PYSEC-2021-291

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause denial of service in applications serving models using tf.rawops.NonMaxSuppressionV5 by triggering a division by 0. The implementation uses a user controlled argument to resize a...

CVE-2021-37669 Crash in NMS ops caused by integer conversion to unsigned in TensorFlow

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause denial of service in applications serving models using tf.rawops.NonMaxSuppressionV5 by triggering a division by 0. The implementation uses a user controlled argument to resize a...

CVE-2021-37645

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of tf.rawops.QuantizeAndDequantizeV4Grad is vulnerable to an integer overflow issue caused by converting a signed integer value to an unsigned one and then allocating memory based on thi...

CVE-2021-37644

TensorFlow is an end-to-end open source platform for machine learning. In affected versions providing a negative element to numelements list argument of tf.rawops.TensorListReserve causes the runtime to abort the process due to reallocating a std::vector to have a negative number of elements. The...

AT&T Labs Xmill 缓冲区错误漏洞

Xmill is an efficient compressor of XML data. a stack buffer overflow vulnerability exists in the command line parsing HandleFileArg function in Xmill version 0.7. An attacker could exploit the vulnerability by providing malicious input via the filepattern parameter to cause a denial of service...

RHEL 7 : microcode_ctl (RHSA-2021:3029)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:3029 advisory. The microcodectl packages provide microcode updates for Intel. Security Fixes: hw: Special Register Buffer Data Sampling SRBDS CVE-2020-0543...

rust: double free in Vec::from_iter function if freeing the element panics

In the standard library in Rust before 1.52.0, a double free can occur in the Vec::fromiter function if freeing the element panics...

hw: Vector Register Data Sampling

A flaw was found in Intel processors where a local attacker is able to gain information about registers used for vector calculations by observing register states from other processes running on the system. This results in a race condition where store buffers, which were not cleared, could be read...

hw: Vector Register Leakage-Active

A flaw was found in the Intel Advanced Vector Extensions AVX implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state...

CentOS: Security Advisory for microcode_ctl (CESA-2021:3028)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

microcode_ctl security update

CentOS Errata and Security Advisory CESA-2021:3028 An update for microcodectl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

hw: Vector Register Data Sampling

A flaw was found in Intel processors where a local attacker is able to gain information about registers used for vector calculations by observing register states from other processes running on the system. This results in a race condition where store buffers, which were not cleared, could be read...

hw: Vector Register Leakage-Active

A flaw was found in the Intel Advanced Vector Extensions AVX implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state...

hw: Vector Register Data Sampling

A flaw was found in Intel processors where a local attacker is able to gain information about registers used for vector calculations by observing register states from other processes running on the system. This results in a race condition where store buffers, which were not cleared, could be read...

hw: Vector Register Leakage-Active

A flaw was found in the Intel Advanced Vector Extensions AVX implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state...

CentOS 7 : microcode_ctl (CESA-2021:3028)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2021:3028 advisory. - hw: Special Register Buffer Data Sampling SRBDS CVE-2020-0543 - hw: Vector Register Data Sampling CVE-2020-0548 - hw: L1D Cache Eviction Sampling...

RHEL 7 : microcode_ctl (RHSA-2021:3028)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:3028 advisory. The microcodectl packages provide microcode updates for Intel. Security Fixes: hw: Special Register Buffer Data Sampling SRBDS CVE-2020-0543...

Scientific Linux Security Update : microcode_ctl on SL7.x x86_64 (2021:3028)

The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2021:3028-1 advisory. - hw: Special Register Buffer Data Sampling SRBDS CVE-2020-0543 - hw: Vector Register Data Sampling CVE-2020-0548 - hw: L1D Cache Eviction Sampli...

Rust 安全漏洞

A security vulnerability exists in the Iced-x86 crate of Mozilla Rust version 1.10.3, which could be exploited by attackers to launch further attacks on the system...

Rust 安全漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. playXE/cgc for Mozilla Rust suffers from a memory corruption vulnerability that can be exploited by attackers to cause data contention...