470 matches found
PYSEC-2026-1962 TensorFlow has segfault in array_ops.upper_bound
Impact arrayops.upperbound causes a segfault when not given a rank 2 tensor. Patches We have patched the issue in GitHub commit 915884fdf5df34aaedd00fc6ace33a2cfdefa586. The fix will be included in TensorFlow 2.13. We will also cherrypick this commit in TensorFlow 2.12.1. For more information...
PYSEC-2026-1954 Invalid char to bool conversion when printing a tensor
Impact When printing a tensor, we get it's data as a const char array since that's the underlying storage and then we typecast it to the element type. However, conversions from char to bool are undefined if the char is not 0 or 1, so sanitizers/fuzzers will crash. Patches We have patched the issu...
PYSEC-2026-1964 TensorFlow has Floating Point Exception in AvgPoolGrad with XLA
Impact If the stride and window size are not positive for tf.rawops.AvgPoolGrad, it can give an FPE. python import tensorflow as tf import numpy as np @tf.functionjitcompile=True def test: y = tf.rawops.AvgPoolGradoriginputshape=1,0,0,0, grad=0.39117979, ksize=1,0,0,0, strides=1,0,0,0,...
PYSEC-2026-1960 TensorFlow has Floating Point Exception in AudioSpectrogram
Impact version:2.11.0 //core/ops/audioops.cc:70 Status SpectrogramShapeFnInferenceContext c ShapeHandle input; TFRETURNIFERRORc-WithRankc-input0, 2, &input; int32t windowsize; TFRETURNIFERRORc-GetAttr"windowsize", &windowsize; int32t stride; TFRETURNIFERRORc-GetAttr"stride", &stride; .....1...
PYSEC-2026-971 Tensorflow vulnerable to Out-of-Bounds Read
Impact When the BaseCandidateSamplerOp function receives a value in trueclasses larger than rangemax, a heap oob vuln occurs. python tf.rawops.ThreadUnsafeUnigramCandidateSampler trueclasses=0x100000,1, numtrue = 2, numsampled = 2, unique = False, rangemax = 2, seed = 2, seed2 = 2 Patches We have...
PYSEC-2026-1032 Missing validation results in undefined behavior in `SparseTensorDenseAdd
Impact The implementation of tf.rawops.SparseTensorDenseAdd does not fully validate the input arguments: python import tensorflow as tf aindices = tf.constant0, shape=17, 2, dtype=tf.int64 avalues = tf.constant, shape=0, dtype=tf.float32 ashape = tf.constant6, 12, shape=2, dtype=tf.int64 b =...
PT-2026-53972
Name of the Vulnerable Software and Affected Versions coturn versions prior to 4.13.0 Description An authenticated TURN client can bypass the default loopback guard by using the IPv4-mapped IPv6 peer address ::ffff:127.0.0.1 within a TURN XOR-PEER-ADDRESS attribute. This occurs because the ioa ad...
This Week in Spring - March 31st, 2026
Hi, Spring fans! Welcome to another fun edition of This Week in Spring! I'm writing to you from beautiful Amsterdam ahead of the wonderful Voxxed Days Amsterdam event, and I'm really looking forward to it. If you're there, please come say hello! Also, be aware that I'll be speaking at the Paris J...
Security update 5.1.2 for Multi-Linux Manager Client Tools
This update fixes the following issues: golang-github-QubitProducts-exporterexporter: Non-customer-facing optimization around source building golang-github-lusitaniae-apacheexporter: Build without apparmor for openSUSE Leap 16, SLES 16 or newer Require Go 1.23 for building Update to version 1.0.1...
SUSE-SU-2026:0626-1 Security update 5.1.2 for Multi-Linux Manager Client Tools
This update fixes the following issues: golang-github-QubitProducts-exporterexporter: - Non-customer-facing optimization around source building golang-github-lusitaniae-apacheexporter: - Build without apparmor for openSUSE Leap 16, SLES 16 or newer - Require Go 1.23 for building - Update to versi...
SUSE-SU-2026:0625-1 Security update 5.1.2 for Multi-Linux Manager Client Tools
This update fixes the following issues: golang-github-QubitProducts-exporterexporter: - Non-customer-facing optimization around source building golang-github-lusitaniae-apacheexporter: - Build without apparmor for openSUSE Leap 16, SLES 16 or newer - Require Go 1.23 for building - Update to versi...
Security update 5.1.2 for Multi-Linux Manager Client Tools
This update fixes the following issues: golang-github-QubitProducts-exporterexporter: Non-customer-facing optimization around source building golang-github-lusitaniae-apacheexporter: Build without apparmor for openSUSE Leap 16, SLES 16 or newer Require Go 1.23 for building Update to version 1.0.1...
Blueprint for Security: A Guide to Code, Governance, and Response Frameworks
Building a Foundation for Security and Compliance...
EUVD-2023-2185
Malicious code in bioql PyPI...
Tips for Transcribing Video with Technical Jargon
When it comes to transcribing videos, technical jargon can pose several challenges. However, with the right approach, you…...
Navigating the API Security Landscape: Your Definitive API Security Buyer’s Guide for 2025
APIs power today’s digital economy—connecting customers, partners, and internal services at breakneck speed. But with that agility comes risk: in 2024 alone, API vulnerabilities cost organizations a staggering$2.5 billion in remediation, fines, and lost revenue. As APIs proliferate, traditional...
Security update 5.0.5 for Multi-Linux Manager Client Tools
This update fixes the following issues: salt: Security issues fixed: CVE-2024-38822: Fixed Minion token validation bsc1244561 CVE-2024-38823: Fixed server vulnerability to replay attacks when not using a TLS encrypted transport bsc1244564 CVE-2024-38824: Fixed directory traversal vulnerability in...
Security update for SUSE Manager Client Tools
This update fixes the following issues: scap-security-guide was updated to version 0.1.75 jscECO-3319: Added Ism profile for OL8, OL9 Added new product kylinserver10 Created OL10 product Release SLMicro5 product Replaced two date injections by SOURCEDATEEPOCH to make reproducible bsc1230361 Updat...
SUSE-SU-2025:0532-1 Security update for SUSE Manager Client Tools
This update fixes the following issues: scap-security-guide was updated to version 0.1.75 jscECO-3319: - Added Ism profile for OL8, OL9 - Added new product kylinserver10 - Created OL10 product - Release SLMicro5 product - Replaced two date injections by SOURCEDATEEPOCH to make reproducible...
Security update for SUSE Manager Client Tools
This update fixes the following issues: scap-security-guide was updated to version 0.1.75 jscECO-3319: Added Ism profile for OL8, OL9 Added new product kylinserver10 Created OL10 product Release SLMicro5 product Replaced two date injections by SOURCEDATEEPOCH to make reproducible bsc1230361 Updat...