Lucene search
K

562 matches found

OSV
OSV
added 2020/12/10 11:15 p.m.3 views

PYSEC-2020-140

In affected versions of TensorFlow the tf.rawops.DataFormatVecPermute API does not validate the srcformat and dstformat attributes. The code assumes that these two arguments define a permutation of NHWC. This can result in uninitialized memory accesses, read outside of bounds and even crashes. Th...

7.8CVSS7.1AI score0.00241EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2020/12/10 10:10 p.m.3 views

CVE-2020-26267

In affected versions of TensorFlow the tf.rawops.DataFormatVecPermute API does not validate the srcformat and dstformat attributes. The code assumes that these two arguments define a permutation of NHWC. This can result in uninitialized memory accesses, read outside of bounds and even crashes. Th...

7.8CVSS7.2AI score0.00241EPSS
Exploits1
Cvelist
Cvelist
added 2020/12/10 10:10 p.m.27 views

CVE-2020-26267 Lack of validation in data format attributes in TensorFlow

In affected versions of TensorFlow the tf.rawops.DataFormatVecPermute API does not validate the srcformat and dstformat attributes. The code assumes that these two arguments define a permutation of NHWC. This can result in uninitialized memory accesses, read outside of bounds and even crashes. Th...

4.4CVSS7.7AI score0.00241EPSS
Exploits1References2
OSV
OSV
added 2020/12/10 7:7 p.m.7 views

GHSA-C9F3-9WFR-WGH7 Lack of validation in data format attributes in TensorFlow

Impact The tf.rawops.DataFormatVecPermute API does not validate the srcformat and dstformat attributes. The code assumes that these two arguments define a permutation of NHWC. However, these assumptions are not checked and this can result in uninitialized memory accesses, read outside of bounds a...

4.4CVSS5.8AI score0.00241EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2020/12/10 12:0 a.m.4 views

PT-2020-16390 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 1.15.5 TensorFlow versions prior to 2.0.4 TensorFlow versions prior to 2.1.3 TensorFlow versions prior to 2.2.2 TensorFlow versions prior to 2.3.2 TensorFlow versions prior to 2.4.0 Description: The tf.raw...

9.3CVSS5.6AI score0.00451EPSS
Exploits5References93
RedHat Linux
RedHat Linux
added 2020/11/04 1:25 a.m.3 views

PyYAML: command execution through python/object/apply constructor in FullLoader

A vulnerability was discovered in the PyYAML library, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the fullload method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. ...

9.8CVSS7.7AI score0.05031EPSS
Exploits1References4
Wallarm Lab
Wallarm Lab
added 2020/09/02 9:45 p.m.36 views

340 weak JWT secrets you should check in your code

JSON Web Token JWT is the data format with bill-in signature and encryption mechanisms that are often used by modern web applications to store user sessions and application context, including authentication by SSO and meta-data. Usually, you can find JWT tokens in an Authentication Bearer HTTP...

0.2AI score
Exploits0
CNVD
CNVD
added 2020/03/23 12:0 a.m.2 views

HDF5 Buffer Overflow Vulnerability (CNVD-2020-22284)

HDF5 is a suite of tools for managing and storing different types of data. The product supports managing, manipulating, viewing and analyzing data and generating files in portable formats. A buffer overflow vulnerability exists in the 'Decompress' function of the decompress.c file in HDF5 1.12.0...

5.5CVSS9.5AI score0.0151EPSS
Exploits1References1
OSV
OSV
added 2020/03/22 6:15 p.m.3 views

DEBIAN-CVE-2020-10809

An issue was discovered in HDF5 through 1.12.0. A heap-based buffer overflow exists in the function Decompress located in decompress.c. It can be triggered by sending a crafted file to the gif2h5 binary. It allows an attacker to cause Denial of Service...

5.5CVSS7.4AI score0.0151EPSS
Exploits1References1
OSV
OSV
added 2020/03/22 6:15 p.m.2 views

DEBIAN-CVE-2020-10811

An issue was discovered in HDF5 through 1.12.0. A heap-based buffer over-read exists in the function H5Olayoutdecode located in H5Olayout.c. It allows an attacker to cause Denial of Service...

5.5CVSS7.3AI score0.0144EPSS
Exploits1References1
OSV
OSV
added 2020/03/22 6:15 p.m.3 views

DEBIAN-CVE-2020-10810

An issue was discovered in HDF5 through 1.12.0. A NULL pointer dereference exists in the function H5ACunpinentry located in H5AC.c. It allows an attacker to cause Denial of Service...

5.5CVSS7AI score0.01419EPSS
Exploits1References1
OSV
OSV
added 2020/03/22 6:15 p.m.2 views

UBUNTU-CVE-2020-10810

An issue was discovered in HDF5 through 1.12.0. A NULL pointer dereference exists in the function H5ACunpinentry located in H5AC.c. It allows an attacker to cause Denial of Service...

5.5CVSS7.1AI score0.01419EPSS
Exploits1References5
OSV
OSV
added 2020/03/22 6:15 p.m.1 views

UBUNTU-CVE-2020-10809

An issue was discovered in HDF5 through 1.12.0. A heap-based buffer overflow exists in the function Decompress located in decompress.c. It can be triggered by sending a crafted file to the gif2h5 binary. It allows an attacker to cause Denial of Service...

5.5CVSS6AI score0.0151EPSS
Exploits1References5
OSV
OSV
added 2020/03/22 6:15 p.m.2 views

UBUNTU-CVE-2020-10812

An issue was discovered in HDF5 through 1.12.0. A NULL pointer dereference exists in the function H5Fgetnrefs located in H5Fquery.c. It allows an attacker to cause Denial of Service...

5.5CVSS6.8AI score0.01483EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2020/03/22 12:0 a.m.3 views

PT-2020-6979 · Hdf5 +3 · Hdf5 +3

Name of the Vulnerable Software and Affected Versions: HDF5 versions prior to 1.12.0 Description: An issue exists in the function H5AC unpin entry located in H5AC.c, which is related to a NULL pointer dereference. This allows an attacker to cause Denial of Service. Recommendations: For versions...

9.8CVSS6AI score0.02948EPSS
Exploits21References134
RedHat Linux
RedHat Linux
added 2020/03/17 5:12 p.m.8 views

python-flask: Denial of Service via crafted JSON file

The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides JSON data in incorrect encoding. Th...

7.5CVSS7.1AI score0.03855EPSS
Exploits1References4
OSV
OSV
added 2020/03/02 5:15 a.m.2 views

DEBIAN-CVE-2020-6794

If a user saved passwords before Thunderbird 60 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Thunderbird 60. The new master...

6.5CVSS6.8AI score0.00991EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2020/02/19 7:55 p.m.3 views

jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection

A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the extend function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with...

6.1CVSS6.7AI score0.87218EPSS
Exploits4References6
OSV
OSV
added 2020/01/03 5:15 p.m.3 views

UBUNTU-CVE-2019-5064

An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV, before version 4.2.0. A specially crafted JSON file can cause a buffer overflow, resulting in multiple heap corruptions and potentially code execution. An attacker can provide a...

8.8CVSS7.6AI score0.10618EPSS
Exploits1References4
OSV
OSV
added 2019/11/25 10:15 p.m.2 views

UBUNTU-CVE-2019-17632

In Eclipse Jetty versions 9.4.21.v20190926, 9.4.22.v20191022, and 9.4.23.v20191118, the generation of default unhandled Error response content in text/html and text/json Content-Type does not escape Exception messages in stacktraces included in error output...

6.1CVSS6.7AI score0.01905EPSS
Exploits0References3
Rows per page
Query Builder