CVE-2021-41219

TensorFlow is an open source platform for machine learning. In affected versions the code for sparse matrix multiplication is vulnerable to undefined behavior via binding a reference to nullptr. This occurs whenever the dimensions of a or b are 0 or less. In the case on one of these is 0, an empt...

PYSEC-2021-628

TensorFlow is an open source platform for machine learning. In affected versions the code for sparse matrix multiplication is vulnerable to undefined behavior via binding a reference to nullptr. This occurs whenever the dimensions of a or b are 0 or less. In the case on one of these is 0, an empt...

PYSEC-2021-826

TensorFlow is an open source platform for machine learning. In affected versions the code for sparse matrix multiplication is vulnerable to undefined behavior via binding a reference to nullptr. This occurs whenever the dimensions of a or b are 0 or less. In the case on one of these is 0, an empt...

Heap overflow

TensorFlow is an open source platform for machine learning. In affected versions the code for sparse matrix multiplication is vulnerable to undefined behavior via binding a reference to nullptr. This occurs whenever the dimensions of a or b are 0 or less. In the case on one of these is 0, an empt...

PYSEC-2021-411

TensorFlow is an open source platform for machine learning. In affected versions the code for sparse matrix multiplication is vulnerable to undefined behavior via binding a reference to nullptr. This occurs whenever the dimensions of a or b are 0 or less. In the case on one of these is 0, an empt...

PYSEC-2021-826

TensorFlow is an open source platform for machine learning. In affected versions the code for sparse matrix multiplication is vulnerable to undefined behavior via binding a reference to nullptr. This occurs whenever the dimensions of a or b are 0 or less. In the case on one of these is 0, an empt...

PYSEC-2021-628

TensorFlow is an open source platform for machine learning. In affected versions the code for sparse matrix multiplication is vulnerable to undefined behavior via binding a reference to nullptr. This occurs whenever the dimensions of a or b are 0 or less. In the case on one of these is 0, an empt...

PYSEC-2021-411

TensorFlow is an open source platform for machine learning. In affected versions the code for sparse matrix multiplication is vulnerable to undefined behavior via binding a reference to nullptr. This occurs whenever the dimensions of a or b are 0 or less. In the case on one of these is 0, an empt...

CVE-2021-41219

TensorFlow is an open source platform for machine learning. In affected versions the code for sparse matrix multiplication is vulnerable to undefined behavior via binding a reference to nullptr. This occurs whenever the dimensions of a or b are 0 or less. In the case on one of these is 0, an empt...

CVE-2021-41219

TensorFlow SparseMatMul contains undefined behavior by binding a reference to nullptr when either input dimension is 0 or less, risking heap OOB writes. The issue affects TensorFlow releases prior to the fix and is documented across multiple advisories (OSV, GHSA) with specific commit e6cf28c7 an...

CVE-2021-41219 Undefined behavior via `nullptr` reference binding in sparse matrix multiplication

TensorFlow is an open source platform for machine learning. In affected versions the code for sparse matrix multiplication is vulnerable to undefined behavior via binding a reference to nullptr. This occurs whenever the dimensions of a or b are 0 or less. In the case on one of these is 0, an empt...

Google TensorFlow 缓冲区错误漏洞

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A buffer error vulnerability exists in Google TensorFlow, which stems from the code for sparse matrix multiplication being susceptible to undefined behavior by binding references to "nullptr" in the...

matrix-events.co.uk Improper Access Control vulnerability OBB-2228394

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

VulnCheck KEV: CVE-2019-1003030

Jenkins Matrix Project plugin contains a vulnerability which can allow users to escape the sandbox, opening opportunity to perform remote code execution...

Fedora: Security Advisory for matrix-synapse (FEDORA-2021-f12fdca1bf)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 35 Update: matrix-synapse-1.41.1-1.fc35

Matrix is an ambitious new ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix from the core development team at matrix.org, written in Python/Twisted. It is intended to showcase the concept of Matrix and let folks see the spec in...

Information Disclosure

riot-web is vulnerable to information disclosure.A logic error in the room key sharing functionality of Element Android allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys via crafted Matrix protocol messages that were originally sent by affected Matrix...

@rocket.chat/hubot-freddie (=0.0.7), almond-cmdline (>=1.1.0 <=1.8.0-beta.1) +18 more potentially affected by CVE-2021-40823 via matrix-js-sdk (>=0.0.4 <=12.4.0)

matrix-js-sdk NPM version =0.0.4, =1.1.0, =0.1.6, =0.1.11, =0.0.1, =1.0.33, =0.0.2, =0.1.0, =0.0.1, =1.0.1, =1.0.0, =0.0.1, =0.0.1, =0.0.2 and more Source cves: CVE-2021-40823 Source advisory: OSV:GHSA-23CM-X6J7-6HQ3...

matrix-js-sdk can be tricked into disclosing E2EE room keys to a participating homeserver

Impact A logic error in the room key sharing functionality of matrix-js-sdk before 12.4.1 allows a malicious Matrix homeserver† participating in an encrypted room to steal room encryption keys from affected Matrix clients participating in that room. This allows the homeserver to decrypt end-to-en...

GHSA-23CM-X6J7-6HQ3 matrix-js-sdk can be tricked into disclosing E2EE room keys to a participating homeserver

Impact A logic error in the room key sharing functionality of matrix-js-sdk before 12.4.1 allows a malicious Matrix homeserver† participating in an encrypted room to steal room encryption keys from affected Matrix clients participating in that room. This allows the homeserver to decrypt end-to-en...