VIR Vulnerability Intelligence Relay

Search

Found 17,057 results in 4995ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2021-37635 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of sparse reduction operations in TensorFlow can trigger accesses outside of bounds of h…
CVE-2021-37636 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.raw_ops.SparseDenseCwiseDiv` is vulnerable to a division by 0 error. The [impleme…
CVE-2021-37637 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. It is possible to trigger a null pointer dereference in TensorFlow by passing an invalid input to `tf.raw_ops.CompressElement`. …
CVE-2021-37638 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. Sending invalid argument for `row_partition_types` of `tf.raw_ops.RaggedTensorToTensor` API results in a null pointer dereferenc…
CVE-2021-37639 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. When restoring tensors via raw APIs, if the tensor name is not provided, TensorFlow can be tricked into dereferencing a null poi…
CVE-2021-37640 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.raw_ops.SparseReshape` can be made to trigger an integral division by 0 exception…
CVE-2021-37641 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions if the arguments to `tf.raw_ops.RaggedGather` don't determine a valid ragged tensor code can trigger a read…
CVE-2021-37642 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.raw_ops.ResourceScatterDiv` is vulnerable to a division by 0 error. The [implemen…
CVE-2021-37643 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. If a user does not provide a valid padding value to `tf.raw_ops.MatrixDiagPartOp`, then the code triggers a null pointer derefer…
CVE-2021-37644 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions providing a negative element to `num_elements` list argument of `tf.raw_ops.TensorListReserve` causes the r…
CVE-2021-37645 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.raw_ops.QuantizeAndDequantizeV4Grad` is vulnerable to an integer overflow issue c…
CVE-2021-37646 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.raw_ops.StringNGrams` is vulnerable to an integer overflow issue caused by conver…
CVE-2021-37647 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. When a user does not supply arguments that determine a valid sparse tensor, `tf.raw_ops.SparseTensorSliceDataset` implementation…
CVE-2021-37648 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions the code for `tf.raw_ops.SaveV2` does not properly validate the inputs and an attacker can trigger a null p…
CVE-2021-37649 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. The code for `tf.raw_ops.UncompressElement` can be made to trigger a null pointer dereference. The [implementation](https://gith…
CVE-2021-37650 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for `tf.raw_ops.ExperimentalDatasetToTFRecord` and `tf.raw_ops.DatasetToTFRecord` can tr…
CVE-2021-37651 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for `tf.raw_ops.FractionalAvgPoolGrad` can be tricked into accessing data outside of bou…
CVE-2021-37652 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for `tf.raw_ops.BoostedTreesCreateEnsemble` can result in a use after free error if an a…
CVE-2021-37653 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a crash via a floating point exception in `tf.raw_ops.ResourceGather`. The [impleme…
CVE-2021-37654 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a crash via a `CHECK`-fail in debug builds of TensorFlow using `tf.raw_ops.Resource…
CVE-2021-37655 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a read from outside of bounds of heap allocated data by sending invalid arguments t…
CVE-2021-37656 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.RaggedTenso…
CVE-2021-37657 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type …
CVE-2021-37658 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type …
CVE-2021-37659 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all binary cwise operat…
CVE-2021-37660 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause a floating point exception by calling inplace operations with crafted arguments that …
CVE-2021-37661 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause a denial of service in `boosted_trees_create_quantile_stream_resource` by using negat…
CVE-2021-37662 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can generate undefined behavior via a reference binding to nullptr in `BoostedTreesCalculateBes…
CVE-2021-37663 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in `tf.raw_ops.QuantizeV2`, an attacker can trigger undefined behavior via bin…
CVE-2021-37664 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arg…
CVE-2021-37665 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in MKL implementation of requantization, an attacker can trigger undefined beh…
CVE-2021-37666 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.RaggedTenso…
CVE-2021-37667 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.UnicodeEnco…
CVE-2021-37668 critical 9.5 FIX debian debianarch arch 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause denial of service in applications serving models using `tf.raw_ops.UnravelIndex` by t…
CVE-2021-37669 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause denial of service in applications serving models using `tf.raw_ops.NonMaxSuppressionV…
CVE-2021-37670 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arg…
CVE-2021-37671 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.Map*` and `…
CVE-2021-37672 critical 9.5 FIX debian debianarch arch 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arg…
CVE-2021-37673 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a denial of service via a `CHECK`-fail in `tf.raw_ops.MapStage`. The [implementatio…
CVE-2021-37674 critical 9.5 FIX debian debianarch arch 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a denial of service via a segmentation fault in `tf.raw_ops.MaxPoolGrad` caused by …
CVE-2021-37675 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions most implementations of convolution operators in TensorFlow are affected by a division by 0 vulnerability w…
CVE-2021-37676 critical 9.5 FIX debian debianarch arch 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.SparseFillE…
CVE-2021-37677 critical 9.5 FIX debian debianarch arch 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions the shape inference code for `tf.raw_ops.Dequantize` has a vulnerability that could trigger a denial of ser…
CVE-2021-37678 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions TensorFlow and Keras can be tricked to perform arbitrary code execution when deserializing a Keras model fr…
CVE-2021-37679 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions it is possible to nest a `tf.map_fn` within another `tf.map_fn` call. However, if the input tensor is a `Ra…
CVE-2021-37680 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of fully connected layers in TFLite is [vulnerable to a division by zero error](https://…
CVE-2021-37681 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of SVDF in TFLite is [vulnerable to a null pointer error](https://github.com/tensorflow/…
CVE-2021-37682 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions all TFLite operations that use quantization can be made to use unitialized values. [For example](https://gi…
CVE-2021-37683 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of division in TFLite is [vulnerable to a division by 0 error](https://github.com/tensor…
CVE-2021-37684 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementations of pooling in TFLite are vulnerable to division by 0 errors as there are no checks for …
CVE-2021-37685 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions TFLite's [`expand_dims.cc`](https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005…
CVE-2021-37687 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions TFLite's [`GatherNd` implementation](https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d9…
CVE-2021-37686 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions the strided slice implementation in TFLite has a logic bug which can allow an attacker to trigger an infini…
CVE-2021-37688 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a…
CVE-2021-37689 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a…
CVE-2021-37690 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions when running shape functions, some functions (such as `MutableHashTableShape`) produce extra output informa…
CVE-2021-37691 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a division by zero error in LSH [implementation](ht…
CVE-2021-37692 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions under certain conditions, Go code can trigger a segfault in string deallocation. For string tensors, `C.TF_…
CVE-2021-37714 unknown FIX slesdebian debian 5y ago Uncaught Exception in jsoup
CVE-2020-15522 unknown FIX debian debian sles 5y ago Timing based private key exposure in Bouncy Castle
CVE-2021-33192 unknown FIX debian debian 5y ago Cross-site scripting in Apache Jena Fuseki
CVE-2021-30640 unknown FIX slesdebian debian 5y ago A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This…
CVE-2021-33037 unknown FIX slesdebian debian 5y ago Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request…
CVE-2021-30639 unknown FIX debian debian 5y ago A vulnerability in Apache Tomcat allows an attacker to remotely trigger a denial of service. An error introduced as part of a change to improve error handling during non-blocking I/O meant that the e…
CVE-2019-25052 critical 9.1 9.1 FIX debian debian 5y ago In Linaro OP-TEE before 3.7.0, by using inconsistent or malformed data, it is possible to call update and final cryptographic functions directly, causing a crash that could leak sensitive information.
CVE-2021-35043 unknown FIX debian debian 5y ago Cross-site Scripting in OWASP AntiSamy
CVE-2021-36090 unknown FIX slesdebian debian 5y ago Improper Handling of Length Parameter Inconsistency in Compress
CVE-2021-35517 unknown FIX slesdebian debian 5y ago Improper Handling of Length Parameter Inconsistency in Compress
CVE-2021-35516 unknown FIX slesdebian debian 5y ago Improper Handling of Length Parameter Inconsistency in Compress
CVE-2021-35515 unknown FIX slesdebian debian 5y ago Excessive Iteration in Compress
CVE-2021-30129 unknown FIX debian debian 5y ago Buffer Overflow in Apache Mina SSHD
CVE-2019-25050 unknown FIX debian debian 5y ago netCDF in GDAL 2.4.2 through 3.0.4 has a stack-based buffer overflow in nc4_get_att (called from nc4_get_att_tc and nc_get_att_text) and in uffd_cleanup (called from netCDFDataset::~netCDFDataset and…
CVE-2021-34429 unknown 1.0 EXPFIX slesdebian debian 5y ago Encoded URIs can access WEB-INF directory in Eclipse Jetty
CVE-2021-38193 unknown FIX debian debian 5y ago An issue was discovered in the ammonia crate before 3.1.0 for Rust. XSS can occur because the parsing differences for HTML, SVG, and MathML are mishandled, a similar issue to CVE-2020-26870.
CVE-2021-38191 unknown FIX debian debian 5y ago An issue was discovered in the tokio crate before 1.8.1 for Rust. Upon a JoinHandle::abort, a Task may be dropped in the wrong thread.
CVE-2021-34428 unknown FIX slesdebian debian 5y ago SessionListener can prevent a session from being invalidated breaking logout
CVE-2021-3603 unknown FIX debian debian 5y ago PHPMailer 6.4.1 and earlier contain a vulnerability that can result in untrusted code being called (if such code is injected into the host project's scope by other means). If the $patternselect param…
CVE-2021-34551 unknown FIX debian debian 5y ago PHPMailer before 6.5.0 on Windows allows remote code execution if lang_path is untrusted data and has a UNC pathname.
CVE-2021-32693 unknown FIX debian debian 5y ago Symfony is a PHP framework for web and console applications and a set of reusable PHP components. A vulnerability related to firewall authentication is in Symfony starting with version 5.3.0 and prio…
CVE-2021-27807 unknown FIX slesdebian debian 5y ago Excessive Iteration Denial of Service in Apache PDFBox
CVE-2021-20220 unknown FIX debian debian 5y ago HTTP request smuggling in Undertow
CVE-2021-25122 unknown FIX slesdebian debian 5y ago When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body…
CVE-2021-26117 unknown FIX debian debian 5y ago Improper Authentication in Apache ActiveMQ and Apache Artemis
CVE-2021-23926 unknown FIX slesdebian debian 5y ago Improper Restriction of Recursive Entity References in Apache XMLBeans
CVE-2020-10688 unknown FIX debian debian 5y ago Cross-site scripting in RESTEasy
CVE-2021-31811 unknown FIX slesdebian debian 5y ago Uncontrolled memory consumption
CVE-2021-31812 unknown FIX slesdebian debian 5y ago Infinite Loop in Apache PDFBox
CVE-2021-28169 unknown FIX slesdebian debian 5y ago Jetty Utility Servlets ConcatServlet Double Decoding Information Disclosure Vulnerability
CVE-2020-12690 unknown FIX slesdebian debian 5y ago An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The list of roles provided for an OAuth1 access token is silently ignored. Thus, when an access token is used to request a key…
CVE-2020-25724 unknown FIX debian debian 5y ago Unsynchronized Access to Shared Data in a Multithreaded Context in RESTEasy
CVE-2020-14340 unknown FIX debian debian 5y ago Uncontrolled Resource Consumption in XNIO
CVE-2017-8761 unknown FIX debian debian 5y ago In OpenStack Swift through 2.10.1, 2.11.0 through 2.13.0, and 2.14.0, the proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures to anyone with read access to these log…
CVE-2020-10693 unknown FIX debian debian 5y ago Improper Input Validation in Hibernate Validator
CVE-2020-25633 unknown debian debian 5y ago Generation of Error Message Containing Sensitive Information in RESTEasy client
CVE-2021-29619 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. Passing invalid arguments (e.g., discovered via fuzzing) to `tf.raw_ops.SparseCountSparseOutput` results in segfault. The fix wi…
CVE-2021-29618 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. Passing a complex argument to `tf.transpose` at the same time as passing `conjugate=True` argument results in a crash. The fix w…
CVE-2021-29617 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via `CHECK`-fail in `tf.strings.substr` with invalid arguments. The fix will be includ…
CVE-2021-29616 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. The implementation of TrySimplify(https://github.com/tensorflow/tensorflow/blob/c22d88d6ff33031aa113e48aa3fc9aa74ed79595/tensorf…
CVE-2021-29615 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. The implementation of `ParseAttrValue`(https://github.com/tensorflow/tensorflow/blob/c22d88d6ff33031aa113e48aa3fc9aa74ed79595/te…
CVE-2021-29614 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. The implementation of `tf.io.decode_raw` produces incorrect results and crashes the Python interpreter when combining `fixed_len…