Lucene search
K

7035 matches found

PyPA
PyPA
•added 6 days ago•6 views

Denial of service in `tf.ragged.constant` due to lack of validation

ImpactThe implementation of tf.ragged.constant does not fully validate the input arguments. This results in a denial of service by consuming all available memory:pythonimport tensorflow as tftf.ragged.constantpylist=,raggedrank=8968073515812833920 PatchesWe have patched the issue in GitHub commit...

5.5CVSS6.2AI score0.00316EPSS
Exploits1References12Affected Software1
PyPA
PyPA
•added 6 days ago•3 views

Missing validation causes denial of service via `Conv3DBackpropFilterV2`

ImpactThe implementation of tf.rawops.UnsortedSegmentJoin does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack:pythonimport tensorflow as tftf.strings.unsortedsegmentjoin inputs='123', segmentids=0, numsegments=-1The...

5.5CVSS6.2AI score0.00346EPSS
Exploits1References13Affected Software1
PyPA
PyPA
•added 6 days ago•2 views

Missing validation causes denial of service via `Conv3DBackpropFilterV2`

ImpactThe implementation of tf.rawops.UnsortedSegmentJoin does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack:pythonimport tensorflow as tftf.strings.unsortedsegmentjoin inputs='123', segmentids=0, numsegments=-1The...

5.5CVSS6.2AI score0.00346EPSS
Exploits1References13Affected Software1
PyPA
PyPA
•added 6 days ago•4 views

Missing validation results in undefined behavior in `SparseTensorDenseAdd

ImpactThe implementation of tf.rawops.SparseTensorDenseAdd does not fully validate the input arguments:pythonimport tensorflow as tfaindices = tf.constant0, shape=17, 2, dtype=tf.int64avalues = tf.constant, shape=0, dtype=tf.float32ashape = tf.constant6, 12, shape=2, dtype=tf.int64b =...

5.5CVSS6.2AI score0.00338EPSS
Exploits1References11Affected Software1
PyPA
PyPA
•added 6 days ago•4 views

Segfault due to missing support for quantized types

ImpactThere is a potential for segfault / denial of service in TensorFlow by calling tf.compat.v1. ops which don't yet have support for quantized types added after migration to TF 2.x:pythonimport numpy as npimport tensorflow as...

5.5CVSS6.2AI score0.00317EPSS
Exploits1References12Affected Software1
PyPA
PyPA
•added 6 days ago•4 views

Segfault due to missing support for quantized types

ImpactThere is a potential for segfault / denial of service in TensorFlow by calling tf.compat.v1. ops which don't yet have support for quantized types added after migration to TF 2.x:pythonimport numpy as npimport tensorflow as...

5.5CVSS6.2AI score0.00317EPSS
Exploits1References12Affected Software1
PyPA
PyPA
•added 6 days ago•3 views

Denial of service in `tf.ragged.constant` due to lack of validation

ImpactThe implementation of tf.ragged.constant does not fully validate the input arguments. This results in a denial of service by consuming all available memory:pythonimport tensorflow as tftf.ragged.constantpylist=,raggedrank=8968073515812833920 PatchesWe have patched the issue in GitHub commit...

5.5CVSS6.2AI score0.00316EPSS
Exploits1References12Affected Software1
PyPA
PyPA
•added 6 days ago•3 views

Missing validation results in undefined behavior in `QuantizedConv2D`

ImpactThe implementation of tf.rawops.QuantizedConv2D does not fully validate the input arguments:pythonimport tensorflow as tfinput = tf.constant1, shape=1, 2, 3, 3, dtype=tf.quint8filter = tf.constant1, shape=1, 2, 3, 3, dtype=tf.quint8 bad argsmininput = tf.constant, shape=0,...

5.5CVSS6.2AI score0.00333EPSS
Exploits1References11Affected Software1
PyPA
PyPA
•added 6 days ago•4 views

Integer overflow in `SpaceToBatchND`

ImpactThe implementation of tf.rawops.SpaceToBatchND in all backends such as XLA and handwritten kernels is vulnerable to an integer overflow:pythonimport tensorflow as tfinput = tf.constant-3.5e+35, shape=10,19,22, dtype=tf.float32blockshape = tf.constant-1879048192, shape=2,...

