| Vulners.com -- url-parse vulnerabilities |
| Vulners.com -- WebTareas 2.4 SQL Injection |
| Vulners.com -- ImpressCMS 1.4.3 SQL Injection |
| Vulners.com -- Composr-CMS 10.0.39 Remote Code Execution |
| Vulners.com -- Abantecart 1.3.2 Remote Code Execution |
| Vulners.com -- SimpleMachinesForum 2.1.1 Remote Code Execution |
| Vulners.com -- MODX Revolution 2.8.3-pl Remote Code Execution |
| CVE-2018-25083 -- The pullit package before 1.4.0 for Node.js allows OS Command Injection because eval is used on an attacker-supplied Git branch name. |
| CVE-2022-30705 -- Cross-Site Request Forgery (CSRF) vulnerability in Pankaj Jha WordPress Ping Optimizer plugin <= 2.35.1.2.3 versions. |
| CVE-2022-32199 -- db_convert.php in ScriptCase through 9.9.008 is vulnerable to Arbitrary File Deletion by an admin via a directory traversal sequence in the file parameter. |
| CVE-2022-39043 -- Juiker app stores debug logs which contains sensitive information to mobile external storage. An unauthenticated physical attacker can access these files to acquire partial user information such as personal contacts.
|
| CVE-2022-4126 -- Use of Default Password vulnerability in ABB RCCMD on Windows, Linux, MacOS allows Try Common or Default Usernames and Passwords.This issue affects RCCMD: before 4.40 230207.
|
| CVE-2022-41354 -- An access control issue in Argo CD v2.4.12 and below allows unauthenticated attackers to enumerate existing applications. |
| CVE-2022-46843 -- Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Le Van Toan Woocommerce Vietnam Checkout plugin <= 2.0.4 versions. |
| CVE-2022-47146 -- Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Contempoinc Real Estate 7 WordPress theme <= 3.3.1 versions. |
| CVE-2022-47924 -- An high privileged attacker may pass crafted arguments to the validate function of csaf-validator-lib of a locally installed Secvisogram in versions < 0.1.0 wich can result in arbitrary code execution and DoS once the users triggers the validation.
|
| CVE-2022-47925 -- The validate JSON endpoint of the Secvisogram csaf-validator-service in versions < 0.1.0 processes tests with unexpected names. This insufficient input validation of requests by an unauthenticated remote user might lead to a DoS of the process answering t |
| CVE-2023-1133 -- Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in which the Device-status service listens on port 10100/ UDP by default. The service accepts the unverified UDP packets and deserializes the content, which could a |
| CVE-2023-1134 -- Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a path traversal vulnerability, which could allow an attacker to read local files, disclose plaintext credentials, and escalate privileges. |
| CVE-2023-1135 -- In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could set incorrect directory permissions, which could result in local privilege escalation. |
| CVE-2023-1136 -- In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an unauthenticated attacker could generate a valid token, which would lead to authentication bypass. |
| CVE-2023-1137 -- Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in which a low-level user could extract files and plaintext credentials of administrator users, resulting in privilege escalation. |
| CVE-2023-1138 -- Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain an improper access control vulnerability, which could allow an attacker to retrieve Gateway configuration files to obtain plaintext credentials. |
| CVE-2023-1139 -- Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a deserialization vulnerability targeting the Device-gateway service, which could allow deserialization of requests prior to authentication, resulting in remote code execut |
| CVE-2023-1140 -- Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability that could allow an attacker to achieve unauthenticated remote code execution in the context of an administrator. |
| CVE-2023-1141 -- Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a command injection vulnerability that could allow an attacker to inject arbitrary commands, which could result in remote code execution. |
| CVE-2023-1142 -- In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use URL decoding to retrieve system files, credentials, and bypass authentication resulting in privilege escalation. |
| CVE-2023-1143 -- In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use Lua scripts, which could allow an attacker to remotely execute arbitrary code. |
| CVE-2023-1144 -- Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contains an improper access control vulnerability in which an attacker can use the Device-Gateway service and bypass authorization, which could result in privilege escalation. |
| CVE-2023-1145 -- Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a deserialization vulnerability targeting the Device-DataCollect service, which could allow deserialization of requests prior to authentication, resulting in remote code ex |
| CVE-2023-1647 -- Improper Access Control in GitHub repository calcom/cal.com prior to 2.7. |
| CVE-2023-1655 -- Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.4.0. |
| CVE-2023-22707 -- Auth. (author+) Cross-Site Scripting (XSS) vulnerability in Wpsoul Greenshift – animation and page builder blocks plugin <= 4.9.9 versions. |
| CVE-2023-22902 -- Openfind Mail2000 file uploading function has insufficient filtering for user input. An authenticated remote attacker with general user privilege can exploit this vulnerability to inject JavaScript, conducting an XSS attack.
