Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

2929 matches found

OSV
OSVadded 2021/05/21 2:23 p.m.1 views

GHSA-4HRH-9VMP-2JGG Heap buffer overflow in `StringNGrams`

Impact An attacker can cause a heap buffer overflow by passing crafted inputs to tf.rawops.StringNGrams: python import tensorflow as tf separator = b'\x02\x00' ngramwidths = 7, 6, 11 leftpad = b'\x7f\x7f\x7f\x7f\x7f' rightpad = b'\x7f\x7f\x25\x5d\x53\x74' padwidth = 50 preserveshortsequences = Tr...

2.5CVSS6.2AI score0.00198EPSS
Exploits1References7
CNVD
CNVDadded 2021/05/17 12:0 a.m.6 views

Google TensorFlow Denial of Service Vulnerability (CNVD-2021-36331)

Google TensorFlow is an end-to-end open source machine learning platform. A security vulnerability exists in the padding calculation in Google TensorFlow. The vulnerability stems from ComputeOutSize not checking if the stride parameter is 0 before performing a division.No details of the...

7.8CVSS6.5AI score0.00201EPSS
Exploits1References1
NVD
NVDadded 2021/05/14 8:15 p.m.10 views

CVE-2021-29585

TensorFlow is an end-to-end open source platform for machine learning. The TFLite computation for size of output after padding, ComputeOutSizehttps://github.com/tensorflow/tensorflow/blob/0c9692ae7b1671c983569e5d3de5565843d500cf/tensorflow/lite/kernels/padding.hL43-L55, does not check that the...

7.8CVSS0.00201EPSS
Exploits1References2
Prion
Prionadded 2021/05/14 8:15 p.m.11 views

Design/Logic Flaw

TensorFlow is an end-to-end open source platform for machine learning. The TFLite computation for size of output after padding, ComputeOutSizehttps://github.com/tensorflow/tensorflow/blob/0c9692ae7b1671c983569e5d3de5565843d500cf/tensorflow/lite/kernels/padding.hL43-L55, does not check that the...

4.6CVSS7.5AI score0.00201EPSS
Exploits1References2Affected Software1
PyPA
PyPAadded 2021/05/14 8:15 p.m.4 views

PYSEC-2021-711

TensorFlow is an end-to-end open source platform for machine learning. The TFLite computation for size of output after padding, ComputeOutSizehttps://github.com/tensorflow/tensorflow/blob/0c9692ae7b1671c983569e5d3de5565843d500cf/tensorflow/lite/kernels/padding.hL43-L55, does not check that the...

7.8CVSS6.9AI score0.00201EPSS
Exploits1References2Affected Software1
PyPA
PyPAadded 2021/05/14 8:15 p.m.4 views

PYSEC-2021-222

TensorFlow is an end-to-end open source platform for machine learning. The TFLite computation for size of output after padding, ComputeOutSizehttps://github.com/tensorflow/tensorflow/blob/0c9692ae7b1671c983569e5d3de5565843d500cf/tensorflow/lite/kernels/padding.hL43-L55, does not check that the...

7.8CVSS6.9AI score0.00201EPSS
Exploits1References2Affected Software1
OSV
OSVadded 2021/05/14 8:15 p.m.20 views

PYSEC-2021-513

TensorFlow is an end-to-end open source platform for machine learning. The TFLite computation for size of output after padding, ComputeOutSizehttps://github.com/tensorflow/tensorflow/blob/0c9692ae7b1671c983569e5d3de5565843d500cf/tensorflow/lite/kernels/padding.hL43-L55, does not check that the...

7.8CVSS1AI score0.00201EPSS
Exploits1References2
OSV
OSVadded 2021/05/14 8:15 p.m.2 views

PYSEC-2021-711

TensorFlow is an end-to-end open source platform for machine learning. The TFLite computation for size of output after padding, ComputeOutSizehttps://github.com/tensorflow/tensorflow/blob/0c9692ae7b1671c983569e5d3de5565843d500cf/tensorflow/lite/kernels/padding.hL43-L55, does not check that the...

7.8CVSS5.9AI score0.00201EPSS
Exploits1References2
Cvelist
Cvelistadded 2021/05/14 7:35 p.m.17 views

CVE-2021-29585 Division by zero in padding computation in TFLite

TensorFlow is an end-to-end open source platform for machine learning. The TFLite computation for size of output after padding, ComputeOutSizehttps://github.com/tensorflow/tensorflow/blob/0c9692ae7b1671c983569e5d3de5565843d500cf/tensorflow/lite/kernels/padding.hL43-L55, does not check that the...

2.5CVSS7.8AI score0.00201EPSS
Exploits1References2
Debian CVE
Debian CVEadded 2021/05/14 7:35 p.m.1 views

CVE-2021-29585

TensorFlow is an end-to-end open source platform for machine learning. The TFLite computation for size of output after padding, ComputeOutSizehttps://github.com/tensorflow/tensorflow/blob/0c9692ae7b1671c983569e5d3de5565843d500cf/tensorflow/lite/kernels/padding.hL43-L55, does not check that the...

