262 matches found
CVE-2026-14647 onnx onnxruntime old.cc convPoolShapeInference_opset19 out-of-bounds
A weakness has been identified in onnx up to 1.21.x. This vulnerability affects the function convPoolShapeInferenceopset19 of the file onnx/defs/nn/old.cc of the component onnxruntime. This manipulation causes out-of-bounds read. It is possible to initiate the attack remotely. The exploit has bee...
CVE-2026-14647
ONNX Runtime (onnxruntime) up to 1.21.x is affected by CVE-2026-14647 due to a weakness in convPoolShapeInference_opset19 in ONNX’s old.cc (onnx/defs/nn). The root cause is an out-of-bounds read introduced in this path, enabling remote exploitation. Public exploits exist per the description. Reme...
CVE-2021-41216
TensorFlow is an open source platform for machine learning. In affected versions the shape inference function for Transpose is vulnerable to a heap buffer overflow. This occurs whenever perm contains negative elements. The shape inference function does not validate that the indices in perm are al...
CVE-2021-41218
TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for AllToAll can be made to execute a division by 0. This occurs whenever the splitcount argument is 0. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on...
CVE-2021-41215
TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for DeserializeSparse can trigger a null pointer dereference. This is because the shape inference function assumes that the serializesparse tensor is a tensor with positive rank and having 3 ...
CVE-2022-23572
Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, TensorFlow can fail to specialize a type during shape inference. This case is covered by the DCHECK function however, DCHECK is a no-op in production builds and an assertion failure in debug builds. In the first cas...
CVE-2021-41214
TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for tf.ragged.cross has an undefined behavior due to binding a reference to nullptr. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1,...
CVE-2021-41205
TensorFlow is an open source platform for machine learning. In affected versions the shape inference functions for the QuantizeAndDequantizeV operations can trigger a read outside of bounds of heap allocated array. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit ...
EUVD-2021-0436
Malware in sbrugna...
EUVD-2021-0438
Malware in sbrugna...
EUVD-2021-0434
Malware in sbrugna...
EUVD-2021-0403
Malware in sbrugna...
EUVD-2021-0443
Malware in sbrugna...
EUVD-2021-0440
Malware in sbrugna...
EUVD-2021-0428
Malware in sbrugna...
EUVD-2021-0432
Malware in sbrugna...
EUVD-2021-0433
Malware in sbrugna...
EUVD-2021-0437
Malware in sbrugna...
EUVD-2022-0320
Malicious code in bioql PyPI...
EUVD-2022-0328
Malicious code in bioql PyPI...