|
| CVE-2023-24094 -- An issue in the bridge2 component of MikroTik RouterOS v6.40.5 allows attackers to cause a Denial of Service (DoS) via crafted packets. |
| CVE-2023-24834 -- WisdomGarden Tronclass has improper access control when uploading file. An authenticated remote attacker with general user privilege can exploit this vulnerability to access files belonging to other users by modifying the file ID within URL.
|
| CVE-2023-24835 -- Softnext Technologies Corp.’s SPAM SQR has a vulnerability of Code Injection within its specific function. An authenticated remote attacker with administrator privilege can exploit this vulnerability to execute arbitrary system command to perform arbitrar |
| CVE-2023-24835 -- Softnext Technologies Corp.’s SPAM SQR has a vulnerability of Code Injection within its specific function. An authenticated remote attacker with administrator privilege can exploit this vulnerability to execute arbitrary system command to perform arbitr |
| CVE-2023-24837 -- HGiga PowerStation remote management function has insufficient filtering for user input. An authenticated remote attacker with general user privilege can exploit this vulnerability to inject and execute arbitrary system commands to perform arbitrary syste |
| CVE-2023-24838 -- HGiga PowerStation has a vulnerability of Information Leakage. An unauthenticated remote attacker can exploit this vulnerability to obtain the administrator’s credential, resulting in performing arbitrary system operation or disrupt service.
|
| CVE-2023-24838 -- HGiga PowerStation has a vulnerability of Information Leakage. An unauthenticated remote attacker can exploit this vulnerability to obtain the administrator’s credential, resulting in performing arbitrary system operation or disrupt service.
|
| CVE-2023-24839 -- HGiga MailSherlock’s specific function has insufficient filtering for user input. An unauthenticated remote attacker can exploit this vulnerability to inject JavaScript, conducting a reflected XSS attack.
|
| CVE-2023-24839 -- HGiga MailSherlock’s specific function has insufficient filtering for user input. An unauthenticated remote attacker can exploit this vulnerability to inject JavaScript, conducting a reflected XSS attack.
|
| CVE-2023-24840 -- HGiga MailSherlock mail query function has vulnerability of insufficient validation for user input. An authenticated remote attacker with administrator privilege can exploit this vulnerability to inject SQL commands to read, modify, and delete the databas |
| CVE-2023-24841 -- HGiga MailSherlock query function for connection log has a vulnerability of insufficient filtering for user input. An authenticated remote attacker with administrator privilege can exploit this vulnerability to inject and execute arbitrary system commands |
| CVE-2023-24842 -- HGiga MailSherlock has vulnerability of insufficient access control. An unauthenticated remote user can exploit this vulnerability to access partial content of another user’s mail by changing user ID and mail ID within URL.
|
| CVE-2023-24842 -- HGiga MailSherlock has vulnerability of insufficient access control. An unauthenticated remote user can exploit this vulnerability to access partial content of another user’s mail by changing user ID and mail ID within URL.
|
| CVE-2023-25017 -- RIFARTEK IOT Wall has a vulnerability of incorrect authorization. An authenticated remote attacker with general user privilege is allowed to perform specific privileged function to access and modify all sensitive data.
