114 matches found
PYSEC-2021-696
TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.MaxPoolGradWithArgmax can cause reads outside of bounds of heap allocated data if attacker supplies specially crafted inputs. The...
PYSEC-2021-236
TensorFlow is an end-to-end open source platform for machine learning. The implementation of the Split TFLite operator is vulnerable to a division by zero errorhttps://github.com/tensorflow/tensorflow/blob/e2752089ef7ce9bcf3db0ec618ebd23ea119d0c7/tensorflow/lite/kernels/split.ccL63-L65. An attack...
PYSEC-2021-471
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in tf.rawops.CTCGreedyDecoder. This is because the...
PYSEC-2021-227
TensorFlow is an end-to-end open source platform for machine learning. The implementations of the Minimum and Maximum TFLite operators can be used to read data outside of bounds of heap allocated objects, if any of the two input tensor arguments are empty. This is because the broadcasting...
PYSEC-2021-681
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via a FPE runtime error in tf.rawops.FusedBatchNorm. This is because the...
PYSEC-2021-676
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a runtime division by zero error and denial of service in tf.rawops.FractionalAvgPool. This is because the...
PYSEC-2021-210
TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.MaxPoolGradWithArgmax is vulnerable to a division by 0. The...
CVE-2021-29597
TensorFlow is an end-to-end open source platform for machine learning. The implementation of the SpaceToBatchNd TFLite operator is vulnerable to a division by zero error. An attacker can craft a model such that one dimension of the block input is 0. Hence, the corresponding value in blockshape is...
CVE-2021-29577
TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.AvgPool3DGrad is vulnerable to a heap buffer overflow. The...
CVE-2021-29552
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service by controlling the values of numsegments tensor argument for UnsortedSegmentJoin. This is because the...
UBUNTU-CVE-2021-3489
The eBPF RINGBUF bpfringbufreserve function in the Linux kernel did not check that the allocated size was smaller than the ringbuf size, allowing an attacker to perform out-of-bounds writes within the kernel and therefore, arbitrary code execution. This issue was fixed via commit 4b81ccebaeee "bp...
Remote code execution
Pug is an npm package which is a high-performance template engine. In pug before version 3.0.1, if a remote attacker was able to control the pretty option of the pug compiler, e.g. if you spread a user provided object such as the query parameters of a request into the pug template inputs, it was...
AZL-6843 CVE-2021-21309 affecting package redis for versions less than 5.0.5-7
Redis is an open-source, in-memory database that persists on disk. In affected versions of Redis an integer overflow bug in 32-bit Redis version 4.0 or newer could be exploited to corrupt the heap and potentially result with remote code execution. Redis 4.0 or newer uses a configurable limit for...
Security fix for the ALT Linux 9 package mariadb version 10.4.17-alt1
10.4.17-alt1 built Nov. 13, 2020 Alexey Shabalin in task 261687 Nov. 12, 2020 Alexey Shabalin - 10.4.17 - backport fix for MDEV-24096, MDEV-24121, MDEV-24134 - Fixes for the following security vulnerabilities: + CVE-2020-14812 + CVE-2020-14765 + CVE-2020-14776 + CVE-2020-14789 + CVE-2020-15180...
krb5 security and bug fix update
1.6.1-78.el5 - gssapi: pull in upstream fix for a possible NULL dereference in spnego CVE-2014-4344, 1121509 1.6.1-77.el5 - fix what appears to be a cosmetic error in the patch for self-tests for CVE-2014-4341 1.6.1-76.el5 - run the backported self-tests, such as they are, for CVE-2014-4341...
Oracle Linux 4 : openoffice.org (ELSA-2007-0001)
From Red Hat Security Advisory 2007:0001 : Updated openoffice.org packages are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. OpenOffice.org is an office productivity suite that includes desktop applications such as a word...
Important: Red Hat Security Advisory: acpid security update
An updated acpid package that fixes one security issue is now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. acpid is a daemon that dispatches ACPI Advanced Configuration and Power Interface events to...
Security fix for the ALT Linux 8 package bind version 9.3.6-alt5
July 28, 2009 Dmitry V. Levin 9.3.6-alt5 - Backported upstream fix for a remote DoS bug CVE-2009-0696...
RedHat Update for openoffice.org RHSA-2008:0537-01
Check for the Version of openoffice.org OpenVAS Vulnerability Test RedHat Update for openoffice.org RHSA-2008:0537-01 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify ...
CentOS Update for openoffice.org2-base CESA-2008:0537 centos4 i386
Check for the Version of openoffice.org2-base OpenVAS Vulnerability Test CentOS Update for openoffice.org2-base CESA-2008:0537 centos4 i386 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can...