CVE-2024-0088 CVE

NVIDIA Triton Inference Server for Linux contains a vulnerability in shared memory APIs, where a user can cause an improper memory access issue by a network API. A successful exploit of this vulnerability might lead to denial of service and data tampering...

CVE-2024-0100 CVE

NVIDIA Triton Inference Server for Linux contains a vulnerability in the tracing API, where a user can corrupt system files. A successful exploit of this vulnerability might lead to denial of service and data tampering...

CVE-2024-0087 CVE

NVIDIA Triton Inference Server for Linux contains a vulnerability where a user can set the logging location to an arbitrary file. If this file exists, logs are appended to the file. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privilege...

CVE-2024-0087

CVE-2024-0087 refers to a vulnerability in NVIDIA Triton Inference Server for Linux where a user can set the logging location to an arbitrary file; if that file exists, logs are appended to it. This can lead to code execution, denial of service, privilege escalation, information disclosure, and d...

CVE-2024-0087 CVE

NVIDIA Triton Inference Server for Linux contains a vulnerability where a user can set the logging location to an arbitrary file. If this file exists, logs are appended to the file. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privilege...

01os (>=0.0.1 <=0.0.14), 0b1-protocol (>=0.1.0 <=0.1.3) +42839 more potentially affected by CVE-2024-30251 via aiohttp (>=0.13.1 <=3.9.3)

aiohttp PYPI version =0.13.1, =0.0.1, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =1.0.0, =0.1.0, =0.1.1, =0.1.2, =0.1.3 - 1942pyc =7.0.1 and more Source cves: CVE-2024-30251 Source advisory: OSV:GHSA-5M98-QGG9-WH84...

DEBIAN-CVE-2024-27017

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapo: walk over current view on netlink dump The generation mask can be updated while netlink dump is in progress. The pipapo set backend walk iterator cannot rely on it to infer what view of the datastructure ...

Security Bulletin: NVIDIA Triton Inference Server - April 2024

NVIDIA has released a software update for NVIDIA Triton Inference Server to address the issue disclosed in this bulletin. To protect your system, install the latest release from the Triton Inference Server Releases page on GitHub, and view the Secure Deployment Considerations Guide. Go to NVIDIA...

[SECURITY] Fedora 39 Update: clojure-1.11.2-1.fc39

Clojure is a dynamic programming language that targets the Java Virtual Machine. It is designed to be a general-purpose language, combining the approachability and interactive development of a scripting language with an efficient and robust infrastructure for multithreaded programming. Clojure is...

AMD CPU 安全漏洞

AMD CPUs are a family of CPUs from AMD. The AMD CPUs suffer from a competitive condition vulnerability that arises from improper handling of concurrent access when concurrent code requires mutually exclusive access to shared resources during operation of a networked system or product. An attacker...

x86: Register File Data Sampling

ISSUE DESCRIPTION Intel have disclosed RFDS, Register File Data Sampling, affecting some Atom cores. This came from internal validation work. There is no information provided about how an attacker might go about inferring data from the register files. For more details, see:...

[SECURITY] Fedora 40 Update: clojure-1.11.1-8.fc40

Clojure is a dynamic programming language that targets the Java Virtual Machine. It is designed to be a general-purpose language, combining the approachability and interactive development of a scripting language with an efficient and robust infrastructure for multithreaded programming. Clojure is...

BIT-TENSORFLOW-2020-15212 Out of bounds access in tensorflow-lite

In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor. Users having access to segmentidsdata can alter outputindex and then write to outside of outputdata...

BIT-TENSORFLOW-2020-15213 Denial of service in tensorflow-lite

In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a denial of service by causing an out of memory allocation in the implementation of segment sum. Since code uses the last element of the tensor holding them to determine the dimensionality of output tensor,...

BIT-TENSORFLOW-2021-37676 Reference binding to nullptr in shape inference in TensorFlow

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.SparseFillEmptyRows. The shape inference implementation does not validate that the input arguments are not empt...

BIT-TENSORFLOW-2021-41205 Heap OOB read in all `tf.raw_ops.QuantizeAndDequantizeV*` ops

TensorFlow is an open source platform for machine learning. In affected versions the shape inference functions for the QuantizeAndDequantizeV operations can trigger a read outside of bounds of heap allocated array. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit ...

BIT-TENSORFLOW-2021-41210 Heap OOB read in `tf.raw_ops.SparseCountSparseOutput`

TensorFlow is an open source platform for machine learning. In affected versions the shape inference functions for SparseCountSparseOutput can trigger a read outside of bounds of heap allocated array. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow...

BIT-TENSORFLOW-2021-41211 Heap OOB read in shape inference for `QuantizeV2`

TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for QuantizeV2 can trigger a read outside of bounds of heap allocated array. This occurs whenever axis is a negative value less than -1. In this case, we are accessing data before the start o...

BIT-TENSORFLOW-2021-41212 Heap OOB read in `tf.ragged.cross`

TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for tf.ragged.cross can trigger a read outside of bounds of heap allocated array. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1,...

BIT-TENSORFLOW-2021-41214 Reference binding to `nullptr` in `tf.ragged.cross`

TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for tf.ragged.cross has an undefined behavior due to binding a reference to nullptr. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1,...