CVE-2020-29592
published 2021-04-14CVE-2020-29592: An issue was discovered in Orchard before 1.10. A broken access control issue in Orchard components that use the TinyMCE HTML editor's file upload allows an…
PriorityP355critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.18%
80.1th percentile
An issue was discovered in Orchard before 1.10. A broken access control issue in Orchard components that use the TinyMCE HTML editor's file upload allows an attacker to upload dangerous executables that bypass the file types allowed (regardless of the file types allowed list in Media settings).
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| intel | optimization_for_tensorflow | >= 0 < 2.1.4 | 2.1.4 |
| intel | optimization_for_tensorflow | >= 2.2.0 < 2.2.3 | 2.2.3 |
| intel | optimization_for_tensorflow | >= 2.3.0 < 2.3.3 | 2.3.3 |
| intel | optimization_for_tensorflow | >= 2.4.0 < 2.4.2 | 2.4.2 |
| orchardproject | orchard | < 1.10 | 1.10 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
ghsa5.9MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-f293-4f7m-q7rj: An issue was discovered in Orchard before 1
ghsa_unreviewed·2022-05-24
CVE-2020-29592 [CRITICAL] CWE-434 GHSA-f293-4f7m-q7rj: An issue was discovered in Orchard before 1
An issue was discovered in Orchard before 1.10. A broken access control issue in Orchard components that use the TinyMCE HTML editor's file upload allows an attacker to upload dangerous executables that bypass the file types allowed (regardless of the file types allowed list in Media settings).
GHSA
Null pointer dereference in TFLite's `Reshape` operator
ghsa·2021-05-21·CVSS 5.9
CVE-2021-29592 [MEDIUM] CWE-476 Null pointer dereference in TFLite's `Reshape` operator
Null pointer dereference in TFLite's `Reshape` operator
### Impact
The fix for [CVE-2020-15209](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15209) missed the case when the target shape of `Reshape` operator is given by the elements of a 1-D tensor. As such, the [fix for the vulnerability](https://github.com/tensorflow/tensorflow/blob/9c1dc920d8ffb4893d6c9d27d1f039607b326743/tensorflow/lite/core/subgraph.cc#L1062-L1074) allowed passing a null-buffer-backed tensor with a 1D shape:
```cc
if (tensor->data.raw == nullptr && tensor->bytes > 0) {
if (registration.builtin_code == kTfLiteBuiltinReshape && i == 1) {
// In general, having a tensor here with no buffer will be an error.
// However, for the reshape operator, the second input tensor is only
// used for the shape, not for th
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-04-14
Published