Lucene search
K

216 matches found

OSV
OSV
added 2022/02/03 1:13 p.m.21 views

CVE-2022-21739 Null pointer dereference in TensorFlow

Tensorflow is an Open Source Machine Learning Framework. The implementation of QuantizedMaxPool has an undefined behavior where user controlled inputs can trigger a reference binding to null pointer. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow...

6.5CVSS6.4AI score0.00783EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2022/01/24 9:50 a.m.1 views

kernel: xfs: raw block device data leak in XFS_IOC_ALLOCSP IOCTL

A data leak flaw was found in the way XFSIOCALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them...

5.5CVSS6.6AI score0.00289EPSS
Exploits0References5
NVD
NVD
added 2021/08/13 11:15 p.m.19 views

CVE-2021-21814

Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command line. filepattern is passed directly to strlen to determine the ending location of the char passed in by the user, no checks are done to see if the passed in char is longer th...

7.8CVSS0.00344EPSS
Exploits1References1
NVD
NVD
added 2021/06/28 8:15 a.m.16 views

CVE-2021-23399

This affects all versions of package wincred. If attacker-controlled user input is given to the getCredential function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

9.8CVSS0.01336EPSS
Exploits1References2
Prion
Prion
added 2021/05/14 8:15 p.m.19 views

Heap overflow

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in tf.rawops.RaggedTensorToTensor. This is because the...

3.6CVSS7AI score0.00208EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/10 6:38 p.m.46 views

Prototype Pollution in simpl-schema

This affects the package simpl-schema before 1.10.2. Attacker controlled input into a schema could result in remote code execution within the scope of the surrounding application...

7.5CVSS7.8AI score0.01512EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2021/02/05 8:15 p.m.2 views

CVE-2020-12122

In Max Secure Max Spyware Detector 1.0.0.044, the driver file MaxProc64.sys allows local users to cause a denial of service BSOD or possibly have unspecified other impact because of not validating input values from IOCtl 0x2200019. This also extends to the various other products from Max Secure...

7.8CVSS7.2AI score0.00466EPSS
Exploits1References3
OSV
OSV
added 2021/02/05 7:15 p.m.3 views

CVE-2020-9014

In Epson iProjection v2.30, the driver file EMPNSAU.sys allows local users to cause a denial of service BSOD via crafted input to the virtual audio device driver with IOCTL 0x9C402402, 0x9C402406, or 0x9C40240A. \Device\EMPNSAUIO and \DosDevices\EMPNSAU are similarly affected...

5.5CVSS5.8AI score
Exploits0References4
NVD
NVD
added 2021/01/12 3:15 p.m.16 views

CVE-2021-21447

SAP BusinessObjects Business Intelligence platform, versions 410, 420, allows an authenticated attacker to inject malicious JavaScript payload into the custom value input field of an Input Control, which can be executed by User who views the relevant application content, which leads to Stored...

5.4CVSS5.3AI score0.00529EPSS
Exploits0References2
OSV
OSV
added 2021/01/12 3:15 p.m.4 views

CVE-2021-21447

SAP BusinessObjects Business Intelligence platform, versions 410, 420, allows an authenticated attacker to inject malicious JavaScript payload into the custom value input field of an Input Control, which can be executed by User who views the relevant application content, which leads to Stored...

5.4CVSS6.3AI score
Exploits0References2
Prion
Prion
added 2021/01/12 3:15 p.m.32 views

Cross site scripting

SAP BusinessObjects Business Intelligence platform, versions 410, 420, allows an authenticated attacker to inject malicious JavaScript payload into the custom value input field of an Input Control, which can be executed by User who views the relevant application content, which leads to Stored...

3.5CVSS5.3AI score0.00529EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/01/12 2:40 p.m.24 views

CVE-2021-21447

SAP BusinessObjects Business Intelligence platform, versions 410, 420, allows an authenticated attacker to inject malicious JavaScript payload into the custom value input field of an Input Control, which can be executed by User who views the relevant application content, which leads to Stored...

5.4CVSS5.5AI score0.00529EPSS
Exploits0References2
CVE
CVE
added 2021/01/12 2:40 p.m.54 views

CVE-2021-21447

CVE-2021-21447 affects SAP BusinessObjects BI Platform 4.1/4.2 (versions 4.1 < SP12 P9, 4.2 < SP8 P5 or

5.4CVSS5.2AI score0.00529EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2020/12/10 11:15 p.m.24 views

CVE-2020-26270

In affected versions of TensorFlow running an LSTM/GRU model where the LSTM/GRU layer receives an input with zero-length results in a CHECK failure when using the CUDA backend. This can result in a query-of-death vulnerability, via denial of service, if users can control the input to the layer...

3.3CVSS3.7AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2020/12/10 7:7 p.m.48 views

CHECK-fail in LSTM with zero-length input in TensorFlow

Impact Running an LSTM/GRU model where the LSTM/GRU layer receives an input with zero-length results in a CHECK failure when using the CUDA backend. This can result in a query-of-death vulnerability, via denial of service, if users can control the input to the layer. Patches We have patched the...

4.4CVSS3.8AI score0.00166EPSS
Exploits0References7Affected Software3
CNNVD
CNNVD
added 2020/11/23 12:0 a.m.8 views

Jingyun Antivirus Input Validation Error Vulnerability

Jingyun Antivirus is an anti-virus, real-time protection, proactive defense anti-virus engine for personal terminal devices from China Jingyun Company. A security vulnerability exists in Jingyun Antivirus version v2.4.2.39, which stems from a failure to validate an input value from IOCtl...

7.8CVSS7.2AI score0.00315EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2020/09/25 7:0 a.m.2 views

chroot in GNU coreutils when used with --userspec allows local users to escape to the parent session via a crafted TIOCSTI ioctl call which pushes characters to the terminal's input buffer.

...

6.5CVSS6.8AI score0.00428EPSS
Exploits0
OSV
OSV
added 2020/09/11 2:15 p.m.5 views

CVE-2020-9239

Huawei smartphones BLA-A09 versions 8.0.0.123C212,versions earlier than 8.0.0.123C567,versions earlier than 8.0.0.123C797;BLA-TL00B versions earlier than 8.1.0.326C01;Berkeley-L09 versions earlier than 8.0.0.163C10,versions earlier than 8.0.0.163C432,Versions earlier than 8.0.0.163C636,Versions...

5.5CVSS6.1AI score0.00242EPSS
Exploits0References1
NVD
NVD
added 2020/09/11 2:15 p.m.21 views

CVE-2020-9239

Huawei smartphones BLA-A09 versions 8.0.0.123C212,versions earlier than 8.0.0.123C567,versions earlier than 8.0.0.123C797;BLA-TL00B versions earlier than 8.1.0.326C01;Berkeley-L09 versions earlier than 8.0.0.163C10,versions earlier than 8.0.0.163C432,Versions earlier than 8.0.0.163C636,Versions...

5.5CVSS0.00242EPSS
Exploits0References1
Prion
Prion
added 2020/09/11 2:15 p.m.24 views

Design/Logic Flaw

Huawei smartphones BLA-A09 versions 8.0.0.123C212,versions earlier than 8.0.0.123C567,versions earlier than 8.0.0.123C797;BLA-TL00B versions earlier than 8.1.0.326C01;Berkeley-L09 versions earlier than 8.0.0.163C10,versions earlier than 8.0.0.163C432,Versions earlier than 8.0.0.163C636,Versions...

2.1CVSS5.4AI score0.00242EPSS
Exploits0References1Affected Software13
Rows per page
Query Builder