Lucene search
+L

643 matches found

OSV
OSV
added 2024/03/06 11:19 a.m.16 views

BIT-TENSORFLOW-2021-29527 Division by 0 in `QuantizedConv2D`

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in tf.rawops.QuantizedConv2D. This is because the...

5.5CVSS5.5AI score0.00189EPSS
Exploits1References3
OSV
OSV
added 2024/03/06 11:19 a.m.14 views

BIT-TENSORFLOW-2021-29536 Heap buffer overflow in `QuantizedReshape`

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in QuantizedReshape by passing in invalid thresholds for the quantization. This is because the...

7.8CVSS7.7AI score0.00211EPSS
Exploits1References3
OSV
OSV
added 2024/03/06 11:19 a.m.15 views

BIT-TENSORFLOW-2021-29551 OOB read in `MatrixTriangularSolve`

TensorFlow is an end-to-end open source platform for machine learning. The implementation of MatrixTriangularSolvehttps://github.com/tensorflow/tensorflow/blob/8cae746d8449c7dda5298327353d68613f16e798/tensorflow/core/kernels/linalg/matrixtriangularsolveopimpl.hL160-L240 fails to terminate kernel...

5.5CVSS5.5AI score0.00217EPSS
Exploits1References3
OSV
OSV
added 2024/03/06 11:19 a.m.23 views

BIT-TENSORFLOW-2021-29554 Division by 0 in `DenseCountSparseOutput`

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via a FPE runtime error in tf.rawops.DenseCountSparseOutput. This is because the...

5.5CVSS5.3AI score0.00189EPSS
Exploits1References3
OSV
OSV
added 2024/03/06 11:19 a.m.17 views

BIT-TENSORFLOW-2021-29557 Division by 0 in `SparseMatMul`

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via a FPE runtime error in tf.rawops.SparseMatMul. The division by 0 occurs deep in Eigen code because the b tensor is empty. The fix will be included in TensorFlow 2.5.0. We will also...

5.5CVSS5.5AI score0.00189EPSS
Exploits1References3
OSV
OSV
added 2024/03/06 11:19 a.m.17 views

BIT-TENSORFLOW-2021-29566 Heap OOB access in `Dilation2DBackpropInput`

TensorFlow is an end-to-end open source platform for machine learning. An attacker can write outside the bounds of heap allocated arrays by passing invalid arguments to tf.rawops.Dilation2DBackpropInput. This is because the...

7.8CVSS7.5AI score0.00201EPSS
Exploits1References3
OSV
OSV
added 2024/03/06 11:18 a.m.21 views

BIT-TENSORFLOW-2021-29568 Reference binding to null in `ParameterizedTruncatedNormal`

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger undefined behavior by binding to null pointer in tf.rawops.ParameterizedTruncatedNormal. This is because the...

7.8CVSS7.4AI score0.00197EPSS
Exploits1References3
OSV
OSV
added 2024/03/06 11:18 a.m.18 views

BIT-TENSORFLOW-2021-29570 Heap out of bounds read in `MaxPoolGradWithArgmax`

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.MaxPoolGradWithArgmax can cause reads outside of bounds of heap allocated data if attacker supplies specially crafted inputs. The...

7.1CVSS6.8AI score0.00154EPSS
Exploits0References3
OSV
OSV
added 2024/03/06 11:18 a.m.40 views

BIT-TENSORFLOW-2021-29571 Memory corruption in `DrawBoundingBoxesV2`

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.MaxPoolGradWithArgmax can cause reads outside of bounds of heap allocated data if attacker supplies specially crafted inputs. The...

7.8CVSS7.7AI score0.0024EPSS
Exploits1References3
OSV
OSV
added 2024/03/06 11:18 a.m.11 views

BIT-TENSORFLOW-2021-29572 Reference binding to nullptr in `SdcaOptimizer`

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.SdcaOptimizer triggers undefined behavior due to dereferencing a null pointer. The...

5.5CVSS5.5AI score0.00189EPSS
Exploits1References3
OSV
OSV
added 2024/03/06 11:18 a.m.13 views

BIT-TENSORFLOW-2021-29574 Undefined behavior in `MaxPool3DGradGrad`

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.MaxPool3DGradGrad exhibits undefined behavior by dereferencing null pointers backing attacker-supplied empty tensors. The...

