CVE-2021-41219

TensorFlow is an open source platform for machine learning. In affected versions the code for sparse matrix multiplication is vulnerable to undefined behavior via binding a reference to nullptr. This occurs whenever the dimensions of a or b are 0 or less. In the case on one of these is 0, an empt...

CVE-2021-41224

TensorFlow is an open source platform for machine learning. In affected versions the implementation of SparseFillEmptyRows can be made to trigger a heap OOB access. This occurs whenever the size of indices does not match the size of values. The fix will be included in TensorFlow 2.7.0. We will al...

PT-2021-23181 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.7.0 TensorFlow version 2.6.1 TensorFlow version 2.5.2 TensorFlow version 2.4.4 Description: The implementations for convolution operators in TensorFlow trigger a division by 0 if passed empty filter tensor...

PT-2021-7387 · Vim +6 · Vim +6

Name of the Vulnerable Software and Affected Versions: Vim affected versions not specified Description: The issue is related to the spell iswordp function in the spell.c component of the Vim text editor, which lacks a check for an empty preword. This allows an attacker to access confidential data...

CLSA-2021-1634922588 Fixed CVE-2021-28153 in glib2

Fixed CVE-2021-28153: gfilereplace with GFILECREATEREPLACEDESTINATION creates empty target for dangling symlink...

BELL-CVE-2021-35604 CVE-2021-35604 does not affect BellSoft software

Bulletin has no description...

CVE-2021-35943

Couchbase Server 6.5.x and 6.6.x through 6.6.2 has Incorrect Access Control. Externally managed users are not prevented from using an empty password, per RFC4513...

Path traversal

Couchbase Server 6.5.x and 6.6.x through 6.6.2 has Incorrect Access Control. Externally managed users are not prevented from using an empty password, per RFC4513...

CVE-2021-35943

Couchbase Server 6.5.x and 6.6.x through 6.6.2 has Incorrect Access Control. Externally managed users are not prevented from using an empty password, per RFC4513...

Couchbase Server 授权问题漏洞

Couchbase Server is a distributed, open source NoSQL non-relational database from Couchbase, Inc. that supports data querying, full-text searching, and active global replication. A security vulnerability exists in Couchbase Server versions 6.5.x through 6.6.2, which stems from RFC4513 that allows...

CVE-2021-24639

The OMGF WordPress plugin before 4.5.4 does not enforce path validation, authorisation and CSRF checks in the omgfajaxemptydir AJAX action, which allows any authenticated users to delete arbitrary files or folders on the server...

golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty

A flaw was found in Go, acting as an unintended proxy or intermediary, where ReverseProxy forwards connection headers if the first one was empty. This flaw allows an attacker to drop arbitrary headers. The highest threat from this vulnerability is to integrity...

golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty

A flaw was found in Go, acting as an unintended proxy or intermediary, where ReverseProxy forwards connection headers if the first one was empty. This flaw allows an attacker to drop arbitrary headers. The highest threat from this vulnerability is to integrity...

(0Day) D-Link DIR-2055 HNAP Incorrect Comparison Authentication Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-2055 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login requests. The issue results from the lack of...

GHSA-5XWC-MRHX-5G3M Reference binding to nullptr in `MatrixDiagV*` ops

Impact An attacker can cause undefined behavior via binding a reference to null pointer in all operations of type tf.rawops.MatrixDiagV: python import tensorflow as tf tf.rawops.MatrixDiagV3 diagonal=1,0, k=, numrows=1,2,3, numcols=4,5, paddingvalue=, align='RIGHTRIGHT' The implementation has...

GHSA-QR82-2C78-4M8H Reference binding to nullptr in map operations

Impact An attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.Map and tf.rawops.OrderedMap operations: python import tensorflow as tf tf.rawops.MapPeek key=tf.constant8,dtype=tf.int64, indices=, dtypes=tf.int32, capacity=8, memorylimit=128 The implementation...

Denial Of Service (DoS)

tensorflow is vulnerable to denial of service. Empty tensors are not validated which allows an attacker to cause an undefined behavior by binding a reference to null pointer in tf.rawops.SparseFillEmptyRows...

Null pointer dereference

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.SparseFillEmptyRows. The shape inference implementation does not validate that the input arguments are not empt...

CVE-2021-37671

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.Map and tf.rawops.OrderedMap operations. The implementation has a check in place to ensure that indices is in...

CVE-2021-37667

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.UnicodeEncode. The implementation reads the first dimension of the inputsplits tensor before validating that th...