Lucene search
K

124 matches found

OSV
OSV
added 2024/05/08 5:51 p.m.20 views

GO-2024-2818 Consensus failures in github.com/btcsuite/btcd

Incorrect implementation of the consensus rules outlined in BIP 68 and BIP 112 making btcd susceptible to consensus failures. Specifically, it uses the transaction version as a signed integer when it is supposed to be treated as unsigned. There can be a chain split and loss of funds...

7.5CVSS7.4AI score0.00558EPSS
Exploits0References5
OSV
OSV
added 2024/03/06 11:20 a.m.15 views

BIT-TENSORFLOW-2020-15199 Denial of Service in Tensorflow

In Tensorflow before version 2.3.1, the RaggedCountSparseOutput does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the splits tensor has the minimum required number of elements. Code uses this quantity to initialize a different data...

5.9CVSS5.8AI score0.00805EPSS
Exploits1References4
Code423n4
Code423n4
added 2023/11/13 12:0 a.m.7 views

Artist Royalty Split Proposal Functionality Missing

Lines of code Vulnerability details Impact The protocol's documentation specifies that royalty splits can be proposed by the artist and accepted by the admin. However, the MinterContract does not implement the functionality for artists to propose royalty splits. This inconsistency between the...

7AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 3:56 a.m.4 views

SUSE CVE-2020-15205

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the datasplits argument of tf.rawops.StringNGrams lacks validation. This allows a user to pass values that can cause heap overflow errors and even leak contents of memory In the linked code snippet, all the binary strings after ...

9.8CVSS9.2AI score0.01015EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:43 a.m.3 views

SUSE CVE-2021-29514

TensorFlow is an end-to-end open source platform for machine learning. If the splits argument of RaggedBincount does not specify a valid SparseTensorhttps://www.tensorflow.org/apidocs/python/tf/sparse/SparseTensor, then an attacker can trigger a heap buffer overflow. This will cause a read from...

7.8CVSS7.7AI score0.00211EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:43 a.m.1 views

SUSE CVE-2021-29512

TensorFlow is an end-to-end open source platform for machine learning. If the splits argument of RaggedBincount does not specify a valid SparseTensorhttps://www.tensorflow.org/apidocs/python/tf/sparse/SparseTensor, then an attacker can trigger a heap buffer overflow. This will cause a read from...

7.8CVSS7.7AI score0.00211EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:43 a.m.5 views

SUSE CVE-2021-29541

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a dereference of a null pointer in tf.rawops.StringNGrams. This is because the...

5.5CVSS5.5AI score0.00189EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:42 a.m.3 views

SUSE CVE-2021-29599

TensorFlow is an end-to-end open source platform for machine learning. The implementation of the Split TFLite operator is vulnerable to a division by zero errorhttps://github.com/tensorflow/tensorflow/blob/e2752089ef7ce9bcf3db0ec618ebd23ea119d0c7/tensorflow/lite/kernels/split.ccL63-L65. An attack...

7.8CVSS7.5AI score0.00209EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:39 a.m.2 views

SUSE CVE-2021-37656

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.RaggedTensorToSparse. The implementation has an incomplete validation of the splits values: it does not check...

7.8CVSS5.5AI score0.00167EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 3:39 a.m.5 views

SUSE CVE-2021-37666

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.RaggedTensorToVariant. The implementation has an incomplete validation of the splits values, missing the case...

7.8CVSS5.6AI score0.00173EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 3:24 a.m.4 views

SUSE CVE-2022-36018

TensorFlow is an open source platform for machine learning. If RaggedTensorToVariant is given a rtnestedsplits list that contains tensors of ranks other than one, it results in a CHECK fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...

7.5CVSS8.1AI score0.00383EPSS
Exploits0References3
Code423n4
Code423n4
added 2023/01/28 12:0 a.m.13 views

Overflow Vulnerability in Splits Contract Due to Maximum Splits Receivers Limitation (_MAX_SPLITS_RECEIVERS = 200)

Lines of code Vulnerability details Impact If more than 200 splits receivers are added for a single user, the constant MAXSPLITSRECEIVERS will be exceeded, causing unexpected behavior in the contract uint256 internal constant MAXSPLITSRECEIVERS = 200; Proof of Concept a. Create an array of splits...

6.8AI score
Exploits0
OSV
OSV
added 2022/09/16 10:29 p.m.2 views

GHSA-WR9V-G9VF-C74V TensorFlow vulnerable to segfault in `RaggedBincount`

Impact If RaggedBincount is given an empty input tensor splits, it results in a segfault that can be used to trigger a denial of service attack. python import tensorflow as tf binaryoutput = True splits = tf.random.uniformshape=0, minval=-10000, maxval=10000, dtype=tf.int64, seed=-7430 values =...

5.9CVSS5.8AI score0.00423EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2022/09/16 9:45 p.m.5 views

CVE-2022-35986

TensorFlow is an open source platform for machine learning. If RaggedBincount is given an empty input tensor splits, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 7a4591fd4f065f4fa903593bc39b2f79530a74b8. The fix will b...

7.5CVSS6.8AI score0.00423EPSS
Exploits0
OSV
OSV
added 2022/09/16 9:14 p.m.7 views

GHSA-M6CV-4FMF-66XF TensorFlow vulnerable to `CHECK` fail in `RaggedTensorToVariant`

Impact If RaggedTensorToVariant is given a rtnestedsplits list that contains tensors of ranks other than one, it results in a CHECK fail that can be used to trigger a denial of service attack. python import tensorflow as tf batchedinput = True rtnestedsplits = tf.constant0,32,64, shape=3,...

5.9CVSS7AI score0.00383EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/09/16 12:0 a.m.3 views

PT-2022-23118

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier Description The issue arises when RaggedTensorToVariant is given a rt nested splits list...

7.5CVSS7.1AI score0.00383EPSS
Exploits0References13
CNNVD
CNNVD
added 2022/09/16 12:0 a.m.5 views

Google TensorFlow 安全漏洞

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google, Inc. in the United States. A security vulnerability exists in Google TensorFlow, which stems from the fact that providing a list of rtnestedsplits for a RaggedTensorToVariant that contains a rank...

7.5CVSS7.6AI score0.00383EPSS
Exploits0References3
Code423n4
Code423n4
added 2022/07/08 12:0 a.m.13 views

Distribution of reserved tokens may run out of gas

Lines of code Vulnerability details Impact If there are enough entries in the splits array, the function that distributes the reserved tokens will run out of gas, and the reserved tokens will be un-distributable until the current cycle is over, and the splits are changed. If cycles are long, the...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2022/07/08 12:0 a.m.10 views

The splits configuration will become frozen once enough splits are added

Lines of code Vulnerability details Impact If there are enough entries in the splits array, the checks done to ensure existing locks are respected will cause attempts to change the split to revert, preventing the existing split assignment from changing. If the project has a lock with a long...

6.5AI score
Exploits0
Microsoft KB
Microsoft KB
added 2022/01/04 12:0 a.m.6 views

January 4, 2022, update for Project 2016 (KB4504713)

January 4, 2022, update for Project 2016 KB4504713 This article describes update 4504713 for Microsoft Project 2016 that was released on January 4, 2022.Be aware that the update in the Microsoft Download Center applies to the Microsoft Installer .msi-based edition of Office 2016. It doesn't apply...

6.3AI score
Exploits0
Rows per page
Query Builder