PT-2021-23883 · Jenkins · Jenkins Squash Tm Publisher Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Squash TM Publisher Squash4Jenkins Plugin versions 1.0.0 and earlier Description: The issue allows attackers who can control agent processes to replace arbitrary files on the Jenkins controller file system with an attacker-controlled...

GHSA-7PXJ-M4JF-R6H2 Missing validation during checkpoint loading

Impact An attacker can trigger undefined behavior, integer overflows, segfaults and CHECK-fail crashes if they can change saved checkpoints from outside of TensorFlow. This is because the checkpoints loading infrastructure is missing validation for invalid file formats. Patches We have patched th...

GHSA-374M-JM66-3VJ8 Heap OOB in `SparseBinCount`

Impact The implementation of SparseBinCount is vulnerable to a heap OOB: python import tensorflow as tf tf.rawops.SparseBincount indices=0,1,2 values=0,-10000000 denseshape=1,1 size=1 weights=3,2,1 binaryoutput=False This is because of missing validation between the elements of the values argumen...

PYSEC-2021-617

TensorFlow is an open source platform for machine learning. In affected versions the code for boosted trees in TensorFlow is still missing validation. As a result, attackers can trigger denial of service via dereferencing nullptrs or via CHECK-failures as well as abuse undefined behavior binding...

PYSEC-2021-400

TensorFlow is an open source platform for machine learning. In affected versions the code for boosted trees in TensorFlow is still missing validation. As a result, attackers can trigger denial of service via dereferencing nullptrs or via CHECK-failures as well as abuse undefined behavior binding...

CVE-2021-41208

TensorFlow is an open source platform for machine learning. In affected versions the code for boosted trees in TensorFlow is still missing validation. As a result, attackers can trigger denial of service via dereferencing nullptrs or via CHECK-failures as well as abuse undefined behavior binding...

PYSEC-2021-613

TensorFlow is an open source platform for machine learning. In affected versions an attacker can trigger undefined behavior, integer overflows, segfaults and CHECK-fail crashes if they can change saved checkpoints from outside of TensorFlow. This is because the checkpoints loading infrastructure ...

PYSEC-2021-396

TensorFlow is an open source platform for machine learning. In affected versions an attacker can trigger undefined behavior, integer overflows, segfaults and CHECK-fail crashes if they can change saved checkpoints from outside of TensorFlow. This is because the checkpoints loading infrastructure ...

PYSEC-2021-811

TensorFlow is an open source platform for machine learning. In affected versions an attacker can trigger undefined behavior, integer overflows, segfaults and CHECK-fail crashes if they can change saved checkpoints from outside of TensorFlow. This is because the checkpoints loading infrastructure ...

PT-2021-23180 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.7.0 TensorFlow versions 2.6.1 and earlier TensorFlow versions 2.5.2 and earlier TensorFlow versions 2.4.4 and earlier Description: The code for boosted trees in TensorFlow is still missing validation. As a resul...

PT-2021-23175 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.7.0 TensorFlow versions 2.6.1 and earlier TensorFlow versions 2.5.2 and earlier TensorFlow versions 2.4.4 and earlier Description: An attacker can trigger undefined behavior, integer overflows, segfaults and...

PT-2021-23199 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.7.0 TensorFlow versions 2.6.1 and earlier TensorFlow versions 2.5.2 and earlier TensorFlow versions 2.4.4 and earlier Description: The implementation of SparseBinCount is vulnerable to a heap out-of-bounds OOB...

Sonatype Nexus Repository 代码问题漏洞

Sonatype Nexus Repository is a repository manager from Sonatype, Inc. that is used for managing, storing, and distributing software, among other things. A security vulnerability exists in Sonatype Nexus Repository 3, which stems from a lack of validation and filtering of user-submitted input on t...

VulnCheck KEV: CVE-2021-42359

WP DSGVO Tools GDPR = 3.1.23 had an AJAX action, ‘admin-dismiss-unsubscribe‘, which lacked a capability check and a nonce check and was available to unauthenticated users, and did not check the post type when deleting unsubscription requests. As such, it was possible for an attacker to...

CVE-2018-25019

The LearnDash LMS WordPress plugin before 2.5.4 does not have any authorisation and validation of the file to be uploaded in the learndashassignmentprocessinit function, which could allow unauthenticated users to upload arbitrary files to the web server...

CVE-2021-38451

The affected product’s proprietary protocol CSC allows for calling numerous function codes. In order to call those function codes, the user must supply parameters. There is no sanitation on the value of the offset, which allows the client to specify any offset and read out-of-bounds data...

WordPress 插件 SQL注入漏洞

WordPress plugin is an open source application plugin for WordPress. The WordPress plugin suffers from a SQL injection vulnerability that stems from the WP Simple Booking Calendar plugin failing to escape, validate, or clean up the orderby parameter in its Search Calendar operation before using i...

Dswjcms 跨站脚本漏洞

Dswjcms is for individuals and personal lending launched a free p2p open source project , based on Thinkphp architecture of the industry system , fully automated installation mode , quickly build a P2P website . Dswjcms 1.6.4 version of the existence of cross-site scripting vulnerability , the...

c-ares: Missing input validation of host names may lead to domain hijacking

A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS Domain Name Servers can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as we...

Online Catering Reservation System 路径遍历漏洞

Online Catering Reservation System is an open source online catering reservation system. Online Catering Reservation System is vulnerable due to a lack of validation in index.php leading to a directory traversal vulnerability. An attacker could use this vulnerability to obtain sensitive informati...