Redmept1on
/ gist:42caad5576101cdd93deb6470d979952
Created
June 6, 2024 16:16
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [CVE ID] | |
| CVE-2024-36745 | |
| [Affected Component] | |
| OneFlow v0.9.1 | |
| [VERSION] | |
| OneFlow v0.9.1 | |
| [VulnerabilityType Other] | |
| CWE-20: Improper Input Validation | |
| [DESCRIPTION] | |
| An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting a negative value into the oneflow.index_select parameter. |
Redmept1on
/ gist:64aa53d37e99975725a7d3e2dc9d9761
Created
June 6, 2024 16:14
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [CVE ID] | |
| CVE-2024-36743 | |
| [Affected Component] | |
| OneFlow v0.9.1 | |
| [VERSION] | |
| OneFlow v0.9.1 | |
| [VulnerabilityType Other] | |
| CWE-20: Improper Input Validation | |
| [DESCRIPTION] | |
| An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when an empty array is processed with oneflow.dot. |
Redmept1on
/ gist:761f0d0d09a912b8b93e0cf8dd877e94
Created
June 6, 2024 16:12
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [CVE ID] | |
| CVE-2024-36742 | |
| [Affected Component] | |
| OneFlow v0.9.1 | |
| [VERSION] | |
| OneFlow v0.9.1 | |
| [VulnerabilityType Other] | |
| CWE-20: Improper Input Validation | |
| [DESCRIPTION] | |
| An issue in the oneflow.scatter_nd parameter OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when index parameter exceeds the range of shape. |
Redmept1on
/ gist:070f5b8b752079c6b761f00f3cab7103
Created
June 6, 2024 16:11
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [CVE ID] | |
| CVE-2024-36740 | |
| [Affected Component] | |
| OneFlow v0.9.1 | |
| [VERSION] | |
| OneFlow v0.9.1 | |
| [VulnerabilityType Other] | |
| CWE-20: Improper Input Validation | |
| [DESCRIPTION] | |
| An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when index as a negative number exceeds the range of size. |
Redmept1on
/ gist:3a77cc722f82b57f99ccbe835aacf27d
Created
June 6, 2024 16:09
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [CVE ID] | |
| CVE-2024-36737 | |
| [Affected Component] | |
| OneFlow v0.9.1 | |
| [VERSION] | |
| OneFlow v0.9.1 | |
| [VulnerabilityType Other] | |
| CWE-20: Improper Input Validation | |
| [DESCRIPTION] | |
| Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting a negative value into the oneflow.full parameter. |
Redmept1on
/ gist:6de04fb6c7af6956973fe2765c4d4576
Created
June 6, 2024 16:06
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [CVE ID] | |
| CVE-2024-36736 | |
| [Affected Component] | |
| OneFlow v0.9.1 | |
| [VERSION] | |
| OneFlow v0.9.1 | |
| [VulnerabilityType Other] | |
| CWE-20: Improper Input Validation | |
| [DESCRIPTION] | |
| An issue in the oneflow.permute component of OneFlow-Inc. Oneflow v0.9.1 causes an incorrect calculation when the same dimension operation is performed. |
Redmept1on
/ gist:4998e9b6435448cea07a8b2dbf96eedc
Created
June 6, 2024 16:03
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [CVE ID] | |
| CVE-2024-36735 | |
| [Affected Component] | |
| OneFlow v0.9.1 | |
| [VERSION] | |
| OneFlow v0.9.1 | |
| [VulnerabilityType Other] | |
| CWE-20: Improper Input Validation | |
| [DESCRIPTION] | |
| OneFlow-Inc. Oneflow v0.9.1 does not display an error or warning when the oneflow.eye parameter is floating. |
Redmept1on
/ gist:7420cd59f30defda07cf7bb4bf4a92cd
Last active
June 6, 2024 16:05
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [CVE ID] | |
| CVE-2024-36734 | |
| [Affected Component] | |
| OneFlow v0.9.1 | |
| [VERSION] | |
| OneFlow v0.9.1 | |
| [VulnerabilityType Other] | |
| CWE-20: Improper Input Validation | |
| [DESCRIPTION] | |
| Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting a negative value into the dim parameter. |
Redmept1on
/ gist:3feef7639b2bc7891d0cfda6d932adfd
Created
June 6, 2024 15:58
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [CVE ID] | |
| CVE-2024-36732 | |
| [PRODUCT] | |
| Oneflow v0.9.1 | |
| [VERSION] | |
| Oneflow v0.9.1 | |
| [PROBLEM TYPE] | |
| CWE-20: Improper Input Validation | |
| [DESCRIPTION] | |
| An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when an empty array is processed with oneflow.tensordot. |
Redmept1on
/ gist:1c530e191fb3c76f034c2ea1d11eb821
Created
June 6, 2024 15:52
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [CVE ID] | |
| CVE-2024-36730 | |
| [Affected Component] | |
| OneFlow API: oneflow.new_ones | |
| [VERSION] | |
| v0.9.1 | |
| [VulnerabilityType Other] | |
| CWE-20: Improper Input Validation | |
| [DESCRIPTION] | |
| Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting negative values into the oneflow.zeros/ones parameter. |