7035 matches found
Denial of service in `tf.ragged.constant` due to lack of validation
ImpactThe implementation of tf.ragged.constant does not fully validate the input arguments. This results in a denial of service by consuming all available memory:pythonimport tensorflow as tftf.ragged.constantpylist=,raggedrank=8968073515812833920 PatchesWe have patched the issue in GitHub commit...
Missing validation causes denial of service via `Conv3DBackpropFilterV2`
ImpactThe implementation of tf.rawops.UnsortedSegmentJoin does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack:pythonimport tensorflow as tftf.strings.unsortedsegmentjoin inputs='123', segmentids=0, numsegments=-1The...
Missing validation causes denial of service via `Conv3DBackpropFilterV2`
ImpactThe implementation of tf.rawops.UnsortedSegmentJoin does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack:pythonimport tensorflow as tftf.strings.unsortedsegmentjoin inputs='123', segmentids=0, numsegments=-1The...
Missing validation results in undefined behavior in `SparseTensorDenseAdd
ImpactThe implementation of tf.rawops.SparseTensorDenseAdd does not fully validate the input arguments:pythonimport tensorflow as tfaindices = tf.constant0, shape=17, 2, dtype=tf.int64avalues = tf.constant, shape=0, dtype=tf.float32ashape = tf.constant6, 12, shape=2, dtype=tf.int64b =...
Segfault due to missing support for quantized types
ImpactThere is a potential for segfault / denial of service in TensorFlow by calling tf.compat.v1. ops which don't yet have support for quantized types added after migration to TF 2.x:pythonimport numpy as npimport tensorflow as...
Segfault due to missing support for quantized types
ImpactThere is a potential for segfault / denial of service in TensorFlow by calling tf.compat.v1. ops which don't yet have support for quantized types added after migration to TF 2.x:pythonimport numpy as npimport tensorflow as...
Denial of service in `tf.ragged.constant` due to lack of validation
ImpactThe implementation of tf.ragged.constant does not fully validate the input arguments. This results in a denial of service by consuming all available memory:pythonimport tensorflow as tftf.ragged.constantpylist=,raggedrank=8968073515812833920 PatchesWe have patched the issue in GitHub commit...
Missing validation results in undefined behavior in `QuantizedConv2D`
ImpactThe implementation of tf.rawops.QuantizedConv2D does not fully validate the input arguments:pythonimport tensorflow as tfinput = tf.constant1, shape=1, 2, 3, 3, dtype=tf.quint8filter = tf.constant1, shape=1, 2, 3, 3, dtype=tf.quint8 bad argsmininput = tf.constant, shape=0,...
Integer overflow in `SpaceToBatchND`
ImpactThe implementation of tf.rawops.SpaceToBatchND in all backends such as XLA and handwritten kernels is vulnerable to an integer overflow:pythonimport tensorflow as tfinput = tf.constant-3.5e+35, shape=10,19,22, dtype=tf.float32blockshape = tf.constant-1879048192, shape=2,...
Missing validation results in undefined behavior in `QuantizedConv2D`
ImpactThe implementation of tf.rawops.QuantizedConv2D does not fully validate the input arguments:pythonimport tensorflow as tfinput = tf.constant1, shape=1, 2, 3, 3, dtype=tf.quint8filter = tf.constant1, shape=1, 2, 3, 3, dtype=tf.quint8 bad argsmininput = tf.constant, shape=0,...
Integer overflow in `SpaceToBatchND`
ImpactThe implementation of tf.rawops.SpaceToBatchND in all backends such as XLA and handwritten kernels is vulnerable to an integer overflow:pythonimport tensorflow as tfinput = tf.constant-3.5e+35, shape=10,19,22, dtype=tf.float32blockshape = tf.constant-1879048192, shape=2,...
Missing validation causes denial of service via `StagePeek`
ImpactThe implementation of tf.rawops.StagePeek does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack:pythonimport tensorflow as tfindex = tf.constant, shape=0, dtype=tf.int32tf.rawops.StagePeekindex=index,...
Missing validation causes denial of service via `LoadAndRemapMatrix`
ImpactThe implementation of tf.rawops.LoadAndRemapMatrix does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack:pythonimport tensorflow as tfckptpath = tf.constant "/tmp/warmstartingutiltest5kl2a3pc/tmpph76tep2/model-0"...
Missing validation causes denial of service via `LSTMBlockCell`
ImpactThe implementation of tf.rawops.LSTMBlockCell does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack:pythonimport tensorflow as tftf.rawops.LSTMBlockCell x=tf.constant0.837607, shape=28,29, dtype=tf.float32,...
