Lucene search
K

26 matches found

PyPA
PyPA
added 2021/08/12 9:15 p.m.7 views

PYSEC-2021-557

TensorFlow is an end-to-end open source platform for machine learning. In affected versions providing a negative element to numelements list argument of tf.rawops.TensorListReserve causes the runtime to abort the process due to reallocating a std::vector to have a negative number of elements. The...

5.5CVSS6.9AI score0.00152EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2021/08/12 9:15 p.m.4 views

PYSEC-2021-276

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a crash via a CHECK-fail in debug builds of TensorFlow using tf.rawops.ResourceGather or a read from outside the bounds of heap allocated data in the same API in a release build. Th...

7.3CVSS6.5AI score0.00167EPSS
Exploits0References2
PyPA
PyPA
added 2021/08/12 7:15 p.m.5 views

PYSEC-2021-550

TensorFlow is an end-to-end open source platform for machine learning. It is possible to trigger a null pointer dereference in TensorFlow by passing an invalid input to tf.rawops.CompressElement. The implementation was accessing the size of a buffer obtained from the return of a separate function...

7.7CVSS7.1AI score0.0016EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2021/05/21 2:25 p.m.1 views

GHSA-4P4P-WWW8-8FV9 Reference binding to null in `ParameterizedTruncatedNormal`

Impact An attacker can trigger undefined behavior by binding to null pointer in tf.rawops.ParameterizedTruncatedNormal: python import tensorflow as tf shape = tf.constant, shape=0, dtype=tf.int32 means = tf.constant1, dtype=tf.float32 stdevs = tf.constant1, dtype=tf.float32 minvals = tf.constant1...

2.5CVSS6.9AI score0.00197EPSS
Exploits1References7
UbuntuCve
UbuntuCve
added 2019/07/17 4:15 p.m.33 views

CVE-2019-13626

SDL Simple DirectMedia Layer 2.x through 2.0.9 has a heap-based buffer over-read in FillIMAADPCMblock, caused by an integer overflow in IMAADPCMdecode in audio/SDLwave.c...

6.5CVSS6.8AI score0.01805EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2017/09/15 12:0 a.m.30 views

CVE-2017-0898

Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap...

9.1CVSS7AI score0.09718EPSS
Exploits1References6
Rows per page
Query Builder