Null Pointer Dereference

TensorFlow is vulnerable to a null pointer dereference. The vulnerability exists due to unconditionally dereferencing a pointer in the TFLite model, allowing an attacker to craft a TFLite model that triggers this dereference. It leads to crash the system and cause a denial of service...

Out-of-bounds Read

TensorFlow is vulnerable to an Out-of-bounds Read. The vulnerability is due to improper validation of the axisvalue in the TFLite implementation of SplitV, which can lead to accessing data outside the bounds of the tensor shape array...

Divide By Zero

tensorflow is vulnerable to Divide By Zero. The vulnerability is caused due to a defect in the implementation of BatchToSpaceNd where TFLite operator is vulnerable to a division by zero error. An attacker can craft a model such that one dimension of the block input is 0 resulting in the...

Division By Zero Error

TensorFlow is vulnerable to a division by zero error. The vulnerability is due to insufficient handling of cases where the input's fourth dimension is zero in the DepthwiseConv TFLite operator, which can allows to execution issues or crashes in machine learning models...

Out-of-bounds Write

tensorflow, tensorflowcpu and tensorflowgpu are vulnerable to Out-of-bounds Write. The vulnerability is caused due to a missing validation. A specially crafted TFLite model could trigger an OOB write on heap in the TFLite implementation of ArgMin/ArgMax'...

Regular Expression Denial Of Service (ReDoS)

urlregex is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability is due to inefficient handling of regular expressions in the index.js file of the Backtracking component in nescalante urlregex, allowing an attacker to induce performance degradation or resource exhaustion...

Token Leakage

Tina CMS is vulnerable to search Token leakage. The vulnerability is due to the search token being leaked through the lock file tina-lock.json, allows an attacker to gain unauthorized access to the search functionality by exploiting the leaked search token...

Path Traversal

github.com/spectolabs/hoverfly is vulnerable to Path Traversal. The vulnerability is due to insufficient path sanitization in the /api/v2/simulation POST handler, allowing an attacker to escape the intended base directory and access arbitrary files on the server by manipulating file paths using ....

Path Traversal

actions/artifact is vulnerable to Path Traversal. The vulnerability is due to improper validation of filenames in specifically crafted artifacts, allowing path traversal when using downloadArtifactInternal, downloadArtifactPublic, or streamExtractExternal...

Cross Site Scripting(XSS)

concrete5/concrete5 is vulnerable to Cross Site ScriptingXSS. The vulnerability is due to inadequate input validation and sanitization in Board instances of Concrete CMS, which allows rogue administrators to inject and store malicious code...

Denial Of Service (DOS)

TensorFlow is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of the block input in the SpaceToBatchNd TFLite operator, which allows an attacker to set a dimension of the block input to 0, causing a division by zero error, which can crash the system or make it...

Man-in-the-middle(MitM) Attack

Gentoo Portage is vulnerable to a Man-in-the-Middle MitM attack. The vulnerability exists due to the failure of emerge-webrsync to perform PGP signature verification on downloaded .gpgsig files, allowing an attacker to inject malicious code during the file download process...

Integer Overflow

TensorFlow is vulnerable to an Integer Overflow. The vulnerability is due to an integer overflow in the TFLite code for allocating TFLiteIntArrays, allowing attackers to craft models that cause memory corruption by dereferencing invalid pointers...

Denial Of Service (DOS)

libexpat.so is vulnerable to Denial Of Service DOS. The vulnerability is caused due to a defect within xmlparse.c that does not eject a negative length for XMLParseBuffer...

NULL Pointer Dereference

libvirt is vulnerable to a NULL Pointer Dereference. The vulnerability is due to a corner case in the code fetching the list of interfaces where allocating 0 bytes of memory results in a NULL pointer, leading to a crash of the virtinterfaced daemon...

Double Free

libpcap is vulnerable to a Double Free. The vulnerability is due to the sockinitaddress function not clearly indicating whether freeaddrinfo still needs to be called by the caller function, leading to the possibility of both the function and its caller freeing the same memory block...

