CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2020-4811

IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, and 1.6.0.1 could allow a privileged user to inject inject malicious data using a specially crafted HTTP request due to improper i ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：12 | 回复：0
CVE-2020-4985

IBM Planning Analytics Local 2.0 could allow an attacker to obtain sensitive information due to accepting body parameters in a query. IBM X-Force ID: 192642.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：21 | 回复：0
CVE-2021-20391

IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 195999.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：11 | 回复：0
CVE-2021-20392

IBM QRadar User Behavior Analytics 1.0.0 through 4.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intende ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：19 | 回复：0
CVE-2021-20393

IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This informatio ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：7 | 回复：0
CVE-2021-20429

IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 could disclose sensitive information due an overly permissive cross-domain policy. IBM X-Force ID: 196334.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：9 | 回复：0
CVE-2021-20564

IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, and 1.6.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Tr ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：7 | 回复：0
CVE-2021-20565

IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, and 1.6.0.1 uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an un ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：7 | 回复：0
CVE-2021-32816

ProtonMail Web Client is the official AngularJS web client for the ProtonMail secure email service. ProtonMail Web Client before version 3.16.60 has a regular expression denial-of-service vulnerabilit ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：10 | 回复：0
CVE-2021-29512

TensorFlow is an end-to-end open source platform for machine learning. If the `splits` argument of `RaggedBincount` does not specify a valid `SparseTensor`(https://www.tensorflow.org/api_docs/python/t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：15 | 回复：0
CVE-2021-29554

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via a FPE runtime error in `tf.raw_ops.DenseCountSparseOutput`. This is because the imp ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：15 | 回复：0
CVE-2021-32817

express-hbs is an Express handlebars template engine. express-hbs mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：14 | 回复：0
CVE-2021-32818

haml-coffee is a JavaScript templating solution. haml-coffee mixes pure template data with engine configuration options through the Express render API. More specifically, haml-coffee supports overridi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：23 | 回复：0
CVE-2021-32819

Squirrelly is a template engine implemented in JavaScript that works out of the box with ExpressJS. Squirrelly mixes pure template data with engine configuration options through the Express render API ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：14 | 回复：0
CVE-2021-32820

Express-handlebars is a Handlebars view engine for Express. Express-handlebars mixes pure template data with engine configuration options through the Express render API. More specifically, the layout ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：28 | 回复：0
CVE-2020-17891

TP-Link Archer C1200 firmware version 1.13 Build 2018/01/24 rel.52299 EU has a XSS vulnerability allowing a remote attacker to execute arbitrary code.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：18 | 回复：0
CVE-2020-27769

In ImageMagick versions before 7.0.9-0, there are outside the range of representable values of type 'float' at MagickCore/quantize.c.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：14 | 回复：0
CVE-2021-29513

TensorFlow is an end-to-end open source platform for machine learning. Calling TF operations with tensors of non-numeric types when the operations expect numeric tensors result in null pointer derefer ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：15 | 回复：0
CVE-2021-29514

TensorFlow is an end-to-end open source platform for machine learning. If the `splits` argument of `RaggedBincount` does not specify a valid `SparseTensor`(https://www.tensorflow.org/api_docs/python/t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：12 | 回复：0
CVE-2021-29515

TensorFlow is an end-to-end open source platform for machine learning. The implementation of `MatrixDiag*` operations(https://github.com/tensorflow/tensorflow/blob/4c4f420e68f1cfaf8f4b6e8e3eb857e9e4c3 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：17 | 回复：0
CVE-2021-29516

TensorFlow is an end-to-end open source platform for machine learning. Calling `tf.raw_ops.RaggedTensorToVariant` with arguments specifying an invalid ragged tensor results in a null pointer dereferen ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：10 | 回复：0
CVE-2021-29517

TensorFlow is an end-to-end open source platform for machine learning. A malicious user could trigger a division by 0 in `Conv3D` implementation. The implementation(https://github.com/tensorflow/tenso ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：17 | 回复：0
CVE-2021-29518

TensorFlow is an end-to-end open source platform for machine learning. In eager mode (default in TF 2.0 and later), session operations are invalid. However, users could still call the raw ops associat ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：13 | 回复：0
CVE-2021-29519

TensorFlow is an end-to-end open source platform for machine learning. The API of `tf.raw_ops.SparseCross` allows combinations which would result in a `CHECK`-failure and denial of service. This is be ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：27 | 回复：0
CVE-2021-29520

TensorFlow is an end-to-end open source platform for machine learning. Missing validation between arguments to `tf.raw_ops.Conv3DBackprop*` operations can result in heap buffer overflows. This is beca ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：25 | 回复：0
CVE-2021-29521

TensorFlow is an end-to-end open source platform for machine learning. Specifying a negative dense shape in `tf.raw_ops.SparseCountSparseOutput` results in a segmentation fault being thrown out from t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：30 | 回复：0
CVE-2021-29522

TensorFlow is an end-to-end open source platform for machine learning. The `tf.raw_ops.Conv3DBackprop*` operations fail to validate that the input tensors are not empty. In turn, this would result in ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：13 | 回复：0
CVE-2021-29523

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a `CHECK`-fail in `tf.raw_ops.AddManySparseToTensorsMap`. This is because the imp ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：17 | 回复：0
CVE-2021-29524

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in `tf.raw_ops.Conv2DBackpropFilter`. This is because the implementation(https://github.c ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：16 | 回复：0
CVE-2021-29525

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in `tf.raw_ops.Conv2DBackpropInput`. This is because the implementation(https://github.co ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：18 | 回复：0
CVE-2021-29526

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in `tf.raw_ops.Conv2D`. This is because the implementation(https://github.com/tensorflow/ ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：16 | 回复：0
CVE-2021-29527

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in `tf.raw_ops.QuantizedConv2D`. This is because the implementation(https://github.com/te ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：5 | 回复：0
CVE-2021-29528

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in `tf.raw_ops.QuantizedMul`. This is because the implementation(https://github.com/tenso ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：16 | 回复：0
CVE-2021-29529

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a heap buffer overflow in `tf.raw_ops.QuantizedResizeBilinear` by manipulating input values so that float ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：12 | 回复：0
CVE-2021-29530

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a null pointer dereference by providing an invalid `permutation` to `tf.raw_ops.SparseMatrixSparseCholesk ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：17 | 回复：0
CVE-2021-29531

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a `CHECK` fail in PNG encoding by providing an empty input tensor as the pixel data. This is because the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：17 | 回复：0
CVE-2021-29532

TensorFlow is an end-to-end open source platform for machine learning. An attacker can force accesses outside the bounds of heap allocated arrays by passing in invalid tensor values to `tf.raw_ops.Rag ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：9 | 回复：0
CVE-2021-29533

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a `CHECK` failure by passing an empty image to `tf.raw_ops.DrawBoundingBoxes`. Th ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：14 | 回复：0
CVE-2021-29534

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a `CHECK`-fail in `tf.raw_ops.SparseConcat`. This is because the implementation(h ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：15 | 回复：0
CVE-2021-29535

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in `QuantizedMul` by passing in invalid thresholds for the quantization. This is bec ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:43 | 阅读：21 | 回复：0