5.5CVSS6.2AI score0.00333EPSS
Exploits1References11Affected Software1
PyPA
PyPA
•added 6 days ago•4 views

Missing validation results in undefined behavior in `QuantizedConv2D`

ImpactThe implementation of tf.rawops.QuantizedConv2D does not fully validate the input arguments:pythonimport tensorflow as tfinput = tf.constant1, shape=1, 2, 3, 3, dtype=tf.quint8filter = tf.constant1, shape=1, 2, 3, 3, dtype=tf.quint8 bad argsmininput = tf.constant, shape=0,...

5.5CVSS6.2AI score0.00333EPSS
Exploits1References11Affected Software1
PyPA
PyPA
•added 6 days ago•3 views

Integer overflow in `SpaceToBatchND`

ImpactThe implementation of tf.rawops.SpaceToBatchND in all backends such as XLA and handwritten kernels is vulnerable to an integer overflow:pythonimport tensorflow as tfinput = tf.constant-3.5e+35, shape=10,19,22, dtype=tf.float32blockshape = tf.constant-1879048192, shape=2,...

5.5CVSS6.2AI score0.00333EPSS
Exploits1References11Affected Software1
PyPA
PyPA
•added 6 days ago•3 views

Missing validation causes denial of service via `StagePeek`

ImpactThe implementation of tf.rawops.StagePeek does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack:pythonimport tensorflow as tfindex = tf.constant, shape=0, dtype=tf.int32tf.rawops.StagePeekindex=index,...

5.5CVSS6.2AI score0.00317EPSS
Exploits1References11Affected Software1
PyPA
PyPA
•added 6 days ago•3 views

Missing validation causes denial of service via `LoadAndRemapMatrix`

ImpactThe implementation of tf.rawops.LoadAndRemapMatrix does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack:pythonimport tensorflow as tfckptpath = tf.constant "/tmp/warmstartingutiltest5kl2a3pc/tmpph76tep2/model-0"...

5.5CVSS6.2AI score0.00317EPSS
Exploits1References11Affected Software1
PyPA
PyPA
•added 6 days ago•4 views

Missing validation causes denial of service via `LSTMBlockCell`

ImpactThe implementation of tf.rawops.LSTMBlockCell does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack:pythonimport tensorflow as tftf.rawops.LSTMBlockCell x=tf.constant0.837607, shape=28,29, dtype=tf.float32,...

5.5CVSS6.2AI score0.00317EPSS
Exploits1References11Affected Software1
PyPA
PyPA
•added 6 days ago•3 views

Missing validation causes denial of service via `UnsortedSegmentJoin`

ImpactThe implementation of tf.rawops.UnsortedSegmentJoin does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack:pythonimport tensorflow as tftf.rawops.UnsortedSegmentJoin inputs=tf.constant"this", shape=12,...

5.5CVSS6.2AI score0.00317EPSS
Exploits1References11Affected Software1
PyPA
PyPA
•added 6 days ago•4 views

Missing validation causes denial of service via `Conv3DBackpropFilterV2`

ImpactThe implementation of tf.rawops.Conv3DBackpropFilterV2 does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack:pythonimport tensorflow as tftf.rawops.Conv3DBackpropFilterV2 input=tf.constant.5053710941,...

5.5CVSS6.2AI score0.00317EPSS
Exploits1References11Affected Software1
PyPA
PyPA
•added 6 days ago•4 views

Missing validation causes denial of service via `SparseTensorToCSRSparseMatrix`

ImpactThe implementation of tf.rawops.SparseTensorToCSRSparseMatrix does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack:pythonimport tensorflow as tfindices = tf.constant53, shape=3, dtype=tf.int64values =...

5.5CVSS6.2AI score0.00317EPSS
Exploits1References11Affected Software1
PyPA
PyPA
•added 6 days ago•3 views

Missing validation causes denial of service via `SparseTensorToCSRSparseMatrix`

ImpactThe implementation of tf.rawops.SparseTensorToCSRSparseMatrix does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack:pythonimport tensorflow as tfindices = tf.constant53, shape=3, dtype=tf.int64values =...

5.5CVSS6.2AI score0.00317EPSS
Exploits1References11Affected Software1
PyPA
PyPA
•added 6 days ago•3 views

Missing validation causes denial of service via `UnsortedSegmentJoin`

ImpactThe implementation of tf.rawops.UnsortedSegmentJoin does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack:pythonimport tensorflow as tftf.rawops.UnsortedSegmentJoin inputs=tf.constant"this", shape=12,...

