CVE-2022-28793

Given the TEE is compromised and controlled by the attacker, improper state maintenance in StrongBox allows attackers to change Android ROT during device boot cycle after compromising TEE. The patch is applied in Galaxy S22 to prevent change of Android ROT after first initialization at boot time...

CVE-2022-28791

Improper input validation vulnerability in InstallAgent in Galaxy Store prior to version 4.5.41.8 allows attacker to overwrite files stored in a specific path. The patch adds proper protection to prevent overwrite to existing files...

CVE-2022-20072

In search engine service, there is a possible way to change the default search engine due to an incorrect comparison. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS06219118; Issue ID:...

GHSA-Q7F7-544H-67H9 FPE in TFLite pooling operations

Impact The implementations of pooling in TFLite are vulnerable to division by 0 errors as there are no checks for divisors not being 0. Patches We have patched the issue in GitHub commit dfa22b348b70bb89d6d6ec0ff53973bacb4f4695. The fix will be included in TensorFlow 2.6.0. We will also cherrypic...

PYSEC-2021-287

TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in MKL implementation of requantization, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap...

PYSEC-2021-784

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a denial of service via a CHECK-fail in tf.rawops.MapStage. The implementation does not check that the key input is a valid non-empty tensor. We have patched the issue in GitHub...

PYSEC-2021-575

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can generate undefined behavior via a reference binding to nullptr in BoostedTreesCalculateBestGainsPerFeature and similar attack can occur in BoostedTreesCalculateBestFeatureSplitV2. The...

PYSEC-2021-755

TensorFlow is an end-to-end open source platform for machine learning. In affected versions providing a negative element to numelements list argument of tf.rawops.TensorListReserve causes the runtime to abort the process due to reallocating a std::vector to have a negative number of elements. The...

PYSEC-2021-260

TensorFlow is an end-to-end open source platform for machine learning. Sending invalid argument for rowpartitiontypes of tf.rawops.RaggedTensorToTensor API results in a null pointer dereference and undefined behavior. The implementation accesses the first element of a user supplied list of values...

PYSEC-2021-748

TensorFlow is an end-to-end open source platform for machine learning. It is possible to trigger a null pointer dereference in TensorFlow by passing an invalid input to tf.rawops.CompressElement. The implementation was accessing the size of a buffer obtained from the return of a separate function...

CVE-2021-37640

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of tf.rawops.SparseReshape can be made to trigger an integral division by 0 exception. The implementation calls the reshaping functor whenever there is at least an index in the input but...

CVE-2021-37638

TensorFlow is an end-to-end open source platform for machine learning. Sending invalid argument for rowpartitiontypes of tf.rawops.RaggedTensorToTensor API results in a null pointer dereference and undefined behavior. The implementation accesses the first element of a user supplied list of values...

GHSA-H4PC-GX2W-F2XV Heap OOB read in TFLite

Impact A specially crafted TFLite model could trigger an OOB read on heap in the TFLite implementation of SplitV: cc const int inputsize = SizeOfDimensioninput, axisvalue; If axisvalue is not a value between 0 and NumDimensionsinput, then the SizeOfDimension function will access data outside the...

GHSA-WHR9-VFH2-7HM6 Memory corruption in `DrawBoundingBoxesV2`

Impact The implementation of tf.rawops.MaxPoolGradWithArgmax can cause reads outside of bounds of heap allocated data if attacker supplies specially crafted inputs: python import tensorflow as tf images = tf.fill10, 96, 0, 1, 0. boxes = tf.fill10, 53, 0, 0. colors = tf.fill0, 1, 0...

GHSA-HPV8-9RQ5-HQ7W Generated Code Contains Local Information Disclosure Vulnerability

Impact This vulnerability impacts generated code. If this code was generated as a one-off occasion, not as a part of an automated CI/CD process, this code will remain vulnerable until fixed manually! On Unix-Like systems, the system temporary directory is shared between all local users. When...

pre-art.com Cross Site Scripting vulnerability OBB-1424899

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

CVE-2019-1169

An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or...

regionalebronnenbank.nl XSS vulnerability

Vulnerable URL: http://www.regionalebronnenbank.nl/templates/mediaplayer.swf?file=http://content.bitsontherun.com/videos/bkaovAYt-364766.flv=falseℑ=http://appsec.ws/ExploitDB/cMon.jpg=true=javascript:confirm/openbugbounty/;//=blank&.swf Details: Description| Value ---|--- Patched:| No Latest chec...

food.com XSS vulnerability

Vulnerable URL: http://www.food.com/recipe/lemon-angel-cake-with-blueberry-sauce-164755?scaleto=6.0=x%22%3E%3CsvG%20onLoad=prompt%28%22OPENBUGBOUNTY%22%29%3E=us Details: Description| Value ---|--- Patched:| Yes, at 25.11.2017 Latest check for patch:| 25.11.2017 19:30 GMT Vulnerability type:| XSS...

hectormalot.arsene76.fr XSS vulnerability

Vulnerable URL: http://hectormalot.arsene76.fr/sg.do Details: Description| Value ---|--- Patched:| Yes, at 02.03.2017 Latest check for patch:| 02.03.2017 12:18 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No Check...