Lucene search
+L

357 matches found

OSV
OSV
added 2022/11/13 8:15 a.m.1 views

DEBIAN-CVE-2022-3970

A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function TIFFReadRGBATileExt of the file libtiff/tifgetimage.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and m...

8.8CVSS6.1AI score0.01237EPSS
Exploits1References1
OSV
OSV
added 2022/09/24 1:25 a.m.7 views

CVE-2022-39242 Incorrect Calculation in Frontier leads to inflated Ethereum chain gas prices

Frontier is an Ethereum compatibility layer for Substrate. Prior to commit d3beddc6911a559a3ecc9b3f08e153dbe37a8658, the worst case weight was always accounted as the block weight for all cases. In case of large EVM gas refunds, this can lead to block spamming attacks -- the adversary can constru...

5.3CVSS6.8AI score0.00612EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2022/09/16 10:15 p.m.6 views

CVE-2022-35998

TensorFlow is an open source platform for machine learning. If EmptyTensorList receives an input elementshape with more than one dimension, it gives a CHECK fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...

7.5CVSS6.8AI score0.0042EPSS
Exploits0
Debian CVE
Debian CVE
added 2022/09/16 9:0 p.m.5 views

CVE-2022-35973

TensorFlow is an open source platform for machine learning. If QuantizedMatMul is given nonscalar input for: mina, maxa, minb, or maxb It gives a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit aca766ac7693bf29ed0df55ad6bfcc78f35e7f48. T...

7.5CVSS6.8AI score0.00439EPSS
Exploits0
Debian CVE
Debian CVE
added 2022/09/16 8:25 p.m.58 views

CVE-2022-35965

TensorFlow is an open source platform for machine learning. If LowerBound or UpperBound is given an emptysortedinputs input, it results in a nullptr dereference, leading to a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...

7.5CVSS6.8AI score0.00398EPSS
Exploits0
NVD
NVD
added 2022/05/03 8:15 p.m.23 views

CVE-2022-28793

Given the TEE is compromised and controlled by the attacker, improper state maintenance in StrongBox allows attackers to change Android ROT during device boot cycle after compromising TEE. The patch is applied in Galaxy S22 to prevent change of Android ROT after first initialization at boot time...

4.4CVSS0.00209EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/05/03 8:15 p.m.2 views

CVE-2022-28791

Improper input validation vulnerability in InstallAgent in Galaxy Store prior to version 4.5.41.8 allows attacker to overwrite files stored in a specific path. The patch adds proper protection to prevent overwrite to existing files...

6.2CVSS6.1AI score0.0021EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/04/11 8:15 p.m.5 views

CVE-2022-20072

In search engine service, there is a possible way to change the default search engine due to an incorrect comparison. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS06219118; Issue ID:...

6.7CVSS6.7AI score0.00334EPSS
Exploits0References2
OSV
OSV
added 2021/08/25 2:40 p.m.3 views

GHSA-Q7F7-544H-67H9 FPE in TFLite pooling operations

Impact The implementations of pooling in TFLite are vulnerable to division by 0 errors as there are no checks for divisors not being 0. Patches We have patched the issue in GitHub commit dfa22b348b70bb89d6d6ec0ff53973bacb4f4695. The fix will be included in TensorFlow 2.6.0. We will also cherrypic...

6.8CVSS5.8AI score0.00138EPSS
Exploits0References6
PyPA
PyPA
added 2021/08/12 11:15 p.m.6 views

PYSEC-2021-287

TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in MKL implementation of requantization, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap...

7.8CVSS7AI score0.00185EPSS
Exploits0References3Affected Software1
PyPA
PyPA
added 2021/08/12 11:15 p.m.6 views

PYSEC-2021-784

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a denial of service via a CHECK-fail in tf.rawops.MapStage. The implementation does not check that the key input is a valid non-empty tensor. We have patched the issue in GitHub...

