Memory leak in Tensorflow

Impact If a graph node is invalid, TensorFlow can leak memory in the implementation of ImmutableExecutorState::Initialize: cc Status s = params.createkerneln-properties, &item-kernel; if !s.ok item-kernel = nullptr; s = AttachDefs, n; return s; Here, we set item-kernel to nullptr but it is a simp...

GHSA-8R7C-3CM2-3H8F Memory leak in Tensorflow

Impact If a graph node is invalid, TensorFlow can leak memory in the implementation of ImmutableExecutorState::Initialize: cc Status s = params.createkerneln-properties, &item-kernel; if !s.ok item-kernel = nullptr; s = AttachDefs, n; return s; Here, we set item-kernel to nullptr but it is a simp...

Stack overflow

Tensorflow is an Open Source Machine Learning Framework. If a graph node is invalid, TensorFlow can leak memory in the implementation of ImmutableExecutorState::Initialize. Here, we set item-kernel to nullptr but it is a simple OpKernel pointer so the memory that was previously allocated to it...

PYSEC-2022-142

Tensorflow is an Open Source Machine Learning Framework. If a graph node is invalid, TensorFlow can leak memory in the implementation of ImmutableExecutorState::Initialize. Here, we set item-kernel to nullptr but it is a simple OpKernel pointer so the memory that was previously allocated to it...

PYSEC-2022-142

Tensorflow is an Open Source Machine Learning Framework. If a graph node is invalid, TensorFlow can leak memory in the implementation of ImmutableExecutorState::Initialize. Here, we set item-kernel to nullptr but it is a simple OpKernel pointer so the memory that was previously allocated to it...

CVE-2022-23578 Memory leak in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. If a graph node is invalid, TensorFlow can leak memory in the implementation of ImmutableExecutorState::Initialize. Here, we set item-kernel to nullptr but it is a simple OpKernel pointer so the memory that was previously allocated to it...

CVE-2022-23578

Tensorflow is an Open Source Machine Learning Framework. If a graph node is invalid, TensorFlow can leak memory in the implementation of ImmutableExecutorState::Initialize. Here, we set item-kernel to nullptr but it is a simple OpKernel pointer so the memory that was previously allocated to it...

CVE-2022-23594

Tensorflow is an Open Source Machine Learning Framework. The TFG dialect of TensorFlow MLIR makes several assumptions about the incoming GraphDef before converting it to the MLIR-based dialect. If an attacker changes the SavedModel format on disk to invalidate these assumptions and the GraphDef i...

PT-2022-16108 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.8.0 TensorFlow versions 2.7.1 and earlier TensorFlow versions 2.6.3 and earlier TensorFlow versions 2.5.3 and earlier Description: The GraphDef format in TensorFlow does not allow self recursive functions...

PT-2022-16095 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.8.0 TensorFlow versions 2.7.1 and earlier TensorFlow versions 2.6.3 and earlier TensorFlow versions 2.5.3 and earlier Description: The issue arises when a graph node is invalid, causing TensorFlow to leak memory...

GHSA-4MPJ-488R-VH6M Neo4j Graph Database vulnerable to Path Traversal

Impact Directory Traversal Vulnerabilities found in several functions of apoc plugins in Neo4j Graph database. The attacker can retrieve and download files from outside the configured directory on the affected server. Under some circumstances, the attacker can also create files. Patches The users...

Neo4j Graph Database vulnerable to Path Traversal

Impact Directory Traversal Vulnerabilities found in several functions of apoc plugins in Neo4j Graph database. The attacker can retrieve and download files from outside the configured directory on the affected server. Under some circumstances, the attacker can also create files. Patches The users...

PT-2022-11681 · Neo4J · Neo4J Graph Database

Name of the Vulnerable Software and Affected Versions: Neo4J Graph database versions 4.0.0 through 4.3.6 Neo4J Graph database versions prior to 3.5.17 Neo4J Graph database versions prior to 4.2.10 Neo4J Graph database versions prior to 4.3.0.4 Neo4J Graph database versions prior to 4.4.0.1...

Mininode - A CLI Tool To Reduce The Attack Surface Of The Node.js Applications By Using Static Analysis

Mininode is a CLI tool to reduce the attack surface of the Node.js applications by using static analysis of source code. It supports two modes of reduction 1 coarse, 2 fine. Mininode constructs the dependency graph modules and functions used of the application starting from main file, i.e. entry...

[SECURITY] Fedora 35 Update: grafana-7.5.11-3.fc35

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB...

Mageia: Security Advisory (MGASA-2018-0220)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Use of a Broken or Risky Cryptographic Algorithm in x360ce/x360ce

Description The password-generation algorithm used in the function NewPassword simply adds bias to the output password instead of making it easier to remember. Proof of Concept - Use the NewPassword function a large amount of times and store the output. - Look at the frequency of each character o...

Xolo - Tool To Crawl, Visualize And Interact With SQL Server Links In A D3 Graph

Author: ET Lownoise Version: 1.0 Tool to crawl, visualize and interact with SQL server links in a d3 graph to help in your red/blue/purple/.../risk assessments pentest hacking team exercises. Requirements: Requests==2.18.4 Flask==0.12.2 Json Pypyodbc beautifulsoup4==4.6.0 lxml==4.1.0 Example: pip...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS. This is due to no limit on the number of days when requesting stats for the graph, which overloads the system, affecting the Web UI and making it unavailable. Details Denial of Service DoS describes a family of...

DEBIAN-CVE-2022-23837

In api.rb in Sidekiq before 5.2.10 and 6.4.0, there is no limit on the number of days when requesting stats for the graph. This overloads the system, affecting the Web UI, and makes it unavailable to users...