|
| CVE-2023-25018 -- RIFARTEK IOT Wall transportation function has insufficient filtering for user input. An authenticated remote attacker with general user privilege can inject JavaScript to perform reflected XSS (Reflected Cross-site scripting) attack.
|
| CVE-2023-25909 -- HGiga OAKlouds file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary command or disrupt service.
|
| CVE-2023-26958 -- Phpgurukul Park Ticketing Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the Admin Name parameter. |
| CVE-2023-26959 -- Phpgurukul Park Ticketing Management System 1.0 is vulnerable to SQL Injection via the User Name parameter. |
| CVE-2023-27096 -- Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker to obtain sensitive information via the ConfigVerifyController function of the Tenant Management module. |
| CVE-2023-27296 -- Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache InLong. It could be triggered by authenticated users of InLong, you could refer to [1] to know more about this vulnerability. This issue affects Apache InLong: from 1.1.0 |
| CVE-2023-28866 -- In the Linux kernel through 6.2.8, net/bluetooth/hci_sync.c allows out-of-bounds access because amp_init1[] and amp_init2[] are supposed to have an intentionally invalid element, but do not.
|
| CVE-2023-28867 -- In GraphQL Java (aka graphql-java) before 20.1, an attacker can send a crafted GraphQL query that causes stack consumption. The fixed versions are 20.1, 19.4, 18.4, 17.5, and 0.0.0-2023-03-20T01-49-44-80e3135. |
| CVE-2023-28883 -- In Cerebrate 1.13, a blind SQL injection exists in the searchAll API endpoint. |
| CVE-2023-28884 -- In MISP 2.4.169, app/Lib/Tools/CustomPaginationTool.php allows XSS in the community index. |
| CVE-2023-28885 -- The MyLink infotainment system (build 2021.3.26) in General Motors Chevrolet Equinox 2021 vehicles allows attackers to cause a denial of service (temporary failure of Media Player functionality) via a crafted MP3 file. |
| CVE-2023-1638 -- A vulnerability was found in IObit Malware Fighter 9.4.0.776. It has been rated as problematic. Affected by this issue is the function 0x8001E024/0x8001E040 in the library ImfRegistryFilter.sys of the component IOCTL Handler. The manipulation leads to den |
| CVE-2023-1639 -- A vulnerability classified as problematic has been found in IObit Malware Fighter 9.4.0.776. This affects the function 0x8001E04C in the library ImfRegistryFilter.sys of the component IOCTL Handler. The manipulation leads to denial of service. It is possi |
| CVE-2023-1640 -- A vulnerability classified as problematic was found in IObit Malware Fighter 9.4.0.776. This vulnerability affects the function 0x222010 in the library ObCallbackProcess.sys of the component IOCTL Handler. The manipulation leads to denial of service. The |
| CVE-2023-1641 -- A vulnerability, which was classified as problematic, has been found in IObit Malware Fighter 9.4.0.776. This issue affects the function 0x222018 in the library ObCallbackProcess.sys of the component IOCTL Handler. The manipulation leads to denial of serv |
| CVE-2023-1642 -- A vulnerability, which was classified as problematic, was found in IObit Malware Fighter 9.4.0.776. Affected is the function 0x222034/0x222038/0x22203C/0x222040 in the library ObCallbackProcess.sys of the component IOCTL Handler. The manipulation leads to |
| CVE-2023-1643 -- A vulnerability has been found in IObit Malware Fighter 9.4.0.776 and classified as problematic. Affected by this vulnerability is the function 0x8001E000/0x8001E004/0x8001E018/0x8001E01C/0x8001E024/0x8001E040 in the library ImfHpRegFilter.sys of the comp |
| CVE-2023-1644 -- A vulnerability was found in IObit Malware Fighter 9.4.0.776 and classified as problematic. Affected by this issue is the function 0x8018E010 in the library IMFCameraProtect.sys of the component IOCTL Handler. The manipulation leads to denial of service. |
| CVE-2023-1645 -- A vulnerability was found in IObit Malware Fighter 9.4.0.776. It has been classified as problematic. This affects the function 0x8018E008 in the library IMFCameraProtect.sys of the component IOCTL Handler. The manipulation leads to denial of service. The |