Missing validation causes denial of service via `UnsortedSegmentJoin`
ImpactThe implementation of tf.rawops.UnsortedSegmentJoin does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack:pythonimport tensorflow as tftf.rawops.UnsortedSegmentJoin inputs=tf.constant"this", shape=12,...
Missing validation causes denial of service via `Conv3DBackpropFilterV2`
ImpactThe implementation of tf.rawops.Conv3DBackpropFilterV2 does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack:pythonimport tensorflow as tftf.rawops.Conv3DBackpropFilterV2 input=tf.constant.5053710941,...
Missing validation causes denial of service via `SparseTensorToCSRSparseMatrix`
ImpactThe implementation of tf.rawops.SparseTensorToCSRSparseMatrix does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack:pythonimport tensorflow as tfindices = tf.constant53, shape=3, dtype=tf.int64values =...
Missing validation causes denial of service via `SparseTensorToCSRSparseMatrix`
ImpactThe implementation of tf.rawops.SparseTensorToCSRSparseMatrix does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack:pythonimport tensorflow as tfindices = tf.constant53, shape=3, dtype=tf.int64values =...
Missing validation causes denial of service via `UnsortedSegmentJoin`
ImpactThe implementation of tf.rawops.UnsortedSegmentJoin does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack:pythonimport tensorflow as tftf.rawops.UnsortedSegmentJoin inputs=tf.constant"this", shape=12,...
Missing validation causes denial of service via `Conv3DBackpropFilterV2`
ImpactThe implementation of tf.rawops.Conv3DBackpropFilterV2 does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack:pythonimport tensorflow as tftf.rawops.Conv3DBackpropFilterV2 input=tf.constant.5053710941,...
Missing validation causes denial of service via `LoadAndRemapMatrix`
ImpactThe implementation of tf.rawops.LoadAndRemapMatrix does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack:pythonimport tensorflow as tfckptpath = tf.constant "/tmp/warmstartingutiltest5kl2a3pc/tmpph76tep2/model-0"...
Missing validation causes denial of service via `LSTMBlockCell`
ImpactThe implementation of tf.rawops.LSTMBlockCell does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack:pythonimport tensorflow as tftf.rawops.LSTMBlockCell x=tf.constant0.837607, shape=28,29, dtype=tf.float32,...
matrix-sydent and matrix-synapse Use Cryptographically Weak PRNG
An issue was discovered in Matrix Sydent before 1.0.3 and Synapse before 0.99.3.1. Random number generation is mishandled, which makes it easier for attackers to predict a Sydent authentication token or a Synapse random ID...
Missing validation crashes `QuantizeAndDequantizeV4Grad`
ImpactThe implementation of tf.rawops.QuantizeAndDequantizeV4Grad does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack:pythonimport tensorflow as tftf.rawops.QuantizeAndDequantizeV4Grad gradients=tf.constant1,...
Missing validation causes denial of service via `DeleteSessionTensor`
ImpactThe implementation of tf.rawops.DeleteSessionTensor does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack:pythonimport tensorflow as tfhandle = tf.constant"", shape=0,...
Missing validation causes denial of service via `StagePeek`
ImpactThe implementation of tf.rawops.StagePeek does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack:pythonimport tensorflow as tfindex = tf.constant, shape=0, dtype=tf.int32tf.rawops.StagePeekindex=index,...
Missing validation causes denial of service via `GetSessionTensor`
ImpactThe implementation of tf.rawops.GetSessionTensor does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack:pythonimport tensorflow as tfhandle = tf.constant"", shape=0,...
Missing validation causes denial of service via `GetSessionTensor`
ImpactThe implementation of tf.rawops.GetSessionTensor does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack:pythonimport tensorflow as tfhandle = tf.constant"", shape=0,...
Missing validation crashes `QuantizeAndDequantizeV4Grad`
ImpactThe implementation of tf.rawops.QuantizeAndDequantizeV4Grad does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack:pythonimport tensorflow as tftf.rawops.QuantizeAndDequantizeV4Grad gradients=tf.constant1,...
Missing validation causes denial of service via `DeleteSessionTensor`
ImpactThe implementation of tf.rawops.DeleteSessionTensor does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack:pythonimport tensorflow as tfhandle = tf.constant"", shape=0,...
Plone Privilege Escallation
plone.restapi in Plone 5.2.0 through 5.2.1 allows users with a certain privilege level to escalate their privileges up to the highest level...
Products.CMFPlone Open Redirect Vulnerability
When you visit a page where you need to login, Plone 2.5-5.1rc1 sends you to the login form with a 'camefrom' parameter set to the previous url. After you login, you get redirected to the page you tried to view before. An attacker might try to abuse this by letting you click on a specially crafte...
