24 matches found
CVE-2025-62370
Alloy Core libraries at the root of the Rust Ethereum ecosystem. Prior to 0.8.26 and 1.4.1, an uncaught panic triggered by malformed input to alloydynabi::TypedData could lead to a denial-of-service DoS via eip712signinghash. Software with high availability requirements such as network services m...
GHSA-M8RJ-PPPH-MJ33 @plone/volto vulnerable to potential DoS by invoking specific URL by anonymous user
Impact When visiting a specific URL, an anonymous user could cause the NodeJS server part of Volto to quit with an error. Patches The problem has been patched and the patch has been backported to Volto major versions down until 16. It is advised to upgrade to the latest patch release of your...
SUSE CVE-2022-24999
qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an proto key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string ...
GHSA-WHHR-7F2W-QQJ2 phonenumber panics on parsing crafted RFC3966 inputs
Impact The phonenumber parsing code may panic due to a panic-guarded out-of-bounds access on the phonenumber string. In a typical deployment of rust-phonenumber, this may get triggered by feeding a maliciously crafted phonenumber over the network, specifically the string .;phone-context=. Patches...
SUSE CVE-2021-29523
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in tf.rawops.AddManySparseToTensorsMap. This is because the...
SUSE CVE-2021-37685
TensorFlow is an end-to-end open source platform for machine learning. In affected versions TFLite's expanddims.cc contains a vulnerability which allows reading one element outside of bounds of heap allocated data. If axis is a large negative value e.g., -100000, then after the first if it would...
SUSE CVE-2022-23589
Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow can trigger a null pointer dereference. There are 2 places where this can occur, for the same malicious alteration of a SavedModel file fixing the first one would trigger the same...
USN-5823-3 mysql-5.7, mysql-8.0 regression
USN-5823-1 fixed vulnerabilities in MySQL. Unfortunately, 8.0.32 introduced a regression in MySQL Router preventing connections from PyMySQL. This update reverts most of the changes in MySQL Router to 8.0.31 until a proper fix can be found. We apologize for the inconvenience. Original advisory...
CVE-2022-36015
TensorFlow is an open source platform for machine learning. When RangeSize receives values that do not fit into an int64t, it crashes. We have patched the issue in GitHub commit 37e64539cd29fcfb814c4451152a60f5d107b0f0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this...
CVE-2022-36003
TensorFlow is an open source platform for machine learning. When RandomPoissonV2 receives large input shape and rates, it gives a CHECK fail that can trigger a denial of service attack. We have patched the issue in GitHub commit 552bfced6ce4809db5f3ca305f60ff80dd40c5a3. The fix will be included i...
GHSA-RH87-Q4VG-M45J TensorFlow vulnerable to integer overflow in math ops
Impact When RangeSize receives values that do not fit into an int64t, it crashes. cpp auto size = std::isintegral::value ? Eigen::numext::abslimit - start + Eigen::numext::absdelta - T1 / Eigen::numext::absdelta : Eigen::numext::ceil Eigen::numext::abslimit - start / delta; // This check does not...
GHSA-C582-C96P-R5CQ Memory exhaustion in Tensorflow
Impact The implementation of ThreadPoolHandle can be used to trigger a denial of service attack by allocating too much memory: python import tensorflow as tf y = tf.rawops.ThreadPoolHandlenumthreads=0x60000000,displayname='tf' This is because the numthreads argument is only checked to not be...
PYSEC-2022-57
Tensorflow is an Open Source Machine Learning Framework. The implementation of StringNGrams can be used to trigger a denial of service attack by causing an out of memory condition after an integer overflow. We are missing a validation on padwitdh and that result in computing a negative value for...
CVE-2021-37666
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.RaggedTensorToVariant. The implementation has an incomplete validation of the splits values, missing the case...
PYSEC-2021-752
TensorFlow is an end-to-end open source platform for machine learning. In affected versions if the arguments to tf.rawops.RaggedGather don't determine a valid ragged tensor code can trigger a read from outside of bounds of heap allocated buffers. The implementation directly reads the first...
CVE-2021-37644
TensorFlow is an end-to-end open source platform for machine learning. In affected versions providing a negative element to numelements list argument of tf.rawops.TensorListReserve causes the runtime to abort the process due to reallocating a std::vector to have a negative number of elements. The...
PYSEC-2021-275
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a crash via a floating point exception in tf.rawops.ResourceGather. The implementation computes the value of a value, batchsize, and then divides by it without checking that this...
PYSEC-2021-711
TensorFlow is an end-to-end open source platform for machine learning. The TFLite computation for size of output after padding, ComputeOutSizehttps://github.com/tensorflow/tensorflow/blob/0c9692ae7b1671c983569e5d3de5565843d500cf/tensorflow/lite/kernels/padding.hL43-L55, does not check that the...
PYSEC-2021-204
TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in tf.rawops.SparseDenseCwiseMul, an attacker can trigger denial of service via CHECK-fails or accesses to outside the bounds of heap allocated data. Since the...
PYSEC-2021-708
TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in tf.rawops.Dequantize, an attacker can trigger a read from outside of bounds of heap allocated data. The...