Timing Attack

Adyen is vulnerable to a Timing Attack. The vulnerability is due to improper constant-time comparison of HMACs in the isvalidhmac and isvalidhmacnotification methods, allowing an attacker to infer the correct HMAC by measuring timing differences...

Integer Overflow

libexpat.so is vulnerable to Integer Overflow. The vulnerability is caused due to a defect in function nextScaffoldPart within xmlparse.c. This can lead to an integer overflow for mgroupSize on 32-bit platforms where UINTMAX equals SIZEMAX...

XML External Entity (XXE)

GeoNode is vulnerable to XML External Entity XXE. The vulnerability is due to improper handling of XML input in the style upload functionality of GeoServer, allowing an attacker to read arbitrary files on the server...

Integer Overflow

libexpat.so is vulnerable to Integer Overflow. The vulnerability is caused due to a defect in function dtdCopy within xmlparse.c. This can lead to integer overflow for nDefaultAtts on 32-bit platforms whereUINTMAX equals SIZEMAX...

NULL Pointer Dereference

libpcap is vulnerable to a NULL pointer dereference. The vulnerability is due to the pcapfindalldevsex function not checking the return value of opendir and passing a NULL value to readdir when an invalid filesystem path is provided...

Unrestricted File Upload

FeehiCMS is vulnerable to unrestricted file upload. The vulnerability is due to lack of proper validation and restrictions on file uploads in the BannerForm argument of the createBanner function, which allows attackers to perform unrestricted file uploads...

Unrestricted File Upload

FeehiCMS is vulnerable to unrestricted file upload. The vulnerability is due to lack of proper restrictions on file uploads in the User argument within the insert function of FeehiCMS, which allows an attacker to upload malicious files remotely, potentially leading to unauthorized code execution ...

Unrestricted File Upload

FeehiCMS is vulnerable to unrestricted file upload. The vulnerability is due to insufficient input validation in the FriendlyLink argument, which allows attackers to upload files without proper restrictions in the update function of FeehiCMS...

Unauthorized Ledger Alterations

indynode is vulnerable to Unauthorized Ledger Alterations. The vulnerability is due to lack of signature verification and the ability to update a DID with a nym transaction without checking changes to ROLE or VERKEY, allows unauthorized alterations to the ledger, such as spamming it with...

Cross Site Scripting(XSS)

Svelte is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper HTML escaping during server-side rendering, allowing an attacker to inject malicious content and execute unauthorized scripts in the victim's browser...

IP Address Spoofing

serilog.enrichers.clientinfo is vulnerable to IP Spoofing. The vulnerability is caused due to a failure to validate IP address specified in X-Forwarded-For or Client-Ip headers. This allows attackers to falsify their IP addresses by specifying an arbitrary IP as a value of X-Forwarded-For or...

Cross-site Scripting (XSS)

Typo3 is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper parsing of values assigned to HTML attributes in the frontend's typolink functionality and improper encoding of error messages in the backend's filelist module when renaming files...

Improper Input Validation

Ingress-nginx is vulnerable to Improper Input Validation. The vulnerability is due to improper annotation validation, allowing an actor with permission to create Ingress objects to inject arbitrary commands and obtain the credentials of the ingress-nginx controller...

Improper Authorization

getkirby/cms is vulnerable to Improper Authorization. The vulnerability is due to the insufficient permission checks in the language settings. An attacker with Panel access can manipulate language definitions by exploiting these missing checks...

Denial Of Service (DOS)

TensorFlow is vulnerable to a denial of service. The vulnerability is due to the improper handling of the dimensionality of the output tensor in TensorFlow Lite's segment sum implementation,where the code uses the last element of the tensor holding segment IDs to determine the output tensor's siz...

Directory Traversal

github.com/ollama/ollama is vulnerable to Directory Traversal. The vulnerability is due to inadequate handling of ZIP file paths during extraction. The extractFromZipFile function in model.go does not properly enforce directory boundaries, allowing ZIP members to be extracted to locations outside...

SQL Injection

centreon/centreon is vulnerable to SQL Injection. The vulnerability is caused due to a missing validation while constructing SQL queries...

