Lucene search
+L

270 matches found

ATTACKERKB
ATTACKERKB
added 2021/12/27 12:15 a.m.3 views

CVE-2021-45691

An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. deserializestring may read from uninitialized memory locations...

9.8CVSS5.8AI score0.01191EPSS
Exploits0References3
Prion
Prion
added 2021/12/27 12:15 a.m.23 views

Memory corruption

An issue was discovered in the raw-cpuid crate before 9.1.1 for Rust. If the serialize feature is used which is not the the default, a Deserialize operation may lack sufficient validation, leading to memory corruption or a panic...

6.8CVSS9.5AI score0.01123EPSS
Exploits0References2Affected Software1
Zero Day Initiative
Zero Day Initiative
added 2021/11/30 12:0 a.m.37 views

Apple macOS AudioCodecs LOAS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Deserializ...

3.3CVSS3.7AI score0.01113EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2021/11/18 4:2 p.m.39 views

Clarify `mediaType` handling

Impact In the OCI Image Specification version 1.0.1 and prior, manifest and index documents are not self-describing and documents with a single digest could be interpreted as either a manifest or an index. Patches The Image Specification will be updated to recommend that both manifest and index...

1.9AI score
Exploits0References5Affected Software1
OSV
OSV
added 2021/11/18 4:2 p.m.9 views

GHSA-77VH-XPMG-72QH Clarify `mediaType` handling

Impact In the OCI Image Specification version 1.0.1 and prior, manifest and index documents are not self-describing and documents with a single digest could be interpreted as either a manifest or an index. Patches The Image Specification will be updated to recommend that both manifest and index...

3CVSS6.9AI score
Exploits0References5
OSV
OSV
added 2021/11/10 6:57 p.m.2 views

GHSA-X3V8-C8QX-3J3R Null pointer exception in `DeserializeSparse`

Impact The shape inference code for DeserializeSparse can trigger a null pointer dereference: python import tensorflow as tf dataset = tf.data.Dataset.range3 @tf.function def test: y = tf.rawops.DeserializeSparse serializedsparse=tf.data.experimental.tovariantdataset, dtype=tf.int32 test This is...

5.5CVSS5.8AI score0.00181EPSS
Exploits1References7
PyPA
PyPA
added 2021/11/05 9:15 p.m.9 views

PYSEC-2021-407

TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for DeserializeSparse can trigger a null pointer dereference. This is because the shape inference function assumes that the serializesparse tensor is a tensor with positive rank and having 3 ...

5.5CVSS7.1AI score0.00181EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/11/05 9:15 p.m.9 views

PYSEC-2021-624

TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for DeserializeSparse can trigger a null pointer dereference. This is because the shape inference function assumes that the serializesparse tensor is a tensor with positive rank and having 3 ...

5.5CVSS7.1AI score0.00181EPSS
Exploits1References2Affected Software1
Debian CVE
Debian CVE
added 2021/11/05 8:55 p.m.6 views

CVE-2021-41215

TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for DeserializeSparse can trigger a null pointer dereference. This is because the shape inference function assumes that the serializesparse tensor is a tensor with positive rank and having 3 ...

5.5CVSS7.2AI score0.00181EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2021/11/05 12:0 a.m.8 views

PT-2021-23188 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.7.0 TensorFlow versions 2.6.1 and earlier TensorFlow versions 2.5.2 and earlier TensorFlow versions 2.4.4 and earlier Description: The shape inference code for DeserializeSparse can trigger a null pointer...

5.5CVSS5.4AI score0.00181EPSS
Exploits1References13
CNNVD
CNNVD
added 2021/11/05 12:0 a.m.8 views

Google TensorFlow 代码问题漏洞

Google TensorFlow, an end-to-end open source machine learning platform, is vulnerable to a null pointer dereference in the shape inference code of DeserializeSparse in versions of TensorFlow prior to 2.7.0. The vulnerability stems from the shape inference function assuming that the serializespars...

