562 matches found
PYSEC-2021-723
TensorFlow is an end-to-end open source platform for machine learning. The implementation of the SpaceToBatchNd TFLite operator is vulnerable to a division by zero error. An attacker can craft a model such that one dimension of the block input is 0. Hence, the corresponding value in blockshape is...
PYSEC-2021-742
TensorFlow is an end-to-end open source platform for machine learning. The implementation of TrySimplifyhttps://github.com/tensorflow/tensorflow/blob/c22d88d6ff33031aa113e48aa3fc9aa74ed79595/tensorflow/core/grappler/optimizers/arithmeticoptimizer.ccL390-L401 has undefined behavior due to...
PYSEC-2021-161
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in tf.rawops.Conv2DBackpropFilter. This is because the...
PYSEC-2021-179
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow by passing crafted inputs to tf.rawops.StringNGrams. This is because the...
PYSEC-2021-691
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a null pointer dereference in the implementation of tf.rawops.SparseFillEmptyRows. This is because of missing...
PYSEC-2021-697
TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.MaxPoolGradWithArgmax can cause reads outside of bounds of heap allocated data if attacker supplies specially crafted inputs. The...
CVE-2021-29563
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service by exploiting a CHECK-failure coming from the implementation of tf.rawops.RFFT. Eigen code operating on an empty matrix can trigger on an assertion and will cause program termination...
PYSEC-2021-149
TensorFlow is an end-to-end open source platform for machine learning. If the splits argument of RaggedBincount does not specify a valid SparseTensorhttps://www.tensorflow.org/apidocs/python/tf/sparse/SparseTensor, then an attacker can trigger a heap buffer overflow. This will cause a read from...
Google TensorFlow 数字错误漏洞
Google TensorFlow is an end-to-end open source machine learning platform. A divide-by-zero error vulnerability exists in the tf.rawops.Conv2D implementation in TensorFlow versions prior to 2.5.0. No details of the vulnerability are provided at this time...
PT-2021-18320 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.5.0 TensorFlow versions 2.4.2 and earlier TensorFlow versions 2.3.3 and earlier TensorFlow versions 2.2.3 and earlier TensorFlow versions 2.1.4 and earlier Description: The implementation of tf.raw...
PT-2021-20784 · Foreman +1 · Foreman +1
Name of the Vulnerable Software and Affected Versions: Foreman versions prior to 2.5.0 Description: A flaw in the smart proxy of Foreman, which provides a restful API to various sub-systems, can cause a Man-in-the-Middle attack. The FreeIPA module of Foreman smart proxy does not check the SSL...
CVE-2020-15937
An improper neutralization of input vulnerability in FortiGate version 6.2.x below 6.2.5 and 6.4.x below 6.4.1 may allow a remote attacker to perform a stored cross site scripting attack XSS via the IPS and WAF logs dashboard...
CVE-2020-24480
Out-of-bounds write in the IntelR XTU before version 6.5.3.25 may allow a privileged user to potentially enable denial of service via local access...
Vmware Spring Cloud Data Flow SQL Injection Vulnerability
Vmware Spring Cloud Data Flow is a code library for streaming and batch data processing in microservices from Vmware, Inc. A SQL injection vulnerability exists in Spring Cloud Data Flow versions 2.6.x prior to 2.6.5, versions 2.5.x prior to 2.5.4, which stems from the vulnerability of the...
Vulnerabilities fixed in Red Hat OpenShift Virtualization
Red Hat has fixed multiple vulnerabilities in OpenShift Virtualization. The vulnerabilities potentially enable a malicious person able to launch attacks that result in the following categories of damage: Denial-of-Service DoS Access to system data Increased user privileges Red Hat has released...
Win911 Mobile Server Security Vulnerability
Win911 Mobile Server is a server-side program used in industrial environments to provide interactive data support for mobile apps from Win911 USA. A security vulnerability exists in Win911 Mobile Server V2.5, which can be exploited by an attacker to overwrite the service executable and execute...
cn.ibizlab.plugin:ibiz-cloud-ai-baichuanai (>=8.1.0.371 <=8.1.0.578.187), cn.ibizlab.plugin:ibiz-cloud-ai-core (>=8.1.0.304 <=8.1.0.578.187) +438 more potentially affected by CVE-2020-17521 via org.codehaus.groovy:groovy-all (>=2.5.0 <=2.5.13)
org.codehaus.groovy:groovy-all MAVEN version =2.5.0, =8.1.0.371, =8.1.0.304, =8.1.0.371, =8.1.0.516, =8.1.0.304, =8.1.0.286, =8.1.0.286, =8.1.0.371, =8.1.0.371, =8.1.0.286, =8.1.0.286, =8.1.0.371, =8.1.0.286, =8.1.0.286, =8.1.0.286, =8.1.0.567.22 and more Source cves: CVE-2020-17521 Source...
CVE-2020-26910
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25...
Wireshark Resource Management Error Vulnerability (CNVD-2020-49576)
Wireshark formerly known as Ethereal is a suite of network packet analysis software from the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. A security vulnerability exists in Wireshark versions 3.2.0 through 3.2.5. An attacker...
OpenJDK: HostnameChecker does not ensure X.509 certificate names are in normalized form (JSSE, 8237592)
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to...