Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate userq input args. This will assist in validating the userq input arguments and rejecting invalid userq requests during IOCTls...

CVE-2025-40335 drm/amdgpu: validate userq input args

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate userq input args This will help on validating the userq input args, and rejecting for the invalid userq request at the IOCTLs first place...

CVE-2023-53156

The transpose crate before 0.2.3 for Rust allows an integer overflow via inputwidth and inputheight arguments...

CVE-2022-41137

Apache Hive Metastore HMS uses SerializationUtilitiesdeserializeObjectWithTypeInformation method when filtering and fetching partitions that is unsafe and can lead to Remote Code Execution RCE since it allows the deserialization of arbitrary data. In real deployments, the vulnerability can be...

CVE-2024-45746

An issue was discovered in Trusted Firmware-M through 2.1.0. User provided and controlled mailbox messages contain a pointer to a list of input arguments invec and output arguments outvec. These list pointers are never validated. Each argument list contains a buffer pointer and a buffer length...

CVE-2024-45746

An issue was discovered in Trusted Firmware-M through 2.1.0. User provided and controlled mailbox messages contain a pointer to a list of input arguments invec and output arguments outvec. These list pointers are never validated. Each argument list contains a buffer pointer and a buffer length...

PT-2024-31745 · Unknown · Trusted Firmware-M

Name of the Vulnerable Software and Affected Versions: Trusted Firmware-M versions through 2.1.0 Description: An issue was discovered where user-provided mailbox messages contain a pointer to a list of input arguments in vec and output arguments out vec that are never validated. Each argument lis...

CVE-2024-45746

An issue was discovered in Trusted Firmware-M through 2.1.0. User provided and controlled mailbox messages contain a pointer to a list of input arguments invec and output arguments outvec. These list pointers are never validated. Each argument list contains a buffer pointer and a buffer length...

Updated python-gitpython packages fix security vulnerability

Remote Code Execution RCE due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments...

CVE-2022-24439 Remote Code Execution (RCE)

All versions of package gitpython are vulnerable to Remote Code Execution RCE due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git...

Missing validation causes denial of service via `LoadAndRemapMatrix`

Impact The implementation of tf.rawops.LoadAndRemapMatrix does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack: python import tensorflow as tf ckptpath = tf.constant...

Denial Of Service (DoS)

tensorflow is vulnerable to denial of service. Lack of proper validation of input arguments to tf.rawops.QuantizeAndDequantizeV4Grad leads to CHECK-failure, causing an applicaiton crash...

CVE-2022-29201 Missing validation in `QuantizedConv2D` results in undefined behavior in TensorFlow

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.QuantizedConv2D does not fully validate the input arguments. In this case, references get bound to nullptr for each argument that is empty. Versions 2.9.0,...

CVE-2022-21736

Tensorflow is an Open Source Machine Learning Framework. The implementation of SparseTensorSliceDataset has an undefined behavior: under certain condition it can be made to dereference a nullptr value. The 3 input arguments to SparseTensorSliceDataset represent a sparse tensor. However, there are...

GHSA-QVM7-23CJ-437V Remote Code Execution in Apache Dubbo

Some component in Dubbo will try to print the formated string of the input arguments, which will possibly cause RCE for a maliciously customized bean with special toString method. In the latest version, we fix the toString call in timeout, cache and some other places. Fixed in Apache Dubbo 2.7.13...

CVE-2021-29608

TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in tf.rawops.RaggedTensorToTensor, an attacker can exploit an undefined behavior if input arguments are empty. The...

USN-4801-1: ROOT vulnerability

It was discovered that ROOT incorrectly handled certain input arguments. An attacker could possibly use this issue to execute arbitrary code...

USN-4801-1 root-system vulnerability

It was discovered that ROOT incorrectly handled certain input arguments. An attacker could possibly use this issue to execute arbitrary code...

Denial Of Service (DoS)

tensorflow is vulnerable to denial of service DoS. The vulnerability exists due to the lack of validation of input arguments in RaggedCountSparseOutput, allowing a split tensor with exactly one element, or an empty split tensor to cause a SIGABRT signal...

Denial of Service in Tensorflow

Impact The RaggedCountSparseOutput does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the splits tensor has the minimum required number of elements. Code uses this quantity to initialize a different data structure:...