5.5CVSS6.2AI score0.00317EPSS
Exploits1References11Affected Software1
PyPA
PyPA
•added 6 days ago•4 views

Missing validation causes denial of service via `Conv3DBackpropFilterV2`

ImpactThe implementation of tf.rawops.Conv3DBackpropFilterV2 does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack:pythonimport tensorflow as tftf.rawops.Conv3DBackpropFilterV2 input=tf.constant.5053710941,...

5.5CVSS6.2AI score0.00317EPSS
Exploits1References11Affected Software1
PyPA
PyPA
•added 6 days ago•4 views

Missing validation causes denial of service via `LoadAndRemapMatrix`

ImpactThe implementation of tf.rawops.LoadAndRemapMatrix does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack:pythonimport tensorflow as tfckptpath = tf.constant "/tmp/warmstartingutiltest5kl2a3pc/tmpph76tep2/model-0"...

5.5CVSS6.2AI score0.00317EPSS
Exploits1References11Affected Software1
PyPA
PyPA
•added 6 days ago•4 views

Missing validation causes denial of service via `LSTMBlockCell`

ImpactThe implementation of tf.rawops.LSTMBlockCell does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack:pythonimport tensorflow as tftf.rawops.LSTMBlockCell x=tf.constant0.837607, shape=28,29, dtype=tf.float32,...

5.5CVSS6.2AI score0.00317EPSS
Exploits1References11Affected Software1
PyPA
PyPA
•added 6 days ago•3 views

matrix-sydent and matrix-synapse Use Cryptographically Weak PRNG

An issue was discovered in Matrix Sydent before 1.0.3 and Synapse before 0.99.3.1. Random number generation is mishandled, which makes it easier for attackers to predict a Sydent authentication token or a Synapse random ID...

8.7CVSS7AI score0.0178EPSS
Exploits0References5Affected Software1
PyPA
PyPA
•added 6 days ago•3 views

Missing validation crashes `QuantizeAndDequantizeV4Grad`

ImpactThe implementation of tf.rawops.QuantizeAndDequantizeV4Grad does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack:pythonimport tensorflow as tftf.rawops.QuantizeAndDequantizeV4Grad gradients=tf.constant1,...

5.5CVSS6.2AI score0.0034EPSS
Exploits1References11Affected Software1
PyPA
PyPA
•added 6 days ago•4 views

Missing validation causes denial of service via `DeleteSessionTensor`

ImpactThe implementation of tf.rawops.DeleteSessionTensor does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack:pythonimport tensorflow as tfhandle = tf.constant"", shape=0,...

5.5CVSS6.2AI score0.00325EPSS
Exploits1References11Affected Software1
PyPA
PyPA
•added 6 days ago•4 views

Missing validation causes denial of service via `StagePeek`

ImpactThe implementation of tf.rawops.StagePeek does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack:pythonimport tensorflow as tfindex = tf.constant, shape=0, dtype=tf.int32tf.rawops.StagePeekindex=index,...

5.5CVSS6.2AI score0.00317EPSS
Exploits1References11Affected Software1
PyPA
PyPA
•added 6 days ago•3 views

Missing validation causes denial of service via `GetSessionTensor`

ImpactThe implementation of tf.rawops.GetSessionTensor does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack:pythonimport tensorflow as tfhandle = tf.constant"", shape=0,...

5.5CVSS6.2AI score0.0035EPSS
Exploits1References11Affected Software1
PyPA
PyPA
•added 6 days ago•4 views

Missing validation causes denial of service via `GetSessionTensor`

ImpactThe implementation of tf.rawops.GetSessionTensor does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack:pythonimport tensorflow as tfhandle = tf.constant"", shape=0,...

5.5CVSS6.2AI score0.0035EPSS
Exploits1References11Affected Software1
PyPA
PyPA
•added 6 days ago•4 views

Missing validation crashes `QuantizeAndDequantizeV4Grad`

ImpactThe implementation of tf.rawops.QuantizeAndDequantizeV4Grad does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack:pythonimport tensorflow as tftf.rawops.QuantizeAndDequantizeV4Grad gradients=tf.constant1,...

