Lucene search
K

297 matches found

Cvelist
Cvelist
added 2022/12/19 12:0 a.m.49 views

CVE-2022-47551

Apiman 1.5.7 through 2.2.3.Final has insufficient checks for read permissions within the Apiman Manager REST API. The root cause of the issue is the Apiman project's accidental acceptance of a large contribution that was not fully compatible with the security model of Apiman versions before...

6.6AI score0.00604EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2022/11/21 10:18 p.m.51 views

Invalid char to bool conversion when printing a tensor

Impact When printing a tensor, we get it's data as a const char array since that's the underlying storage and then we typecast it to the element type. However, conversions from char to bool are undefined if the char is not 0 or 1, so sanitizers/fuzzers will crash. Patches We have patched the issu...

7.5CVSS7.5AI score0.00389EPSS
Exploits0References5Affected Software3
Github Security Blog
Github Security Blog
added 2022/11/21 9:54 p.m.32 views

`CHECK` fail via inputs in `SparseFillEmptyRowsGrad`

Impact If SparseFillEmptyRowsGrad is given empty inputs, TensorFlow will crash. python import tensorflow as tf tf.rawops.SparseFillEmptyRowsGrad reverseindexmap=, gradvalues=, name=None Patches We have patched the issue in GitHub commit af4a6a3c8b95022c351edae94560acc61253a1b8. The fix will be...

7.5CVSS7.5AI score0.0044EPSS
Exploits1References5Affected Software3
Github Security Blog
Github Security Blog
added 2022/11/21 8:41 p.m.38 views

Overflow in `tf.keras.losses.poisson`

Impact tf.keras.losses.poisson receives a ypred and ytrue that are passed through functor::mul in BinaryOp. If the resulting dimensions overflow an int32, TensorFlow will crash due to a size mismatch during broadcast assignment. python import numpy as np import tensorflow as tf truevalue =...

7.5CVSS7.7AI score0.0044EPSS
Exploits1References6Affected Software3
Github Security Blog
Github Security Blog
added 2022/09/16 10:20 p.m.31 views

TensorFlow vulnerable to `CHECK` fail in `FakeQuantWithMinMaxVars`

Impact If FakeQuantWithMinMaxVars is given min or max tensors of a nonzero rank, it results in a CHECK fail that can be used to trigger a denial of service attack. python import tensorflow as tf numbits = 8 narrowrange = False inputs = tf.constant0, shape=2,3, dtype=tf.float32 min = tf.constant0,...

7.5CVSS7.5AI score0.00383EPSS
Exploits0References5Affected Software3
Github Security Blog
Github Security Blog
added 2022/09/16 10:11 p.m.31 views

TensorFlow vulnerable to `CHECK` fail in `CollectiveGather`

Impact When CollectiveGather receives an scalar input input, it gives a CHECK fails that can be used to trigger a denial of service attack. python import tensorflow as tf arg0=1 arg1=1 arg2=1 arg3=1 arg4=3, 3,3 arg5='auto' arg6=0 arg7='' tf.rawops.CollectiveGatherinput=arg0, groupsize=arg1,...

7.5CVSS7.4AI score0.00396EPSS
Exploits0References5Affected Software3
Trend Micro Simply Security
Trend Micro Simply Security
added 2022/07/27 12:0 a.m.11 views

How to Apply a Zero Trust Security Model to ICS

Discover how to leverage the zero trust strategy to protect ICS environments, enabling a stronger security posture and reducing risk...

2.3AI score
Exploits0
Github Security Blog
Github Security Blog
added 2022/05/24 10:12 p.m.38 views

Segfault due to missing support for quantized types

Impact There is a potential for segfault / denial of service in TensorFlow by calling tf.compat.v1. ops which don't yet have support for quantized types added after migration to TF 2.x: python import numpy as np import tensorflow as tf...

5.5CVSS6AI score0.00317EPSS
Exploits1References10Affected Software3
NVD
NVD
added 2022/04/27 8:15 p.m.24 views

CVE-2022-24735

Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis prior to version 7.0.0 or 6.2.7 can inject Lua code that will execute with the potentially higher privileges of another Redis user. The Lua scri...

7.8CVSS0.02189EPSS
Exploits1References10
AlpineLinux
AlpineLinux
added 2022/04/27 7:43 p.m.82 views

CVE-2022-24735

Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis prior to version 7.0.0 or 6.2.7 can inject Lua code that will execute with the potentially higher privileges of another Redis user. The Lua scri...

