MAL-2025-8640 Malicious code in @malware-test-films-norks-carts-ranks/test-mlw3-films-norks-carts-ranks (npm)

The package @malware-test-films-norks-carts-ranks/test-mlw3-films-norks-carts-ranks was found to contain malicious code...

Malicious code in @malware-test-films-norks-carts-ranks/test-mlw3-films-norks-carts-ranks (npm)

The package @malware-test-films-norks-carts-ranks/test-mlw3-films-norks-carts-ranks was found to contain malicious code...

Mounting memory with MemProcFS for advanced memory forensics

Mounting memory? This changes everything! TL;DR Memory forensics is crucial for investigations, providing access to volatile data, like running processes and network connections. MemProcFS is a game-changer tool in memory forensics, allowing memory dumps to be mounted and browsed like file system...

CVE-2023-47853

CVE-2023-47853 is a Stored XSS in the WordPress plugin myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin. The vulnerability stems from improper neutralization of input during web page generation, enabling attackers to inject scripts. Affected versions are up to 2.6.1; the iss...

Few Fortune 100 Firms List Security Pros in Their Executive Ranks

Many things have changed since 2018, such as the names of the companies in the Fortune 100 list. But one aspect of that vaunted list that hasnt shifted much since is that very few of these companies list any security professionals within their top executive ranks. The next time you receive a brea...

myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin < 2.5.1 - Cross-Site Request Forgery

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

GHSA-H7FF-CFC9-WMMH TensorFlow vulnerable to `CHECK` fail in `FakeQuantWithMinMaxVarsPerChannelGradient`

Impact When tf.quantization.fakequantwithminmaxvarsperchannelgradient receives input min or max of rank other than 1, it gives a CHECK fail that can trigger a denial of service attack. python import tensorflow as tf arg0=tf.random.uniformshape=1,1, dtype=tf.float32, maxval=None...

GHSA-F7R5-Q7CX-H668 TensorFlow vulnerable to segfault in `BlockLSTMGradV2`

Impact The implementation of BlockLSTMGradV2 does not fully validate its inputs. - wci, wcf, wco, b must be rank 1 - w, csprev, hprev must be rank 2 - x must be rank 3 This results in a a segfault that can be used to trigger a denial of service attack. python import tensorflow as tf usepeephole =...

PT-2022-23088 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier Description: The issue occurs when tf.quantization.fake quant with min max vars per channel...

GHSA-CQV6-3PHM-HCWX Access to invalid memory during shape inference in `Cudnn*` ops

Impact The shape inference code for the Cudnn operations in TensorFlow can be tricked into accessing invalid memory, via a heap buffer overflow: python import tensorflow as tf @tf.function def func: return tf.rawops.CudnnRNNV3 input=0.1, 0.1, inputh=0.5, inputc=0.1, 0.1, 0.1, params=0.5, 0.5,...

PYSEC-2021-828

TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for the Cudnn operations in TensorFlow can be tricked into accessing invalid memory, via a heap buffer overflow. This occurs because the ranks of the input, inputh and inputc parameters are n...

PYSEC-2021-630

TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for the Cudnn operations in TensorFlow can be tricked into accessing invalid memory, via a heap buffer overflow. This occurs because the ranks of the input, inputh and inputc parameters are n...

PYSEC-2021-413

TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for the Cudnn operations in TensorFlow can be tricked into accessing invalid memory, via a heap buffer overflow. This occurs because the ranks of the input, inputh and inputc parameters are n...

PYSEC-2021-413

TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for the Cudnn operations in TensorFlow can be tricked into accessing invalid memory, via a heap buffer overflow. This occurs because the ranks of the input, inputh and inputc parameters are n...

PYSEC-2021-828

TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for the Cudnn operations in TensorFlow can be tricked into accessing invalid memory, via a heap buffer overflow. This occurs because the ranks of the input, inputh and inputc parameters are n...

PT-2021-23194 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.7.0 TensorFlow versions 2.6.1 and earlier TensorFlow versions 2.5.2 and earlier TensorFlow versions 2.4.4 and earlier Description: The shape inference code for the Cudnn operations in TensorFlow can be tricked...

PYSEC-2021-670

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in tf.rawops.QuantizeAndDequantizeV4Grad. This is because the...

PYSEC-2021-181

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in tf.rawops.QuantizeAndDequantizeV4Grad. This is because the...

OpenJDK: Incorrect handling of invocations with exhausted ranks (Libraries, 8035793)

Unspecified vulnerability in Oracle Java SE 7u60 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-2483...

OpenJDK: Incorrect handling of invocations with exhausted ranks (Libraries, 8035793)

Unspecified vulnerability in Oracle Java SE 7u60 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-2483...