5.5CVSS6.2AI score0.0034EPSS
Exploits1References11Affected Software1
PyPA
PyPA
•added 6 days ago•4 views

Missing validation causes denial of service via `DeleteSessionTensor`

ImpactThe implementation of tf.rawops.DeleteSessionTensor does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack:pythonimport tensorflow as tfhandle = tf.constant"", shape=0,...

5.5CVSS6.2AI score0.00325EPSS
Exploits1References11Affected Software1
PyPA
PyPA
•added 6 days ago•4 views

Plone Privilege Escallation

plone.restapi in Plone 5.2.0 through 5.2.1 allows users with a certain privilege level to escalate their privileges up to the highest level...

8.8CVSS7AI score0.01458EPSS
Exploits0References10Affected Software1
PyPA
PyPA
•added 6 days ago•3 views

Products.CMFPlone Open Redirect Vulnerability

When you visit a page where you need to login, Plone 2.5-5.1rc1 sends you to the login form with a 'camefrom' parameter set to the previous url. After you login, you get redirected to the page you tried to view before. An attacker might try to abuse this by letting you click on a specially crafte...

6.1CVSS6.4AI score0.0068EPSS
Exploits0References15Affected Software1
PyPA
PyPA
•added 6 days ago•3 views

Plone unauthorized member addition vulnerability

Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.0 through 4.3.6, and 5.0rc1 allows remote attackers to add a new member to a Plone site with registration enabled, without acknowledgment of site administrator...

8.2CVSS6.6AI score0.02004EPSS
Exploits0References12Affected Software1
PyPA
PyPA
•added 6 days ago•4 views

Missing validation causes `TensorSummaryV2` to crash

ImpactThe implementation of tf.rawops.TensorSummaryV2 does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack:pythonimport numpy as npimport tensorflow as tftf.rawops.TensorSummaryV2 tag=np.array'test', tensor=np.array3,...

5.5CVSS6.2AI score0.00317EPSS
Exploits1References11Affected Software1
PyPA
PyPA
•added 6 days ago•4 views

OpenStack Cinder, Glance, and Nova contain Uncontrolled Resource Consumption

The image parser in OpenStack Cinder prior to 7.0.2, and 8.0.0 and above, prior to 9.0.0; Glance prior to 14.00; and Nova prior to 12.0.4 does not properly limit qemu-img calls, which might allow attackers to cause a denial of service memory and disk consumption via a crafted disk image. This iss...

7.8CVSS6.7AI score0.03062EPSS
Exploits1References17Affected Software1
PyPA
PyPA
•added 6 days ago•3 views

Tryton vulnerable to arbitrary command execution

The safeeval function in trytond in Tryton before 2.4.15, 2.6.x before 2.6.14, 2.8.x before 2.8.11, 3.0.x before 3.0.7, and 3.2.x before 3.2.3 allows remote authenticated users to execute arbitrary commands via shell metacharacters in 1 the collection.domain in the webdav module or 2 the formula...

9CVSS7.3AI score0.02605EPSS
Exploits0References9Affected Software1
PyPA
PyPA
•added 6 days ago•3 views

Missing validation causes `TensorSummaryV2` to crash

ImpactThe implementation of tf.rawops.TensorSummaryV2 does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack:pythonimport numpy as npimport tensorflow as tftf.rawops.TensorSummaryV2 tag=np.array'test', tensor=np.array3,...

5.5CVSS6.2AI score0.00317EPSS
Exploits1References11Affected Software1
PyPA
PyPA
•added 6 days ago•4 views

Products.CMFPlone XSS in profile home_page property

A member of the Plone site could set javascript in the homepage property of their profile, and have this executed when a visitor clicks the home page link on the author page...

5.4CVSS6.2AI score0.00559EPSS
Exploits0References15Affected Software1
PyPA
PyPA
•added 6 days ago•5 views

Paste Script has improper group memberships permissions

Paste Script 1.7.5 and earlier does not properly set group memberships during execution with root privileges, which might allow remote attackers to bypass intended file-access restrictions by leveraging a web application that uses the local filesystem...

