60 matches found
Protecting Context and Prompts: Deterministic Security for Non-Deterministic AI
Large Language Model LLM applications are vulnerable to prompt injection and context manipulation attacks that traditional security models cannot prevent. We introduce two novel primitives--authenticated prompts and authenticated context--that provide cryptographically verifiable provenance acros...
JLSEC-2025-6 An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack t...
An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. Specially crafted inputs passed to these functions could cause an application using lapack to crash or possibly disclose...
PYSEC-2025-203
An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service DoS when performing a slice operation...
AZL-68100 CVE-2025-55551 affecting package pytorch 2.2.2-12
An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service DoS when performing a slice operation...
PyTorch 安全漏洞
PyTorch is a Python package open-sourced by PyTorch. An unspecified vulnerability exists in the PyTorch torch.linalg.lu component, which can be exploited by an attacker to cause a denial of service...
Linux Distros Unpatched Vulnerability : CVE-2023-28332
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - If the algebra filter was enabled but not functional eg the necessary binaries were missing from the server, it presented an XSS risk. CVE-2023-28332 Note that...
Overlapping Data in Network Protocols: Bridging OS and NIDS Reassembly Gap
IPv4, IPv6, and TCP have a common mechanism allowing one to split an original data packet into several chunks. Such chunked packets may have overlapping data portions and, OS network stack implementations may reassemble these overlaps differently. A Network Intrusion Detection System NIDS that...
Malicious code in solhint-plugin-algebra (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 061b358e32654bafbfd48bca04693dfea5503b836f5ee9996e2b40f29df1350c Any computer that has this package installed or running should be considered...
TensorFlow has Floating Point Exception in TensorListSplit with XLA
...
TensorFlow has null dereference on ParallelConcat with XLA
...
TensorFlow has Segfault in Bincount with XLA
...
TensorFlow has Floating Point Exception in AvgPoolGrad with XLA
...
TensorFlow has Null Pointer Error in RandomShuffle with XLA enable
...
[SECURITY] Fedora 40 Update: octave-8.4.0-6.fc40
GNU Octave is a high-level language, primarily intended for numerical computations. It provides a convenient command line interface for solving linear and nonlinear problems numerically, and for performing other numerical experiments using a language that is mostly compatible with Matlab. It may...
BIT-MOODLE-2023-28332 Moodle: algebra filter xss when filter is misconfigured
If the algebra filter was enabled but not functional eg the necessary binaries were missing from the server, it presented an XSS risk...
Enough Polynomials and Linear Algebra to Implement Kyber
I was once talking with a mathematician and trying to explain elliptic curve cryptography. Eventually, something clicked and they went "oh, that! I think there was a chapter about it in the book. You made a whole field out of it?" Yes, in cryptography we end up focusing on a very narrow slice of...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS due to a floating point exception in TensorListSplit with XLA. PoC import tensorflow as tf func = tf.rawops.TensorListSplit para = 'tensor': 1, 'elementshape': -1, 'lengths': 0 @tf.functionjitcompile=True def...
AZL-35321 CVE-2023-25676 affecting package tensorflow for versions less than 2.11.1-1
TensorFlow is an open source machine learning platform. When running versions prior to 2.12.0 and 2.11.1 with XLA, tf.rawops.ParallelConcat segfaults with a nullptr dereference when given a parameter shape with rank that is not greater than zero. A fix is available in TensorFlow 2.12.0 and 2.11.1...
AZL-31213 CVE-2023-25673 affecting package tensorflow for versions less than 2.11.1-1
TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 have a Floating Point Exception in TensorListSplit with XLA. A fix is included in TensorFlow version 2.12.0 and version 2.11.1...
AZL-35318 CVE-2023-25673 affecting package tensorflow for versions less than 2.11.1-1
TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 have a Floating Point Exception in TensorListSplit with XLA. A fix is included in TensorFlow version 2.12.0 and version 2.11.1...