129 matches found
PT-2021-18297 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.5.0 TensorFlow versions 2.1.4 through 2.4.2 Description: An attacker can trigger an integer division by zero undefined behavior in tf.raw ops.QuantizedBiasAdd. This is because the implementation of the Eigen...
Mozilla: Content security policy bypass through hash-based sources in directives
If a Content Security Policy CSP directive is defined that uses a hash-based source that takes the empty string as input, execution of any javascript: URIs will be allowed. This could allow for malicious JavaScript content to be run, bypassing CSP permissions. This vulnerability affects Firefox 6...
UBUNTU-CVE-2019-11738
If a Content Security Policy CSP directive is defined that uses a hash-based source that takes the empty string as input, execution of any javascript: URIs will be allowed. This could allow for malicious JavaScript content to be run, bypassing CSP permissions. This vulnerability affects Firefox 6...
UBUNTU-CVE-2017-12852
The numpy.pad function in Numpy 1.13.1 and older versions is missing input validation. An empty list or ndarray will stick into an infinite loop, which can allow attackers to cause a DoS attack...
The vulnerability of the Wireshark Network Protocol Analyzer software allows a remote attacker to compromise the accessibility of protected information.
A vulnerability exists in the SnifferDecompress function in the wireshark/Wireshark DOS sniffer processing module, located in the wiretap/ngsniffer.c file. This vulnerability arises due to improper handling of empty input data. Exploiting this vulnerability allows malicious individuals operating...
wireshark: DOS Sniffer file parser flaw (wnpa-sec-2014-19)
The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not properly handle empty input data, which allows remote attackers to cause a denial of service application crash via a crafted file...
wireshark: DOS Sniffer file parser flaw (wnpa-sec-2014-19)
The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not properly handle empty input data, which allows remote attackers to cause a denial of service application crash via a crafted file...
DEBIAN-CVE-2014-6429
The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not properly handle empty input data, which allows remote attackers to cause a denial of service application crash via a crafted file...
UBUNTU-CVE-2014-6429
The SnifferDecompress function in wiretap/ngsniffer.c in the DOS Sniffer file parser in Wireshark 1.10.x before 1.10.10 and 1.12.x before 1.12.1 does not properly handle empty input data, which allows remote attackers to cause a denial of service application crash via a crafted file...