GHSA-QXPX-J395-PW36 TensorFlow vulnerable to segfault in `LowerBound` and `UpperBound`

Impact If LowerBound or UpperBound is given an emptysortedinputs input, it results in a nullptr dereference, leading to a segfault that can be used to trigger a denial of service attack. python import tensorflow as tf outtype = tf.int32 sortedinputs = tf.constant, shape=10,0, dtype=tf.float32...

CVE-2022-35965

TensorFlow is an open source platform for machine learning. If LowerBound or UpperBound is given an emptysortedinputs input, it results in a nullptr dereference, leading to a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...

PT-2022-23064 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier Description: The issue arises when LowerBound or UpperBound is given an empty sorted inputs...

The vulnerability of the shmget() function in the Linux operating system allows a hacker to gain access to confidential data and compromise its integrity.

The vulnerability of the shmget function in the Linux operating system’s kernel is related to the double mapping of memory regions, which are aligned according to PUD. Exploiting this vulnerability can allow an attacker to gain access to confidential data and compromise its integrity...

Unbounded loop in BaseV1-core.sol could lead to a griefing/DOS attack

Lines of code Vulnerability details Denial Of Service Attack Denial-of-service attacks: Attacks that cause DoS are called DoS attacks. The purpose is to disable the computer or network from providing normal service. Description: As this array can grow quite large, the transaction’s gas cost could...

GHSA-M43H-HFRQ-X8WX SystemDS CPU exhaustion vulnerability

The Security Team noticed that the termination condition of the for loop in the readExternal method is a controllable variable, which, if tampered with, may lead to CPU exhaustion. As a fix, we added an upper bound and termination condition in the read and write logic. We classify it as a...

CVE-2022-26477

The Security Team noticed that the termination condition of the for loop in the readExternal method is a controllable variable, which, if tampered with, may lead to CPU exhaustion. As a fix, we added an upper bound and termination condition in the read and write logic. We classify it as a...

PYSEC-2022-222

The Security Team noticed that the termination condition of the for loop in the readExternal method is a controllable variable, which, if tampered with, may lead to CPU exhaustion. As a fix, we added an upper bound and termination condition in the read and write logic. We classify it as a...

PYSEC-2022-222

The Security Team noticed that the termination condition of the for loop in the readExternal method is a controllable variable, which, if tampered with, may lead to CPU exhaustion. As a fix, we added an upper bound and termination condition in the read and write logic. We classify it as a...

CVE-2022-26477

The Security Team noticed that the termination condition of the for loop in the readExternal method is a controllable variable, which, if tampered with, may lead to CPU exhaustion. As a fix, we added an upper bound and termination condition in the read and write logic. We classify it as a...

Yieldy._totalSupply has different upper bounds.

Lines of code Vulnerability details Impact Yieldy.totalSupply has different upper bounds. Yieldy.mint will revert when totalSupply is exactly same as MAXSUPPLY. Proof of Concept From L91-L98, we can see totalSupply can be same as MAXSUPPLY and I think "totalSupply = MAXSUPPLY" is reasonable also...

Upgraded Q -> H from 25 [1655007954017]

Judge has assessed an item in Issue 25 as High risk. The relevant finding follows: Fees should have a boundary of 100% 10000: Otherwise the contract will try to transfer more than possible which will result in reverts: It might also be helpful the have an fixed upper boundary that doesn't allow t...

Upgraded Q -> M from 41 [1654474648312]

Judge has assessed an item in Issue 41 as Medium risk. The relevant finding follows: L02: Lack of upper bound for feeRate Line References Description Fees can be set above 1e18, preventing options from being exercised. Recommended Mitigation Steps Consider having a hard cap of x% 100%. // Eg. cap...

Silverstripe XSS Vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in SilverStripe 2.3.x before 2.3.13 and 2.4.x before 2.4.7 allow remote attackers to inject arbitrary web script or HTML via 1. a crafted string to the AbsoluteLinks 1. BigSummary 1. ContextSummary 1. EscapeXML 1. FirstParagraph 1. FirstSentence 1...

GHSA-V358-RVXR-WFFX Silverstripe XSS Vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in SilverStripe 2.3.x before 2.3.13 and 2.4.x before 2.4.7 allow remote attackers to inject arbitrary web script or HTML via 1. a crafted string to the AbsoluteLinks 1. BigSummary 1. ContextSummary 1. EscapeXML 1. FirstParagraph 1. FirstSentence 1...

Fees in TokenManager.sol:function changeFee() should be upper-bounded

193 comment Warden: Dravee --- The text was updated successfully, but these errors were encountered: All reactions...

Improper Upper Bound Definition on the depositFeeBP

Judge @GalloDaSballo has assessed item C4-002 in QA Report 198 as Medium risk. The relevant finding follows: … Impact - LOW The add function does not have any upper or lower bounds. Values that are too large will lead to reversions in several critical functions. User funds will be locked forever...

PYSEC-2022-56

Tensorflow is an Open Source Machine Learning Framework. The implementation of ThreadPoolHandle can be used to trigger a denial of service attack by allocating too much memory. This is because the numthreads argument is only checked to not be negative, but there is no upper bound on its value. Th...

PYSEC-2022-111

Tensorflow is an Open Source Machine Learning Framework. The implementation of ThreadPoolHandle can be used to trigger a denial of service attack by allocating too much memory. This is because the numthreads argument is only checked to not be negative, but there is no upper bound on its value. Th...

Integer overflow

Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for Dequantize is vulnerable to an integer overflow weakness. The axis argument can be -1 the default value for the optional argument or any other positive value at most the number of dimensions of the...