7.8CVSS6.7AI score0.02189EPSS
Exploits1
Trend Micro Simply Security
Trend Micro Simply Security
added 2022/04/06 12:0 a.m.11 views

5 Zero Trust Security Model DevOps Integrations

Learn how the zero trust security model can be integrated into your DevOps lifecycle without implicating the agility or speed of your application build...

2.1AI score
Exploits0
Microsoft Malware Protection
Microsoft Malware Protection
added 2022/03/31 5:0 p.m.16 views

3 strategies to launch an effective data governance plan

Aware of the potential risks of sensitive data if not managed properly, you’ve undertaken a data discovery process to learn where it’s all stored. You’ve classified this sensitive data—confidential information like credit card numbers and home addresses collected from customers, prospects,...

0.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/03/23 4:42 p.m.32 views

Okta admits 366 customers may have been impacted by LAPSUS$ breach

Through its usual means of communication, its Telegram channel, the LAPSUS$ group has posted screenshots of what appears to be superuser access to the Okta management console. As such, the group claims to have acquired "superuser/admin" access to Okta.com and gained access to Oktas customer data,...

0.5AI score
Exploits0
Github Security Blog
Github Security Blog
added 2022/02/09 11:45 p.m.40 views

Integer overflow leading to crash in Tensorflow

Impact The implementation of SparseCountSparseOutput can be made to crash a TensorFlow process by an integer overflow whose result is then used in a memory allocation: python import tensorflow as tf import numpy as np tf.rawops.SparseCountSparseOutput indices=1,1, values=2, denseshape=2 31, 2 32,...

6.5CVSS2.1AI score0.00783EPSS
Exploits1References7Affected Software3
Microsoft Secure
Microsoft Secure
added 2022/02/09 8:0 p.m.23 views

Cybersecurity threats are always changing—staying on top of them is vital, getting ahead of them is paramount

With a 1,070 percent increase in ransomware attacks year-over-year between July 2020 and June 2021, staying on top of attack trends—such as ransomware and supply chain threats—is more important than ever.1 To successfully detect and defend against security threats, we need to come together as a...

6.7AI score
Exploits0
NVD
NVD
added 2022/01/21 11:15 p.m.36 views

CVE-2022-21707

wasmCloud Host Runtime is a server process that securely hosts and provides dispatch for web assembly WASM actors and capability providers. In versions prior to 0.52.2 actors can bypass capability authorization. Actors are normally required to declare their capabilities for inbound invocations, b...

8.1CVSS0.00947EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/01/21 10:20 p.m.6 views

CVE-2022-21707 Incorrect Authorization in wasmCloud

wasmCloud Host Runtime is a server process that securely hosts and provides dispatch for web assembly WASM actors and capability providers. In versions prior to 0.52.2 actors can bypass capability authorization. Actors are normally required to declare their capabilities for inbound invocations, b...

6.3CVSS8AI score0.00947EPSS
Exploits0References2
Imperva Blog
Imperva Blog
added 2022/01/18 1:54 p.m.11 views

3 Data Source Coverage Capabilities You Need from Your Database Security Solution

When Henry Ford, the de-facto inventor of mass production, was asked during a production meeting in 1909 in which colors his Model T automobile would be available to consumers, Ford - a notorious stickler for keeping costs to the bare minimum - offered almost no optional extras and that included...

0.1AI score
Exploits0
OSV
OSV
added 2021/12/20 6:17 p.m.12 views

GHSA-F3W5-V9XX-RP8P Signature verification failure in Tendermint

The root cause of this security vulnerability is in the Tendermint specification, and this advisory is a duplicate of https://github.com/tendermint/spec/security/advisories/GHSA-jqfc-687g-59pw. Impact Tendermint light clients running versions 0.34.0 to 0.34.8 are unable to detect and punish a new...

6.9AI score
Exploits0References1
Github Security Blog
Github Security Blog
added 2021/11/10 7:2 p.m.37 views

FPE in `ParallelConcat`

Impact The implementation of ParallelConcat misses some input validation and can produce a division by 0: python import tensorflow as tf @tf.function def test: y = tf.rawops.ParallelConcatvalues='tf',shape=0 return y test Patches We have patched the issue in GitHub commit...

5.5CVSS2.1AI score0.00136EPSS
Exploits0References11Affected Software3
Rows per page
Query Builder