| CVE-2023-1646 -- A vulnerability was found in IObit Malware Fighter 9.4.0.776. It has been declared as critical. This vulnerability affects the function 0x8018E000/0x8018E004 in the library IMFCameraProtect.sys of the component IOCTL Handler. The manipulation leads to sta |
| CVE-2023-26800 -- Ruijie Networks RG-EW1200 Wireless Routers EW_3.0(1)B11P204 was discovered to contain a command injetion vulnerability via the params.path parameter in the upgradeConfirm function. |
| CVE-2023-26801 -- LB-LINK BL-AC1900_2.0 v1.0.1, LB-LINK BL-WR9000 v2.4.9, LB-LINK BL-X26 v1.2.5, and LB-LINK BL-LTE300 v1.0.8 were discovered to contain a command injection vulnerability via the mac, time1, and time2 parameters at /goform/set_LimitClient_cfg. |
| CVE-2023-26802 -- An issue in the component /network_config/nsg_masq.cgi of DCN (Digital China Networks) DCBI-Netlog-LAB v1.0 allows attackers to bypass authentication and execute arbitrary commands via a crafted request. |
| CVE-2023-27796 -- RG-EW1200G PRO Wireless Routers EW_3.0(1)B11P204, RG-EW1800GX PRO Wireless Routers EW_3.0(1)B11P204, and RG-EW3200GX PRO Wireless Routers EW_3.0(1)B11P204 were discovered to contain multiple command injection vulnerabilities via the data.ip, data.protocal |
| CVE-2023-28858 -- redis-py before 4.5.3, as used in ChatGPT and other products, leaves a connection open after canceling an async Redis command at an inopportune time (in the case of a pipeline operation), and can send response data to the client of an unrelated request in |
| CVE-2023-28859 -- redis-py through 4.5.3 leaves a connection open after canceling an async Redis command at an inopportune time (in the case of a non-pipeline operation), and can send response data to the client of an unrelated request. NOTE: this issue exists because of a |
| CVE-2015-10097 -- A vulnerability was found in grinnellplans-php up to 3.0. It has been declared as critical. Affected by this vulnerability is the function interface_disp_page/interface_disp_page of the file read.php. The manipulation leads to sql injection. The attack ca |
| CVE-2016-15030 -- A vulnerability classified as problematic has been found in Arno0x TwoFactorAuth. This affects an unknown part of the file login/login.php. The manipulation of the argument from leads to open redirect. It is possible to initiate the attack remotely. This |
| CVE-2023-1456 -- ** DISPUTED ** A vulnerability, which was classified as critical, has been found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6. This issue affects some unknown processing of the component NAT Configuration Handler. The manipulation leads to command injection. T |
| CVE-2023-1456 -- A vulnerability, which was classified as critical, has been found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6. This issue affects some unknown processing of the component NAT Configuration Handler. The manipulation leads to command injection. The attack may b |
| CVE-2023-1457 -- ** DISPUTED ** A vulnerability, which was classified as critical, was found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6. Affected is an unknown function of the component Static Routing Configuration Handler. The manipulation of the argument next-hop-interface |
| CVE-2023-1458 -- ** DISPUTED ** A vulnerability has been found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6 and classified as critical. Affected by this vulnerability is an unknown functionality of the component OSPF Handler. The manipulation of the argument area leads to comm |
| CVE-2023-1626 -- A vulnerability was found in Jianming Antivirus 16.2.2022.418. It has been declared as critical. This vulnerability affects unknown code in the library kvcore.sys of the component IoControlCode Handler. The manipulation leads to memory corruption. Attacki |
| CVE-2023-1627 -- A vulnerability was found in Jianming Antivirus 16.2.2022.418. It has been rated as problematic. This issue affects some unknown processing in the library kvcore.sys of the component IoControlCode Handler. The manipulation leads to denial of service. It i |
