Lucene search
K
PypaMost viewed

5616 matches found

PyPA
PyPA
added 2021/05/14 8:15 p.m.4 views

PYSEC-2021-666

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow to occur in Conv2DBackpropFilter. This is because the...

7.8CVSS7.6AI score0.00215EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/05/14 8:15 p.m.4 views

PYSEC-2021-529

TensorFlow is an end-to-end open source platform for machine learning. The TFLite implementation of concatenation is vulnerable to an integer overflow issuehttps://github.com/tensorflow/tensorflow/blob/7b7352a724b690b11bfaae2cd54bc3907daf6285/tensorflow/lite/kernels/concatenation.ccL70-L76. An...

7.1CVSS7.2AI score0.00192EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/05/14 8:15 p.m.4 views

PYSEC-2021-442

TensorFlow is an end-to-end open source platform for machine learning. If the splits argument of RaggedBincount does not specify a valid SparseTensorhttps://www.tensorflow.org/apidocs/python/tf/sparse/SparseTensor, then an attacker can trigger a heap buffer overflow. This will cause a read from...

7.8CVSS7.3AI score0.00211EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/05/14 8:15 p.m.4 views

PYSEC-2021-246

TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in SparseAdd results in allowing attackers to exploit undefined behavior dereferencing null pointers as well as write outside of bounds of heap allocated data. The...

7.8CVSS7.2AI score0.00234EPSS
Exploits1References3Affected Software1
PyPA
PyPA
added 2021/05/14 8:15 p.m.4 views

PYSEC-2021-667

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a dereference of a null pointer in tf.rawops.StringNGrams. This is because the...

5.5CVSS6.9AI score0.00189EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/05/14 8:15 p.m.4 views

PYSEC-2021-477

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a runtime division by zero error and denial of service in tf.rawops.QuantizedBatchNormWithGlobalNormalization. This is because the...

5.5CVSS6.8AI score0.00189EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/05/14 8:15 p.m.4 views

PYSEC-2021-681

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via a FPE runtime error in tf.rawops.FusedBatchNorm. This is because the...

5.5CVSS6.9AI score0.00189EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/05/14 8:15 p.m.4 views

PYSEC-2021-700

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.MaxPool3DGradGrad exhibits undefined behavior by dereferencing null pointers backing attacker-supplied empty tensors. The...

7.8CVSS6.9AI score0.00201EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/05/14 8:15 p.m.4 views

PYSEC-2021-738

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a heap buffer overflow in Eigen implementation of tf.rawops.BandedTriangularSolve. The...

7.8CVSS7.5AI score0.00287EPSS
Exploits1References3Affected Software1
PyPA
PyPA
added 2021/05/14 8:15 p.m.4 views

PYSEC-2021-653

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in tf.rawops.QuantizedConv2D. This is because the...

5.5CVSS7AI score0.00189EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/05/14 8:15 p.m.4 views

PYSEC-2021-530

TensorFlow is an end-to-end open source platform for machine learning. The implementation of the DepthwiseConv TFLite operator is vulnerable to a division by zero...

5.5CVSS6.9AI score0.00189EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/05/14 8:15 p.m.4 views

PYSEC-2021-742

TensorFlow is an end-to-end open source platform for machine learning. The implementation of TrySimplifyhttps://github.com/tensorflow/tensorflow/blob/c22d88d6ff33031aa113e48aa3fc9aa74ed79595/tensorflow/core/grappler/optimizers/arithmeticoptimizer.ccL390-L401 has undefined behavior due to...

7.8CVSS6.9AI score0.00206EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/05/14 8:15 p.m.4 views

PYSEC-2021-213

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.MaxPool3DGradGrad is vulnerable to a heap buffer overflow. The...

7.8CVSS7.3AI score0.00211EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/05/14 8:15 p.m.4 views

PYSEC-2021-527

TensorFlow is an end-to-end open source platform for machine learning. The implementation of the Split TFLite operator is vulnerable to a division by zero errorhttps://github.com/tensorflow/tensorflow/blob/e2752089ef7ce9bcf3db0ec618ebd23ea119d0c7/tensorflow/lite/kernels/split.ccL63-L65. An attack...

7.8CVSS6.9AI score0.00209EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/05/14 8:15 p.m.4 views

PYSEC-2021-499

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.MaxPoolGradWithArgmax can cause reads outside of bounds of heap allocated data if attacker supplies specially crafted inputs. The...

7.8CVSS7.7AI score0.0024EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/05/14 8:15 p.m.4 views

PYSEC-2021-469

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a dereference of a null pointer in tf.rawops.StringNGrams. This is because the...

5.5CVSS6.9AI score0.00189EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/05/14 8:15 p.m.4 views

PYSEC-2021-251

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.io.decoderaw produces incorrect results and crashes the Python interpreter when combining fixedlength and wider datatypes. The implementation of the padded...

7.8CVSS7AI score0.00221EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/05/14 8:15 p.m.4 views

PYSEC-2021-450

TensorFlow is an end-to-end open source platform for machine learning. The tf.rawops.Conv3DBackprop operations fail to validate that the input tensors are not empty. In turn, this would result in a division by 0. This is because the...

