Rust 命令注入漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. Mozilla Rust is vulnerable to a command injection vulnerability that could be exploited by attackers to trigger undefined behavior and memory corruption...

openSUSE 15 Security Update : dbus-1 (openSUSE-SU-2021:2292-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:2292-1 advisory. - A use-after-free flaw was found in D-Bus Development branch = 1.13.16, dbus-1.12.x stable branch = 1.12.18, and dbus-1.10.x and older branches =...

Google TensorFlow Numeric Error Vulnerability

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. Google TensorFlow 2.4.2, 2.3.3, 2.2.3, 2.1.4 suffers from a number error vulnerability that can be exploited by an attacker to trigger undefined behavior via a null pointer bound to...

Google TensorFlow code issue vulnerability (CNVD-2021-48860)

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. A code issue vulnerability exists in Google TensorFlow 2.4.2, 2.3.3, 2.2.3, 2.1.4, which stems from tf.rawops.SdcaOptimizer triggering undefined behavior due to dereferencing a null pointer. No...

Google TensorFlow suffers from an unspecified vulnerability (CNVD-2021-48856)

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. A security vulnerability exists in Google TensorFlow versions 2.4.2, 2.3.3, 2.2.3, and 2.1.4, which stems from a lack of validation in tf.rawops.RaggedTensorToTensor, and can be exploited by an...

Google TensorFlow Buffer Overflow Vulnerability (CNVD-2021-48862)

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. A buffer overflow vulnerability exists in Google TensorFlow 2.4.2, 2.3.3, 2.2.3, 2.1.4, which can be exploited by an attacker to trigger undefined behavior via a null pointer bound to...

Race condition

When Web Render components were destructed, a race condition could have caused undefined behavior, and we presume that with enough effort may have been exploitable to run arbitrary code. This vulnerability affects Firefox 88.0.1 and Firefox for Android 88.1.3...

CVE-2021-29952

Summary: CVE-2021-29952 affects Mozilla Firefox and Firefox for Android. A race condition during the destruction of Web Render components could cause undefined behavior and, with sufficient effort, potentially be exploited to run arbitrary code. Affected versions: Firefox < 88.0.1 and Firefox ...

CVE-2021-29952

When Web Render components were destructed, a race condition could have caused undefined behavior, and we presume that with enough effort may have been exploitable to run arbitrary code. This vulnerability affects Firefox 88.0.1 and Firefox for Android 88.1.3...

CVE-2021-29952

When Web Render components were destructed, a race condition could have caused undefined behavior, and we presume that with enough effort may have been exploitable to run arbitrary code. This vulnerability affects Firefox 88.0.1 and Firefox for Android 88.1.3...

Privilege escalation

In onReceive of NetInitiatedActivity.java, there is a possible way to supply an attacker-controlled value to a GPS HAL handler due to a missing permission check. This could lead to local escalation of privilege that may result in undefined behavior in some HAL implementations with no additional...

UBUNTU-CVE-2021-3608

A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMAREGDSRHIGH" write from the guest and may result in a crash of QEMU or cause undefined behavior due to the access of an uninitialized pointer. The...

Ubuntu 18.04 LTS / 20.04 LTS : ImageMagick vulnerabilities (USN-4988-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4988-1 advisory. It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were...

PUB-A-174151048

In onReceive of NetInitiatedActivity.java, there is a possible way to supply an attacker-controlled value to a GPS HAL handler due to a missing permission check. This could lead to local escalation of privilege that may result in undefined behavior in some HAL implementations with no additional...

OESA-2021-1198 ImageMagick security update

Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats over 200 including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images,...

Google TensorFlow code issue vulnerability (CNVD-2021-48868)

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. A code issue vulnerability exists in Google TensorFlow 2.4.2, 2.3.3, 2.2.3, 2.1.4, which stems from tf.rawops.FusedBatchNorm demonstrating undefined behavior by dereferencing null pointers to...

Heap OOB and null pointer dereference in `RaggedTensorToTensor`

Impact Due to lack of validation in tf.rawops.RaggedTensorToTensor, an attacker can exploit an undefined behavior if input arguments are empty: python import tensorflow as tf shape = tf.constant-1, -1, shape=2, dtype=tf.int64 values = tf.constant, shape=0, dtype=tf.int64 defaultvalue =...

GHSA-9XH4-23Q4-V6WR Heap buffer overflow and undefined behavior in `FusedBatchNorm`

Impact The implementation of tf.rawops.FusedBatchNorm is vulnerable to a heap buffer overflow: python import tensorflow as tf x = tf.zeros10, 10, 10, 6, dtype=tf.float32 scale = tf.constant0.0, shape=1, dtype=tf.float32 offset = tf.constant0.0, shape=1, dtype=tf.float32 mean = tf.constant0.0,...

Heap buffer overflow and undefined behavior in `FusedBatchNorm`

Impact The implementation of tf.rawops.FusedBatchNorm is vulnerable to a heap buffer overflow: python import tensorflow as tf x = tf.zeros10, 10, 10, 6, dtype=tf.float32 scale = tf.constant0.0, shape=1, dtype=tf.float32 offset = tf.constant0.0, shape=1, dtype=tf.float32 mean = tf.constant0.0,...

Undefined behavior and `CHECK`-fail in `FractionalMaxPoolGrad`

Impact The implementation of tf.rawops.FractionalMaxPoolGrad triggers an undefined behavior if one of the input tensors is empty: python import tensorflow as tf originput = tf.constant2, 3, shape=1, 1, 1, 2, dtype=tf.int64 origoutput = tf.constant, dtype=tf.int64 outbackprop = tf.zeros2, 3, 6, 6,...