Stack overflow

TensorFlow is an open source platform for machine learning. When tf.linalg.matrixrank receives an empty input a, the GPU kernel gives a CHECK fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit c55b476aa0e0bd4ee99d0f3ad18d9d706cd1260a. The fix...

Information disclosure

Zulip is an open source team chat and Zulip Mobile is an app for iOS and Andriod users. In Zulip Mobile through version 27.189, a crafted link in a message sent by an authenticated user could lead to credential disclosure if a user follows the link. A patch was released in version 27.190...

CVE-2022-31071 Octopoller gem published with world-writable files

Octopoller is a micro gem for polling and retrying. Version 0.2.0 of the octopoller gem was published containing world-writeable files. Specifically, the gem was packed with files having their permissions set to -rw-rw-rw- i.e. 0666 instead of rw-r--r-- i.e. 0644. This means everyone who is not t...

Missing validation results in undefined behavior in `SparseTensorDenseAdd

Impact The implementation of tf.rawops.SparseTensorDenseAdd does not fully validate the input arguments: python import tensorflow as tf aindices = tf.constant0, shape=17, 2, dtype=tf.int64 avalues = tf.constant, shape=0, dtype=tf.float32 ashape = tf.constant6, 12, shape=2, dtype=tf.int64 b =...

Missing validation causes denial of service via `StagePeek`

Impact The implementation of tf.rawops.StagePeek does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack: python import tensorflow as tf index = tf.constant, shape=0, dtype=tf.int32 tf.rawops.StagePeekindex=index,...

Missing permission checks in Google Kubernetes Engine Jenkins Plugin

A missing permission check in Jenkins Google Kubernetes Engine Plugin Prior to version 0.7.1 allows attackers with Overall/Read permission to obtain limited information about the scope of a credential with an attacker-specified credentials ID. This issue is patched in version 0.7.1...

october/system arbitrary code execution

Impact Assuming an attacker with access to the backend is able to execute PHP code by using the theme import feature. This will bypass the safe mode feature that prevents PHP execution in the CMS templates. Patches Issue has been patched in Build 473 and v1.1.6 Workarounds Apply...

CVE-2021-32758 Layout XML Arbitrary Code Fix

OpenMage Magento LTS is an alternative to the Magento CE official releases. Prior to versions 19.4.15 and 20.0.11, layout XML enabled admin users to execute arbitrary commands via block methods. The latest OpenMage Versions up from v19.4.15 and v20.0.11 have this Issue patched...

CVE-2021-37668 Division by zero in TensorFlow Lite `tf.raw_ops.UnravelIndex`

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause denial of service in applications serving models using tf.rawops.UnravelIndex by triggering a division by 0. The implementation does not check that the tensor subsumed by dims is not...

PYSEC-2021-551

TensorFlow is an end-to-end open source platform for machine learning. Sending invalid argument for rowpartitiontypes of tf.rawops.RaggedTensorToTensor API results in a null pointer dereference and undefined behavior. The implementation accesses the first element of a user supplied list of values...

CVE-2021-37696 Sensitive information leak in MassDM of tmerc-cogs

tmerc-cogs are a collection of open source plugins for the Red Discord bot. A vulnerability has been found in the code that allows any user to access sensitive information by crafting a specific MassDM message. Issue is patched in commit 92325be650a6c17940cc52611797533ed95dbbe1. All users are...

CVE-2021-32620

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions prior to 11.10.13, 12.6.7, and 12.10.2, a user disabled on a wiki using email verification for registration canouldre-activate themself by using the activation link provided for hi...

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

In Helm before versions 2.16.11 and 3.3.2 plugin names are not sanitized properly. As a result, a malicious plugin author could use characters in a plugin name that would result in unexpected behavior, such as duplicating the name of another plugin or spoofing the output to helm --help. This issu...

Division by 0 in `FusedBatchNorm`

Impact An attacker can cause a denial of service via a FPE runtime error in tf.rawops.FusedBatchNorm: python import tensorflow as tf x = tf.constant, shape=1, 1, 1, 0, dtype=tf.float32 scale = tf.constant, shape=0, dtype=tf.float32 offset = tf.constant, shape=0, dtype=tf.float32 mean = tf.constan...

Heap buffer overflow in `QuantizedResizeBilinear`

Impact An attacker can cause a heap buffer overflow in QuantizedResizeBilinear by passing in invalid thresholds for the quantization: python import tensorflow as tf images = tf.constant, shape=0, dtype=tf.qint32 size = tf.constant, shape=0, dtype=tf.int32 min = tf.constant, dtype=tf.float32 max =...

CVE-2021-21428 Creation of Temporary File in Directory with Insecure Permissions in the OpenAPI-Generator online generator

Openapi generator is a java tool which allows generation of API client libraries SDK generation, server stubs, documentation and configuration automatically given an OpenAPI Spec. openapi-generator-online creates insecure temporary folders with File.createTempFile during the code generation...

CVE-2020-15248

October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.319 and before version 1.0.470, backend users with the default "Publisher" system role have access to create & manage users where they can choose which role the new user ha...

CVE-2020-15248

October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.319 and before version 1.0.470, backend users with the default "Publisher" system role have access to create & manage users where they can choose which role the new user ha...

CVE-2020-26221

The CVE-2020-26221 entry concerns touchbase.ai before version 2.0, where a Cross-Site Scripting (XSS) vulnerability exists in the affected web application. The flaw allows an attacker to inject JavaScript that can hijack a user’s cookie/session tokens, redirect users to malicious pages, or cause ...

Design/Logic Flaw

In Tensorflow before version 2.4.0, when the boxes argument of tf.image.cropandresize has a very large value, the CPU kernel implementation receives it as a C++ nan floating point value. Attempting to operate on this is undefined behavior which later produces a segmentation fault. The issue is...