17 matches found
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: PM: domains: Fixed a sleep-in-atomic bug caused by genpddebugRemove When a genpd with GENPDFLAGIRQSAFE is removed, the following sleep-in-atomic bug will occur, as genpdDebugRemove will be called with a spinlock held. 0.029183 BU...
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection via manipulation of backup manifest files. An attacker can execute arbitrary commands in the production deployment environment by restoring a crafted backup. Workaround This vulnerability can be mitigated by specifying...
CVE-2021-41228
TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's savedmodelcli tool is vulnerable to a code injection as it calls eval on user supplied strings. This can be used by attackers to run arbitrary code on the plaform where the CLI tool runs. However, given...
DEBIAN-CVE-2022-49265
In the Linux kernel, the following vulnerability has been resolved: PM: domains: Fix sleep-in-atomic bug caused by genpddebugremove When a genpd with GENPDFLAGIRQSAFE gets removed, the following sleep-in-atomic bug will be seen, as genpddebugremove will be called with a spinlock being held...
UBUNTU-CVE-2022-49265
In the Linux kernel, the following vulnerability has been resolved: PM: domains: Fix sleep-in-atomic bug caused by genpddebugremove When a genpd with GENPDFLAGIRQSAFE gets removed, the following sleep-in-atomic bug will be seen, as genpddebugremove will be called with a spinlock being held...
CVE-2022-49265 PM: domains: Fix sleep-in-atomic bug caused by genpd_debug_remove()
In the Linux kernel, the following vulnerability has been resolved: PM: domains: Fix sleep-in-atomic bug caused by genpddebugremove When a genpd with GENPDFLAGIRQSAFE gets removed, the following sleep-in-atomic bug will be seen, as genpddebugremove will be called with a spinlock being held...
SUSE CVE-2021-41228
TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's savedmodelcli tool is vulnerable to a code injection as it calls eval on user supplied strings. This can be used by attackers to run arbitrary code on the plaform where the CLI tool runs. However, given...
kernel: PM: domains: Fix sleep-in-atomic bug caused by genpd_debug_remove()
In the Linux kernel, the following vulnerability has been resolved: PM: domains: Fix sleep-in-atomic bug caused by genpddebugremove When a genpd with GENPDFLAGIRQSAFE gets removed, the following sleep-in-atomic bug will be seen, as genpddebugremove will be called with a spinlock being held...
GHSA-3RCW-9P9X-582V Code injection in `saved_model_cli`
Impact TensorFlow's savedmodelcli tool is vulnerable to a code injection as it calls eval on user supplied strings python def preprocessinputexprsargstringinputexprsstr: ... for inputraw in filterbool, inputexprsstr.split';': ... inputkey, expr = inputraw.split'=', 1 inputdictinputkey = evalexpr...
PYSEC-2021-420
TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's savedmodelcli tool is vulnerable to a code injection as it calls eval on user supplied strings. This can be used by attackers to run arbitrary code on the plaform where the CLI tool runs. However, given...
PYSEC-2021-835
TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's savedmodelcli tool is vulnerable to a code injection as it calls eval on user supplied strings. This can be used by attackers to run arbitrary code on the plaform where the CLI tool runs. However, given...
PYSEC-2021-835
TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's savedmodelcli tool is vulnerable to a code injection as it calls eval on user supplied strings. This can be used by attackers to run arbitrary code on the plaform where the CLI tool runs. However, given...
Code injection
TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's savedmodelcli tool is vulnerable to a code injection as it calls eval on user supplied strings. This can be used by attackers to run arbitrary code on the plaform where the CLI tool runs. However, given...
PYSEC-2021-420
TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's savedmodelcli tool is vulnerable to a code injection as it calls eval on user supplied strings. This can be used by attackers to run arbitrary code on the plaform where the CLI tool runs. However, given...
CVE-2021-41228
TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's savedmodelcli tool is vulnerable to a code injection as it calls eval on user supplied strings. This can be used by attackers to run arbitrary code on the plaform where the CLI tool runs. However, given...
PT-2021-23201 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.7.0 TensorFlow versions 2.6.1 and earlier TensorFlow versions 2.5.2 and earlier TensorFlow versions 2.4.4 and earlier Description: TensorFlow's saved model cli tool is vulnerable to a code injection as it calls...
CVE-2016-5268
Mozilla Firefox before 48.0 does not properly set the LINKABLE and URISAFEFORUNTRUSTEDCONTENT flags of about: URLs that are used for error pages, which makes it easier for remote attackers to conduct spoofing attacks via a crafted URL, as demonstrated by misleading text after an about:neterror?d=...