129 matches found
SUSE CVE-2014-6429
The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not properly handle empty input data, which allows remote attackers to cause a denial of service application crash via a crafted file...
SUSE CVE-2017-12852
The numpy.pad function in Numpy 1.13.1 and older versions is missing input validation. An empty list or ndarray will stick into an infinite loop, which can allow attackers to cause a DoS attack...
SUSE CVE-2019-11738
If a Content Security Policy CSP directive is defined that uses a hash-based source that takes the empty string as input, execution of any javascript: URIs will be allowed. This could allow for malicious JavaScript content to be run, bypassing CSP permissions. This vulnerability affects Firefox 6...
SUSE CVE-2021-29531
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a CHECK fail in PNG encoding by providing an empty input tensor as the pixel data. This is because the...
SUSE CVE-2021-29581
TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in tf.rawops.CTCBeamSearchDecoder, an attacker can trigger denial of service via segmentation faults. The...
SUSE CVE-2021-37651
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for tf.rawops.FractionalAvgPoolGrad can be tricked into accessing data outside of bounds of heap allocated buffers. The implementation does not validate that the input tensor is non-empt...
SUSE CVE-2022-35996
TensorFlow is an open source platform for machine learning. If Conv2D is given empty input and the filter and padding sizes are valid, the output is all-zeros. This causes division-by-zero floating point exceptions that can be used to trigger a denial of service attack. We have patched the issue ...
Google TensorFlow Input Validation Error Vulnerability (CNVD-2023-15776)
Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. An input validation error vulnerability exists in Google TensorFlow, which stems from an empty input to SparseFillEmptyRowsGrad. The vulnerability can be exploited to cause the program to crash...
CVE-2022-35996
TensorFlow is an open source platform for machine learning. If Conv2D is given empty input and the filter and padding sizes are valid, the output is all-zeros. This causes division-by-zero floating point exceptions that can be used to trigger a denial of service attack. We have patched the issue ...
GHSA-9VQJ-64PV-W55C TensorFlow vulnerable to `CHECK` fail in `tf.linalg.matrix_rank`
Impact When tf.linalg.matrixrank receives an empty input a, the GPU kernel gives a CHECK fail that can be used to trigger a denial of service attack. python import tensorflow as tf a = tf.constant, shape=0, 1, 1, dtype=tf.float32 tf.linalg.matrixranka=a Patches We have patched the issue in GitHub...
GHSA-Q5JV-M6QW-5G37 TensorFlow vulnerable to floating point exception in `Conv2D`
Impact If Conv2D is given empty input and the filter and padding sizes are valid, the output is all-zeros. This causes division-by-zero floating point exceptions that can be used to trigger a denial of service attack. python import tensorflow as tf import numpy as np with tf.device"CPU": also can...
CVE-2022-35988
TensorFlow is an open source platform for machine learning. When tf.linalg.matrixrank receives an empty input a, the GPU kernel gives a CHECK fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit c55b476aa0e0bd4ee99d0f3ad18d9d706cd1260a. The fix...
PT-2022-23084 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1, 2.8.1, and 2.7.2 Description: The issue occurs when RaggedBincount is given an empty input tensor splits, resulting in a segfault that can be used to trigger a denial of service...
PT-2022-23086 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier Description: The issue occurs when the tf.linalg.matrix rank function receives an empty inpu...
Google TensorFlow 数字错误漏洞
Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A denial-of-service vulnerability exists in Google TensorFlow, which stems from the fact that if Conv2D is specified as an empty input and the filter and padding sizes are valid, the output is all zeros...
PT-2022-23094 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.0 through 2.9.0 TensorFlow versions 2.8.0 through 2.8.0 TensorFlow versions 2.7.0 through 2.7.1 Description: The issue occurs when the Conv2D function is given an empty input and val...
PYSEC-2022-193
flask-session-captcha is a package which allows users to extend Flask by adding an image based captcha stored in a server side session. In versions prior to 1.2.1, he captcha.validate function would return None if passed no value e.g. by submitting an having an empty form. If implementing users...
USN-5366-1 fribidi vulnerabilities
It was discovered that FriBidi incorrectly handled processing of input strings resulting in memory corruption. An attacker could use this issue to cause FriBidi to crash, resulting in a denial of service, or potentially execute arbitrary code. CVE-2022-25308 It was discovered that FriBidi...
CVE-2021-37667
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.UnicodeEncode. The implementation reads the first dimension of the inputsplits tensor before validating that th...
PYSEC-2021-289
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.UnicodeEncode. The implementation reads the first dimension of the inputsplits tensor before validating that th...