VIR Vulnerability Intelligence Relay

Search

Found 17,142 results in 868ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2021-37657 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type …
CVE-2021-37658 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type …
CVE-2021-37659 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all binary cwise operat…
CVE-2021-37660 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause a floating point exception by calling inplace operations with crafted arguments that …
CVE-2021-37661 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause a denial of service in `boosted_trees_create_quantile_stream_resource` by using negat…
CVE-2021-37662 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can generate undefined behavior via a reference binding to nullptr in `BoostedTreesCalculateBes…
CVE-2021-37663 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in `tf.raw_ops.QuantizeV2`, an attacker can trigger undefined behavior via bin…
CVE-2021-37664 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arg…
CVE-2021-37665 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in MKL implementation of requantization, an attacker can trigger undefined beh…
CVE-2021-37666 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.RaggedTenso…
CVE-2021-37667 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.UnicodeEnco…
CVE-2021-37668 critical 9.5 FIX debian debianarch arch 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause denial of service in applications serving models using `tf.raw_ops.UnravelIndex` by t…
CVE-2021-37669 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause denial of service in applications serving models using `tf.raw_ops.NonMaxSuppressionV…
CVE-2021-37670 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arg…
CVE-2021-37671 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.Map*` and `…
CVE-2021-37672 critical 9.5 FIX debian debianarch arch 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arg…
CVE-2021-37673 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a denial of service via a `CHECK`-fail in `tf.raw_ops.MapStage`. The [implementatio…
CVE-2021-37674 critical 9.5 FIX debian debianarch arch 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a denial of service via a segmentation fault in `tf.raw_ops.MaxPoolGrad` caused by …
CVE-2021-37675 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions most implementations of convolution operators in TensorFlow are affected by a division by 0 vulnerability w…
CVE-2021-37676 critical 9.5 FIX debian debianarch arch 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.SparseFillE…
CVE-2021-37677 critical 9.5 FIX debian debianarch arch 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions the shape inference code for `tf.raw_ops.Dequantize` has a vulnerability that could trigger a denial of ser…
CVE-2021-37678 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions TensorFlow and Keras can be tricked to perform arbitrary code execution when deserializing a Keras model fr…
CVE-2021-37679 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions it is possible to nest a `tf.map_fn` within another `tf.map_fn` call. However, if the input tensor is a `Ra…
CVE-2021-37680 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of fully connected layers in TFLite is [vulnerable to a division by zero error](https://…
CVE-2021-37681 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of SVDF in TFLite is [vulnerable to a null pointer error](https://github.com/tensorflow/…
CVE-2021-37682 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions all TFLite operations that use quantization can be made to use unitialized values. [For example](https://gi…
CVE-2021-37683 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of division in TFLite is [vulnerable to a division by 0 error](https://github.com/tensor…
CVE-2021-37684 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementations of pooling in TFLite are vulnerable to division by 0 errors as there are no checks for …
CVE-2021-37685 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions TFLite's [`expand_dims.cc`](https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005…
CVE-2021-37687 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions TFLite's [`GatherNd` implementation](https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d9…
CVE-2021-37686 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions the strided slice implementation in TFLite has a logic bug which can allow an attacker to trigger an infini…
CVE-2021-37688 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a…
CVE-2021-37689 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a…
CVE-2021-37690 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions when running shape functions, some functions (such as `MutableHashTableShape`) produce extra output informa…
CVE-2021-37691 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a division by zero error in LSH [implementation](ht…
CVE-2021-37692 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. In affected versions under certain conditions, Go code can trigger a segfault in string deallocation. For string tensors, `C.TF_…
CVE-2021-37714 unknown FIX slesdebian debian 5y ago Uncaught Exception in jsoup
CVE-2020-15522 unknown FIX debian debian sles 5y ago Timing based private key exposure in Bouncy Castle
CVE-2021-33192 unknown FIX debian debian 5y ago Cross-site scripting in Apache Jena Fuseki
CVE-2021-30640 unknown FIX slesdebian debian 5y ago A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This…
CVE-2021-33037 unknown FIX slesdebian debian 5y ago Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request…
CVE-2021-30639 unknown FIX debian debian 5y ago A vulnerability in Apache Tomcat allows an attacker to remotely trigger a denial of service. An error introduced as part of a change to improve error handling during non-blocking I/O meant that the e…
CVE-2019-25052 critical 9.1 9.1 FIX debian debian 5y ago In Linaro OP-TEE before 3.7.0, by using inconsistent or malformed data, it is possible to call update and final cryptographic functions directly, causing a crash that could leak sensitive information.
