23 matches found
PYSEC-2026-1028 TensorFlow vulnerable to `CHECK` fail in `Conv2DBackpropInput`
Impact The implementation of Conv2DBackpropInput requires inputsizes to be 4-dimensional. Otherwise, it gives a CHECK failure which can be used to trigger a denial of service attack: python import tensorflow as tf strides = 1, 1, 1, 1 padding = "SAME" usecudnnongpu = True explicitpaddings =...
The vulnerability of the ieee80211_register_hw() function in the Linux operating system allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the ieee80211registerhw function in the Linux operating system is related to the copying of buffers without checking the size of the input data a classic buffer overflow attack. Exploiting this vulnerability could allow a remote attacker to compromise the confidentiality,...
X-TRACK security vulnerabilities
X-TRACK is a GPS cycling speedometer developed by VIFEX personal developers, which supports offline maps and track recording. X-TRACK versions 2.7 and earlier had security vulnerabilities, stemming from buffer copying operations in the inflate.C program file, which allowed out-of-bounds writes an...
CVE-2022-35969
TensorFlow is an open source platform for machine learning. The implementation of Conv2DBackpropInput requires inputsizes to be 4-dimensional. Otherwise, it gives a CHECK failure which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...
Allocation of Resources Without Limits or Throttling
Overview nlsq is a GPU/TPU accelerated nonlinear least-squares curve fitting using JAX Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to missing input size validation for arrays and Jacobians. An attacker can cause memory exhaustion by...
EUVD-2022-7448
Malicious code in bioql PyPI...
DEBIAN-CVE-2023-53156
The transpose crate before 0.2.3 for Rust allows an integer overflow via inputwidth and inputheight arguments...
CVE-2022-41883
TensorFlow is an open source platform for machine learning. When ops that have specified input sizes receive a differing number of inputs, the executor will crash. We have patched the issue in GitHub commit f5381e0e10b5a61344109c1b7c174c68110f7629. The fix will be included in TensorFlow 2.11. We...
PT-2025-30806
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue where a warning is triggered on invalid firmware input within the ath6kl module. This warning does not provide useful information and is a frequent...
BIT-TENSORFLOW-2022-41883 Out of bounds segmentation fault due to unequal op inputs in Tensorflow
TensorFlow is an open source platform for machine learning. When ops that have specified input sizes receive a differing number of inputs, the executor will crash. We have patched the issue in GitHub commit f5381e0e10b5a61344109c1b7c174c68110f7629. The fix will be included in TensorFlow 2.11. We...
The vulnerability of the QuTS hero, QTS, and QuTScloud operating systems for network devices from Qnap occurs due to the copying of buffers without checking the size of the input data. This allows attackers to execute arbitrary code.
The vulnerability of the QuTS hero, QTS, and QuTScloud network devices from Qnap operating systems is related to the copying of buffers without checking the size of the input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the FortiDDoS-F software and the FortiADC application delivery controller, which involves copying buffers without checking the size of the input data, allows attackers to execute arbitrary code or perform arbitrary commands.
The vulnerability of the FortiDDoS-F software-defined security platform and the FortiADC application delivery controller lies in the copying of buffers without checking the size of the input data. Exploiting this vulnerability allows an attacker to execute arbitrary code or perform arbitrary...
CVE-2023-34454
A flaw was found in Snappy-java's shuffle function, which does not check input sizes before beginning operations. This issue could allow an attacker to send malicious input to trigger an overflow error that crashes the program, resulting in a denial of service...
CVE-2023-34453
A flaw was found in Snappy-java's shuffle function, which does not check input sizes before beginning operations. This issue could allow an attacker to send malicious input to trigger an overflow error that crashes the program, resulting in a denial of service...
Out-of-Bounds
Overview Affected versions of this package are vulnerable to Out-of-Bounds in DynamicStitch due to missing validation when it receives a differing number of inputs, such as when it is called with an indices size 1 and a data size 2. Remediation Upgrade tensorflow-lite to version 2.12.0 or higher...
CVE-2022-41883
TensorFlow is an open source platform for machine learning. When ops that have specified input sizes receive a differing number of inputs, the executor will crash. We have patched the issue in GitHub commit f5381e0e10b5a61344109c1b7c174c68110f7629. The fix will be included in TensorFlow 2.11. We...
Stack overflow
TensorFlow is an open source platform for machine learning. When ops that have specified input sizes receive a differing number of inputs, the executor will crash. We have patched the issue in GitHub commit f5381e0e10b5a61344109c1b7c174c68110f7629. The fix will be included in TensorFlow 2.11. We...
PT-2022-26114
Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.11 TensorFlow version 2.10.1 TensorFlow version 2.9.3 TensorFlow version 2.8.4 Description The issue occurs when ops with specified input sizes receive a differing number of inputs, causing the executor to crash...
CVE-2022-41883
TensorFlow is an open source platform for machine learning. When ops that have specified input sizes receive a differing number of inputs, the executor will crash. We have patched the issue in GitHub commit f5381e0e10b5a61344109c1b7c174c68110f7629. The fix will be included in TensorFlow 2.11. We...
CVE-2022-41883 Out of bounds segmentation fault due to unequal op inputs in Tensorflow
TensorFlow is an open source platform for machine learning. When ops that have specified input sizes receive a differing number of inputs, the executor will crash. We have patched the issue in GitHub commit f5381e0e10b5a61344109c1b7c174c68110f7629. The fix will be included in TensorFlow 2.11. We...