| CVE-2023-1628 -- A vulnerability classified as problematic has been found in Jianming Antivirus 16.2.2022.418. Affected is an unknown function in the library kvcore.sys of the component IoControlCode Handler. The manipulation leads to null pointer dereference. The attack |
| CVE-2023-1629 -- A vulnerability classified as critical was found in Jianming Antivirus 16.2.2022.418. Affected by this vulnerability is an unknown functionality in the library kvcore.sys of the component IoControlCode Handler. The manipulation leads to memory corruption. |
| CVE-2023-1629 -- A vulnerability classified as critical was found in Jianming Antivirus 16.2.2022.418. Affected by this vulnerability is the function 0x222010 in the library kvcore.sys of the component IoControlCode Handler. The manipulation leads to memory corruption. An |
| CVE-2023-1629 -- A vulnerability classified as critical was found in JiangMin Antivirus 16.2.2022.418. Affected by this vulnerability is the function 0x222010 in the library kvcore.sys of the component IOCTL Handler. The manipulation leads to memory corruption. An attack |
| CVE-2023-1630 -- A vulnerability, which was classified as problematic, has been found in Jianming Antivirus 16.2.2022.418. Affected by this issue is the function 0x222000 in the library kvcore.sys of the component IoControlCode Handler. The manipulation leads to denial of |
| CVE-2023-1630 -- A vulnerability, which was classified as problematic, has been found in Jianming Antivirus 16.2.2022.418. Affected by this issue is some unknown functionality in the library kvcore.sys of the component IoControlCode Handler. The manipulation leads to deni |
| CVE-2023-1630 -- A vulnerability, which was classified as problematic, has been found in JiangMin Antivirus 16.2.2022.418. Affected by this issue is the function 0x222000 in the library kvcore.sys of the component IOCTL Handler. The manipulation leads to denial of service |
| CVE-2023-1631 -- A vulnerability, which was classified as problematic, was found in JiangMin Antivirus 16.2.2022.418. This affects the function 0x222010 in the library kvcore.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. Attacking |
| CVE-2023-1631 -- A vulnerability, which was classified as problematic, was found in Jianming Antivirus 16.2.2022.418. This affects an unknown part in the library kvcore.sys of the component IoControlCode Handler. The manipulation leads to null pointer dereference. Attacki |
| CVE-2023-1632 -- ** DISPUTED ** A vulnerability has been found in Ellucian Banner Web Tailor 8.6 and classified as critical. This vulnerability affects unknown code of the file /PROD_ar/twbkwbis.P_FirstMenu of the component Login Page. The manipulation of the argument PID |
| CVE-2023-1632 -- A vulnerability has been found in Ellucian Banner Web Tailor 8.6 and classified as critical. This vulnerability affects unknown code of the file /PROD_ar/twbkwbis.P_FirstMenu of the component Login Page. The manipulation of the argument PIDM/WEBID leads t |
| CVE-2023-1634 -- A vulnerability was found in OTCMS 6.72. It has been classified as critical. Affected is the function UseCurl of the file /admin/info_deal.php of the component URL Parameter Handler. The manipulation leads to server-side request forgery. It is possible to |
| CVE-2023-1635 -- A vulnerability was found in OTCMS 6.72. It has been declared as problematic. Affected by this vulnerability is the function AutoRun of the file apiRun.php. The manipulation of the argument mode leads to cross site scripting. The attack can be launched re |
| CVE-2023-25658 -- TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, an out of bounds read is in GRUBlockCellGrad. A fix is included in TensorFlow 2.12.0 and 2.11.1. |
| CVE-2023-25659 -- TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, if the parameter `indices` for `DynamicStitch` does not match the shape of the parameter `data`, it can trigger an stack OOB read. A fix is included in Tensor |
| CVE-2023-25660 -- TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when the parameter `summarize` of `tf.raw_ops.Print` is zero, the new method `SummarizeArray<bool>` will reference to a nullptr, leading to a seg fault. A fix |