CVE-2021-35043 unknown FIX debian debian 5y ago Cross-site Scripting in OWASP AntiSamy
CVE-2021-36090 unknown FIX slesdebian debian 5y ago Improper Handling of Length Parameter Inconsistency in Compress
CVE-2021-35517 unknown FIX slesdebian debian 5y ago Improper Handling of Length Parameter Inconsistency in Compress
CVE-2021-35516 unknown FIX slesdebian debian 5y ago Improper Handling of Length Parameter Inconsistency in Compress
CVE-2021-35515 unknown FIX slesdebian debian 5y ago Excessive Iteration in Compress
CVE-2021-30129 unknown FIX debian debian 5y ago Buffer Overflow in Apache Mina SSHD
CVE-2019-25050 unknown FIX debian debian 5y ago netCDF in GDAL 2.4.2 through 3.0.4 has a stack-based buffer overflow in nc4_get_att (called from nc4_get_att_tc and nc_get_att_text) and in uffd_cleanup (called from netCDFDataset::~netCDFDataset and…
CVE-2021-34429 unknown 1.0 EXPFIX slesdebian debian 5y ago Encoded URIs can access WEB-INF directory in Eclipse Jetty
CVE-2021-38193 unknown FIX debian debian 5y ago An issue was discovered in the ammonia crate before 3.1.0 for Rust. XSS can occur because the parsing differences for HTML, SVG, and MathML are mishandled, a similar issue to CVE-2020-26870.
CVE-2021-38191 unknown FIX debian debian 5y ago An issue was discovered in the tokio crate before 1.8.1 for Rust. Upon a JoinHandle::abort, a Task may be dropped in the wrong thread.
CVE-2021-34428 unknown FIX slesdebian debian 5y ago SessionListener can prevent a session from being invalidated breaking logout
CVE-2021-3603 unknown FIX debian debian 5y ago PHPMailer 6.4.1 and earlier contain a vulnerability that can result in untrusted code being called (if such code is injected into the host project's scope by other means). If the $patternselect param…
CVE-2021-34551 unknown FIX debian debian 5y ago PHPMailer before 6.5.0 on Windows allows remote code execution if lang_path is untrusted data and has a UNC pathname.
CVE-2021-32693 unknown FIX debian debian 5y ago Symfony is a PHP framework for web and console applications and a set of reusable PHP components. A vulnerability related to firewall authentication is in Symfony starting with version 5.3.0 and prio…
CVE-2021-27807 unknown FIX slesdebian debian 5y ago Excessive Iteration Denial of Service in Apache PDFBox
CVE-2021-20220 unknown FIX debian debian 5y ago HTTP request smuggling in Undertow
CVE-2021-25122 unknown FIX slesdebian debian 5y ago When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body…
CVE-2021-26117 unknown FIX debian debian 5y ago Improper Authentication in Apache ActiveMQ and Apache Artemis
CVE-2021-23926 unknown FIX slesdebian debian 5y ago Improper Restriction of Recursive Entity References in Apache XMLBeans
CVE-2020-10688 unknown FIX debian debian 5y ago Cross-site scripting in RESTEasy
CVE-2021-31811 unknown FIX slesdebian debian 5y ago Uncontrolled memory consumption
CVE-2021-31812 unknown FIX slesdebian debian 5y ago Infinite Loop in Apache PDFBox
CVE-2021-28169 unknown FIX slesdebian debian 5y ago Jetty Utility Servlets ConcatServlet Double Decoding Information Disclosure Vulnerability
CVE-2020-12690 unknown FIX slesdebian debian 5y ago An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The list of roles provided for an OAuth1 access token is silently ignored. Thus, when an access token is used to request a key…
CVE-2020-25724 unknown FIX debian debian 5y ago Unsynchronized Access to Shared Data in a Multithreaded Context in RESTEasy
CVE-2020-14340 unknown FIX debian debian 5y ago Uncontrolled Resource Consumption in XNIO
CVE-2017-8761 unknown FIX debian debian 5y ago In OpenStack Swift through 2.10.1, 2.11.0 through 2.13.0, and 2.14.0, the proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures to anyone with read access to these log…
CVE-2020-10693 unknown FIX debian debian 5y ago Improper Input Validation in Hibernate Validator
CVE-2020-25633 unknown debian debian 5y ago Generation of Error Message Containing Sensitive Information in RESTEasy client
CVE-2021-29619 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. Passing invalid arguments (e.g., discovered via fuzzing) to `tf.raw_ops.SparseCountSparseOutput` results in segfault. The fix wi…
CVE-2021-29618 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. Passing a complex argument to `tf.transpose` at the same time as passing `conjugate=True` argument results in a crash. The fix w…
CVE-2021-29617 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via `CHECK`-fail in `tf.strings.substr` with invalid arguments. The fix will be includ…
CVE-2021-29616 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. The implementation of TrySimplify(https://github.com/tensorflow/tensorflow/blob/c22d88d6ff33031aa113e48aa3fc9aa74ed79595/tensorf…