5.5CVSS5.7AI score0.00181EPSS
Exploits1References4
Cvelist
Cvelist
added 2021/11/01 9:15 a.m.24 views

CVE-2021-27644 DolphinScheduler mysql jdbc connector parameters deserialize remote code execution

In Apache DolphinScheduler before 1.3.6 versions, authorized users can use SQL injection in the data source center. Only applicable to MySQL data source with internal login account password...

9.2AI score0.01861EPSS
Exploits0References2
wpexploit
wpexploit
added 2021/10/20 12:0 a.m.146 views

Sassy Social Share 3.3.23 - Missing Access Controls to PHP Object Injection

Version 3.3.23 of the Sassy Social Share WordPress plugin is vulnerable to PHP Object Injection via the wpajaxheateorsssimportconfig AJAX action due to a missing capability check in the importconfig function found in the /admin/class-sassy-social-share-admin.php file along with the implementation...

8.8CVSS1.1AI score0.01976EPSS
Exploits2References1
Github Security Blog
Github Security Blog
added 2021/08/25 8:55 p.m.36 views

Out of bounds write in nalgebra

The Deserialize implementation for VecStorage did not maintain the invariant that the number of elements must equal nrows ncols. Deserialization of specially crafted inputs could allow memory access beyond allocation of the vector. This flaw was introduced in v0.11.0 086e6e due to the addition of...

9.8CVSS8.8AI score0.01411EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2021/08/25 8:55 p.m.21 views

GHSA-3W8G-XR3F-2MP8 Out of bounds write in nalgebra

The Deserialize implementation for VecStorage did not maintain the invariant that the number of elements must equal nrows ncols. Deserialization of specially crafted inputs could allow memory access beyond allocation of the vector. This flaw was introduced in v0.11.0 086e6e due to the addition of...

9.8CVSS9.3AI score0.01411EPSS
Exploits1References7
CNVD
CNVD
added 2021/08/23 12:0 a.m.26 views

XStream Arbitrary Code Execution Vulnerability (CNVD-2021-67822)

XStream is an open source Java class library that is mainly used to serialize objects to XML JSON or deserialize them to objects.XStream 1.4.17 and earlier versions have an arbitrary code execution vulnerability that can be exploited by attackers to cause arbitrary code execution...

8.5CVSS6.4AI score0.04735EPSS
Exploits1References1
CNVD
CNVD
added 2021/08/23 12:0 a.m.28 views

XStream Arbitrary Code Execution Vulnerability

XStream is an open source Java class library that is mainly used to serialize objects to XML JSON or deserialize them to objects.XStream 1.4.17 and earlier versions have an arbitrary code execution vulnerability that can be exploited by attackers to cause arbitrary code execution...

8.8CVSS6.4AI score0.0454EPSS
Exploits0References1
CNVD
CNVD
added 2021/08/23 12:0 a.m.32 views

XStream Arbitrary Code Execution Vulnerability (CNVD-2021-67828)

XStream is an open source Java class library that is mainly used to serialize objects to XML JSON or deserialize them to objects.XStream 1.4.17 and earlier versions have an arbitrary code execution vulnerability that can be exploited by attackers to cause arbitrary code execution...

8.5CVSS6.4AI score0.16118EPSS
Exploits2References1
CNVD
CNVD
added 2021/08/23 12:0 a.m.36 views

XStream Arbitrary Code Execution Vulnerability (CNVD-2021-67820)

XStream is an open source Java class library that is mainly used to serialize objects to XML JSON or deserialize them to objects.XStream 1.4.17 and earlier versions have an arbitrary code execution vulnerability that can be exploited by attackers to cause arbitrary code execution...

8.5CVSS6.4AI score0.04735EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2021/08/05 7:58 p.m.10 views

VecStorage Deserialize Allows Violation of Length Invariant

The Deserialize implementation for VecStorage did not maintain the invariant that the number of elements must equal nrows ncols. Deserialization of specially crafted inputs could allow memory access beyond allocation of the vector. This flaw was introduced in v0.11.0 086e6e due to the addition of...

3.9AI score
Exploits0References6Affected Software1
Rows per page
Query Builder