PYSEC-2020-283

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the fill argument of tf.strings.asstring, a malicious attacker is able to trigger a format string vulnerability due to the way the internal format use in a printf call is constructed. This may result in segmentati...

PYSEC-2020-126

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the fill argument of tf.strings.asstring, a malicious attacker is able to trigger a format string vulnerability due to the way the internal format use in a printf call is constructed. This may result in segmentati...

PYSEC-2020-318

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the fill argument of tf.strings.asstring, a malicious attacker is able to trigger a format string vulnerability due to the way the internal format use in a printf call is constructed. This may result in segmentati...

PYSEC-2020-283

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the fill argument of tf.strings.asstring, a malicious attacker is able to trigger a format string vulnerability due to the way the internal format use in a printf call is constructed. This may result in segmentati...

Format string

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the fill argument of tf.strings.asstring, a malicious attacker is able to trigger a format string vulnerability due to the way the internal format use in a printf call is constructed. This may result in segmentati...

PYSEC-2020-126

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the fill argument of tf.strings.asstring, a malicious attacker is able to trigger a format string vulnerability due to the way the internal format use in a printf call is constructed. This may result in segmentati...

CVE-2020-15203

CVE-2020-15203 is a TensorFlow format-string vulnerability in tf.strings.as_string triggered by the fill argument. The issue can cause segmentation faults and is fixed in TensorFlow releases 1.15.4, 2.0.3, 2.1.2, 2.2.1, and 2.3.1 (commit 33be22c65d86256e6826666662e40dbdfe70ee83). Public reference...

CVE-2020-15203

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the fill argument of tf.strings.asstring, a malicious attacker is able to trigger a format string vulnerability due to the way the internal format use in a printf call is constructed. This may result in segmentati...

CVE-2020-15203 Denial of Service in Tensorflow

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the fill argument of tf.strings.asstring, a malicious attacker is able to trigger a format string vulnerability due to the way the internal format use in a printf call is constructed. This may result in segmentati...

GHSA-XMQ7-7FXM-RR79 Denial of Service in Tensorflow

Impact By controlling the fill argument of tf.strings.asstring, a malicious attacker is able to trigger a format string vulnerability due to the way the internal format use in a printf call is constructed:...

Denial of Service in Tensorflow

Impact By controlling the fill argument of tf.strings.asstring, a malicious attacker is able to trigger a format string vulnerability due to the way the internal format use in a printf call is constructed:...

PT-2020-14274 · Google +1 · Tensorflow +1

Name of the Vulnerable Software and Affected Versions: Tensorflow versions prior to 1.15.4 Tensorflow versions prior to 2.0.3 Tensorflow versions prior to 2.1.2 Tensorflow versions prior to 2.2.1 Tensorflow versions prior to 2.3.1 Description: A format string vulnerability exists due to the way t...

CVE-2020-16142

On Mercedes-Benz C Class AMG Premium Plus c220 BlueTec vehicles, the Bluetooth stack mishandles %x and %c format-string specifiers in a device name in the COMAND infotainment software...

Format string

On Mercedes-Benz C Class AMG Premium Plus c220 BlueTec vehicles, the Bluetooth stack mishandles %x and %c format-string specifiers in a device name in the COMAND infotainment software...

CVE-2020-16142

On Mercedes-Benz C Class AMG Premium Plus c220 BlueTec vehicles, the Bluetooth stack mishandles %x and %c format-string specifiers in a device name in the COMAND infotainment software...

CVE-2020-15634

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 routers with firmware 1.0.4.8410.0.58. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of string table file uploads...

pwntools

This is an offensive tool for exploit development and CTF Capture The Flag framework. The tool is called pwntools and is used for exploit development and CTF challenges. It provides a set of tools and libraries for exploiting vulnerabilities and solving CTF challenges. The tool is written in Pyth...

pwn-collection

This repository contains a collection of CTF Capture The Flag challenges with writeups and exploit scripts. The challenges are categorized into three main areas: fmtstr32, heapchunkoverlap64, and pwn300. The fmtstr32 category contains challenges related to format string vulnerabilities, which all...

The vulnerability of the Varrcvr service in the PAN-OS operating system allows a perpetrator to trigger a service failure or execute arbitrary code with root privileges.

The vulnerability of the Varrcvr service in the PAN-OS operating system is related to the use of an uncontrolled format string. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures or execute arbitrary code with root privileges...

NETGEAR R6700 Remote Code Execution Vulnerability

The NETGEAR R6700 is an AC1750 Smart WiFi Router. A remote code execution vulnerability exists in the handling of string table file uploads in the NETGEAR R6700 versions prior to 1.0.4.98. The vulnerability stems from a failure to properly validate user-supplied strings before using them as forma...