19 matches found
CVE-2022-35970
TensorFlow is an open source platform for machine learning. If QuantizedInstanceNorm is given xmin or xmax tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 785d67a78a1d533759fcd2f5e8d6ef778de849e...
MAL-2025-35970 Malicious code in test-mlw2-picks-touts (npm)
The package test-mlw2-picks-touts was found to contain malicious code...
CVE-2024-35970
In the Linux kernel, the following vulnerability has been resolved: afunix: Clear stale u-oobskb. syzkaller started to report deadlock of unixgclock after commit 4090fa373f0e "afunix: Replace garbage collection algorithm.", but it just uncovers the bug that has been there since commit 314001f0bf9...
CVE-2023-35970
creationtimestamp| type| source ---|---|--- 2024-01-16 21:16:36+00:00| seen| https://t.me/ctinow/169002...
UBUNTU-CVE-2023-35970
Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 chaintable parsing functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This...
CVE-2023-35970
Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 chaintable parsing functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This...
CVE-2023-35970
GTKWave contains multiple heap-based buffer overflow vulnerabilities in the fstReaderIterBlocks2 chain_table parsing of FST_BL_VCDATA_DYN_ALIAS2, enabling arbitrary code execution when a crafted .fst file is opened. Affected product: GTKWave 3.3.115 (and related Debian/OSS advisories list 3.3.98+...
SUSE CVE-2022-35970
TensorFlow is an open source platform for machine learning. If QuantizedInstanceNorm is given xmin or xmax tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 785d67a78a1d533759fcd2f5e8d6ef778de849e...
CVE-2022-35970
creationtimestamp| type| source ---|---|--- 2022-09-17 00:29:12+00:00| published-proof-of-concept| https://t.me/cibsecurity/49987...
acuity (=6.18.0), acuitypro (=6.18.0) +60 more potentially affected by CVE-2022-35970 via tensorflow (>=2.8.0 <=2.8.0rc1)
tensorflow PYPI version =2.8.0, =1.2.8, =1.0.43, =0.2.2, =0.0.1, =0.0.2, =0.2.8, =0.14.0, =0.1.3, =0.0.9, =0.2.27, =0.2.41 - complaintclassify =0.0.5 - conversational-sentence-encoder =0.0.6 and more Source cves: CVE-2022-35970 Source advisory: OSV:GHSA-G35R-369W-3FQP...
aliby (>=0.1.18 <=0.1.55), aliby-baby (>=0.1.11 <=0.1.17) +29 more potentially affected by CVE-2022-35970 via tensorflow (>=2.9.0 <=2.9.0rc2)
tensorflow PYPI version =2.9.0, =0.1.18, =0.1.11, =0.30.0, =0.0.0, =1.3.0, =0.3.0, =1.0.1, =1.2.0, =0.0.6, =1.0.12, =0.1.0, =0.1.1 and more Source cves: CVE-2022-35970 Source advisory: OSV:GHSA-G35R-369W-3FQP...
a62-emotion (>=0.10.12 <=0.11.4), aiproteomics (=0.2.1) +98 more potentially affected by CVE-2022-35970 via tensorflow-cpu (>=1.15.0 <=2.7.0)
tensorflow-cpu PYPI version =1.15.0, =0.10.12, =2.0.0, =2.0.0, =1.0.0, =0.0.5, =0.3.0, =0.0.1, =0.8.1, =0.1.1, =1.3.0, =0.1.0.dev1, =0.0.1, =0.3.3 and more Source cves: CVE-2022-35970 Source advisory: OSV:GHSA-G35R-369W-3FQP...
125softnlp (=0.0.1), a2 (>=0.10.11 <=0.10.13) +4899 more potentially affected by CVE-2022-35970 via tensorflow (>=1.0.1 <=2.7.1)
tensorflow PYPI version =1.0.1, =0.10.11, =0.1.0, =0.0.0, =0.5.0, =0.1.6, =1.0.0, =2.0.0, =1.0.0, =0.0.1, =0.0.7 and more Source cves: CVE-2022-35970 Source advisory: OSV:GHSA-G35R-369W-3FQP...
animl (>=1.1.2 <=1.1.4), arekit (>=0.21.0 <=0.22.1) +182 more potentially affected by CVE-2022-35970 via tensorflow-gpu (>=1.10.1 <=2.7.0)
tensorflow-gpu PYPI version =1.10.1, =1.1.2, =0.21.0, =0.23.0, =0.9.2, =1.0.0, =0.1.0, =0.0.1, =0.0.9, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - brainhance =0.0.1 and more Source cves: CVE-2022-35970 Source advisory: OSV:GHSA-G35R-369W-3FQP...
clip-jax (=0.0.5) potentially affected by CVE-2022-35970 via tensorflow-cpu (=2.9.0)
tensorflow-cpu PYPI version =2.9.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-cpu and may be impacted: - clip-jax =0.0.5 Source cves: CVE-2022-35970 Source advisory: OSV:GHSA-G35R-369W-3FQP...
CVE-2022-35970
CVE-2022-35970 affects TensorFlow’s QuantizedInstanceNorm. When x_min or x_max are tensors of a nonzero rank, a segfault occurs, enabling a denial of service as described in the entry. The issue is fixed in the GitHub commit 785d67a78a1d533759fcd2f5e8d6ef778de849e0 and the fix is to be included i...
CVE-2022-35970 Segfault in `QuantizedInstanceNorm` in TensorFlow
TensorFlow is an open source platform for machine learning. If QuantizedInstanceNorm is given xmin or xmax tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 785d67a78a1d533759fcd2f5e8d6ef778de849e...
CVE-2021-35970
CVE-2021-35970 affects Coral Talk 4 prior to 4.12.1. The issue arises from permission checks using an incorrect data type, enabling remote attackers to query GraphQL and discover email addresses and other sensitive information. Exploitation is remote and unauthenticated as described in the public...
CVE-2020-35970
In YzmCMS 5.8, a SSRF vulnerability exists in the backend collection management that allows arbitrary file read. Affected component: backend collection management module of YzmCMS 5.8. Root cause: server-side request forgery enabling access to arbitrary files. Impact stated as partial information...