Lucene search
+L

177 matches found

Github Security Blog
Github Security Blog
added 2023/03/24 9:53 p.m.37 views

TensorFlow has Floating Point Exception in TFLite in conv kernel

Impact Constructing a tflite model with a paramater filterinputchannel of less than 1 gives a FPE. Patches We have patched the issue in GitHub commit 34f8368c535253f5c9cb3a303297743b62442aaa. The fix will be included in TensorFlow 2.12. We will also cherrypick this commit on TensorFlow 2.11.1. Fo...

7.5CVSS7.2AI score0.00391EPSS
Exploits0References4Affected Software3
Positive Technologies
Positive Technologies
added 2023/03/24 12:0 a.m.4 views

PT-2023-20238

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.12.0 TensorFlow versions prior to 2.11.1 Description The issue occurs when running TensorFlow with XLA, where tf.raw ops.ParallelConcat segfaults with a nullptr dereference when given a parameter shape with rank...

7.5CVSS6.7AI score0.00391EPSS
Exploits0References19
Positive Technologies
Positive Technologies
added 2023/03/24 12:0 a.m.3 views

PT-2023-20226

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.12.0 TensorFlow versions prior to 2.11.1 Description The issue occurs when SparseSparseMaximum is given invalid sparse tensors as inputs, resulting in a null pointer error. This is a problem in the TensorFlow ope...

7.5CVSS5.9AI score0.00439EPSS
Exploits1References18
Positive Technologies
Positive Technologies
added 2023/03/24 12:0 a.m.2 views

PT-2023-20230

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.12.0 and 2.11.1 Description The issue arises when the stride and window size are not positive for tf.raw ops.AvgPoolGrad, potentially causing a floating point exception. Recommendations For versions prior to...

7.5CVSS6AI score0.00391EPSS
Exploits0References19
Positive Technologies
Positive Technologies
added 2023/03/24 12:0 a.m.6 views

PT-2023-21221

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.12 TensorFlow version 2.11.1 and earlier Description Constructing a tflite model with a parameter filter input channel of less than 1 gives a Floating Point Exception FPE. This issue affects TensorFlow, an...

7.5CVSS6.7AI score0.00391EPSS
Exploits0References20
Github Security Blog
Github Security Blog
added 2023/03/19 12:30 a.m.47 views

jackson-databind possible Denial of Service if using JDK serialization to serialize JsonNode

jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service 2 GB transient heap usage per read in uncommon situations involving JsonNode JDK serialization...

7.5CVSS7.2AI score0.01124EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2023/03/18 10:15 p.m.30 views

CVE-2021-46877

jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service 2 GB transient heap usage per read in uncommon situations involving JsonNode JDK serialization...

7.5CVSS7.5AI score
Exploits0References2
OSV
OSV
added 2023/03/18 10:15 p.m.1 views

UBUNTU-CVE-2021-46877

jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service 2 GB transient heap usage per read in uncommon situations involving JsonNode JDK serialization...

7.5CVSS6.8AI score0.01124EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2023/02/15 3:48 a.m.4 views

SUSE CVE-2021-3697

A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerabili...

7.5CVSS8.5AI score0.00456EPSS
Exploits0References24
Snyk
Snyk
added 2022/11/20 9:8 a.m.2 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read when the BaseCandidateSamplerOp function receives a value in trueclasses larger than rangemax. Remediation Upgrade tensorflow-lite to version 2.12.0 or higher. References - GitHub Commit - Vulnerable Code Credit: Yu...

9.1CVSS6.9AI score0.0038EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2022/11/01 7:0 p.m.4 views

ai.catboost:catboost-spark_3.3_2.12 (>=1.1 <=1.2.10), ai.h2o:sparkling-water-doc_2.12 (>=3.36.1.3-1-3.3 <=3.38.0.4-1-3.3) +146 more potentially affected by CVE-2022-31777 via org.apache.spark:spark-core_2.12 (=3.3.0)

org.apache.spark:spark-core2.12 MAVEN version =3.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.spark:spark-core2.12 and may be impacted: - ai.catboost:catboost-spark3.32.12 =1.1, =3.36.1.3-1-3.3, =0.0.1, =5.2.0, =5.3.1, =5.3.1, =5.3.1,...

5.4CVSS6.4AI score0.01473EPSS
Exploits0
CNNVD
CNNVD
added 2022/08/01 12:0 a.m.5 views

Node.js 信任管理问题漏洞

Node.js is an open source, cross-platform JavaScript runtime environment. A trust management issue vulnerability exists in fs2 on Node.js, which stems from the fact that when fs2-io is used to establish a server-mode TLSSocket on Node.js, it ignores the parameter requestCert = true, skips the...