5.5CVSS6.8AI score0.00189EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/05/14 8:15 p.m.4 views

PYSEC-2021-664

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a division by zero to occur in Conv2DBackpropFilter. This is because the...

5.5CVSS6.7AI score0.00189EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/05/14 8:15 p.m.4 views

PYSEC-2021-518

TensorFlow is an end-to-end open source platform for machine learning. The implementations of the Minimum and Maximum TFLite operators can be used to read data outside of bounds of heap allocated objects, if any of the two input tensor arguments are empty. This is because the broadcasting...

7.1CVSS6.9AI score0.00198EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/05/14 8:15 p.m.4 views

PYSEC-2021-441

TensorFlow is an end-to-end open source platform for machine learning. Calling TF operations with tensors of non-numeric types when the operations expect numeric tensors result in null pointer dereferences. The conversion from Python array to C++...

7.8CVSS6.9AI score0.00203EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/05/14 8:15 p.m.4 views

PYSEC-2021-699

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.MaxPoolGradWithArgmax is vulnerable to a division by 0. The...

5.5CVSS6.9AI score0.00189EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/05/14 8:15 p.m.4 views

PYSEC-2021-237

TensorFlow is an end-to-end open source platform for machine learning. The implementation of the OneHot TFLite operator is vulnerable to a division by zero errorhttps://github.com/tensorflow/tensorflow/blob/f61c57bd425878be108ec787f4d96390579fb83e/tensorflow/lite/kernels/onehot.ccL68-L72. An...

7.8CVSS6.9AI score0.00201EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/05/14 8:15 p.m.4 views

PYSEC-2021-542

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.io.decoderaw produces incorrect results and crashes the Python interpreter when combining fixedlength and wider datatypes. The implementation of the padded...

7.8CVSS7AI score0.00221EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/05/14 8:15 p.m.4 views

PYSEC-2021-225

TensorFlow is an end-to-end open source platform for machine learning. The optimized implementation of the TransposeConv TFLite operator is vulnerable to a division by zero error. An attacker can craft a model such that strideh,w values are 0. Code calling this function must validate these...

7.8CVSS7AI score0.00201EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/05/14 8:15 p.m.4 views

PYSEC-2021-493

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a null pointer dereference in the implementation of tf.rawops.SparseFillEmptyRows. This is because of missing...

5.5CVSS6.9AI score0.00189EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/05/14 8:15 p.m.4 views

PYSEC-2021-198

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service by exploiting a CHECK-failure coming from tf.rawops.LoadAndRemapMatrix. This is because the...

5.5CVSS6.8AI score0.00189EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/05/14 8:15 p.m.4 views

PYSEC-2021-179

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow by passing crafted inputs to tf.rawops.StringNGrams. This is because the...

5.5CVSS7.4AI score0.00198EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/05/14 8:15 p.m.4 views

PYSEC-2021-170

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK failure by passing an empty image to tf.rawops.DrawBoundingBoxes. This is because the...

5.5CVSS7AI score0.00217EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/05/14 8:15 p.m.4 views

PYSEC-2021-227

TensorFlow is an end-to-end open source platform for machine learning. The implementations of the Minimum and Maximum TFLite operators can be used to read data outside of bounds of heap allocated objects, if any of the two input tensor arguments are empty. This is because the broadcasting...

7.1CVSS6.9AI score0.00198EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/05/14 8:15 p.m.4 views

PYSEC-2021-195

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in tf.rawops.SparseSplit. This is because the...

7.8CVSS7.4AI score0.00211EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/05/14 8:15 p.m.4 views

PYSEC-2021-492

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a null pointer dereference in the implementation of tf.rawops.EditDistance. This is because the...

5.5CVSS7AI score0.00189EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/05/14 8:15 p.m.4 views

PYSEC-2021-217

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.FractionalMaxPoolGrad triggers an undefined behavior if one of the input tensors is empty. The code is also vulnerable to a denial of service attack as a CHECK condition becomes false and aborts...

5.5CVSS7AI score0.00189EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/05/14 8:15 p.m.4 views

PYSEC-2021-196

TensorFlow is an end-to-end open source platform for machine learning. An attacker can access data outside of bounds of heap allocated array in tf.rawops.UnicodeEncode. This is because the...

7.1CVSS7AI score0.00198EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/05/14 8:15 p.m.4 views

PYSEC-2021-516

TensorFlow is an end-to-end open source platform for machine learning. The optimized implementation of the TransposeConv TFLite operator is vulnerable to a division by zero error. An attacker can craft a model such that strideh,w values are 0. Code calling this function must validate these...

7.8CVSS7AI score0.00201EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/05/14 8:15 p.m.4 views

PYSEC-2021-250

TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in tf.rawops.CTCLoss allows an attacker to trigger an OOB read from heap. The fix will be included in TensorFlow 2.5.0. We will also cherrypick these commits on TensorFlow 2.4.2, TensorFlow 2.3.3,...

