32 matches found
Vulnerabilities fixed in Liferay
Vulnerabilities have been fixed in Liferay Portal versions 7.3.3 through through 7.4.1. The vulnerabilities allow a malicious party to perform a Cross-Site Scripting attack or unintentionally view the list of groups and sites used within the portal. Liferay has made updates available for Liferay...
GHSA-W74J-V8XH-3W5H Reference binding to nullptr in unicode encoding
Impact An attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.UnicodeEncode: python import tensorflow as tf from tensorflow.python.ops import genstringops genstringops.unicodeencode inputvalues=, inputsplits=, outputencoding='UTF-8', errors='ignore',...
CVE-2021-37651
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for tf.rawops.FractionalAvgPoolGrad can be tricked into accessing data outside of bounds of heap allocated buffers. The implementation does not validate that the input tensor is non-empt...
PT-2021-21774 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.6.0 TensorFlow versions 2.5.1 and earlier TensorFlow versions 2.4.3 and earlier TensorFlow versions 2.3.4 and earlier Description: An attacker can cause undefined behavior via binding a reference to null pointer...
PT-2021-21767 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.6.0 TensorFlow version 2.5.1 TensorFlow version 2.4.3 TensorFlow version 2.3.4 Description: The implementation for tf.raw ops.FractionalAvgPoolGrad can be tricked into accessing data outside of bounds of heap...
PT-2021-21759 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.6.0 TensorFlow version 2.5.1 TensorFlow version 2.4.3 TensorFlow version 2.3.4 Description: The issue arises when a negative element is provided to the num elements list argument of tf.raw ops.TensorListReserve,...
PT-2021-21777 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.6.0 TensorFlow versions 2.5.1 and earlier TensorFlow versions 2.4.3 and earlier TensorFlow versions 2.3.4 and earlier Description: An attacker can cause a floating point exception by calling inplace operations...
PT-2021-21797 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.6.0 TensorFlow version 2.5.1 TensorFlow version 2.4.3 TensorFlow version 2.3.4 Description: The issue arises when nesting a tf.map fn within another tf.map fn call, specifically with RaggedTensor inputs and no...
GHSA-R33Q-22HV-J29Q Denial of service in github.com/ethereum/go-ethereum
Impact A DoS vulnerability can make a LES server crash via malicious GetProofsV2 request from a connected LES client. Patches The vulnerability was patched in https://github.com/ethereum/go-ethereum/pull/21896. Workarounds This vulnerability only concerns users explicitly enabling les server;...
PT-2021-18307 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.5.0 TensorFlow version 2.4.2 TensorFlow version 2.3.3 TensorFlow version 2.2.3 TensorFlow version 2.1.4 Description: An attacker can cause a denial of service via a FPE runtime error in tf.raw ops.Reverse. This ...
PT-2021-18309 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.5.0 TensorFlow version 2.4.2 TensorFlow version 2.3.3 TensorFlow version 2.2.3 TensorFlow version 2.1.4 Description: An attacker can cause a heap buffer overflow in tf.raw ops.SparseSplit because the...
Cloned interners may read already dropped strings
Affected versions of this crate did not clone contained strings when an interner is cloned. Interners have raw pointers to the contained strings, and they keep pointing the strings which the old interner owns, after the interner is cloned. If a new cloned interner is alive and the old original...