114 matches found
DEBIAN-CVE-2015-20107
In Python aka CPython up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input if they lack validation of user-provided...
AZL-9417 CVE-2015-20107 affecting package python3 for versions less than 3.9.13-5
In Python aka CPython up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input if they lack validation of user-provided...
PYSEC-2022-120
Tensorflow is an Open Source Machine Learning Framework. Impact An attacker can craft a TFLite model that would trigger a division by zero in the implementation of depthwise convolutions. The parameters of the convolution can be user controlled and are also used within a division operation to...
PT-2021-17907 · Xen +1 · Xen +1
Name of the Vulnerable Software and Affected Versions: Xen versions prior to 4.14 Description: The issue arises when grant table v2 status pages are de-allocated as a guest switches back from v2 to v1, potentially allowing a guest to retain access to a page that was freed and perhaps re-used for...
GHSA-786J-5QWQ-R36X Segfault while copying constant resource tensor
Impact During TensorFlow's Grappler optimizer phase, constant folding might attempt to deep copy a resource tensor. This results in a segfault, as these tensors are supposed to not change. Patches We have patched the issue in GitHub commit 7731e8dfbe4a56773be5dc94d631611211156659. The fix will be...
CVE-2021-41216
TensorFlow is an open source platform for machine learning. In affected versions the shape inference function for Transpose is vulnerable to a heap buffer overflow. This occurs whenever perm contains negative elements. The shape inference function does not validate that the indices in perm are al...
PYSEC-2021-305
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of division in TFLite is vulnerable to a division by 0 error. There is no check that the divisor tensor does not contain zero elements. We have patched the issue in GitHub commit...
PYSEC-2021-294
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to tf.rawops.SdcaOptimizerV2. The implementation does not check that the length of...
PYSEC-2021-778
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.UnicodeEncode. The implementation reads the first dimension of the inputsplits tensor before validating that th...
CVE-2021-37666
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.RaggedTensorToVariant. The implementation has an incomplete validation of the splits values, missing the case...
CVE-2021-37671
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.Map and tf.rawops.OrderedMap operations. The implementation has a check in place to ensure that indices is in...
CVE-2021-37675
TensorFlow is an end-to-end open source platform for machine learning. In affected versions most implementations of convolution operators in TensorFlow are affected by a division by 0 vulnerability where an attacker can trigger a denial of service via a crash. The shape inference implementation i...
CVE-2021-37676
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.SparseFillEmptyRows. The shape inference implementation does not validate that the input arguments are not empt...
PYSEC-2021-279
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type tf.rawops.MatrixDiagV. The implementation has incomplete validation that the value of k is a valid...
PYSEC-2021-747
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of tf.rawops.SparseDenseCwiseDiv is vulnerable to a division by 0 error. The implementation uses a common class for all binary operations but fails to treat the division by 0 case...
GHSA-828X-QC2P-WPRQ Undefined behavior in `MaxPool3DGradGrad`
Impact The implementation of tf.rawops.MaxPool3DGradGrad exhibits undefined behavior by dereferencing null pointers backing attacker-supplied empty tensors: python import tensorflow as tf originput = tf.constant0.0, shape=1, 1, 1, 1, 1, dtype=tf.float32 origoutput = tf.constant0.0, shape=1, 1, 1,...
PYSEC-2021-650
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in tf.rawops.Conv2DBackpropFilter. This is because the...
PYSEC-2021-169
TensorFlow is an end-to-end open source platform for machine learning. An attacker can force accesses outside the bounds of heap allocated arrays by passing in invalid tensor values to tf.rawops.RaggedCross. This is because the...
PYSEC-2021-720
TensorFlow is an end-to-end open source platform for machine learning. TFLite's convolution codehttps://github.com/tensorflow/tensorflow/blob/09c73bca7d648e961dd05898292d91a8322a9d45/tensorflow/lite/kernels/conv.cc has multiple division where the divisor is controlled by the user and not checked ...
PYSEC-2021-681
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via a FPE runtime error in tf.rawops.FusedBatchNorm. This is because the...