In all versions of GitLab CE/EE since version 13.0, a privileged user, through an API call, can change the visibility level of a group or a project to a restricted option even after the instance admin ...
Continue Reading01 февраля, 2024
69% of organizations said they experienced at least one cyberattack resulting from an exploit of an unknown or unmanaged asset such as software, cloud-based workloads user accounts, and IoT devices. U ...
Continue Reading01 февраля, 2024
TensorFlow through 2.5.0 allows attackers to overwrite arbitrary files via a crafted archive when tf.keras.utils.get_file is used with extract=True. NOTE: the vendor's position is that tf.keras.u ...
Continue Reading01 февраля, 2024
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a crash via a CHECK-fail in debug builds of TensorFlow using tf.raw_ops.ResourceGath ...
Continue Reading01 февраля, 2024
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a crash via a CHECK-fail in debug builds of TensorFlow using tf.raw_ops.ResourceGath ...
Continue Reading01 февраля, 2024
TensorFlow is an end-to-end open source platform for machine learning. Sending invalid argument for row_partition_types of tf.raw_ops.RaggedTensorToTensor API results in a null pointer dereference and ...
Continue Reading01 февраля, 2024
Impact There is a bug in Wasmtime's C API implementation where the definition of the wasmtime_trap_code does not match its declared signature in the wasmtime/trap.h header file. This discrepancy ...
Continue Reading01 февраля, 2024
In all versions of GitLab EE since version 14.1, due to an insecure direct object reference vulnerability, an endpoint may reveal the protected branch name to a malicious user who makes a crafted API ...
Continue Reading01 февраля, 2024
Back to Main