Lucene search
K

36 matches found

Debian CVE
Debian CVE
added 2021/11/05 10:25 p.m.5 views

CVE-2021-41228

TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's savedmodelcli tool is vulnerable to a code injection as it calls eval on user supplied strings. This can be used by attackers to run arbitrary code on the plaform where the CLI tool runs. However, given...

7.8CVSS7.8AI score0.00208EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 2021/11/05 10:15 p.m.4 views

CVE-2021-41208

TensorFlow is an open source platform for machine learning. In affected versions the code for boosted trees in TensorFlow is still missing validation. As a result, attackers can trigger denial of service via dereferencing nullptrs or via CHECK-failures as well as abuse undefined behavior binding...

8.8CVSS7.2AI score0.00168EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2021/11/05 10:15 p.m.4 views

PYSEC-2021-810

TensorFlow is an open source platform for machine learning. In affected versions while calculating the size of the output within the tf.range kernel, there is a conditional statement of type int64 = condition ? int64 : double. Due to C++ implicit conversion rules, both branches of the condition...

5.5CVSS5.9AI score0.00202EPSS
Exploits0References5
PyPA
PyPA
added 2021/11/05 9:15 p.m.5 views

PYSEC-2021-404

TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for tf.ragged.cross can trigger a read outside of bounds of heap allocated array. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1,...

7.1CVSS7.2AI score0.00201EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2021/11/05 9:15 p.m.8 views

PYSEC-2021-409

TensorFlow is an open source platform for machine learning. In affected versions the process of building the control flow graph for a TensorFlow model is vulnerable to a null pointer exception when nodes that should be paired are not. This occurs because the code assumes that the first node in th...

5.5CVSS6.1AI score0.00181EPSS
Exploits1References2
PyPA
PyPA
added 2021/11/05 9:15 p.m.7 views

PYSEC-2021-407

TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for DeserializeSparse can trigger a null pointer dereference. This is because the shape inference function assumes that the serializesparse tensor is a tensor with positive rank and having 3 ...

5.5CVSS7.1AI score0.00181EPSS
Exploits1References2Affected Software1
Debian CVE
Debian CVE
added 2021/11/05 8:15 p.m.3 views

CVE-2021-41212

TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for tf.ragged.cross can trigger a read outside of bounds of heap allocated array. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1,...

7.1CVSS7.2AI score0.00201EPSS
Exploits1
PyPA
PyPA
added 2021/11/05 8:15 p.m.4 views

PYSEC-2021-805

TensorFlow is an open source platform for machine learning. In affected versions TensorFlow allows tensor to have a large number of dimensions and each dimension can be as large as desired. However, the total number of elements in a tensor must fit within an int64t. If an overflow occurs,...

5.5CVSS7.1AI score0.00307EPSS
Exploits2References6Affected Software1
PyPA
PyPA
added 2021/11/05 8:15 p.m.5 views

PYSEC-2021-606

TensorFlow is an open source platform for machine learning. In affected versions the Keras pooling layers can trigger a segfault if the size of the pool is 0 or if a dimension is negative. This is due to the TensorFlow's implementation of pooling operations where the values in the sliding window...

5.5CVSS6.9AI score0.0023EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2021/11/05 8:15 p.m.8 views

PYSEC-2021-402

TensorFlow is an open source platform for machine learning. In affected versions the shape inference functions for SparseCountSparseOutput can trigger a read outside of bounds of heap allocated array. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow...

7.1CVSS7AI score0.00148EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2021/11/05 12:0 a.m.4 views

PT-2021-23176 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.7.0 TensorFlow versions 2.6.1 and earlier TensorFlow versions 2.5.2 and earlier TensorFlow versions 2.4.4 and earlier Description: The issue occurs during TensorFlow's Grappler optimizer phase, where constant...

6.8CVSS5.2AI score0.00136EPSS
Exploits0References13
CNVD
CNVD
added 2020/04/17 12:0 a.m.2 views

Rukovoditel SQL Injection Vulnerability (CNVD-2020-26656)

Rukovoditel is a set of Web-based open source project management software from the Rukovoditel team. The software has project management , customer relationship management and other functions . A SQL injection vulnerability exists in Rukovoditel version 2.5.2. The vulnerability stems from a lack ...

9.8CVSS8.2AI score0.01681EPSS
Exploits0References1
CNVD
CNVD
added 2017/07/03 12:0 a.m.9 views

Foscam C1 Indoor HD Camera cgiproxy.fcgi dns2 address configuration command injection vulnerability

Foscam C1 Indoor HD Camera is a wireless HD IP camera from Foscam China. A security vulnerability exists in the web management interface in the Foscam C1 Indoor HD Camera using application firmware version 2.52.2.37. The vulnerability can be exploited to inject arbitrary shell characters by sendi...

8.8CVSS7AI score0.04527EPSS
Exploits1References1
CNVD
CNVD
added 2017/07/03 12:0 a.m.6 views

Foscam C1 Indoor HD Camera Command Injection Vulnerability (CNVD-2017-14064)

Foscam C1 Indoor HD Camera is a wireless HD IP camera from Foscam China. A security vulnerability exists in the web management interface in the Foscam C1 Indoor HD Camera using application firmware version 2.52.2.37. The vulnerability can be exploited to inject arbitrary shell characters by sendi...

8.8CVSS7AI score0.04782EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2009/07/27 9:32 a.m.4 views

python: Multiple buffer overflows in unicode processing

Multiple buffer overflows in Python 2.5.2 and earlier on 32bit platforms allow context-dependent attackers to cause a denial of service crash or have unspecified other impact via a long string that leads to incorrect memory allocation during Unicode string processing, related to the unicoderesize...

7.5CVSS6.8AI score0.04493EPSS
Exploits3References4
RedHat Linux
RedHat Linux
added 2009/07/27 9:22 a.m.4 views

python: Multiple integer overflows discovered by Google

Multiple integer overflows in Python before 2.5.2 might allow context-dependent attackers to have an unknown impact via vectors related to 1 Include/pymem.h; 2 csv.c, 3 struct.c, 4 arraymodule.c, 5 audioop.c, 6 binascii.c, 7 cPickle.c, 8 cStringIO.c, 9 cjkcodecs/multibytecodec.c, 10...

7.5CVSS6.7AI score0.03665EPSS
Exploits2References4
Rows per page
Query Builder