UBUNTU-CVE-2021-44758

Heimdal before 7.7.1 allows attackers to cause a NULL pointer dereference in a SPNEGO acceptor via a preferredmechtype of GSSCNOOID and a nonzero initialresponse value to sendaccept...

PT-2022-12224 · Heimdal +4 · Heimdal +4

Name of the Vulnerable Software and Affected Versions: Heimdal versions prior to 7.7.1 Description: The issue allows attackers to cause a NULL pointer dereference in a SPNEGO acceptor. This can be achieved via a preferred mech type of GSS C NO OID and a nonzero initial response value to send...

PT-2022-26133 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.11 TensorFlow version 2.10.1 TensorFlow version 2.9.3 TensorFlow version 2.8.4 Description: TensorFlow is an open source platform for machine learning. An input sparse matrix that is not a matrix with a shape wi...

GHSA-4PC4-M9MJ-V2R9 TensorFlow vulnerable to segfault in `QuantizedBiasAdd`

Impact If QuantizedBiasAdd is given mininput, maxinput, minbias, maxbias tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. python import tensorflow as tf outtype = tf.qint32 input = tf.constant85,170,255, shape=3, dtype=tf.quint8 bias =...

GHSA-G35R-369W-3FQP TensorFlow vulnerable to segfault in `QuantizedInstanceNorm`

Impact If QuantizedInstanceNorm is given xmin or xmax tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. python import tensorflow as tf outputrangegiven = False givenymin = 0 givenymax = 0 varianceepsilon = 1e-05 minseparation = 0.001 x =...

GHSA-V6H3-348G-6H5X TensorFlow vulnerable to segfault in `QuantizedAdd`

Impact If QuantizedAdd is given mininput or maxinput tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. python import tensorflow as tf Toutput = tf.qint32 x = tf.constant140, shape=1, dtype=tf.quint8 y = tf.constant26, shape=10,...

GHSA-4W68-4X85-MJJ9 TensorFlow vulnerable to segfault in `QuantizedAvgPool`

Impact If QuantizedAvgPool is given mininput or maxinput tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. python import tensorflow as tf ksize = 1, 2, 2, 1 strides = 1, 2, 2, 1 padding = "SAME" input = tf.constant1, shape=1,4,4,2,...

CVE-2022-35972

TensorFlow is an open source platform for machine learning. If QuantizedBiasAdd is given mininput, maxinput, minbias, maxbias tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...

CVE-2022-35971

TensorFlow is an open source platform for machine learning. If FakeQuantWithMinMaxVars is given min or max tensors of a nonzero rank, it results in a CHECK fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...

CVE-2022-35970 Segfault in `QuantizedInstanceNorm` in TensorFlow

TensorFlow is an open source platform for machine learning. If QuantizedInstanceNorm is given xmin or xmax tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 785d67a78a1d533759fcd2f5e8d6ef778de849e...

CVE-2022-35970 Segfault in `QuantizedInstanceNorm` in TensorFlow

TensorFlow is an open source platform for machine learning. If QuantizedInstanceNorm is given xmin or xmax tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 785d67a78a1d533759fcd2f5e8d6ef778de849e...

CVE-2022-35966

TensorFlow is an open source platform for machine learning. If QuantizedAvgPool is given mininput or maxinput tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...

CVE-2022-35967

TensorFlow is an open source platform for machine learning. If QuantizedAdd is given mininput or maxinput tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 49b3824d83af706df0ad07e4e677d88659756d89...

PT-2022-23065 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1, 2.8.1, and 2.7.2 Description: The issue occurs when QuantizedAvgPool is given min input or max input tensors of a nonzero rank, resulting in a segfault that can be used to trigger...

PT-2022-23066 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier Description: The issue arises when QuantizedAdd is given min input or max input tensors of a...

PT-2022-23071 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier Description: The issue arises when QuantizedBiasAdd is given min input, max input, min bias,...

Google TensorFlow 输入验证错误漏洞

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google Inc. in the United States. Google TensorFlow suffers from an input validation error vulnerability that stems from the fact that if Requantize is given a non-zero rank tensor for inputmin, inputmax,...

CLSA-2022-1657817751 Fixed CVEs in vim: CVE-2022-2183, CVE-2022-2182, CVE-2022-2207, CVE-2022-2210

CVE-2022-2182: when on line zero check the column is valid for line one - CVE-2022-2183: avoid going over the NUL at the end of the line - CVE-2022-2207: check the cursor column is more than zero - CVE-2022-2210: use zero offset when change removes all lines in a diff block...

AZL-43729 CVE-2022-29526 affecting package umoci 0.4.7-18

Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible...

AZL-45402 CVE-2022-29526 affecting package delve 1.5.0-16

Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible...