Lucene search
K

45 matches found

OSV
OSV
added 2021/11/10 7:2 p.m.2 views

GHSA-7V94-64HJ-M82H FPE in `ParallelConcat`

Impact The implementation of ParallelConcat misses some input validation and can produce a division by 0: python import tensorflow as tf @tf.function def test: y = tf.rawops.ParallelConcatvalues='tf',shape=0 return y test Patches We have patched the issue in GitHub commit...

6.8CVSS6AI score0.00136EPSS
Exploits0References11
Debian CVE
Debian CVE
added 2021/11/05 10:30 p.m.4 views

CVE-2021-41222

TensorFlow is an open source platform for machine learning. In affected versions the implementation of SplitV can trigger a segfault is an attacker supplies negative arguments. This occurs whenever sizesplits contains more than one value and at least one value is negative. The fix will be include...

5.5CVSS7AI score0.00181EPSS
Exploits1
PyPA
PyPA
added 2021/08/12 11:15 p.m.7 views

PYSEC-2021-296

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a denial of service via a segmentation fault in tf.rawops.MaxPoolGrad caused by missing validation. The implementation misses some validation for the originput and origoutput tensor...

7.8CVSS6.8AI score0.00214EPSS
Exploits1References3Affected Software1
PyPA
PyPA
added 2021/08/12 11:15 p.m.6 views

PYSEC-2021-300

TensorFlow is an end-to-end open source platform for machine learning. In affected versions TensorFlow and Keras can be tricked to perform arbitrary code execution when deserializing a Keras model from YAML format. The implementation uses yaml.unsafeload which can perform arbitrary code execution...

9.3CVSS7.9AI score0.00451EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/08/12 11:15 p.m.8 views

PYSEC-2021-591

TensorFlow is an end-to-end open source platform for machine learning. In affected versions TensorFlow and Keras can be tricked to perform arbitrary code execution when deserializing a Keras model from YAML format. The implementation uses yaml.unsafeload which can perform arbitrary code execution...

9.3CVSS7.9AI score0.00451EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2021/08/12 11:15 p.m.2 views

PYSEC-2021-784

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a denial of service via a CHECK-fail in tf.rawops.MapStage. The implementation does not check that the key input is a valid non-empty tensor. We have patched the issue in GitHub...

5.5CVSS6AI score0.00154EPSS
Exploits0References2
PyPA
PyPA
added 2021/08/12 10:15 p.m.5 views

PYSEC-2021-579

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.RaggedTensorToVariant. The implementation has an incomplete validation of the splits values, missing the case...

7.8CVSS7AI score0.00173EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2021/08/12 9:15 p.m.6 views

CVE-2021-37655

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a read from outside of bounds of heap allocated data by sending invalid arguments to tf.rawops.ResourceScatterUpdate. The implementation has an incomplete validation of the...

7.3CVSS5.7AI score0.00167EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2021/08/12 9:15 p.m.5 views

PYSEC-2021-272

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for tf.rawops.ExperimentalDatasetToTFRecord and tf.rawops.DatasetToTFRecord can trigger heap buffer overflow and segmentation fault. The implementation assumes that all records in the...

7.8CVSS6.7AI score0.00182EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2021/08/12 9:15 p.m.3 views

CVE-2021-37644

TensorFlow is an end-to-end open source platform for machine learning. In affected versions providing a negative element to numelements list argument of tf.rawops.TensorListReserve causes the runtime to abort the process due to reallocating a std::vector to have a negative number of elements. The...

5.5CVSS5.5AI score0.00152EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2021/05/21 2:28 p.m.1 views

GHSA-8RM6-75MF-7R7R Division by zero in TFLite's implementation of hashtable lookup

Impact The TFLite implementation of hashtable lookup is vulnerable to a division by zero error: cc const int numrows = SizeOfDimensionvalue, 0; const int rowbytes = value-bytes / numrows; An attacker can craft a model such that values's first dimension would be 0. Patches We have patched the issu...

2.5CVSS5.8AI score0.00189EPSS
Exploits1References8
PyPA
PyPA
added 2021/05/14 8:15 p.m.5 views

PYSEC-2021-168

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a CHECK fail in PNG encoding by providing an empty input tensor as the pixel data. This is because the...

5.5CVSS7AI score0.00189EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/05/14 8:15 p.m.9 views

PYSEC-2021-232

TensorFlow is an end-to-end open source platform for machine learning. The implementation of the DepthToSpace TFLite operator is vulnerable to a division by zero...

7.8CVSS6.9AI score0.00201EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2021/05/14 8:15 p.m.2 views

PYSEC-2021-168

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a CHECK fail in PNG encoding by providing an empty input tensor as the pixel data. This is because the...

5.5CVSS6.3AI score0.00189EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2021/05/14 7:22 p.m.4 views

CVE-2021-29590

TensorFlow is an end-to-end open source platform for machine learning. The implementations of the Minimum and Maximum TFLite operators can be used to read data outside of bounds of heap allocated objects, if any of the two input tensor arguments are empty. This is because the broadcasting...

7.1CVSS7AI score0.00198EPSS
Exploits1
Oracle linux
Oracle linux
added 2021/03/05 12:0 a.m.51 views

nodejs:12 security update

nodejs 1:12.21.0-1 - Resolves: RHBZ1932315, RHBZ1932424 - remove --debug-nghttp2 option - remove ini patch - Backport patch to use getauxval...

7.8CVSS1.7AI score0.77385EPSS
Exploits1
OSV
OSV
added 2021/02/26 10:15 p.m.5 views

UBUNTU-CVE-2021-21309

Redis is an open-source, in-memory database that persists on disk. In affected versions of Redis an integer overflow bug in 32-bit Redis version 4.0 or newer could be exploited to corrupt the heap and potentially result with remote code execution. Redis 4.0 or newer uses a configurable limit for...

8.8CVSS7.2AI score0.047EPSS
Exploits0References4
Oracle linux
Oracle linux
added 2020/11/10 12:0 a.m.86 views

systemd security, bug fix, and enhancement update

239-40.0.1 - backport upstream pstore tmpfiles patch Orabug: 31420486 - udev rules: fix memory hot add and remove Orabug: 31310273 - fix to enable systemd-pstore.service Orabug: 30951066 - journal: change support URL shown in the catalog entries Orabug: 30853009 - fix to generate...

5.1CVSS6.3AI score0.00429EPSS
Exploits0
OSV
OSV
added 2020/09/10 2:15 a.m.3 views

CVE-2020-25220

The Linux kernel 4.9.x before 4.9.233, 4.14.x before 4.14.194, and 4.19.x before 4.19.140 has a use-after-free because skcd-norefcnt was not considered during a backport of a CVE-2020-14356 patch. This is related to the cgroups feature...

7.8CVSS6.7AI score
Exploits0References9
Oracle linux
Oracle linux
added 2019/11/14 12:0 a.m.86 views

yum security, bug fix, and enhancement update

createrepoc 0.11.0-3 - Backport patch to switch off timestamps on documentation in order to remove file conflicts RhBug:1738788 0.11.0-2 - Consistently produce valid URLs by prepending protocol. RhBug:1632121 - modifyrepoc: Prevent doubling of compression test.gz.gz RhBug:1639287 - Correct pkg...

8.8CVSS7.5AI score0.0233EPSS
Exploits2
Rows per page
Query Builder