7.8CVSS7.4AI score0.00201EPSS
Exploits1References3
OSV
OSV
added 2024/03/06 11:18 a.m.24 views

BIT-TENSORFLOW-2021-29596 Division by zero in TFLite's implementation of `EmbeddingLookup`

TensorFlow is an end-to-end open source platform for machine learning. The implementation of the EmbeddingLookup TFLite operator is vulnerable to a division by zero...

7.8CVSS7.4AI score0.00201EPSS
Exploits1References3
OSV
OSV
added 2024/03/06 11:18 a.m.23 views

BIT-TENSORFLOW-2021-29597 Division by zero in TFLite's implementation of `SpaceToBatchNd`

TensorFlow is an end-to-end open source platform for machine learning. The implementation of the SpaceToBatchNd TFLite operator is vulnerable to a division by zero error. An attacker can craft a model such that one dimension of the block input is 0. Hence, the corresponding value in blockshape is...

7.8CVSS7.4AI score0.00201EPSS
Exploits1References3
OSV
OSV
added 2024/03/06 11:18 a.m.20 views

BIT-TENSORFLOW-2021-29603 Heap OOB write in TFLite

TensorFlow is an end-to-end open source platform for machine learning. A specially crafted TFLite model could trigger an OOB write on heap in the TFLite implementation of...

7.8CVSS7.5AI score0.00201EPSS
Exploits1References3
OSV
OSV
added 2024/03/06 11:18 a.m.14 views

BIT-TENSORFLOW-2021-29604 Division by zero in TFLite's implementation of hashtable lookup

TensorFlow is an end-to-end open source platform for machine learning. The TFLite implementation of hashtable lookup is vulnerable to a division by zero errorhttps://github.com/tensorflow/tensorflow/blob/1a8e885b864c818198a5b2c0cbbeca5a1e833bc8/tensorflow/lite/kernels/hashtablelookup.ccL114-L115 ...

5.5CVSS5.4AI score0.00189EPSS
Exploits1References3
OSV
OSV
added 2024/03/06 11:18 a.m.14 views

BIT-TENSORFLOW-2021-29611 Incomplete validation in `SparseReshape`

TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in SparseReshape results in a denial of service based on a CHECK-failure. The...

5.5CVSS5.5AI score0.00202EPSS
Exploits1References3
OSV
OSV
added 2024/03/06 11:18 a.m.16 views

BIT-TENSORFLOW-2021-29615 Stack overflow in `ParseAttrValue` with nested tensors

TensorFlow is an end-to-end open source platform for machine learning. The implementation of ParseAttrValuehttps://github.com/tensorflow/tensorflow/blob/c22d88d6ff33031aa113e48aa3fc9aa74ed79595/tensorflow/core/framework/attrvalueutil.ccL397-L453 can be tricked into stack overflow due to recursion...

5.5CVSS5.6AI score0.00204EPSS
Exploits1References3
OSV
OSV
added 2024/03/06 11:17 a.m.20 views

BIT-TENSORFLOW-2021-29619 Segfault in `tf.raw_ops.SparseCountSparseOutput`

TensorFlow is an end-to-end open source platform for machine learning. Passing invalid arguments e.g., discovered via fuzzing to tf.rawops.SparseCountSparseOutput results in segfault. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow...

5.5CVSS5.5AI score0.00194EPSS
Exploits1References3
OSV
OSV
added 2024/03/06 10:58 a.m.10 views

BIT-MAGENTO-2021-28585 Magento Commerce improper input validation in customer customer webapi

Magento versions 2.4.2 and earlier, 2.4.1 and earlier and 2.3.6 and earlier are affected by an Improper input validation vulnerability in the New customer WebAPI.Successful exploitation could allow an attacker to send unsolicited spam e-mails...

5.3CVSS6AI score0.01578EPSS
Exploits0References2
OSV
OSV
added 2024/01/08 7:15 p.m.5 views

CVE-2023-52208

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Constant Contact Constant Contact Forms.This issue affects Constant Contact Forms: from n/a through 2.4.2...

7.5CVSS7.3AI score0.00443EPSS
Exploits0References1
Rows per page
Query Builder