Plone unauthorized member addition vulnerability
Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.0 through 4.3.6, and 5.0rc1 allows remote attackers to add a new member to a Plone site with registration enabled, without acknowledgment of site administrator...
Missing validation causes `TensorSummaryV2` to crash
ImpactThe implementation of tf.rawops.TensorSummaryV2 does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack:pythonimport numpy as npimport tensorflow as tftf.rawops.TensorSummaryV2 tag=np.array'test', tensor=np.array3,...
OpenStack Cinder, Glance, and Nova contain Uncontrolled Resource Consumption
The image parser in OpenStack Cinder prior to 7.0.2, and 8.0.0 and above, prior to 9.0.0; Glance prior to 14.00; and Nova prior to 12.0.4 does not properly limit qemu-img calls, which might allow attackers to cause a denial of service memory and disk consumption via a crafted disk image. This iss...
Tryton vulnerable to arbitrary command execution
The safeeval function in trytond in Tryton before 2.4.15, 2.6.x before 2.6.14, 2.8.x before 2.8.11, 3.0.x before 3.0.7, and 3.2.x before 3.2.3 allows remote authenticated users to execute arbitrary commands via shell metacharacters in 1 the collection.domain in the webdav module or 2 the formula...
Missing validation causes `TensorSummaryV2` to crash
ImpactThe implementation of tf.rawops.TensorSummaryV2 does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack:pythonimport numpy as npimport tensorflow as tftf.rawops.TensorSummaryV2 tag=np.array'test', tensor=np.array3,...
Products.CMFPlone XSS in profile home_page property
A member of the Plone site could set javascript in the homepage property of their profile, and have this executed when a visitor clicks the home page link on the author page...
Paste Script has improper group memberships permissions
Paste Script 1.7.5 and earlier does not properly set group memberships during execution with root privileges, which might allow remote attackers to bypass intended file-access restrictions by leveraging a web application that uses the local filesystem...
OpenStack Cinder, Glance, and Nova contain Uncontrolled Resource Consumption
The image parser in OpenStack Cinder prior to 7.0.2, and 8.0.0 and above, prior to 9.0.0; Glance prior to 14.00; and Nova prior to 12.0.4 does not properly limit qemu-img calls, which might allow attackers to cause a denial of service memory and disk consumption via a crafted disk image. This iss...
OpenStack Keystone and other components vulnerable to Improper Certificate Validation
HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates...
Zope XSS Vulnerability
Cross-site scripting XSS vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3, 3.1.1 through 3.4.1. allows remote attackers to inject arbitrary web script or HTML via vectors related to the way error messages perform...
OpenStack Keystone and other components vulnerable to Improper Certificate Validation
HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates...
OpenStack Identity Keystone and keystonemiddleware Insufficiently Protected Credentials
The identity service in OpenStack Identity Keystone before 2015.1.3 Kilo and 8.0.x before 8.0.2 Liberty and keystonemiddleware formerly python-keystoneclient before 1.5.4 Kilo and Liberty before 2.3.3 does not properly invalidate authorization tokens when using the PKI or PKIZ token providers,...
XML Entity Expansion in trytond and proteus
An XML Entity Expansion XEE issue was discovered in Tryton Application Platform Server 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform Command Line Client proteus 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. A...
OpenStack Keystone and other components vulnerable to Improper Certificate Validation
HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates...
Improper Neutralization of Input During Web Page Generation in Jupyter Notebook
An XSSI cross-site inclusion vulnerability in Jupyter Notebook before 5.7.6 allows inclusion of resources on malicious pages when visited by users who are authenticated with a Jupyter server. Access to the content of resources has been demonstrated with Internet Explorer through capturing of erro...
`CHECK`-failures in `TensorByteSize` in Tensorflow
ImpactA malicious user can cause a denial of service by altering a SavedModel such that TensorByteSize would trigger CHECK failures.ccint64t TensorByteSizeconst TensorProto& t // numelements returns -1 if shape is not fully defined. int64t numelems = TensorShapet.tensorshape.numelements; return...
`CHECK`-failures during Grappler's `SafeToRemoveIdentity` in Tensorflow
ImpactThe Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a SavedModel such that SafeToRemoveIdentity would trigger CHECK failures. PatchesWe have patched the issue in GitHub commit 92dba16749fae36c246bec3f9ba474d9ddeb7662.The fix will be included in TensorFl...
Integer overflow in Tensorflow
ImpactThe implementation of OpLevelCostEstimator::CalculateOutputSize is vulnerable to an integer overflow if an attacker can create an operation which would involve tensors with large enough number of elements:ccfor const auto& dim : outputshape.dim outputsize = dim.size; Here, we can have a lar...