Google TensorFlow up to 2.3.3/2.4.2/2.5.0 tf.raw_ops.MatrixDiagPartOp null pointer dereference

A vulnerability was found in Google TensorFlow up to 2.3.3/2.4.2/2.5.0 (Artificial Intelligence Software). It has been declared as problematic. This vulnerability affects the function tf.raw_ops.MatrixDiagPartOp. Upgrading to version 2.3.4, 2.4.3, 2.5.1 or 2.6.0 eliminates this vulnerability. Applying a patch is able to eliminate this problem. The bugfix is ready for download at github.com. The best possible mitigation is suggested to be upgrading to the latest version.

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2024-34693 : APACHE SUPERSET UP TO 3.1.2/4.0.0 MARIADB CONNECTION INFORMATION DISCLOSURE

CVE-2024-34693 : APACHE SUPERSET UP TO 3.1.2/4.0.0 MARIADB CONNECTION INFORMATION DISCLOSURE

Description Improper Input Validation vulnerability in Apache Superset, allows for an authenticated attacker to create a MariaDB connection with local_infile

CVE-2024-6146 : ACTIONTEC WCB6200Q 1.2L.03.5 HTTP SERVER UH_GET_POSTDATA_WITHUPLOAD STACK-BASED OVERFLOW

CVE-2024-6146 : ACTIONTEC WCB6200Q 1.2L.03.5 HTTP SERVER UH_GET_POSTDATA_WITHUPLOAD STACK-BASED OVERFLOW

Description Actiontec WCB6200Q uh_get_postdata_withupload Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code

CVE-2024-36978 : LINUX KERNEL UP TO 6.10-RC2 SCH_MULTIQ MULTIQ_TUNE OUT-OF-BOUNDS WRITE

CVE-2024-36978 : LINUX KERNEL UP TO 6.10-RC2 SCH_MULTIQ MULTIQ_TUNE OUT-OF-BOUNDS WRITE

Description In the Linux kernel, the following vulnerability has been resolved: net: sched: sch_multiq: fix possible OOB write in multiq_tune()