84 matches found
EUVD-2024-2289
Malicious code in bioql PyPI...
PT-2025-27968
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been resolved, related to the SFQ perturb period in the net sched module. The issue was reported by Gerrard Tai, who found that the SFQ perturb...
CVE-2022-29208
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.EditDistance has incomplete validation. Users can pass negative values to cause a segmentation fault based denial of service. In multiple places throughout...
CVE-2024-21522
All versions of the package audify are vulnerable to Improper Validation of Array Index when frameSize is provided to the new OpusDecoder.decode or new OpusDecoder.decodeFloat functions it is not checked for negative values. This can lead to a process crash...
CLSA-2024-1732555093 Fix CVE(s): CVE-2020-27767
SECURITY UPDATE: Undefined behavior due to values outside range in quantum.h - debian/patches/CVE-2020-27767.patch: Fix quantum.h to include float.h to handle min and max values for Quantum type - debian/patches/CVE-2020-27767-1.patch: Fix ClampToQuantum function to handle negative values correct...
CVE-2024-46821
In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Fix negative array index read Avoid using the negative values for clkidex as an index into an array pptable-DpmDescriptor. V2: fix clkindex return check Tim Huang...
GHSA-7VHM-FMPH-7WXW audify vulnerable to Improper Validation of Array Index
All versions of the package audify are vulnerable to Improper Validation of Array Index when frameSize is provided to the new OpusDecoder.decode or new OpusDecoder.decodeFloat functions it is not checked for negative values. This can lead to a process crash...
CVE-2024-36730
Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service DoS via inputting negative values into the oneflow.zeros/ones parameter...
CVE-2024-36730
Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service DoS via inputting negative values into the oneflow.zeros/ones parameter...
CVE-2024-36730
Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service DoS via inputting negative values into the oneflow.zeros/ones parameter...
PT-2024-27140 · Oneflow · Oneflow
Name of the Vulnerable Software and Affected Versions: Oneflow version 0.9.1 Description: The issue is related to improper input validation, allowing attackers to cause a Denial of Service DoS by inputting negative values into the oneflow.zeros/ones parameter. Recommendations: For version 0.9.1,...
SUSE CVE-2024-26927
In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Add some bounds checking to firmware data Smatch complains about "head-fullsize - head-headersize" can underflow. To some extent, we're always going to have to trust the firmware a bit. However, it's easy enough to add...
SUSE CVE-2024-26815
In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: proper TCATAPRIOTCENTRYINDEX check taprioparsetcentry is not correctly checking TCATAPRIOTCENTRYINDEX attribute: int tc; // Signed value tc = nlagetu32tbTCATAPRIOTCENTRYINDEX; if tc = TCQOPTMAXQUEUE...
DEBIAN-CVE-2024-26815
In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: proper TCATAPRIOTCENTRYINDEX check taprioparsetcentry is not correctly checking TCATAPRIOTCENTRYINDEX attribute: int tc; // Signed value tc = nlagetu32tbTCATAPRIOTCENTRYINDEX; if tc = TCQOPTMAXQUEUE...
CVE-2024-26815
In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: proper TCATAPRIOTCENTRYINDEX check taprioparsetcentry is not correctly checking TCATAPRIOTCENTRYINDEX attribute: int tc; // Signed value tc = nlagetu32tbTCATAPRIOTCENTRYINDEX; if tc = TCQOPTMAXQUEUE...
CVE-2024-26815 net/sched: taprio: proper TCA_TAPRIO_TC_ENTRY_INDEX check
In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: proper TCATAPRIOTCENTRYINDEX check taprioparsetcentry is not correctly checking TCATAPRIOTCENTRYINDEX attribute: int tc; // Signed value tc = nlagetu32tbTCATAPRIOTCENTRYINDEX; if tc = TCQOPTMAXQUEUE...
BIT-TENSORFLOW-2022-21728 Out of bounds read in Tensorflow
Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for ReverseSequence does not fully validate the value of batchdim and can result in a heap OOB read. There is a check to make sure the value of batchdim does not go over the rank of the input, but there...
Design/Logic Flaw
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. Arrays can be keyed by a signed integer, while they are defined for unsigned integers only. The typechecker doesn't throw when spotting the usage of an int as an index for an array. The typechecker allows the usage of...
SUSE CVE-2014-9670
Multiple integer signedness errors in the pcfgetencodings function in pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service integer overflow, NULL pointer dereference, and application crash via a crafted PCF file that specifies negative values for the first...
SUSE CVE-2018-19623
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the LBMPDM dissector could crash. In addition, a remote attacker could write arbitrary data to any memory locations before the packet-scoped memory. This was addressed in epan/dissectors/packet-lbmpdm.c by disallowing certain negative values...