378 matches found
PYSEC-2021-298
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.SparseFillEmptyRows. The shape inference implementation does not validate that the input arguments are not empt...
PYSEC-2021-564
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for tf.rawops.FractionalAvgPoolGrad can be tricked into accessing data outside of bounds of heap allocated buffers. The implementation does not validate that the input tensor is non-empt...
PYSEC-2021-286
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to BoostedTreesSparseCalculateBestFeatureSplit. The implementation needs to validate that...
PYSEC-2021-265
TensorFlow is an end-to-end open source platform for machine learning. If a user does not provide a valid padding value to tf.rawops.MatrixDiagPartOp, then the code triggers a null pointer dereference if input is empty or produces invalid behavior, ignoring all values after the first. The...
PYSEC-2021-764
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a crash via a floating point exception in tf.rawops.ResourceGather. The implementation computes the value of a value, batchsize, and then divides by it without checking that this...
CVE-2021-37643
TensorFlow is an end-to-end open source platform for machine learning. If a user does not provide a valid padding value to tf.rawops.MatrixDiagPartOp, then the code triggers a null pointer dereference if input is empty or produces invalid behavior, ignoring all values after the first. The...
GSD-2021-1000671 drm/amdgpu: Fix a use-after-free
drm/amdgpu: Fix a use-after-free This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.235 by commit 952ab3f9f48eb0e8050596d41951cf516be6b122, i...
UVI-2021-1000649 drm/amd/amdgpu: fix refcount leak
drm/amd/amdgpu: fix refcount leak This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.193 by commit 599e5d61ace952b0bb9bd942b198bbd0cfded1d7, ...
PYSEC-2021-657
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a CHECK fail in PNG encoding by providing an empty input tensor as the pixel data. This is because the...
PYSEC-2021-222
TensorFlow is an end-to-end open source platform for machine learning. The TFLite computation for size of output after padding, ComputeOutSizehttps://github.com/tensorflow/tensorflow/blob/0c9692ae7b1671c983569e5d3de5565843d500cf/tensorflow/lite/kernels/padding.hL43-L55, does not check that the...
PT-2021-18284 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.5.0 TensorFlow version 2.4.2 TensorFlow version 2.3.3 TensorFlow version 2.2.3 TensorFlow version 2.1.4 Description: An attacker can trigger a denial of service via a CHECK failure by passing an empty image to...
PT-2024-11115 · Linux +6 · Linux Kernel +6
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A use after free issue has been resolved in the Linux kernel. The issue occurs in the emac mac tx buf send function, which calls emac tx fill tpd..,skb,... If an error happens in emac ...
UBUNTU-CVE-2013-1055
The unity-firefox-extension package could be tricked into dropping a C callback which was still in use, which Firefox would then free, causing Firefox to crash. This could be achieved by adding an action to the launcher and updating it with new callbacks until the libunity-webapps rate limit was...
Security update for ceph (moderate)
openSUSE Security Update: Security update for ceph Announcement ID: openSUSE-SU-2021:0079-1 Rating: moderate References: 1178837 1179139 1179452 1179802 1180118 1180155 Cross-References: CVE-2020-27781 Affected Products: openSUSE Leap 15.1 An update that solves one vulnerability and has 5 fixes i...
Security update for pdns-recursor (moderate)
openSUSE Security Update: Security update for pdns-recursor Announcement ID: openSUSE-SU-2020:1055-1 Rating: moderate References: 1173302 Cross-References: CVE-2020-14196 Affected Products: openSUSE Backports SLE-15-SP2 An update that fixes one vulnerability is now available. Description:This...
Fedora 30 : 1:transfig / xfig (2020-6a2824178e)
Security fix for CVE-2019-19746, CVE-2019-19797 - New upstream release 3.2.7b - Add patch fixing CVE-2019-19746 rhbz1787040 - Add patch fixing CVE-2019-19797 rhbz1786726 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system...
openSUSE: Security Advisory for dhcp (openSUSE-SU-2019:2341-1)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Security update for ghostscript (moderate)
openSUSE Security Update: Security update for ghostscript Announcement ID: openSUSE-SU-2019:2160-1 Rating: moderate References: 1144621 Cross-References: CVE-2019-10216 Affected Products: openSUSE Leap 15.0 An update that fixes one vulnerability is now available. Description: This update for...
Security update for python-Werkzeug (moderate)
openSUSE Security Update: Security update for python-Werkzeug Announcement ID: openSUSE-SU-2019:2118-1 Rating: moderate References: 1145383 Cross-References: CVE-2019-14806 Affected Products: openSUSE Leap 15.0 An update that fixes one vulnerability is now available. Description: This update for...
DEBIAN-CVE-2019-10894
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the GSS-API dissector could crash. This was addressed in epan/dissectors/packet-gssapi.c by ensuring that a valid dissector is called...