GHSA-JC87-6VPP-7FF3 Heap buffer overflow in Tensorflow

Impact The SparseCountSparseOutput implementation does not validate that the input arguments form a valid sparse tensor. In particular, there is no validation that the indices tensor has the same shape as the values one. The values in these tensors are always accessed in parallel:...

Heap buffer overflow in Tensorflow

Impact The SparseCountSparseOutput implementation does not validate that the input arguments form a valid sparse tensor. In particular, there is no validation that the indices tensor has the same shape as the values one. The values in these tensors are always accessed in parallel:...

GHSA-PG59-2F92-5CPH Heap buffer overflow in Tensorflow

Impact The SparseCountSparseOutput and RaggedCountSparseOutput implementations don't validate that the weights tensor has the same shape as the data. The check exists for DenseCountSparseOutput, where both tensors are fully specified:...

GHSA-9MQP-7V2H-2382 Denial of Service in Tensorflow

Impact The SparseFillEmptyRowsGrad implementation has incomplete validation of the shapes of its arguments: https://github.com/tensorflow/tensorflow/blob/0e68f4d3295eb0281a517c3662f6698992b7b2cf/tensorflow/core/kernels/sparsefillemptyrowsop.ccL235-L241 Although reverseindexmapt and gradvaluest ar...

PT-2020-14267 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow version 2.3.0 Description: The SparseCountSparseOutput and RaggedCountSparseOutput implementations do not validate that the weights tensor has the same shape as the data. This can lead to a read from outside the bounds of the heap...

PT-2020-14269 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.3.1 Description: The SparseCountSparseOutput implementation does not validate that the input arguments form a valid sparse tensor, specifically that the indices tensor has the same shape as the values one. This...

PT-2020-14265 · Google +1 · Tensorflow +1

Name of the Vulnerable Software and Affected Versions: Tensorflow versions prior to 1.15.4 Tensorflow versions prior to 2.0.3 Tensorflow versions prior to 2.1.2 Tensorflow versions prior to 2.2.1 Tensorflow versions prior to 2.3.1 Description: The SparseFillEmptyRowsGrad implementation has...

harfbuzz:hb-shape-fuzzer: Crash in hb_set_digest_lowest_bits_t<unsigned long, 4u>::may_have

Project: https://github.com/harfbuzz/harfbuzz.git Detailed Report: https://oss-fuzz.com/testcase?key=5166525779279872 Project: harfbuzz Fuzzing Engine: libFuzzer Fuzz Target: hb-shape-fuzzer Job Type: libfuzzerasanharfbuzz Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x000000001248...

harfbuzz:hb-shape-fuzzer: Crash in hb_realloc_impl

Project: https://github.com/harfbuzz/harfbuzz.git Detailed Report: https://oss-fuzz.com/testcase?key=5675987258572800 Project: harfbuzz Fuzzing Engine: libFuzzer Fuzz Target: hb-shape-fuzzer Job Type: libfuzzerasanharfbuzz Platform Id: linux Crash Type: UNKNOWN READ Crash Address:...

USN-4407-1: LibVNCServer vulnerabilities

It was discovered that LibVNCServer incorrectly handled decompressing data. An attacker could possibly use this issue to cause LibVNCServer to crash, resulting in a denial of service. CVE-2019-15680 It was discovered that an information disclosure vulnerability existed in LibVNCServer when sendin...

UBUNTU-CVE-2019-20788

libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCursorShape integer overflow and heap-based buffer overflow via a large height or width value. NOTE: this may overlap CVE-2019-15690...

July 8, 2014 update for SharePoint Server 2010 (KB2883004)

July 8, 2014 update for SharePoint Server 2010 KB2883004 This article describes update 2883004 for Microsoft SharePoint Server 2010 that was released on July 8, 2014. This update provides the latest fixes for SharePoint Server 2010. This update improves the round-trip behaviors of modern shapes...

harfbuzz:hb-shape-fuzzer: Global-buffer-overflow in BEInt<unsigned short, 2>::operator unsigned short

Project: https://github.com/harfbuzz/harfbuzz.git Detailed Report: https://oss-fuzz.com/testcase?key=5769590820044800 Project: harfbuzz Fuzzing Engine: honggfuzz Fuzz Target: hb-shape-fuzzer Job Type: honggfuzzasanharfbuzz Platform Id: linux Crash Type: Global-buffer-overflow READ 2 Crash Address...

libvncserver: integer overflow and heap-based buffer overflow in libvncclient/cursor.c in HandleCursorShape function

A flaw was found in libvncserver in versions through 0.9.12. A large height or width value may cause an integer overflow or a heap-based buffer overflow. The highest threat from this vulnerability is to system availability...

libvncserver: integer overflow and heap-based buffer overflow in libvncclient/cursor.c in HandleCursorShape function

A flaw was found in libvncserver in versions through 0.9.12. A large height or width value may cause an integer overflow or a heap-based buffer overflow. The highest threat from this vulnerability is to system availability...

libvncserver: HandleCursorShape() integer overflow resulting in heap-based buffer overflow

A flaw was found in libvncserver. An integer overflow within the HandleCursorShape function can be exploited to cause a heap-based buffer overflow by tricking a user or application using libvncserver to connect to an unstrusted server and subsequently send cursor shapes with specially crafted...

libvncserver: integer overflow and heap-based buffer overflow in libvncclient/cursor.c in HandleCursorShape function

A flaw was found in libvncserver in versions through 0.9.12. A large height or width value may cause an integer overflow or a heap-based buffer overflow. The highest threat from this vulnerability is to system availability...

UBUNTU-CVE-2019-15690

LibVNCServer 0.9.12 release and earlier contains heap buffer overflow vulnerability within the HandleCursorShape function in libvncclient/cursor.c. An attacker sends cursor shapes with specially crafted dimensions, which can result in remote code execution...

PT-2019-5028 · Libvnc +5 · Libvncserver +5

Name of the Vulnerable Software and Affected Versions: LibVNCServer versions 0.9.12 and earlier Description: The issue is related to a heap buffer overflow in the HandleCursorShape function in libvncclient/cursor.c. This can be exploited by an attacker sending cursor shapes with specially crafted...

New Biometrics

This article discusses new types of biometrics under development, including gait, scent, heartbeat, microbiome, and butt shape no, really...