177 matches found
TensorFlow has Floating Point Exception in TFLite in conv kernel
Impact Constructing a tflite model with a paramater filterinputchannel of less than 1 gives a FPE. Patches We have patched the issue in GitHub commit 34f8368c535253f5c9cb3a303297743b62442aaa. The fix will be included in TensorFlow 2.12. We will also cherrypick this commit on TensorFlow 2.11.1. Fo...
PT-2023-20238
Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.12.0 TensorFlow versions prior to 2.11.1 Description The issue occurs when running TensorFlow with XLA, where tf.raw ops.ParallelConcat segfaults with a nullptr dereference when given a parameter shape with rank...
PT-2023-20226
Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.12.0 TensorFlow versions prior to 2.11.1 Description The issue occurs when SparseSparseMaximum is given invalid sparse tensors as inputs, resulting in a null pointer error. This is a problem in the TensorFlow ope...
PT-2023-20230
Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.12.0 and 2.11.1 Description The issue arises when the stride and window size are not positive for tf.raw ops.AvgPoolGrad, potentially causing a floating point exception. Recommendations For versions prior to...
PT-2023-21221
Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.12 TensorFlow version 2.11.1 and earlier Description Constructing a tflite model with a parameter filter input channel of less than 1 gives a Floating Point Exception FPE. This issue affects TensorFlow, an...
jackson-databind possible Denial of Service if using JDK serialization to serialize JsonNode
jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service 2 GB transient heap usage per read in uncommon situations involving JsonNode JDK serialization...
CVE-2021-46877
jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service 2 GB transient heap usage per read in uncommon situations involving JsonNode JDK serialization...
UBUNTU-CVE-2021-46877
jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service 2 GB transient heap usage per read in uncommon situations involving JsonNode JDK serialization...
SUSE CVE-2021-3697
A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerabili...
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read when the BaseCandidateSamplerOp function receives a value in trueclasses larger than rangemax. Remediation Upgrade tensorflow-lite to version 2.12.0 or higher. References - GitHub Commit - Vulnerable Code Credit: Yu...
ai.catboost:catboost-spark_3.3_2.12 (>=1.1 <=1.2.10), ai.h2o:sparkling-water-doc_2.12 (>=3.36.1.3-1-3.3 <=3.38.0.4-1-3.3) +146 more potentially affected by CVE-2022-31777 via org.apache.spark:spark-core_2.12 (=3.3.0)
org.apache.spark:spark-core2.12 MAVEN version =3.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.spark:spark-core2.12 and may be impacted: - ai.catboost:catboost-spark3.32.12 =1.1, =3.36.1.3-1-3.3, =0.0.1, =5.2.0, =5.3.1, =5.3.1, =5.3.1,...
Node.js 信任管理问题漏洞
Node.js is an open source, cross-platform JavaScript runtime environment. A trust management issue vulnerability exists in fs2 on Node.js, which stems from the fact that when fs2-io is used to establish a server-mode TLSSocket on Node.js, it ignores the parameter requestCert = true, skips the...
ai.agnos:reactive-sparql_2.12 (>=0.3.0 <=0.3.1), be.cetic:rts-gen_2.12 (>=0.1.3 <=0.1.13) +382 more potentially affected by CVE-2018-18855 via io.spray:spray-json_2.12 (>=1.3.2 <=1.3.4)
io.spray:spray-json2.12 MAVEN version =1.3.2, =0.3.0, =0.1.3, =0.1.14, =0.11.1, =0.15.2, =0.2.0, =0.0.82.12, =1.23.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0-RC8 - com.chudsaviet.gradle.avrohugger:com.chudsaviet.gradle.avrohugger.gradle.plugin =0.2.4 - com.cra.figaro:figaro2.12 =5.0.0.0 and more Source...
GHSA-CMV8-6362-R5W9 Malicious HTML+XHR Artifact Privilege Escalation in Argo Workflows
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. The attacker creates a workflow that produces a HTML artifact that contains a HTML file that contains a script which uses XHR calls to interact with the Argo Server API. The attacker...
ai.snips:play-mongo-bson_2.12 (>=0.5 <=0.5.1), be.venneborg:play26-refined_2.12 (>=0.2.0 <=0.3.0) +154 more potentially affected by CVE-2018-13864 via com.typesafe.play:play_2.12 (>=2.6.12 <=2.6.15)
com.typesafe.play:play2.12 MAVEN version =2.6.12, =0.5, =0.2.0, =0.1.0, =0.1.0, =0.1.0, =1.4-P26-B3, =1.5.13, =7.6.0-crosscompilescala212.2.206f1b4play2.6, =10.0.0play2.6, =10.0.0play2.6, =10.0.0play2.6, =17.1.4play2.6 - com.elegantmonkeys:lagom-google-pubsub-broker2.12 =1.0.0-RC1 and more Source...
Zope Cross-site scripting (XSS) vulnerability in ZMI pages
Cross-site scripting XSS vulnerability in ZMI pages that use the managetabsmessage in Zope 2.11.4, 2.11.2, 2.10.9, 2.10.7, 2.10.6, 2.10.5, 2.10.4, 2.10.2, 2.10.1, 2.12...
Zyxel NWA-1100-NH - Command Injection
Exploit Title: Zyxel NWA-1100-NH - Command Injection Date: 12/4/2022 Exploit Author: Ahmed Alroky Vendor Homepage: https://www.zyxel.com/homepage.shtml Version: ALL BEFORE 2.12 Tested on: Linux CVE : CVE-2021-4039 References :...
com.codacy:codacy-seed-client-akka-http_2.12 (>=1.1.0-master.51.7b7549c_akka25Circe08 <=1.2.0_akka25Circe08), com.softwaremill.akka-http-session:jwt_2.12 (>=0.3.0 <=0.5.10) potentially affected by CVE-2020-7780 via com.softwaremill.akka-http-session:core_2.12 (>=0.3.0 <=0.5.10)
com.softwaremill.akka-http-session:core2.12 MAVEN version =0.3.0, =1.1.0-master.51.7b7549cakka25Circe08, =0.3.0, =0.5.10 Source cves: CVE-2020-7780 Source advisory: OSV:GHSA-Q42Q-523G-3FWV...
com.github.3tty0n:gatling-thrift_2.12 (>=0.2.0 <=0.4.4), com.github.ikhoon:finatra-swagger_2.12 (=2.13.0) +54 more potentially affected by CVE-2020-35774 via com.twitter:twitter-server_2.12 (>=1.28.0 <=20.10.0)
com.twitter:twitter-server2.12 MAVEN version =1.28.0, =0.2.0, =2.9.0, =0.5.0, =0.5.0, =0.5.0, =0.17.0, =0.17.0, =0.17.0, =2.9.0, =20.10.0 - com.twitter:finatra-kafka-streams-prerestore2.12 =20.10.0 - com.twitter:finatra-kafka-streams-queryable-thrift-client2.12 =20.10.0 -...
CVE-2020-10054
A vulnerability has been identified in SIMATIC RTLS Locating Manager All versions V2.12. The affected application does not properly handle the import of large configuration files. A local attacker could import a specially crafted file which could lead to a denial-of-service condition of the...