奇安信CodeSafe

icon indicating a website link http://www.codesafe.cn/

Results 348 issues of 奇安信CodeSafe

Value stored to 'input_block_array_size' during its initialization is never read

https://github.com/intel/clDNN/blob/3e4b6ec092ca7c5d83ccb23bffcdf2a143127c78/kernel_selector/core/actual_kernels/convolution/convolution_kernel_MMAD_blocks.cpp#L191 https://github.com/intel/clDNN/blob/3e4b6ec092ca7c5d83ccb23bffcdf2a143127c78/kernel_selector/core/actual_kernels/convolution/convolution_kernel_MMAD_blocks.cpp#L194

Stream pointer might be NULL

'fp' is defined here, but may be NULL https://github.com/amzn/amazon-dsstne/blob/14bd7ee1c797e5325a6ae13122c54ab73cfe0236/src/amazon/dsstne/engine/NNWeight.cpp#L1131 Stream pointer might be NULL https://github.com/amzn/amazon-dsstne/blob/14bd7ee1c797e5325a6ae13122c54ab73cfe0236/src/amazon/dsstne/engine/NNWeight.cpp#L1137

There is a vulnerability in mysql-connector-java 5.1.40 ,upgrade recommended

https://github.com/Meituan-Dianping/Zebra/blob/33d74b831abe7e8e2d29f8c4e145e46ba17432dc/zebra-admin-web/pom.xml#L95-L97 CVE-2017-3523 CVE-2018-3258 CVE-2019-2692 CVE-2020-2875 CVE-2020-2934 Recommended upgrade version:8.0.20

There is a vulnerability in commons-httpclient 3.1 ,upgrade recommended

https://github.com/Meituan-Dianping/Zebra/blob/33d74b831abe7e8e2d29f8c4e145e46ba17432dc/zebra-admin-web/pom.xml#L155-L157 CVE-2012-5783 CVE-2020-13956 Recommended upgrade version:4.5.13

There is a vulnerability in Bootstrap v3.3.6 ,upgrade recommended

https://github.com/Meituan-Dianping/Zebra/blob/33d74b831abe7e8e2d29f8c4e145e46ba17432dc/zebra-admin-web/src/main/webapp/app/static/bootstrap/dist/js/bootstrap.min.js#L2 CVE-2019-8331 CVE-2018-14040 CVE-2018-20677 CVE-2018-20676 CVE-2016-10735 Recommended upgrade version:3.4.1

There is a vulnerability in mysql-connector-java 5.1.40 ,upgrade recommended

https://github.com/Meituan-Dianping/Zebra/blob/33d74b831abe7e8e2d29f8c4e145e46ba17432dc/zebra-admin-web/pom.xml#L94-L98 CVE-2017-3523 CVE-2018-3258 CVE-2019-2692 CVE-2020-2875 CVE-2020-2934 Recommended upgrade version:8.0.20

There is a vulnerability in mybatis 3.4.1 ,upgrade recommended

https://github.com/Meituan-Dianping/Zebra/blob/33d74b831abe7e8e2d29f8c4e145e46ba17432dc/zebra-dao/pom.xml#L46-L50 CVE-2020-26945 Recommended upgrade version:3.5.6

There is a vulnerability in fastjson-alibaba:1.1.70.android ,upgrade recommended

https://github.com/alibaba/Virtualview-Android/blob/15662fa3428d7d8510000e60218a2426ade35672/virtualview/build.gradle#L114 CVE-2017-18349 CVE-2020-8840 Recommended upgrade version:1.1.72.android

资源未释放:文件

2 comment

您好,我是奇虎360代码卫士团队的工作人员,在我们的开源项目检测中发现roncoo-pay存在资源未释放:文件漏洞,详细信息如下: ![image](https://user-images.githubusercontent.com/39950310/47991523-57549280-e125-11e8-8860-b8ff9e3ad613.png) 在FileUtils.java中第143行,zip在创建使用后并未进行合理释放,将会降低系统性能,攻击者还有可能会通过耗尽资源池的方式发起拒绝服务攻击。建议在finally代码块中手动释放文件资源。

There is a vulnerability in spark 2.4.4,upgrade recommended

https://github.com/cerner/bunsen/blob/28365076805e737c9d145741abd6e111bbbff4bb/pom.xml#L25 CVE-2020-9480 Recommended upgrade version:2.4.7