Lucene search
K

114 matches found

OSV
OSV
added 2022/04/13 4:15 p.m.4 views

DEBIAN-CVE-2015-20107

In Python aka CPython up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input if they lack validation of user-provided...

7.6CVSS7.3AI score0.07017EPSS
Exploits1References1
OSV
OSV
added 2022/04/13 4:15 p.m.7 views

AZL-9417 CVE-2015-20107 affecting package python3 for versions less than 3.9.13-5

In Python aka CPython up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input if they lack validation of user-provided...

7.6CVSS6.8AI score0.07017EPSS
Exploits1References1
OSV
OSV
added 2022/02/03 3:15 p.m.7 views

PYSEC-2022-120

Tensorflow is an Open Source Machine Learning Framework. Impact An attacker can craft a TFLite model that would trigger a division by zero in the implementation of depthwise convolutions. The parameters of the convolution can be user controlled and are also used within a division operation to...

6.5CVSS6.6AI score0.00821EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2021/12/01 12:0 a.m.3 views

PT-2021-17907 · Xen +1 · Xen +1

Name of the Vulnerable Software and Affected Versions: Xen versions prior to 4.14 Description: The issue arises when grant table v2 status pages are de-allocated as a guest switches back from v2 to v1, potentially allowing a guest to retain access to a page that was freed and perhaps re-used for...

8.6CVSS6.4AI score0.02904EPSS
Exploits0References80
OSV
OSV
added 2021/11/10 7:12 p.m.17 views

GHSA-786J-5QWQ-R36X Segfault while copying constant resource tensor

Impact During TensorFlow's Grappler optimizer phase, constant folding might attempt to deep copy a resource tensor. This results in a segfault, as these tensors are supposed to not change. Patches We have patched the issue in GitHub commit 7731e8dfbe4a56773be5dc94d631611211156659. The fix will be...

6.8CVSS5.9AI score0.00136EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2021/11/05 10:10 p.m.2 views

CVE-2021-41216

TensorFlow is an open source platform for machine learning. In affected versions the shape inference function for Transpose is vulnerable to a heap buffer overflow. This occurs whenever perm contains negative elements. The shape inference function does not validate that the indices in perm are al...

7.8CVSS7.3AI score0.00156EPSS
Exploits0
OSV
OSV
added 2021/08/12 11:15 p.m.6 views

PYSEC-2021-305

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of division in TFLite is vulnerable to a division by 0 error. There is no check that the divisor tensor does not contain zero elements. We have patched the issue in GitHub commit...

5.5CVSS5.9AI score0.00154EPSS
Exploits0References2
PyPA
PyPA
added 2021/08/12 11:15 p.m.6 views

PYSEC-2021-294

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to tf.rawops.SdcaOptimizerV2. The implementation does not check that the length of...

5.5CVSS6.9AI score0.00172EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2021/08/12 10:15 p.m.6 views

PYSEC-2021-778

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.UnicodeEncode. The implementation reads the first dimension of the inputsplits tensor before validating that th...

7.8CVSS5.9AI score0.00173EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2021/08/12 10:15 p.m.2 views

CVE-2021-37666

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.RaggedTensorToVariant. The implementation has an incomplete validation of the splits values, missing the case...

7.8CVSS5.6AI score0.00173EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2021/08/12 10:15 p.m.5 views

CVE-2021-37671

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.Map and tf.rawops.OrderedMap operations. The implementation has a check in place to ensure that indices is in...

7.8CVSS5.6AI score0.00173EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2021/08/12 9:45 p.m.1 views

CVE-2021-37675

TensorFlow is an end-to-end open source platform for machine learning. In affected versions most implementations of convolution operators in TensorFlow are affected by a division by 0 vulnerability where an attacker can trigger a denial of service via a crash. The shape inference implementation i...

5.5CVSS6.7AI score0.0016EPSS
Exploits0
Debian CVE
Debian CVE
added 2021/08/12 9:40 p.m.3 views

CVE-2021-37676

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.SparseFillEmptyRows. The shape inference implementation does not validate that the input arguments are not empt...

7.8CVSS6.9AI score0.00173EPSS
Exploits0
OSV
OSV
added 2021/08/12 9:15 p.m.8 views

PYSEC-2021-279

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type tf.rawops.MatrixDiagV. The implementation has incomplete validation that the value of k is a valid...

7.8CVSS6.6AI score0.00167EPSS
Exploits0References2
PyPA
PyPA
added 2021/08/12 6:15 p.m.6 views

PYSEC-2021-747

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of tf.rawops.SparseDenseCwiseDiv is vulnerable to a division by 0 error. The implementation uses a common class for all binary operations but fails to treat the division by 0 case...

5.5CVSS7AI score0.00152EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2021/05/21 2:26 p.m.36 views

GHSA-828X-QC2P-WPRQ Undefined behavior in `MaxPool3DGradGrad`

Impact The implementation of tf.rawops.MaxPool3DGradGrad exhibits undefined behavior by dereferencing null pointers backing attacker-supplied empty tensors: python import tensorflow as tf originput = tf.constant0.0, shape=1, 1, 1, 1, 1, dtype=tf.float32 origoutput = tf.constant0.0, shape=1, 1, 1,...

2.5CVSS6.9AI score0.00201EPSS
Exploits1References7
PyPA
PyPA
added 2021/05/14 8:15 p.m.7 views

PYSEC-2021-650

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in tf.rawops.Conv2DBackpropFilter. This is because the...

5.5CVSS7AI score0.00189EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/05/14 8:15 p.m.6 views

PYSEC-2021-169

TensorFlow is an end-to-end open source platform for machine learning. An attacker can force accesses outside the bounds of heap allocated arrays by passing in invalid tensor values to tf.rawops.RaggedCross. This is because the...

7.1CVSS6.8AI score0.00198EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/05/14 8:15 p.m.6 views

PYSEC-2021-720

TensorFlow is an end-to-end open source platform for machine learning. TFLite's convolution codehttps://github.com/tensorflow/tensorflow/blob/09c73bca7d648e961dd05898292d91a8322a9d45/tensorflow/lite/kernels/conv.cc has multiple division where the divisor is controlled by the user and not checked ...

7.8CVSS7AI score0.00201EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2021/05/14 8:15 p.m.7 views

PYSEC-2021-681

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via a FPE runtime error in tf.rawops.FusedBatchNorm. This is because the...

5.5CVSS6.1AI score0.00189EPSS
Exploits1References2
Rows per page
Query Builder