Lucene search
K

603 matches found

OSV
OSV
added 2 days ago11 views

ROOT-APP-NPM-CVE-2020-8203 CVE-2020-8203 in @rootio/lodash.pick - Patched by Root

Root has patched CVE-2020-8203 in the @rootio/lodash.pick package for Root:npm. Multiple fixed versions available...

7.4CVSS8AI score0.05213EPSS
Exploits1
OSV
OSV
added 2026/07/07 11:45 a.m.5 views

PYSEC-2026-1956 TensorFlow has Null Pointer Error in SparseSparseMaximum

Impact When SparseSparseMaximum is given invalid sparse tensors as inputs, it can give an NPE. python import tensorflow as tf tf.rawops.SparseSparseMaximum aindices=1, avalues = 0.1 , ashape = 2, bindices=, bvalues =2 , bshape = 2, Patches We have patched the issue in GitHub commit...

7.5CVSS6.6AI score0.00439EPSS
Exploits1References6
OSV
OSV
added 2026/07/07 10:17 a.m.4 views

PYSEC-2026-956 TensorFlow has Floating Point Exception in TensorListSplit with XLA

Impact FPE in TensorListSplit with XLA python import tensorflow as tf func = tf.rawops.TensorListSplit para = 'tensor': 1, 'elementshape': -1, 'lengths': 0 @tf.functionjitcompile=True def fuzzjit: y = funcpara return y printfuzzjit Patches We have patched the issue in GitHub commit...

7.5CVSS5.9AI score0.00391EPSS
Exploits0References6
OSV
OSV
added 2026/07/07 10:17 a.m.3 views

PYSEC-2026-1050 Segfault via invalid attributes in `pywrap_tfe_src.cc`

Impact If a list of quantized tensors is assigned to an attribute, the pywrap code fails to parse the tensor and returns a nullptr, which is not caught. An example can be seen in tf.compat.v1.extractvolumepatches by passing in quantized tensors as input ksizes. python import numpy as np import...

5.5CVSS6AI score0.00404EPSS
Exploits1References7
OSV
OSV
added 2026/07/07 10:17 a.m.4 views

PYSEC-2026-980 TensorFlow vulnerable to `CHECK` fail in `tf.linalg.matrix_rank`

Impact When tf.linalg.matrixrank receives an empty input a, the GPU kernel gives a CHECK fail that can be used to trigger a denial of service attack. python import tensorflow as tf a = tf.constant, shape=0, 1, 1, dtype=tf.float32 tf.linalg.matrixranka=a Patches We have patched the issue in GitHub...

5.9CVSS5.9AI score0.00405EPSS
Exploits0References7
OSV
OSV
added 2026/07/07 10:17 a.m.4 views

PYSEC-2026-1047 TensorFlow vulnerable to Int overflow in `RaggedRangeOp`

Impact The RaggedRangOp function takes an argument limits that is eventually used to construct a TensorShape as an int64. If limits is a very large float, it can overflow when converted to an int64. This triggers an InvalidArgument but also throws an abort signal that crashes the program. python...

5.9CVSS6AI score0.00547EPSS
Exploits0References8
OSV
OSV
added 2026/07/07 10:17 a.m.3 views

PYSEC-2026-996 TensorFlow vulnerable to `CHECK`-fail in `tensorflow::full_type::SubstituteFromAttrs`

Impact When tensorflow::fulltype::SubstituteFromAttrs receives a FullTypeDef& t that is not exactly three args, it triggers a CHECK-fail instead of returning a status. cpp Status SubstituteForEachAttrMap& attrs, FullTypeDef& t DCHECKEQt.argssize, 3; const auto& cont = t.args0; const auto& tmpl =...

7.5CVSS7.1AI score0.00547EPSS
Exploits0References8
OSV
OSV
added 2026/07/07 10:17 a.m.4 views

PYSEC-2026-987 TensorFlow vulnerable to `CHECK` failure in tf.reshape via overflows

Impact The implementation of tf.reshape op in TensorFlow is vulnerable to a denial of service via CHECK-failure assertion failure caused by overflowing the number of elements in a tensor: python import tensorflow as tf tf.reshapetensor=1,shape=tf.constant0 for i in range255, dtype=tf.int64 This i...

