GHSA-PG59-2F92-5CPH Heap buffer overflow in Tensorflow

Impact The SparseCountSparseOutput and RaggedCountSparseOutput implementations don't validate that the weights tensor has the same shape as the data. The check exists for DenseCountSparseOutput, where both tensors are fully specified:...

PT-2020-14265 · Google +1 · Tensorflow +1

Name of the Vulnerable Software and Affected Versions: Tensorflow versions prior to 1.15.4 Tensorflow versions prior to 2.0.3 Tensorflow versions prior to 2.1.2 Tensorflow versions prior to 2.2.1 Tensorflow versions prior to 2.3.1 Description: The SparseFillEmptyRowsGrad implementation has...

PT-2020-14267 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow version 2.3.0 Description: The SparseCountSparseOutput and RaggedCountSparseOutput implementations do not validate that the weights tensor has the same shape as the data. This can lead to a read from outside the bounds of the heap...

Security update for git (moderate)

openSUSE Security Update: Security update for git Announcement ID: openSUSE-SU-2020:0598-1 Rating: moderate References: 1063412 1095218 1095219 1110949 1112230 1114225 1132350 1149792 1156651 1158785 1158787 1158788 1158789 1158790 1158791 1158792 1158793 1158795 1167890 1168930 1169605 1169786...

SUSE SLED15 / SLES15 Security Update : git (SUSE-SU-2020:1121-1)

This update for git fixes the following issues : Security issues fixed : CVE-2020-11008: Specially crafted URLs may have tricked the credentials helper to providing credential information that is not appropriate for the protocol in use and host being contacted bsc1169936 git was updated to 2.26.1...

SUSE-SU-2020:1121-1 Security update for git

This update for git fixes the following issues: Security issues fixed: CVE-2020-11008: Specially crafted URLs may have tricked the credentials helper to providing credential information that is not appropriate for the protocol in use and host being contacted bsc1169936 git was updated to 2.26.1...

SUSE SLES12 Security Update : git (SUSE-SU-2020:0992-1)

This update for git fixes the following issues : Security issue fixed : CVE-2020-5260: With a crafted URL that contains a newline in it, the credential helper machinery can be fooled to give credential information for a wrong host bsc1168930. Non-security issue fixed : git was updated to 2.26.0 f...

The vulnerability of the sparse_dump_region function in the GNU Tar archive utility, which involves reading beyond the buffer boundaries, allows a hacker to cause a service failure.

The vulnerability of the sparsedumpregion function in the GNU Tar archive manager is related to reading beyond the buffer boundaries when the --sparse flag is used. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...

openSUSE Security Update : tar (openSUSE-2019-1237)

This update for tar fixes the following issues : Security issues fixed : - CVE-2019-9923: Fixed a denial of service while parsing certain archives with malformed extended headers in paxdecodeheader bsc1130496. - CVE-2018-20482: Fixed a denial of service when the '--sparse' option mishandles file...

Edge no prior knowledge of the exploit--Advanced-Edition-vulnerability warning-the black bar safety net

Previously The previous article we talked about the need to fake a TypedArray to achieve arbitrary address read and write. Want to fake any object, you first need to know the object's metadata, the need to fake the TypedArray metadata how to get it? To add some background knowledge The following ...

SUSE SLED15 / SLES15 Security Update : tar (SUSE-SU-2019:0926-1)

This update for tar fixes the following issues : Security issues fixed : CVE-2019-9923: Fixed a denial of service while parsing certain archives with malformed extended headers in paxdecodeheader bsc1130496. CVE-2018-20482: Fixed a denial of service when the '--sparse' option mishandles file...

GLSA-201903-05 : Tar: Denial of service

The remote host is affected by the vulnerability described in GLSA-201903-05 Tar: Denial of service The sparsedumpregion function in sparse.c file in Tar allows an infinite loop using the --sparse option. Impact : A local attacker could cause a Denial of Service condition by modifying a file that...

[ASA-201901-1] tar: denial of service

Arch Linux Security Advisory ASA-201901-1 ========================================= Severity: Low Date : 2019-01-08 CVE-ID : CVE-2018-20482 Package : tar Type : denial of service Remote : No Link : https://security.archlinux.org/AVG-841 Summary ======= The package tar before version 1.31-1 is...

DEBIAN-CVE-2018-20542

There is a heap-based buffer-overflow at generatorspgemmcscreader.c function libxsmmsparsecscreader in LIBXSMM 1.10, a different vulnerability than CVE-2018-20541 which is in a different part of the source code and is seen at a different address...

DEBIAN-CVE-2018-20541

There is a heap-based buffer overflow in libxsmmsparsecscreader at generatorspgemmcscreader.c in LIBXSMM 1.10, a different vulnerability than CVE-2018-20542 which is in a different part of the source code and is seen at different addresses...

DEBIAN-CVE-2018-20543

There is an attempted excessive memory allocation at libxsmmsparsecscreader in generatorspgemmcscreader.c in LIBXSMM 1.10 that will cause a denial of service...

GNU tar Denial of Service Vulnerability

GNU Tar is a set of tools developed by the GNU Project for creating files in tar format. A security vulnerability exists in GNU Tar versions 1.30 and earlier, which stems from the program's failure to properly handle file shrinking. A local attacker can exploit this vulnerability by modifying the...

UBUNTU-CVE-2018-20482

GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service infinite read loop in sparsedumpregion in sparse.c by modifying a file that is supposed to be archived by a different user's process e.g., a system back...

DEBIAN-CVE-2018-20482

GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service infinite read loop in sparsedumpregion in sparse.c by modifying a file that is supposed to be archived by a different user's process e.g., a system back...

ALPINE-CVE-2018-20482

GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service infinite read loop in sparsedumpregion in sparse.c by modifying a file that is supposed to be archived by a different user's process e.g., a system back...