Lucene search
K

102 matches found

Node JS Blog
Node JS Blog
added 2021/08/11 12:0 a.m.43 views

August 2021 Security Releases

August 2021 Security Releases Update 11-Aug-2021 Security releases available Updates are now available for v16.x, v14.x, and v12.x Node.js release lines for the following issues. cares upgrade - Improper handling of untypical characters in domain names High CVE-2021-22931 Node.js was vulnerable t...

9.8CVSS8.6AI score0.37286EPSS
Exploits2
Prion
Prion
added 2021/06/29 3:15 a.m.18 views

Input validation

A vulnerability in the Cisco Identity Services Engine ISE integration feature of the Cisco DNA Center Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability is due to an incomplete validation of the X.509 certificate used when...

5.8CVSS7.4AI score0.00774EPSS
Exploits0References1Affected Software1
Cisco
Cisco
added 2021/06/16 4:0 p.m.52 views

Cisco DNA Center Certificate Validation Vulnerability

A vulnerability in the Cisco Identity Services Engine ISE integration feature of the Cisco DNA Center Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability is due to an incomplete validation of the X.509 certificate used when...

7.4CVSS7.6AI score0.00774EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2021/05/21 2:23 p.m.36 views

Null pointer dereference in `StringNGrams`

Impact An attacker can trigger a dereference of a null pointer in tf.rawops.StringNGrams: python import tensorflow as tf data=tf.constant'' 11, shape=11, dtype=tf.string splits = 0115 splits.append3 datasplits=tf.constantsplits, shape=116, dtype=tf.int64 tf.rawops.StringNGramsdata=data,...

5.5CVSS1.6AI score0.00189EPSS
Exploits1References7Affected Software3
CNVD
CNVD
added 2021/05/17 12:0 a.m.4 views

Google TensorFlow Denial of Service Vulnerability (CNVD-2021-36352)

Google TensorFlow is an end-to-end open source machine learning platform. Google TensorFlow has a security vulnerability. The vulnerability stems from incomplete validation of SparseAdd. No details of the vulnerability are provided at this time...

7.8CVSS6.7AI score0.00234EPSS
Exploits1References1
NVD
NVD
added 2021/05/14 8:15 p.m.33 views

CVE-2021-29613

TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in tf.rawops.CTCLoss allows an attacker to trigger an OOB read from heap. The fix will be included in TensorFlow 2.5.0. We will also cherrypick these commits on TensorFlow 2.4.2, TensorFlow 2.3.3,...

7.1CVSS0.0024EPSS
Exploits1References3
OSV
OSV
added 2021/05/14 8:15 p.m.15 views

CVE-2021-29611

TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in SparseReshape results in a denial of service based on a CHECK-failure. The...

5.5CVSS5.4AI score
Exploits0References2
OSV
OSV
added 2021/05/14 8:15 p.m.21 views

CVE-2021-29609

TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in SparseAdd results in allowing attackers to exploit undefined behavior dereferencing null pointers as well as write outside of bounds of heap allocated data. The...

7.8CVSS7.8AI score
Exploits0References3
Prion
Prion
added 2021/05/14 8:15 p.m.17 views

Out-of-bounds

TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in SparseAdd results in allowing attackers to exploit undefined behavior dereferencing null pointers as well as write outside of bounds of heap allocated data. The...

4.6CVSS7.7AI score0.00234EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2021/05/14 7:21 p.m.32 views

CVE-2021-29607 Incomplete validation in `SparseSparseMinimum`

TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in SparseAdd results in allowing attackers to exploit undefined behavior dereferencing null pointers as well as write outside of bounds of heap allocated data. The...

5.3CVSS8AI score0.00234EPSS
Exploits1References3
Cvelist
Cvelist
added 2021/05/14 7:20 p.m.26 views

CVE-2021-29609 Incomplete validation in `SparseAdd`

TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in SparseAdd results in allowing attackers to exploit undefined behavior dereferencing null pointers as well as write outside of bounds of heap allocated data. The...

5.3CVSS8AI score0.00234EPSS
Exploits1References3
Cvelist
Cvelist
added 2021/05/14 7:20 p.m.22 views

CVE-2021-29611 Incomplete validation in `SparseReshape`

TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in SparseReshape results in a denial of service based on a CHECK-failure. The...

3.6CVSS5.7AI score0.00202EPSS
Exploits1References2
Cvelist
Cvelist
added 2021/05/14 7:20 p.m.27 views

CVE-2021-29613 Incomplete validation in `tf.raw_ops.CTCLoss`

TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in tf.rawops.CTCLoss allows an attacker to trigger an OOB read from heap. The fix will be included in TensorFlow 2.5.0. We will also cherrypick these commits on TensorFlow 2.4.2, TensorFlow 2.3.3,...

6.3CVSS7AI score0.0024EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2021/05/14 12:0 a.m.4 views

PT-2021-18360 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.5.0 TensorFlow versions 2.1.4 through 2.4.2 Description: Incomplete validation in SparseAdd results in allowing attackers to exploit undefined behavior, such as dereferencing null pointers and writing outside of...

7.8CVSS7.5AI score0.00234EPSS
Exploits1References14
CNNVD
CNNVD
added 2021/05/14 12:0 a.m.5 views

Google TensorFlow 代码问题漏洞

Google TensorFlow is an end-to-end open source machine learning platform. Google TensorFlow has a security vulnerability. The vulnerability stems from incomplete validation of SparseAdd. No details of the vulnerability are provided at this time...

7.8CVSS5.5AI score0.00234EPSS
Exploits1References4
Cvelist
Cvelist
added 2021/03/24 8:7 p.m.29 views

CVE-2021-1384 Cisco IOx for IOS XE Software Command Injection Vulnerability

A vulnerability in Cisco IOx application hosting environment of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands into the underlying operating system as the root user. This vulnerability is due to incomplete validation of fields in the application packages...

6.5CVSS7.5AI score0.3539EPSS
Exploits1References2
NVD
NVD
added 2020/09/25 7:15 p.m.16 views

CVE-2020-15194

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the SparseFillEmptyRowsGrad implementation has incomplete validation of the shapes of its arguments. Although reverseindexmapt and gradvaluest are accessed in a similar pattern, only reverseindexmapt is validated to be of proper...

5.3CVSS0.01017EPSS
Exploits1References4
PyPA
PyPA
added 2020/09/25 7:15 p.m.5 views

PYSEC-2020-117

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the SparseFillEmptyRowsGrad implementation has incomplete validation of the shapes of its arguments. Although reverseindexmapt and gradvaluest are accessed in a similar pattern, only reverseindexmapt is validated to be of proper...

5.3CVSS6.8AI score0.01017EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2020/09/25 7:15 p.m.15 views

Input validation

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the SparseFillEmptyRowsGrad implementation has incomplete validation of the shapes of its arguments. Although reverseindexmapt and gradvaluest are accessed in a similar pattern, only reverseindexmapt is validated to be of proper...

5CVSS5.1AI score0.01017EPSS
Exploits1References4Affected Software2
Cvelist
Cvelist
added 2020/09/25 6:40 p.m.18 views

CVE-2020-15194 Denial of Service in Tensorflow

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the SparseFillEmptyRowsGrad implementation has incomplete validation of the shapes of its arguments. Although reverseindexmapt and gradvaluest are accessed in a similar pattern, only reverseindexmapt is validated to be of proper...

5.3CVSS5.5AI score0.01017EPSS
Exploits1References4
Rows per page
Query Builder