CVE-2022-1192

The Turn off all comments WordPress plugin through 1.0 does not sanitise and escape the rows parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...

WordPress plugin Turn off all comments 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed using the PHP language. A cross-site scripting vulnerability exists in the WordPress Turn off all comments plugin, which stems from a failure to clean and escape rows parameters before...

DEBIAN-CVE-2021-46709

phpLiteAdmin through 1.9.8.2 allows XSS via the index.php newRows parameter aka num or number...

CSV Injection

nocodb is vulnerable to CSV injection attacks. The vulnerability exists due to lack of sanitization in table rows which allows attackers to inject payload and execute in endpoint when administer opens the CSV file...

GHSA-RG3M-HQC5-344V `SparseFillEmptyRows` heap OOB

Impact The implementation of SparseFillEmptyRows can be made to trigger a heap OOB access: python import tensorflow as tf data=tf.rawops.SparseFillEmptyRows indices=0,0,0,0,0,0, values='sssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss', denseshape=5,3, defaultvalue='o' This occurs...

CVE-2021-41224

TensorFlow is an open source platform for machine learning. In affected versions the implementation of SparseFillEmptyRows can be made to trigger a heap OOB access. This occurs whenever the size of indices does not match the size of values. The fix will be included in TensorFlow 2.7.0. We will al...

Denial of service in DataCommunicator class in Vaadin 8

Missing check in DataCommunicator class in com.vaadin:vaadin-server versions 8.0.0 through 8.14.0 Vaadin 8.0.0 through 8.14.0 allows authenticated network attacker to cause heap exhaustion by requesting too many rows of data...

Denial of service in DataCommunicator class in Vaadin 8

Missing check in DataCommunicator class in com.vaadin:vaadin-server versions 8.0.0 through 8.14.0 Vaadin 8.0.0 through 8.14.0 allows authenticated network attacker to cause heap exhaustion by requesting too many rows of data...

CVE-2021-33609

Missing check in DataCommunicator class in com.vaadin:vaadin-server versions 8.0.0 through 8.14.0 Vaadin 8.0.0 through 8.14.0 allows authenticated network attacker to cause heap exhaustion by requesting too many rows of data...

Denial Of Service (DoS)

tensorflow is vulnerable to denial of service. Empty tensors are not validated which allows an attacker to cause an undefined behavior by binding a reference to null pointer in tf.rawops.SparseFillEmptyRows...

CVE-2021-29565

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a null pointer dereference in the implementation of tf.rawops.SparseFillEmptyRows. This is because of missing...

PYSEC-2021-691

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a null pointer dereference in the implementation of tf.rawops.SparseFillEmptyRows. This is because of missing...

PYSEC-2021-691

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a null pointer dereference in the implementation of tf.rawops.SparseFillEmptyRows. This is because of missing...

PYSEC-2021-202

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a null pointer dereference in the implementation of tf.rawops.SparseFillEmptyRows. This is because of missing...

The vulnerability of the loaded module of the Linux operating system’s kernel, drivers/usb/misc/iowarrior.ko, which allows a hacker to cause a service failure.

The vulnerability of the driver/misc/iowarrior.ko module in the Linux operating system is related to a memory leak in the implementation of the omap4keypadprobe handler. Exploiting this vulnerability can allow an attacker to cause a service failure by connecting an OMAP4 Keypad device that does n...

Google TensorFlow Buffer Overflow Vulnerability (CNVD-2020-54782)

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. A security vulnerability exists in Tensorflow SparseFillEmptyRowsGrad versions prior to 1.15.4, 2.0.3, 2.1.2, 2.2.1, 2.3.1, and 2.3.1, which arises from a networked system or product that perfor...

PYSEC-2020-309

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the SparseFillEmptyRowsGrad implementation has incomplete validation of the shapes of its arguments. Although reverseindexmapt and gradvaluest are accessed in a similar pattern, only reverseindexmapt is validated to be of proper...

PYSEC-2020-274

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the SparseFillEmptyRowsGrad implementation has incomplete validation of the shapes of its arguments. Although reverseindexmapt and gradvaluest are accessed in a similar pattern, only reverseindexmapt is validated to be of proper...

CVE-2020-15194

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the SparseFillEmptyRowsGrad implementation has incomplete validation of the shapes of its arguments. Although reverseindexmapt and gradvaluest are accessed in a similar pattern, only reverseindexmapt is validated to be of proper...

GHSA-63XM-RX5P-XVQR Heap buffer overflow in Tensorflow

Impact The implementation of SparseFillEmptyRowsGrad uses a double indexing pattern: https://github.com/tensorflow/tensorflow/blob/0e68f4d3295eb0281a517c3662f6698992b7b2cf/tensorflow/core/kernels/sparsefillemptyrowsop.ccL263-L269 It is possible for reverseindexmapi to be an index outside of bound...