7.1CVSS6.2AI score0.0404EPSS
Exploits0References15Affected Software1
PyPA
PyPA
•added 6 days ago•6 views

OpenStack Cinder, Glance, and Nova contain Uncontrolled Resource Consumption

The image parser in OpenStack Cinder prior to 7.0.2, and 8.0.0 and above, prior to 9.0.0; Glance prior to 14.00; and Nova prior to 12.0.4 does not properly limit qemu-img calls, which might allow attackers to cause a denial of service memory and disk consumption via a crafted disk image. This iss...

7.8CVSS6.7AI score0.03062EPSS
Exploits1References17Affected Software1
PyPA
PyPA
•added 6 days ago•4 views

OpenStack Keystone and other components vulnerable to Improper Certificate Validation

HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates...

5.9CVSS6.4AI score0.00962EPSS
Exploits1References14Affected Software1
PyPA
PyPA
•added 6 days ago•3 views

Zope XSS Vulnerability

Cross-site scripting XSS vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3, 3.1.1 through 3.4.1. allows remote attackers to inject arbitrary web script or HTML via vectors related to the way error messages perform...

6.1CVSS6.5AI score0.01351EPSS
Exploits0References13Affected Software1
PyPA
PyPA
•added 6 days ago•3 views

OpenStack Keystone and other components vulnerable to Improper Certificate Validation

HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates...

5.9CVSS6.4AI score0.00962EPSS
Exploits1References14Affected Software1
PyPA
PyPA
•added 6 days ago•4 views

OpenStack Identity Keystone and keystonemiddleware Insufficiently Protected Credentials

The identity service in OpenStack Identity Keystone before 2015.1.3 Kilo and 8.0.x before 8.0.2 Liberty and keystonemiddleware formerly python-keystoneclient before 1.5.4 Kilo and Liberty before 2.3.3 does not properly invalidate authorization tokens when using the PKI or PKIZ token providers,...

8.6CVSS7AI score0.01708EPSS
Exploits0References12Affected Software1
PyPA
PyPA
•added 6 days ago•4 views

XML Entity Expansion in trytond and proteus

An XML Entity Expansion XEE issue was discovered in Tryton Application Platform Server 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform Command Line Client proteus 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. A...

7.5CVSS7AI score0.01927EPSS
Exploits0References10Affected Software1
PyPA
PyPA
•added 6 days ago•4 views

OpenStack Keystone and other components vulnerable to Improper Certificate Validation

HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates...

5.9CVSS6.4AI score0.00962EPSS
Exploits1References14Affected Software1
PyPA
PyPA
•added 6 days ago•5 views

Improper Neutralization of Input During Web Page Generation in Jupyter Notebook

An XSSI cross-site inclusion vulnerability in Jupyter Notebook before 5.7.6 allows inclusion of resources on malicious pages when visited by users who are authenticated with a Jupyter server. Access to the content of resources has been demonstrated with Internet Explorer through capturing of erro...

5.4CVSS6.6AI score0.01636EPSS
Exploits0References8Affected Software1
PyPA
PyPA
•added 6 days ago•4 views

`CHECK`-failures in `TensorByteSize` in Tensorflow

ImpactA malicious user can cause a denial of service by altering a SavedModel such that TensorByteSize would trigger CHECK failures.ccint64t TensorByteSizeconst TensorProto& t // numelements returns -1 if shape is not fully defined. int64t numelems = TensorShapet.tensorshape.numelements; return...

6.5CVSS6.7AI score0.00783EPSS
Exploits1References9Affected Software1
PyPA
PyPA
•added 6 days ago•4 views

`CHECK`-failures during Grappler's `SafeToRemoveIdentity` in Tensorflow

ImpactThe Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a SavedModel such that SafeToRemoveIdentity would trigger CHECK failures. PatchesWe have patched the issue in GitHub commit 92dba16749fae36c246bec3f9ba474d9ddeb7662.The fix will be included in TensorFl...

6.5CVSS6.7AI score0.00821EPSS
Exploits1References9Affected Software1
PyPA
PyPA
•added 6 days ago•4 views

Integer overflow in Tensorflow

ImpactThe implementation of OpLevelCostEstimator::CalculateOutputSize is vulnerable to an integer overflow if an attacker can create an operation which would involve tensors with large enough number of elements:ccfor const auto& dim : outputshape.dim outputsize = dim.size; Here, we can have a lar...

7.1CVSS6.7AI score0.00783EPSS
Exploits1References9Affected Software1
Total number of security vulnerabilities7035