7.1CVSS6.9AI score0.0024EPSS
Exploits1References3Affected Software1
PyPA
PyPA
added 2021/05/14 8:15 p.m.4 views

PYSEC-2021-722

TensorFlow is an end-to-end open source platform for machine learning. The implementation of the EmbeddingLookup TFLite operator is vulnerable to a division by zero...

7.8CVSS6.9AI score0.00201EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/05/14 8:15 p.m.4 views

PYSEC-2021-228

TensorFlow is an end-to-end open source platform for machine learning. TFlite graphs must not have loops between nodes. However, this condition was not checked and an attacker could craft models that would result in infinite loop during evaluation. In certain cases, the infinite loop would be...

7.8CVSS7AI score0.00262EPSS
Exploits1References3Affected Software1
PyPA
PyPA
added 2021/05/14 8:15 p.m.4 views

PYSEC-2021-517

TensorFlow is an end-to-end open source platform for machine learning. The reference implementation of the GatherNd TFLite operator is vulnerable to a division by zero...

7.8CVSS6.9AI score0.00201EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/05/14 8:15 p.m.4 views

PYSEC-2021-193

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via a FPE runtime error in tf.rawops.Reverse. This is because the...

5.5CVSS6.8AI score0.00189EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/05/14 8:15 p.m.4 views

PYSEC-2021-154

TensorFlow is an end-to-end open source platform for machine learning. A malicious user could trigger a division by 0 in Conv3D implementation. The implementationhttps://github.com/tensorflow/tensorflow/blob/42033603003965bffac51ae171b51801565e002d/tensorflow/core/kernels/convops3d.ccL143-L145 do...

5.5CVSS6.9AI score0.00189EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/05/14 8:15 p.m.4 views

PYSEC-2021-501

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.MaxPoolGradWithArgmax is vulnerable to a division by 0. The...

5.5CVSS6.9AI score0.00189EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/05/14 7:15 p.m.4 views

PYSEC-2021-149

TensorFlow is an end-to-end open source platform for machine learning. If the splits argument of RaggedBincount does not specify a valid SparseTensorhttps://www.tensorflow.org/apidocs/python/tf/sparse/SparseTensor, then an attacker can trigger a heap buffer overflow. This will cause a read from...

7.8CVSS7.4AI score0.00211EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/05/07 3:15 p.m.4 views

PYSEC-2021-12

Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet side by sending very large websocket frames. Malicious peer may exhaust memory on Eventlet side by sending highly compressed data frame. A patch in version 0.31.0 restricts websocket frame to...

5.3CVSS6.9AI score0.01807EPSS
Exploits0References1Affected Software1
PyPA
PyPA
added 2021/05/05 11:15 a.m.4 views

PYSEC-2021-17

Multiple path traversal vulnerabilities exist in smbserver.py in Impacket through 0.9.22. An attacker that connects to a running smbserver instance can list and write to arbitrary files via ../ directory traversal. This could potentially be abused to achieve arbitrary code execution by replacing...

9.8CVSS8AI score0.1926EPSS
Exploits1References10Affected Software1
PyPA
PyPA
added 2021/04/15 6:15 p.m.4 views

PYSEC-2021-24

Impact Missing input validation of some parameters on the endpoints used to confirm third-party identifiers could cause excessive use of disk space and memory leading to resource exhaustion. Patches Fixed by 3175fd3. Workarounds There are no known workarounds. References n/a For more information ...

4.3CVSS6.8AI score0.00927EPSS
Exploits0References2Affected Software1
PyPA
PyPA
added 2021/04/12 10:15 p.m.4 views

PYSEC-2021-26

Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 Synapse is missing input validation of some parameters on the endpoints used to confirm third-party...

6.5CVSS6.7AI score0.01596EPSS
Exploits0References4Affected Software1
PyPA
PyPA
added 2021/03/26 8:15 p.m.4 views

PYSEC-2021-133

Synapse is a Matrix reference homeserver written in python pypi package matrix-synapse. Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.27.0, the password reset endpoint served via Synapse was vulnerable to cross-site scripting XSS attacks. The...

8.2CVSS6.1AI score0.01221EPSS
Exploits0References4Affected Software1
PyPA
PyPA
added 2021/03/05 12:15 p.m.4 views

PYSEC-2021-127

Apache Superset up to and including 0.38.0 allowed the creation of a Markdown component on a Dashboard page for describing chart's related information. Abusing this functionality, a malicious user could inject javascript code executing unwanted action in the context of the user's browser. The...

5.4CVSS7AI score0.86393EPSS
Exploits0References3Affected Software1
PyPA
PyPA
added 2021/03/03 10:15 a.m.4 views

PYSEC-2021-891

CWE - CWE-287: Improper Authentication vulnerability in SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local attackers to execute arbitrary code via salt without the need to specify valid credentials. This issue affects: SUSE Linux Enterprise Server 15 SP 3 salt versions prior t...

9.8CVSS7.6AI score0.02333EPSS
Exploits0References3Affected Software1
Total number of security vulnerabilities5000