Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: The default value for “denominator” is initialized to 1. WHAT & HOW Variables that are used as denominators and may not be assigned to other values should be initialized to a non-zero value to avoid “DIVIDEBYZERO...

CVE-2021-41207

TensorFlow is an open source platform for machine learning. In affected versions the implementation of ParallelConcat misses some input validation and can produce a division by 0. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow...

CVE-2021-41209

TensorFlow is an open source platform for machine learning. In affected versions the implementations for convolution operators trigger a division by 0 if passed empty filter tensor arguments. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1,...

CVE-2021-41201

TensorFlow is an open source platform for machine learning. In affeced versions during execution, EinsumHelper::ParseEquation is supposed to set the flags in inputhasellipsis vector and outputhasellipsis boolean to indicate whether there is ellipsis in the corresponding inputs and output. However...

CVE-2023-31454

Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. The attacker can bind any cluster, even if he is not the cluster owner. Users are advised to upgrade to Apache InLong's 1.7.0...

CVE-2021-37642

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of tf.rawops.ResourceScatterDiv is vulnerable to a division by 0 error. The implementation uses a common class for all binary operations but fails to treat the division by 0 case...

CVE-2021-37685

TensorFlow is an end-to-end open source platform for machine learning. In affected versions TFLite's expanddims.cc contains a vulnerability which allows reading one element outside of bounds of heap allocated data. If axis is a large negative value e.g., -100000, then after the first if it would...

CVE-2021-37687

TensorFlow is an end-to-end open source platform for machine learning. In affected versions TFLite's GatherNd implementation does not support negative indices but there are no checks for this situation. Hence, an attacker can read arbitrary data from the heap by carefully crafting a model with...

kernel: drm/i915: Fix NULL pointer dereference in capture_engine

In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix NULL pointer dereference in captureengine When the intelcontext structure contains NULL, it raises a NULL pointer dereference error in drminfo. cherry picked from commit 754302a5bc1bd8fd3b7d85c168b0a1af6d4bba4d...

UBUNTU-CVE-2024-57950

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Initialize denominator defaults to 1 WHAT & HOW Variables, used as denominators and maybe not assigned to other values, should be initialized to non-zero to avoid DIVIDEBYZERO, as reported by Coverity. cherry...

CVE-2024-36268 Apache InLong TubeMQ Client: Remote Code Execution vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Apache InLong. This issue affects Apache InLong: from 1.10.0 through 1.12.0, which could lead to Remote Code Execution. Users are advised to upgrade to Apache InLong's 1.13.0 or cherry-pick 1 to solve it. 1 ...

AZL-47242 CVE-2023-33976 affecting package tensorflow for versions less than 2.11.1-2

TensorFlow is an end-to-end open source platform for machine learning. arrayops.upperbound causes a segfault when not given a rank 2 tensor. The fix will be included in TensorFlow 2.13 and will also cherrypick this commit on TensorFlow 2.12...

CVE-2024-26579 Apache Inlong JDBC Vulnerability

Deserialization of Untrusted Data vulnerability in Apache InLong.This issue affects Apache InLong: from 1.7.0 through 1.11.0, the attackers can bypass using malicious parameters. Users are advised to upgrade to Apache InLong's 1.12.0 or cherry-pick 1, 2 to solve it. 1...

BIT-TENSORFLOW-2022-21736 Undefined behavior in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. The implementation of SparseTensorSliceDataset has an undefined behavior: under certain condition it can be made to dereference a nullptr value. The 3 input arguments to SparseTensorSliceDataset represent a sparse tensor. However, there are...

CVE-2023-51785 Apache InLong: Arbitrary File Read Vulnerability in Apache InLong Manager

Deserialization of Untrusted Data vulnerability in Apache InLong.This issue affects Apache InLong: from 1.7.0 through 1.9.0, the attackers can make a arbitrary file read attack using mysql driver. Users are advised to upgrade to Apache InLong's 1.10.0 or cherry-pick 1 to solve it. 1 ...

CVE-2023-51785 Apache InLong: Arbitrary File Read Vulnerability in Apache InLong Manager

Deserialization of Untrusted Data vulnerability in Apache InLong.This issue affects Apache InLong: from 1.7.0 through 1.9.0, the attackers can make a arbitrary file read attack using mysql driver. Users are advised to upgrade to Apache InLong's 1.10.0 or cherry-pick 1 to solve it. 1 ...

Path traversal and code execution via prototype vulnerability in NodeBB (CVE-2023-26045)

NodeBB is Node.js based forum software. Starting in version 2.5.0 and prior to version 2.8.7, due to the use of the object destructuring assignment syntax in the user export code path, combined with a path traversal vulnerability, a specially crafted payload could invoke the user export logic to...

GHSA-V5GJ-FX3G-HCPW SQL injection in Apache Submarine

Apache Software Foundation Apache Submarine has an SQL injection vulnerability when a user logs in. This issue can result in unauthorized login. Now we have fixed this issue and now user must have the correct login to access workbench. This issue affects Apache Submarine: from 0.7.0 before...

CVE-2023-37924

Apache Software Foundation Apache Submarine has an SQL injection vulnerability when a user logs in. This issue can result in unauthorized login. Now we have fixed this issue and now user must have the correct login to access workbench. This issue affects Apache Submarine: from 0.7.0 before...

Sql injection

Apache Software Foundation Apache Submarine has an SQL injection vulnerability when a user logs in. This issue can result in unauthorized login. Now we have fixed this issue and now user must have the correct login to access workbench. This issue affects Apache Submarine: from 0.7.0 before...