AZL-47242 CVE-2023-33976 affecting package tensorflow for versions less than 2.11.1-2

TensorFlow is an end-to-end open source platform for machine learning. arrayops.upperbound causes a segfault when not given a rank 2 tensor. The fix will be included in TensorFlow 2.13 and will also cherrypick this commit on TensorFlow 2.12...

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound due to the arrayops.upperbound function. An attacker can cause a denial of service by providing input that is not a rank 2 tensor. Remediation Upgrade tensorflow-lite to version 2.15.0 or higher. Reference...

PT-2024-12453 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.13 TensorFlow versions 2.12 and earlier Description: The issue is caused by array ops.upper bound when not given a rank 2 tensor, resulting in a segfault. The estimated number of potentially affected devices...

snappy-java: Missing upper bound check on chunk length in snappy-java can lead to Denial of Service (DoS) impact

A flaw was found in SnappyInputStream in snappy-java, a data compression library in Java. This issue occurs when decompressing data with a too-large chunk size due to a missing upper bound check on chunk length. An unrecoverable fatal error can occur, resulting in a Denial of Service DoS...

USN-6800-1: browserify-sign vulnerability

It was discovered that browserify-sign incorrectly handled an upper bound check in signature verification. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to perform a signature forgery attack...

USN-6800-1 node-browserify-sign vulnerability

It was discovered that browserify-sign incorrectly handled an upper bound check in signature verification. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to perform a signature forgery attack...

CVE-2021-47378

In the Linux kernel, the following vulnerability has been resolved: nvme-rdma: destroy cm id before destroy qp to avoid use after free We should always destroy cmid before destroy qp to avoid to get cma event after qp was destroyed, which may lead to use after free. In RDMA connection establishme...

CVE-2021-47366

In the Linux kernel, the following vulnerability has been resolved: afs: Fix corruption in reads at fpos 2G-4G from an OpenAFS server AFS-3 has two data fetch RPC variants, FS.FetchData and FS.FetchData64, and Linux's afs client switches between them when talking to a non-YFS server if the read...

CVE-2021-47378

In the Linux kernel, the following vulnerability has been resolved: nvme-rdma: destroy cm id before destroy qp to avoid use after free We should always destroy cmid before destroy qp to avoid to get cma event after qp was destroyed, which may lead to use after free. In RDMA connection establishme...

RHEL 6 : browserify-sign (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - browserify-sign: upper bound check issue in dsaVerify leads to a signature forgery attack CVE-2023-46234 Note that...

DEBIAN-CVE-2024-26949

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/pm: Fix NULL pointer dereference when get power limit Because powerplaytable initialization is skipped under sriov case, We check and set default lower and upper OD value if powerplaytable is NULL...

No title provided

REJECTED CVE An issue was identified in the Linux kernel's netfilter subsystem related to nftables. The issue occurs when a positive value, such as NFACCEPT, is provided in the upper 16 bits of NFDROP verdict parameters, which are expected to contain valid errno values e.g., -EPERM. This improper...

SUSE CVE-2024-26927

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Add some bounds checking to firmware data Smatch complains about "head-fullsize - head-headersize" can underflow. To some extent, we're always going to have to trust the firmware a bit. However, it's easy enough to add...

DEBIAN-CVE-2024-26927

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Add some bounds checking to firmware data Smatch complains about "head-fullsize - head-headersize" can underflow. To some extent, we're always going to have to trust the firmware a bit. However, it's easy enough to add...

CVE-2024-26927

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Add some bounds checking to firmware data Smatch complains about "head-fullsize - head-headersize" can underflow. To some extent, we're always going to have to trust the firmware a bit. However, it's easy enough to add...

CVE-2024-26927 ASoC: SOF: Add some bounds checking to firmware data

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Add some bounds checking to firmware data Smatch complains about "head-fullsize - head-headersize" can underflow. To some extent, we're always going to have to trust the firmware a bit. However, it's easy enough to add...

Out-of-bounds Write

GTKWave 3.3.115 is vulnerable to Out-of-bounds Write. The vulnerability is due to not checking upper bounds while looping over lt-numrealfacs in the VZT vztrdprocessblock autosort functionality. A specially crafted .vzt file can lead to arbitrary code execution when opened by a victim...

0data (=1.0.0), 1.1.1-version (=1.0.0) +8601 more potentially affected by CVE-2024-21507 via mysql2 (>=0.11.8 <=3.9.2)

mysql2 NPM version =0.11.8, =0.0.27, =1.0.0, =0.0.4, =0.0.1, =0.0.2, =1.0.0, =0.0.1-alpha.5, =0.0.1-alpha.6 - @142vip/egg-grpc-client =0.0.1-alpha.4 and more Source cves: CVE-2024-21507 Source advisory: OSV:GHSA-MQR2-W7WJ-JJGR...

UBUNTU-CVE-2021-47164

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix null deref accessing lag dev It could be the lag dev is null so stop processing the event. In bondenslave the active/backup slave being set before setting the upper dev so first event is without an upper dev. After...

CVE-2021-47164 net/mlx5e: Fix null deref accessing lag dev

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix null deref accessing lag dev It could be the lag dev is null so stop processing the event. In bondenslave the active/backup slave being set before setting the upper dev so first event is without an upper dev. After...