Carriage Return Line Feed (CRLF) Injection

RestSharp is vulnerable to Carriage Return Line Feed CRLF Injection. The vulnerability is due to the lack of CRLF character validation in HTTP header values by the HttpHeaders.TryAddWithoutValidation method, which allows an attacker to inject additional HTTP headers or smuggle entire HTTP request...

Prototype Pollution

chartist is vulnerable to Prototype Pollution. The vulnerability is due to lack of validation in the extend function to prevent arguments from modifying the object prototype in Chartist, allows an attacker to inject malicious object properties using the proto property, which recursively affects a...

SQL Injection

centreon/centreon is vulnerable to SQL Injection. The vulnerability is caused due to a missing validation while constructing SQL queries...

Insecure Direct Object Reference (IDOR)

in2code/powermail is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to insufficient validation of the mail parameter in the confirmationAction of the Powermail extension, allowing an unauthenticated attacker to display user-submitted data of all forms persisted by t...

SQL Injection

centreon/centreon is vulnerable to SQL Injection. The vulnerability is due to improper input validation in the service configuration functionality, which allows attackers to execute arbitrary SQL commands through specially crafted inputs...

SQL Injection

centreon/centreon Web is vulnerable to SQL Injection. The vulnerability is due to improper input validation in the updateServiceHost functionality, allowing attackers to inject malicious SQL code, potentially leading to unauthorized access or manipulation of the database...

Broken Access Control

in2code/powermail is vulnerable to Broken Access Control. The vulnerability is due to the lack of proper validation in the OutputController actions within the Powermail extension, allowing an unauthenticated attacker to edit, update, delete, or export data of persisted forms when the Powermail...

Full Path Disclosure

Drupal is vulnerable to Full Path Disclosure. The vulnerability is due to improper error handling in core/authorize.php when hashsalt is set to the filegetcontents of a non-existent file...

Authentication Bypass

github.com/open-telemetry/opentelemetry-collector-contrib/receiver/awsfirehosereceiver is vulnerable to unauthorized remote access. The vulnerability is due to improper enforcement of key requirements in the awsfirehosereceiver module, allowing unauthenticated requests even when a key is configur...

Out-Of-Bounds Writes

TensorFlow is vulnerable to out-of-bounds writes. The vulnerability is due to the improper handling of negative elements in the segment ids tensor, allowing negative values that result in out-of-bounds memory writes during the segment sum operation...

Divide By Zero

tensorflow is vulnerable to Divide By Zero. The vulnerability is caused due to the Prepare step of the SpaceToDepth TFLite operator does not check for 0 before division. An attacker can craft a model such that params-blocksize would be zero and potentially leads to DoS...

Cross Site Scripting

phpoffice/phpspreadsheet is vulnerable to Cross Site ScriptingXSS. The vulnerability is due to insufficient sanitization of spreadsheet styling information by \PhpOffice\PhpSpreadsheet\Writer\Html, which fails to remove or neutralize potentially harmful content before rendering it in HTML. It...

Local File Bypass

phpoffice/phpspreadsheet is vulnerable to Local File Bypass. The vulnerability is due to improper validation and handling of XML input within XmlScanner.php, which allows attackers to exploit XXE to access local file contents...

Divide By Zero

tensorflow is vulnerable to Divide By Zero. The vulnerability is caused due to a defect in the optimized implementation of the TransposeConv TFLite operator where there is a missing validation for strideh,w variable. An attacker can craft a model such that strideh,w values are 0 resulting in Divi...

Privilege Escalation

github.com/hwameistor/hwameistor is vulnerable to Privilege Escalation. The vulnerability is due to misconfiguration of the ClusterRole in Hwameistor, which allows overly broad permissions that can be abused by a malicious user...

Arbitrary Code Execution

JupyterLab is vulnerable to Arbitrary Code Execution. The vulnerability is due to user interaction with a malicious notebook or Markdown file using JupyterLab's preview feature, which allows execution of arbitrary code and unauthorized data access...

Out-of-bounds Write

tensorflow, tensorflow-cpu and tensorflowgpu is vulnerable to Out-of-bounds Write. The vulnerability is due to improper handling of tensors when a model uses the same tensor for both an input and output of an operator, which can result in data loss and memory corruption...