5.5CVSS6.8AI score0.00154EPSS
Exploits0References2Affected Software1
PyPA
PyPA
added 2021/08/12 9:15 p.m.9 views

PYSEC-2021-575

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can generate undefined behavior via a reference binding to nullptr in BoostedTreesCalculateBestGainsPerFeature and similar attack can occur in BoostedTreesCalculateBestFeatureSplitV2. The...

7.8CVSS6.9AI score0.00189EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2021/08/12 9:15 p.m.4 views

PYSEC-2021-755

TensorFlow is an end-to-end open source platform for machine learning. In affected versions providing a negative element to numelements list argument of tf.rawops.TensorListReserve causes the runtime to abort the process due to reallocating a std::vector to have a negative number of elements. The...

5.5CVSS5.9AI score0.00152EPSS
Exploits0References2
PyPA
PyPA
added 2021/08/12 7:15 p.m.7 views

PYSEC-2021-260

TensorFlow is an end-to-end open source platform for machine learning. Sending invalid argument for rowpartitiontypes of tf.rawops.RaggedTensorToTensor API results in a null pointer dereference and undefined behavior. The implementation accesses the first element of a user supplied list of values...

7.8CVSS6.9AI score0.00167EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2021/08/12 7:15 p.m.5 views

PYSEC-2021-748

TensorFlow is an end-to-end open source platform for machine learning. It is possible to trigger a null pointer dereference in TensorFlow by passing an invalid input to tf.rawops.CompressElement. The implementation was accessing the size of a buffer obtained from the return of a separate function...

7.7CVSS6.1AI score0.0016EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2021/08/12 6:15 p.m.7 views

CVE-2021-37640

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of tf.rawops.SparseReshape can be made to trigger an integral division by 0 exception. The implementation calls the reshaping functor whenever there is at least an index in the input but...

5.5CVSS5.6AI score0.00152EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2021/08/12 6:10 p.m.15 views

CVE-2021-37638

TensorFlow is an end-to-end open source platform for machine learning. Sending invalid argument for rowpartitiontypes of tf.rawops.RaggedTensorToTensor API results in a null pointer dereference and undefined behavior. The implementation accesses the first element of a user supplied list of values...

7.8CVSS6.9AI score0.00167EPSS
Exploits0
OSV
OSV
added 2021/05/21 2:28 p.m.29 views

GHSA-H4PC-GX2W-F2XV Heap OOB read in TFLite

Impact A specially crafted TFLite model could trigger an OOB read on heap in the TFLite implementation of SplitV: cc const int inputsize = SizeOfDimensioninput, axisvalue; If axisvalue is not a value between 0 and NumDimensionsinput, then the SizeOfDimension function will access data outside the...

7.1CVSS6.9AI score0.00215EPSS
Exploits1References8
OSV
OSV
added 2021/05/21 2:25 p.m.37 views

GHSA-WHR9-VFH2-7HM6 Memory corruption in `DrawBoundingBoxesV2`

Impact The implementation of tf.rawops.MaxPoolGradWithArgmax can cause reads outside of bounds of heap allocated data if attacker supplies specially crafted inputs: python import tensorflow as tf images = tf.fill10, 96, 0, 1, 0. boxes = tf.fill10, 53, 0, 0. colors = tf.fill0, 1, 0...

4.5CVSS6.2AI score0.0024EPSS
Exploits1References7
OSV
OSV
added 2021/03/11 3:9 a.m.1 views

GHSA-HPV8-9RQ5-HQ7W Generated Code Contains Local Information Disclosure Vulnerability

Impact This vulnerability impacts generated code. If this code was generated as a one-off occasion, not as a part of an automated CI/CD process, this code will remain vulnerable until fixed manually! On Unix-Like systems, the system temporary directory is shared between all local users. When...

6.2CVSS6.7AI score0.00282EPSS
Exploits0References3
Rows per page
Query Builder