| CVE-2023-25662 -- TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 are vulnerable to integer overflow in EditDistance. A fix is included in TensorFlow version 2.12.0 and version 2.11.1. |
| CVE-2023-25663 -- TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when `ctx->step_containter()` is a null ptr, the Lookup function will be executed with a null pointer. A fix is included in TensorFlow 2.12.0 and 2.11.1. |
| CVE-2023-25664 -- TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, there is a heap buffer overflow in TAvgPoolGrad. A fix is included in TensorFlow 2.12.0 and 2.11.1. |
| CVE-2023-25665 -- TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when `SparseSparseMaximum` is given invalid sparse tensors as inputs, it can give a null pointer error. A fix is included in TensorFlow version 2.12 and versi |
| CVE-2023-25666 -- TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, there is a floating point exception in AudioSpectrogram. A fix is included in TensorFlow version 2.12.0 and version 2.11.1. |
| CVE-2023-25667 -- TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, integer overflow occurs when `2^31 <= num_frames * height * width * channels < 2^32`, for example Full HD screencast of at least 346 frames. A fix is included |
| CVE-2023-25668 -- TensorFlow is an open source platform for machine learning. Attackers using Tensorflow prior to 2.12.0 or 2.11.1 can access heap memory which is not in the control of user, leading to a crash or remote code execution. The fix will be included in TensorFlo |
| CVE-2023-25669 -- TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, if the stride and window size are not positive for `tf.raw_ops.AvgPoolGrad`, it can give a floating point exception. A fix is included in TensorFlow version 2 |
| CVE-2023-25670 -- TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 have a null point error in QuantizedMatMulWithBiasAndDequantize with MKL enabled. A fix is included in TensorFlow version 2.12.0 and version 2.11.1. |
| CVE-2023-25671 -- TensorFlow is an open source platform for machine learning. There is out-of-bounds access due to mismatched integer type sizes. A fix is included in TensorFlow version 2.12.0 and version 2.11.1. |
| CVE-2023-25672 -- TensorFlow is an open source platform for machine learning. The function `tf.raw_ops.LookupTableImportV2` cannot handle scalars in the `values` parameter and gives an NPE. A fix is included in TensorFlow version 2.12.0 and version 2.11.1. |
| CVE-2023-25673 -- TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 have a Floating Point Exception in TensorListSplit with XLA. A fix is included in TensorFlow version 2.12.0 and version 2.11.1. |
| CVE-2023-25674 -- TensorFlow is an open source machine learning platform. Versions prior to 2.12.0 and 2.11.1 have a null pointer error in RandomShuffle with XLA enabled. A fix is included in TensorFlow 2.12.0 and 2.11.1. |
| CVE-2023-25675 -- TensorFlow is an open source machine learning platform. When running versions prior to 2.12.0 and 2.11.1 with XLA, `tf.raw_ops.Bincount` segfaults when given a parameter `weights` that is neither the same shape as parameter `arr` nor a length-0 tensor. A |
| CVE-2023-25676 -- TensorFlow is an open source machine learning platform. When running versions prior to 2.12.0 and 2.11.1 with XLA, `tf.raw_ops.ParallelConcat` segfaults with a nullptr dereference when given a parameter `shape` with rank that is not greater than zero. A f |
| CVE-2023-25801 -- TensorFlow is an open source machine learning platform. Prior to versions 2.12.0 and 2.11.1, `nn_ops.fractional_avg_pool_v2` and `nn_ops.fractional_max_pool_v2` require the first and fourth elements of their parameter `pooling_ratio` to be equal to 1.0, a |
| CVE-2023-27579 -- TensorFlow is an end-to-end open source platform for machine learning. Constructing a tflite model with a paramater `filter_input_channel` of less than 1 gives a FPE. This issue has been patched in version 2.12. TensorFlow will also cherrypick the fix com |
| CVE-2023-28437 -- Dataease is an open source data visualization and analysis tool. The blacklist for SQL injection protection is missing entries. This vulnerability has been fixed in version 1.18.5. There are no known workarounds. |