5.9CVSS5.9AI score0.00396EPSS
Exploits0References7
OSV
OSV
added 2026/07/06 9:37 a.m.4 views

PYSEC-2026-974 TensorFlow vulnerable to `CHECK` failure in `SobolSample` via missing validation

Impact The implementation of SobolSampleOp is vulnerable to a denial of service via CHECK-failure assertion failure caused by assuming input0, input1, and input2 to be scalar. python import tensorflow as tf tf.rawops.SobolSampledim=tf.constant1,0, numresults=tf.constant1, skip=tf.constant1 Patche...

5.9CVSS6.9AI score0.00441EPSS
Exploits0References7
OSV
OSV
added 2026/07/06 8:3 a.m.4 views

PYSEC-2026-1026 Missing validation results in undefined behavior in `QuantizedConv2D`

Impact The implementation of tf.rawops.QuantizedConv2D does not fully validate the input arguments: python import tensorflow as tf input = tf.constant1, shape=1, 2, 3, 3, dtype=tf.quint8 filter = tf.constant1, shape=1, 2, 3, 3, dtype=tf.quint8 bad args mininput = tf.constant, shape=0,...

5.5CVSS5.9AI score0.00333EPSS
Exploits1References11
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: The default value for “denominator” is initialized to 1. WHAT & HOW Variables that are used as denominators and may not be assigned to other values should be initialized to a non-zero value to avoid “DIVIDEBYZERO...

5.5CVSS6.3AI score0.00172EPSS
Exploits0References2
NVD
NVD
added 2026/05/08 2:16 p.m.13 views

CVE-2026-43326

In the Linux kernel, the following vulnerability has been resolved: schedext: Fix SCXKICKWAIT deadlock by deferring wait to balance callback SCXKICKWAIT busy-waits in kickcpusirqworkfn using smpcondloadacquire until the target CPU's kicksync advances. Because the irqwork runs in hardirq context,...

5.5CVSS0.00083EPSS
Exploits0References2
CVE
CVE
added 2026/03/02 6:42 p.m.23 views

CVE-2026-0013

CVE-2026-0013 affects the DocumentsUI path in Android (Documents UI, DocumentsUI/Picker flow via PickActivity.setupLayout). The vulnerability allows a confused deputy to start any activity from within a DocumentsUI app, enabling local privilege elevation without extra execution privileges or user...

8.4CVSS6.1AI score0.00091EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/03/02 6:42 p.m.9 views

EUVD-2026-9231

In setupLayout of PickActivity.java, there is a possible way to start any activity as a DocumentsUI app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

8.4CVSS6.1AI score0.00091EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/02 6:42 p.m.35 views

CVE-2026-0013

In setupLayout of PickActivity.java, there is a possible way to start any activity as a DocumentsUI app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

0.00091EPSS
Exploits0References1
OSV
OSV
added 2026/01/15 12:19 a.m.3 views

OSV-2026-55 Use-of-uninitialized-value in vp9_quantize_fp_avx2

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=475583924 Crash type: Use-of-uninitialized-value Crash state: vp9quantizefpavx2 blockyrd vp9pickintermode...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/01/11 12:8 a.m.5 views

OSV-2026-30 Use-of-uninitialized-value in vp9_quantize_fp_avx2

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=474614578 Crash type: Use-of-uninitialized-value Crash state: vp9quantizefpavx2 blockyrd vp9pickintermode...

6.9AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:21 a.m.6 views

CVE-2021-41207

TensorFlow is an open source platform for machine learning. In affected versions the implementation of ParallelConcat misses some input validation and can produce a division by 0. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow...

5.5CVSS6.9AI score0.00136EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:21 a.m.6 views

CVE-2021-41209

TensorFlow is an open source platform for machine learning. In affected versions the implementations for convolution operators trigger a division by 0 if passed empty filter tensor arguments. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1,...

5.5CVSS6.9AI score0.00136EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:54 a.m.4 views

CVE-2021-41201

TensorFlow is an open source platform for machine learning. In affeced versions during execution, EinsumHelper::ParseEquation is supposed to set the flags in inputhasellipsis vector and outputhasellipsis boolean to indicate whether there is ellipsis in the corresponding inputs and output. However...

7.8CVSS7.1AI score0.00241EPSS
Exploits1References1
Rows per page
Query Builder