Magellan - SQLite远程代码执行漏洞公告

由 Blade Team

January 1, 2019

Magellan is a number of vulnerabilities that exist in SQLite. These vulnerabilities were discovered by Tencent Blade Team and verified to be able to successfully implement remote code execution in Chromium browsers. As a well-known database, SQLite is widely used in all modern mainstream operating systems and software, so this vulnerability has a wide range of influence. SQLite and Google had confirmed and fixed this vulnerability. We will not disclose any details of the vulnerability at this time, and we are pushing other vendors to fix this vulnerability as soon as possible.

Columbus - TensorFlow安全漏洞公告

由 Blade Team

January 1, 2018

Columbus is the first vulnerability found in Google’s AI Framwork TensorFlow. This vulnerability allows a malicious TensorFlow model file executes arbitrary code on TensorFlow user’s computer. It’s common case for TensorFlow users to download and use a pretrained model. If a TensorFlow user uses a malicious model file, the user’s computer could be controlled or private data is stole.Columbus works on personal computers, mobile devices, and in the cloud.

漏洞CVE ID & 厂商公开致谢列表

Tencent Blade Team专注于网络空间前沿领域的前瞻性安全攻防研究,我们在研究过程中会发现某些厂商或开源社区的软件或设备存在安全漏洞。 作为漏洞发现者,我们将优先以帮助厂商解决安全问题为出发点,第一时间将安全漏洞报告给厂商,并积极与受影响厂商合作,共同修复这些安全漏洞。 至今我们已向Apple、Amazon、Google、Microsoft、Adobe等诸多国际知名公司报告并其协助修复了100多个安全漏洞。