Null pointer dereference

TensorFlow is an end-to-end open source platform for machine learning. In eager mode default in TF 2.0 and later, session operations are invalid. However, users could still call the raw ops associated with them and trigger a null pointer dereference. The...

PYSEC-2021-461

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK failure by passing an empty image to tf.rawops.DrawBoundingBoxes. This is because the...

PYSEC-2021-472

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in tf.rawops.QuantizeAndDequantizeV4Grad. This is because the...

PYSEC-2021-451

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in tf.rawops.AddManySparseToTensorsMap. This is because the...

PYSEC-2021-456

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in tf.rawops.QuantizedMul. This is because the...

PYSEC-2021-444

TensorFlow is an end-to-end open source platform for machine learning. Calling tf.rawops.RaggedTensorToVariant with arguments specifying an invalid ragged tensor results in a null pointer dereference. The implementation of RaggedTensorToVariant...

CVE-2021-29593 Division by zero in TFLite's implementation of `BatchToSpaceNd`

TensorFlow is an end-to-end open source platform for machine learning. The implementation of the BatchToSpaceNd TFLite operator is vulnerable to a division by zero...

CVE-2021-29549 Division by 0 in `QuantizedAdd`

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a runtime division by zero error and denial of service in tf.rawops.QuantizedBatchNormWithGlobalNormalization. This is because the...

Google TensorFlow 数字错误漏洞

Google TensorFlow is an end-to-end open source machine learning platform. A security vulnerability exists in SVDF in Google TensorFlow. No details of the vulnerability are provided at this time...

Singularity has an unspecified vulnerability

Singularity is an open source container management platform from the Singularity team Singularity. The software supports building applications on their desktops and running hundreds or thousands of instances on any public cloud or at the compute edge. A security vulnerability exists in versions...

forum-java is vulnerable to XSS

forum-java is an open source modern community platform. forum-java has an XSS vulnerability that can be exploited by attackers to obtain sensitive information such as user cookies...

Adobe Magento XML Injection Vulnerability

Adobe Magento is Adobe's one with PHP written in open source e-commerce platform.Magento Community Edition is the community edition, later renamed Magento Open Source, Magento Enterprise Edition is the enterprise edition, later renamed Magento Magento Enterprise Edition is the enterprise edition,...

Adobe Magento SQL Injection Vulnerability

Adobe Magento is Adobe's one with PHP written in open source e-commerce platform.Magento Community Edition is the community edition, later renamed Magento Open Source, Magento Enterprise Edition is the enterprise edition, later renamed Magento Magento Enterprise Edition is the enterprise edition,...

Adobe Magento 操作系统命令注入漏洞

Adobe Magento is Adobe's one with PHP written in open source e-commerce platform.Magento Community Edition is the community edition, later renamed Magento Open Source, Magento Enterprise Edition is the enterprise edition, later renamed Magento Magento Enterprise Edition is the enterprise edition,...

Apache Airflow Encryption Problem Vulnerability

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. A security vulnerability exists in Apache Airflow versions prior to 1.10.13, which...

Cabot 0.11.12 - Persistent Cross-Site Scripting

Exploit Title: Cabot 0.11.12 - Persistent Cross-Site Scripting Date: 2020-09-06 Exploit Author: Abhiram V Vendor Homepage: https://cabotapp.com/ Software Link: https://github.com/arachnys/cabot Version: 0.11.12 Tested on: Ubuntu Linux Introduction Cabot is a free, open-source, self-hosted...

Unspecified vulnerability in MISP (CNVD-2020-51415)

MISP is an open source software solution. The product is used to collect, store, distribute and share cybersecurity metrics and has features such as threat cybersecurity event analysis and malware analysis. A security vulnerability exists in MISP version 2.4.128, which stems from insufficient ACL...

Multiple SQL Injection Vulnerabilities in DM Enterprise Website System Backend

DM enterprise building system is developed by php + mysql a set of specialized in small and medium-sized enterprise website construction of open source cms. DM enterprise website building system background there are multiple SQL injection vulnerabilities. Attackers can use the vulnerability to...

Zimbra Code Issues Vulnerabilities

Zimbra is the United States Zimbra company's set of open source e-mail collaboration platform. A code issue vulnerability exists in the /service/upload program in the Webmail subsystem in versions of Zimbra prior to 8.8.15 Patch 10 and 9.x prior to 9.0.0 Patch 3, which can be exploited by an...

Remote Code Execution Vulnerability in O2OA System in*** Interface

O2OA is an open source and free enterprise and team office platform , providing portal management , process management , information management , data management four platforms , set of work reports , project collaboration , mobile OA , document sharing , process approval , data collaboration and...