CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

405 matches found

OSV•added 2022/02/03 1:15 p.m.•20 views

PYSEC-2022-78

Tensorflow is an Open Source Machine Learning Framework. Multiple operations in TensorFlow can be used to trigger a denial of service via CHECK-fails i.e., assertion failures. This is similar to TFSA-2021-198 and has similar fixes. We have patched the reported issues in multiple GitHub commits. I...

6.5CVSS2.7AI score0.00458EPSS

Exploits0References2

Cvelist•added 2022/02/03 12:47 p.m.•29 views

CVE-2022-23569 `CHECK`-fails when building invalid tensor shapes in Tensorflow

6.5CVSS6.6AI score0.00458EPSS

Exploits0References2

CNNVD•added 2022/02/01 12:0 a.m.•5 views

h2o 安全漏洞

h2o is a new generation of HTTP server. Not only is it very fast compared to older generation HTTP servers, but it also provides faster responses to end users. A security vulnerability exists in h2o, which stems from the fact that when QUIC frames are received in a particular order, h2o's HTTP/3...

7.4CVSS6AI score0.02667EPSS

Exploits1References3

OSV•added 2022/01/19 1:59 p.m.•29 views

RLSA-2022:0188 Important: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: xfs: raw block device data leak in XFSIOCALLOCSP IOCTL CVE-2021-4155 kernel: fscontext: heap overflow in legacy parameter handling CVE-2022-0185 For more details about the security issues...

7.8CVSS7.8AI score0.25151EPSS

Exploits11References3

UbuntuCve•added 2022/01/18 5:15 p.m.•22 views

CVE-2022-0090

An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. GitLab is configured in a way that it doesn't ignore replacement references with git sub-commands, allowing a malicious user to spoof the contents of their commits in...

6.5CVSS6.5AI score0.01306EPSS

Exploits0References4

Positive Technologies•added 2021/11/05 12:0 a.m.•3 views

PT-2021-23178 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.7.0 TensorFlow version 2.6.1 TensorFlow version 2.5.2 TensorFlow version 2.4.4 Description: Several TensorFlow operations are missing validation for the shapes of the tensor arguments involved in the call...

7.8CVSS7.5AI score0.00174EPSS

Exploits0References20

CNNVD•added 2021/11/04 12:0 a.m.•3 views

GitLab 代码注入漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A code injection vulnerability exists in GitLab that stems from the possibilit...

7.5CVSS7.4AI score0.0122EPSS

Exploits0References5

RedhatCVE•added 2021/11/01 12:36 a.m.•84 views

CVE-2021-42574

A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. An attacker could exploit this to deceive a human reviewer by creating a malicious patch containing well placed BiDi characters. The...

8.5CVSS2.3AI score0.12205EPSS

Exploits4References7

Veracode•added 2021/10/29 3:46 a.m.•13 views

Improper Access Control

github.com/treeverse/lakefs is vulnerable to improper access control. The vulnerability exists because it does not perform sufficient user permission checks on repository actions, allowing an attacker to use the S3 gateway to copy object and read write actions on repository commits...

3.5AI score

Exploits0

OSV•added 2021/09/09 9:15 p.m.•20 views

CVE-2021-32724

check-spelling is a github action which provides CI spell checking. In affected versions and for a repository with the check-spelling action enabled that triggers on pullrequesttarget or schedule, an attacker can send a crafted Pull Request that causes a GITHUBTOKEN to be exposed. With the...

9.9CVSS6.8AI score

Exploits0References2

Prion•added 2021/09/09 9:15 p.m.•11 views

Design/Logic Flaw

6.8CVSS9.4AI score0.0226EPSS

Exploits0References2Affected Software1

CNNVD•added 2021/09/09 12:0 a.m.•3 views

check-spelling 日志信息泄露漏洞

check-spelling is a spell checker. check-spelling suffers from a log information disclosure vulnerability that allows an attacker to bypass the standard approval process to push commits to the repository, commits to the repository can then steal any/all secrets available to the repository...

9.9CVSS8.3AI score0.0226EPSS

Exploits0References3

NVD•added 2021/08/12 11:15 p.m.•22 views

CVE-2021-37682

TensorFlow is an end-to-end open source platform for machine learning. In affected versions all TFLite operations that use quantization can be made to use unitialized values. For example. The issue stems from the fact that quantization.params is only valid if quantization.type is different that...

7.1CVSS0.0018EPSS

Exploits0References4

NVD•added 2021/08/12 11:15 p.m.•14 views

CVE-2021-37685

TensorFlow is an end-to-end open source platform for machine learning. In affected versions TFLite's expanddims.cc contains a vulnerability which allows reading one element outside of bounds of heap allocated data. If axis is a large negative value e.g., -100000, then after the first if it would...

5.5CVSS0.00172EPSS

Exploits0References2

OSV•added 2021/08/12 11:15 p.m.•11 views

CVE-2021-37687

TensorFlow is an end-to-end open source platform for machine learning. In affected versions TFLite's GatherNd implementation does not support negative indices but there are no checks for this situation. Hence, an attacker can read arbitrary data from the heap by carefully crafting a model with...

5.5CVSS5.4AI score

Exploits0References3

PyPA•added 2021/08/12 11:15 p.m.•5 views

PYSEC-2021-578

TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in MKL implementation of requantization, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap...

7.8CVSS7AI score0.00185EPSS

Exploits0References3Affected Software1