CVE-2021-29615 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. The implementation of `ParseAttrValue`(https://github.com/tensorflow/tensorflow/blob/c22d88d6ff33031aa113e48aa3fc9aa74ed79595/te…
CVE-2021-29614 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. The implementation of `tf.io.decode_raw` produces incorrect results and crashes the Python interpreter when combining `fixed_len…
CVE-2021-29613 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in `tf.raw_ops.CTCLoss` allows an attacker to trigger an OOB read from heap. The fix will be included in T…
CVE-2021-29612 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a heap buffer overflow in Eigen implementation of `tf.raw_ops.BandedTriangularSolve`. The implementation…
CVE-2021-29611 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in `SparseReshape` results in a denial of service based on a `CHECK`-failure. The implementation(https://g…
CVE-2021-29610 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. The validation in `tf.raw_ops.QuantizeAndDequantizeV2` allows invalid values for `axis` argument:. The validation(https://github…
CVE-2021-29609 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in `SparseAdd` results in allowing attackers to exploit undefined behavior (dereferencing null pointers) a…
CVE-2021-29608 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in `tf.raw_ops.RaggedTensorToTensor`, an attacker can exploit an undefined behavior if input arguments…
CVE-2021-29606 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. A specially crafted TFLite model could trigger an OOB read on heap in the TFLite implementation of `Split_V`(https://github.com/…
CVE-2021-29605 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. The TFLite code for allocating `TFLiteIntArray`s is vulnerable to an integer overflow issue(https://github.com/tensorflow/tensor…
CVE-2021-29604 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. The TFLite implementation of hashtable lookup is vulnerable to a division by zero error(https://github.com/tensorflow/tensorflow…
CVE-2021-29603 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. A specially crafted TFLite model could trigger an OOB write on heap in the TFLite implementation of `ArgMin`/`ArgMax`(https://gi…
CVE-2021-29602 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. The implementation of the `DepthwiseConv` TFLite operator is vulnerable to a division by zero error(https://github.com/tensorflo…
CVE-2021-29601 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. The TFLite implementation of concatenation is vulnerable to an integer overflow issue(https://github.com/tensorflow/tensorflow/b…
CVE-2021-29600 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. The implementation of the `OneHot` TFLite operator is vulnerable to a division by zero error(https://github.com/tensorflow/tenso…
CVE-2021-29599 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. The implementation of the `Split` TFLite operator is vulnerable to a division by zero error(https://github.com/tensorflow/tensor…
CVE-2021-29598 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. The implementation of the `SVDF` TFLite operator is vulnerable to a division by zero error(https://github.com/tensorflow/tensorf…
CVE-2021-29597 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. The implementation of the `SpaceToBatchNd` TFLite operator is [vulnerable to a division by zero error](https://github.com/tensor…
CVE-2021-29596 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. The implementation of the `EmbeddingLookup` TFLite operator is vulnerable to a division by zero error(https://github.com/tensorf…
CVE-2021-29595 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. The implementation of the `DepthToSpace` TFLite operator is vulnerable to a division by zero error(https://github.com/tensorflow…
CVE-2021-29594 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. TFLite's convolution code(https://github.com/tensorflow/tensorflow/blob/09c73bca7d648e961dd05898292d91a8322a9d45/tensorflow/lite…
CVE-2021-29593 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. The implementation of the `BatchToSpaceNd` TFLite operator is vulnerable to a division by zero error(https://github.com/tensorfl…
CVE-2021-29592 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. The fix for CVE-2020-15209(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15209) missed the case when the target shape …
CVE-2021-29591 critical 9.5 FIX arch archdebian debian 5y ago TensorFlow is an end-to-end open source platform for machine learning. TFlite graphs must not have loops between nodes. However, this condition was not checked and an attacker could craft models that…