9.8CVSS8.2AI score0.00641EPSS
Exploits1References4
vulnersOsv
vulnersOsv
added 2022/06/28 11:23 p.m.5 views

ai.agnos:reactive-sparql_2.12 (>=0.3.0 <=0.3.1), be.cetic:rts-gen_2.12 (>=0.1.3 <=0.1.13) +382 more potentially affected by CVE-2018-18855 via io.spray:spray-json_2.12 (>=1.3.2 <=1.3.4)

io.spray:spray-json2.12 MAVEN version =1.3.2, =0.3.0, =0.1.3, =0.1.14, =0.11.1, =0.15.2, =0.2.0, =0.0.82.12, =1.23.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0-RC8 - com.chudsaviet.gradle.avrohugger:com.chudsaviet.gradle.avrohugger.gradle.plugin =0.2.4 - com.cra.figaro:figaro2.12 =5.0.0.0 and more Source...

7.1AI score0.00532EPSS
Exploits0
OSV
OSV
added 2022/05/23 8:16 p.m.19 views

GHSA-CMV8-6362-R5W9 Malicious HTML+XHR Artifact Privilege Escalation in Argo Workflows

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. The attacker creates a workflow that produces a HTML artifact that contains a HTML file that contains a script which uses XHR calls to interact with the Argo Server API. The attacker...

7.1CVSS6.9AI score0.0086EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2022/05/13 1:30 a.m.3 views

ai.snips:play-mongo-bson_2.12 (>=0.5 <=0.5.1), be.venneborg:play26-refined_2.12 (>=0.2.0 <=0.3.0) +154 more potentially affected by CVE-2018-13864 via com.typesafe.play:play_2.12 (>=2.6.12 <=2.6.15)

com.typesafe.play:play2.12 MAVEN version =2.6.12, =0.5, =0.2.0, =0.1.0, =0.1.0, =0.1.0, =1.4-P26-B3, =1.5.13, =7.6.0-crosscompilescala212.2.206f1b4play2.6, =10.0.0play2.6, =10.0.0play2.6, =10.0.0play2.6, =17.1.4play2.6 - com.elegantmonkeys:lagom-google-pubsub-broker2.12 =1.0.0-RC1 and more Source...

7.5CVSS7.1AI score0.03418EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2022/05/02 4:1 a.m.17 views

Zope Cross-site scripting (XSS) vulnerability in ZMI pages

Cross-site scripting XSS vulnerability in ZMI pages that use the managetabsmessage in Zope 2.11.4, 2.11.2, 2.10.9, 2.10.7, 2.10.6, 2.10.5, 2.10.4, 2.10.2, 2.10.1, 2.12...

6.1CVSS6.2AI score0.02055EPSS
Exploits0References8Affected Software1
Exploit DB
Exploit DB
added 2022/04/19 12:0 a.m.379 views

Zyxel NWA-1100-NH - Command Injection

Exploit Title: Zyxel NWA-1100-NH - Command Injection Date: 12/4/2022 Exploit Author: Ahmed Alroky Vendor Homepage: https://www.zyxel.com/homepage.shtml Version: ALL BEFORE 2.12 Tested on: Linux CVE : CVE-2021-4039 References :...

10CVSS9.7AI score0.71048EPSS
Exploits4
vulnersOsv
vulnersOsv
added 2022/02/09 11:6 p.m.8 views

com.codacy:codacy-seed-client-akka-http_2.12 (>=1.1.0-master.51.7b7549c_akka25Circe08 <=1.2.0_akka25Circe08), com.softwaremill.akka-http-session:jwt_2.12 (>=0.3.0 <=0.5.10) potentially affected by CVE-2020-7780 via com.softwaremill.akka-http-session:core_2.12 (>=0.3.0 <=0.5.10)

com.softwaremill.akka-http-session:core2.12 MAVEN version =0.3.0, =1.1.0-master.51.7b7549cakka25Circe08, =0.3.0, =0.5.10 Source cves: CVE-2020-7780 Source advisory: OSV:GHSA-Q42Q-523G-3FWV...

8.8CVSS7.2AI score0.00645EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/02/09 10:37 p.m.6 views

com.github.3tty0n:gatling-thrift_2.12 (>=0.2.0 <=0.4.4), com.github.ikhoon:finatra-swagger_2.12 (=2.13.0) +54 more potentially affected by CVE-2020-35774 via com.twitter:twitter-server_2.12 (>=1.28.0 <=20.10.0)

com.twitter:twitter-server2.12 MAVEN version =1.28.0, =0.2.0, =2.9.0, =0.5.0, =0.5.0, =0.5.0, =0.17.0, =0.17.0, =0.17.0, =2.9.0, =20.10.0 - com.twitter:finatra-kafka-streams-prerestore2.12 =20.10.0 - com.twitter:finatra-kafka-streams-queryable-thrift-client2.12 =20.10.0 -...

5.4CVSS5.9AI score0.87622EPSS
Exploits0
OSV
OSV
added 2021/11/09 12:15 p.m.6 views

CVE-2020-10054

A vulnerability has been identified in SIMATIC RTLS Locating Manager All versions V2.12. The affected application does not properly handle the import of large configuration files. A local attacker could import a specially crafted file which could lead to a denial-of-service condition of the...

5.5CVSS6AI score0.00201EPSS
Exploits0References1
Rows per page
Query Builder