7.8CVSS6.9AI score0.00201EPSS
Exploits1
CNNVD
CNNVDadded 2021/05/14 12:0 a.m.4 views

Google TensorFlow 数字错误漏洞

Google TensorFlow is an end-to-end open source machine learning platform. A security vulnerability exists in the padding calculation in Google TensorFlow. The vulnerability stems from ComputeOutSize not checking if the stride parameter is 0 before performing a division.No details of the...

7.8CVSS5.5AI score0.00201EPSS
Exploits1References3
Positive Technologies
Positive Technologiesadded 2021/05/14 12:0 a.m.3 views

PT-2021-18337 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.5.0 TensorFlow versions 2.4.2 and earlier TensorFlow versions 2.3.3 and earlier TensorFlow versions 2.2.3 and earlier TensorFlow versions 2.1.4 and earlier Description: Optimized pooling implementations in TFLit...

7.8CVSS7.4AI score0.00201EPSS
Exploits1References14
Node.js
Node.jsadded 2021/05/06 4:14 p.m.53 views

RSA signature validation vulnerability

Overview Impact Vulnerable versions of jsrsasign will accept RSA signature with improper PKCS1.5 padding. Decoded RSA signature value consists following form: 01ff...8 or more ffs...ff00ASN.1 OF DigestInfo Its byte length shall be the same as RSA key length however such checking was not sufficien...

6.4CVSS3.1AI score0.0096EPSS
Exploits0Affected Software1
RustSec
RustSecadded 2021/04/28 12:0 p.m.28 views

Archives may contain uninitialized memory

rkyv is a serialization framework that writes struct-compatible memory to be stored or transmitted. During serialization, struct padding bytes and unused enum bytes may not be initialized. These bytes may be written to disk or sent over unsecured channels...

7.5CVSS2.3AI score0.01079EPSS
Exploits0Affected Software1
Node.js
Node.jsadded 2021/04/19 3:8 p.m.59 views

Observable timing discrepancy

Overview Overview Affected versions of jose are vulnerable to a Padding Oracle Attack due to Observable Timing Discrepancy. Impact AESCBCHMACSHA2 Algorithm A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 decryption would always execute both HMAC tag verification and CBC decryption, if either failed...

4.3CVSS5.6AI score0.01167EPSS
Exploits0Affected Software1
Github Security Blog
Github Security Blogadded 2021/04/19 3:0 p.m.58 views

Padding Oracle Attack due to Observable Timing Discrepancy in jose-node-cjs-runtime

Impact AESCBCHMACSHA2 Algorithm A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 decryption would always execute both HMAC tag verification and CBC decryption, if either failed JWEDecryptionFailed would be thrown. But a possibly observable difference in timing when padding error would occur while...

5.9CVSS2AI score0.01238EPSS
Exploits0References4Affected Software1
OSV
OSVadded 2021/04/19 3:0 p.m.25 views

GHSA-RVCW-F68W-8H8H Padding Oracle Attack due to Observable Timing Discrepancy in jose-node-cjs-runtime

Impact AESCBCHMACSHA2 Algorithm A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 decryption would always execute both HMAC tag verification and CBC decryption, if either failed JWEDecryptionFailed would be thrown. But a possibly observable difference in timing when padding error would occur while...

5.9CVSS6AI score0.01238EPSS
Exploits0References4
Github Security Blog
Github Security Blogadded 2021/04/19 2:59 p.m.65 views

Padding Oracle Attack due to Observable Timing Discrepancy in jose-node-esm-runtime

Impact AESCBCHMACSHA2 Algorithm A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 decryption would always execute both HMAC tag verification and CBC decryption, if either failed JWEDecryptionFailed would be thrown. But a possibly observable difference in timing when padding error would occur while...

5.9CVSS2AI score0.01238EPSS
Exploits0References4Affected Software1
OSV
OSVadded 2021/04/19 2:59 p.m.15 views

GHSA-4V4G-726H-XVFV Padding Oracle Attack due to Observable Timing Discrepancy in jose-node-esm-runtime

Impact AESCBCHMACSHA2 Algorithm A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 decryption would always execute both HMAC tag verification and CBC decryption, if either failed JWEDecryptionFailed would be thrown. But a possibly observable difference in timing when padding error would occur while...

5.9CVSS6AI score0.01238EPSS
Exploits0References4
Github Security Blog
Github Security Blogadded 2021/04/19 2:58 p.m.61 views

Padding Oracle Attack due to Observable Timing Discrepancy in jose-browser-runtime

Impact AESCBCHMACSHA2 Algorithm A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 decryption would always execute both HMAC tag verification and CBC decryption, if either failed JWEDecryptionFailed would be thrown. But a possibly observable difference in timing when padding error would occur while...

5.9CVSS2AI score0.01238EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder