CVE-2022-29204

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.UnsortedSegmentJoin does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack. T...

CVE-2024-27366

An issue was discovered in Samsung Mobile Processor, Wearable Processor Exynos Exynos 980, Exynos 850, Exynos 1080, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 1480, Exynos W920, Exynos W930. In the function slsirxscandoneind, there is no input validation check on a length coming from userspace...

CVE-2024-27364

An issue was discovered in Mobile Processor, Wearable Processor Exynos 980, Exynos 850, Exynos 1080, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 1480, Exynos W920, Exynos W930. In the function slsirxroamedind, there is no input validation check on a length coming from userspace, which can lead ...

CVE-2024-27368

An issue was discovered in Samsung Mobile Processor Exynos Mobile Processor, Wearable Processor Exynos 980, Exynos 850, Exynos 1080, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 1480, Exynos W920, Exynos W930. In the function slsirxreceivedframeind, there is no input validation check on a length...

CVE-2024-27364

The CVE-2024-27364 issue affects Samsung Mobile Processor and Samsung Wearable Processor families (Exynos 980, 850, 1080, 1280, 1380, 1330, 1480, W920, W930). The root cause is missing input validation for a length originating from userspace in the function slsi_rx_roamed_ind(), which can cause a...

CVE-2024-27365

CVE-2024-27365 affects Samsung Mobile Processor Exynos family: Exynos 980, Exynos 850, Exynos 1080, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 1480, Exynos W920, and Exynos W930. The root cause is missing input validation for a length value from userspace in the function slsi_rx_blockack_ind()...

CVE-2024-27368

An issue was discovered in Samsung Mobile Processor Exynos Mobile Processor, Wearable Processor Exynos 980, Exynos 850, Exynos 1080, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 1480, Exynos W920, Exynos W930. In the function slsirxreceivedframeind, there is no input validation check on a length...

CVE-2024-27380

An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsisetdelayedwakeuptype, there is no input validation check on a length of ioctlargs-argsi coming from userspace, which can lead to a heap over-read...

CVE-2024-27373

CVE-2024-27373 affects Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. The issue arises in the function slsi_nan_config_get_nl_params() where there is no input validation for disc_attr->mesh_id_len sourced from userspace, which can lead to a heap ove...

CVE-2024-27374

CVE-2024-27374 concerns Samsung Mobile Processor Exynos models 980, 850, 1280, 1380, and 1330. The vulnerability is in the function slsi_nan_publish_get_nl_params() where there is no input validation for hal_req->service_specific_info_len sourced from userspace, allowing a potential heap overw...

CVE-2024-27372

CVE-2024-27372 affects Samsung Mobile Processor Exynos 980, 850, 1280, 1380, and 1330. The vulnerability resides in the function slsi_nan_config_get_nl_params() where there is no input validation for disc_attr->infrastructure_ssid_len from userspace, enabling a potential heap overwrite. The is...

CVE-2022-29200 Missing validation causes denial of service in TensorFlow via `LSTMBlockCell`

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.LSTMBlockCell does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack. The cod...

Rocky Linux 8 : c-ares (RLSA-2022:2043)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:2043 advisory. - A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS Domain Name Servers can lead to output of wrong...

Amazon Linux AMI : c-ares (ALAS-2021-1545)

The version of c-ares installed on the remote host is prior to 1.17.2-1.8. It is, therefore, affected by a vulnerability as referenced in the ALAS-2021-1545 advisory. A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS Domain Name Servers can...