405 matches found
CVE-2021-37683 Division by zero in TensorFlow Lite division operations
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of division in TFLite is vulnerable to a division by 0 error. There is no check that the divisor tensor does not contain zero elements. We have patched the issue in GitHub commit...
CVE-2021-37687 Heap OOB in TensorFlow Lite's `Gather*` implementations
TensorFlow is an end-to-end open source platform for machine learning. In affected versions TFLite's GatherNd implementation does not support negative indices but there are no checks for this situation. Hence, an attacker can read arbitrary data from the heap by carefully crafting a model with...
PYSEC-2021-270
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the code for tf.rawops.SaveV2 does not properly validate the inputs and an attacker can trigger a null pointer dereference. The implementation uses ValidateInputs to check that the input arguments are vali...
CVE-2021-37662
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can generate undefined behavior via a reference binding to nullptr in BoostedTreesCalculateBestGainsPerFeature and similar attack can occur in BoostedTreesCalculateBestFeatureSplitV2. The...
Security update for git (moderate)
openSUSE Security Update: Security update for git Announcement ID: openSUSE-SU-2021:2555-1 Rating: moderate References: 1168930 1183026 1183580 SLE-17838 SLE-18152 Cross-References: CVE-2021-21300 CVSS scores: CVE-2021-21300 NVD : 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-21300...
CVE-2021-22218
All versions of GitLab CE/EE starting from 12.8 before 13.10.5, all versions starting from 13.11 before 13.11.5, and all versions starting from 13.12 before 13.12.2 were affected by an issue in the handling of x509 certificates that could be used to spoof author of signed commits...
CVE-2021-22218
All versions of GitLab CE/EE starting from 12.8 before 13.10.5, all versions starting from 13.11 before 13.11.5, and all versions starting from 13.12 before 13.12.2 were affected by an issue in the handling of x509 certificates that could be used to spoof author of signed commits...
Code injection
All versions of GitLab CE/EE starting from 12.8 before 13.10.5, all versions starting from 13.11 before 13.11.5, and all versions starting from 13.12 before 13.12.2 were affected by an issue in the handling of x509 certificates that could be used to spoof author of signed commits...
Exploit for Improper Input Validation in Pypa Pip
CVE-2021-3572 This repository is designed for testing CVE-202...
PYSEC-2021-728
TensorFlow is an end-to-end open source platform for machine learning. The implementation of the DepthwiseConv TFLite operator is vulnerable to a division by zero...
CVE-2021-29616
TensorFlow is an end-to-end open source platform for machine learning. The implementation of TrySimplifyhttps://github.com/tensorflow/tensorflow/blob/c22d88d6ff33031aa113e48aa3fc9aa74ed79595/tensorflow/core/grappler/optimizers/arithmeticoptimizer.ccL390-L401 has undefined behavior due to...
CVE-2021-29613 Incomplete validation in `tf.raw_ops.CTCLoss`
TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in tf.rawops.CTCLoss allows an attacker to trigger an OOB read from heap. The fix will be included in TensorFlow 2.5.0. We will also cherrypick these commits on TensorFlow 2.4.2, TensorFlow 2.3.3,...
PT-2021-18268 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.5.0 TensorFlow version 2.4.2 TensorFlow version 2.3.3 TensorFlow version 2.2.3 TensorFlow version 2.1.4 Description: A malicious user could trigger a division by 0 in the Conv3D implementation. The implementatio...
GO-2021-0090 Denial of service in github.com/tendermint/tendermint
Proposed commits may contain signatures for blocks not contained within the commit. Instead of skipping these signatures, they cause failure during verification. A malicious proposer can use this to force consensus failures...
openSUSE Security Update : flatpak / libostree / xdg-desktop-portal / etc (openSUSE-2021-520)
This update for flatpak, libostree, xdg-desktop-portal, xdg-desktop-portal-gtk fixes the following issues : libostree : Update to version 2020.8 - Enable LTO. bsc1133120 - This update contains scalability improvements and bugfixes. - Caching-related HTTP headers are now supported on summaries and...
PHP's Git Server Hacked to Insert Secret Backdoor to Its Source code
In yet another instance of a software supply chain attack, unidentified actors hacked the official Git server of the PHP programming language and pushed unauthorized updates to insert a secret backdoor into its source code. The two malicious commits were pushed to the self-hosted "php-src"...
PT-2021-14896 · Gitlab · Gitlab
Name of the Vulnerable Software and Affected Versions: GitLab versions 13.8 and up Description: The issue is related to insufficient input sanitization in wikis, allowing an attacker to exploit a stored cross-site scripting vulnerability. This can be achieved via a specially-crafted commit to a...
GitLab 跨站脚本漏洞
GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in GitLab 13.8 and later,...
CVE-2021-22863
An improper access control vulnerability was identified in the GitHub Enterprise Server GraphQL API that allowed authenticated users of the instance to modify the maintainer collaboration permission of a pull request without proper authorization. By exploiting this vulnerability, an attacker woul...
CVE-2021-22863
CVE-2021-22863 is an improper access control vulnerability in GitHub Enterprise Server’s GraphQL API. It allowed authenticated users to modify the maintainer collaboration permission on a pull request, potentially exposing head branches of repos where they are a maintainer. Affected versions span...