vulnerable Code --------------- header.php line 6: ... elseif issearch ? Search for ?php echo $s ... searchloop.php line...
WordPress Theme Redoable 1.2 - header.php?s Cross-Site Scripting
WordPress Theme Redoable 1.2 - header.php?s Cross-Site Scripting source: https://www.securityfocus.com/bid/24037/info Redoable is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute...