Oneflow

An input validation vulnerability in the flow.Tensor.new_empty/flow.Tensor.new_ones/flow.Tensor.new_zeros component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. [CVSS 6.2 MEDIUM]

An input validation vulnerability in the flow.scatter/flow.scatter_add component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted indices. [CVSS 6.2 MEDIUM]

Oneflow versions up to 0.9.0 contains a vulnerability that allows attackers to cause a Denial of Service (DoS) via a crafted input (CVSS 6.2).

An input validation vulnerability in the oneflow.index_add component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. [CVSS 7.5 HIGH]

A floating point exception (FPE) in the oneflow.reshape component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. [CVSS 6.5 MEDIUM]

A floating point exception (FPE) in the oneflow.view component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. [CVSS 6.5 MEDIUM]

A segmentation violation in the oneflow.logical_or component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. [CVSS 6.5 MEDIUM]

An input validation vulnerability in the flow.arange() component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. [CVSS 7.5 HIGH]

A floating-point exception (FPE) in the flow.column_stack component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. [CVSS 6.5 MEDIUM]

A segmentation violation in the flow.column_stack component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. [CVSS 6.5 MEDIUM]

An issue in the flow.cuda.BoolTensor component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. [CVSS 7.5 HIGH]

A GPU device-ID validation flaw in the flow.cuda.get_device_capability() component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted device ID. [CVSS 7.5 HIGH]

A GPU device-ID validation flaw in OneFlow v0.9.0 allows attackers to trigger a Denial of Dervice (DoS) by invoking flow.cuda.get_device_properties() with an invalid or negative device index. [CVSS 7.5 HIGH]

A device-ID validation flaw in OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) by calling flow.cuda.synchronize() with an invalid or out-of-range GPU device index. [CVSS 7.5 HIGH]

A type validation flaw in the flow.dstack() component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. [CVSS 7.5 HIGH]

A dimension validation flaw in the flow.empty() component of OneFlow 0.9.0 allows attackers to cause a Denial of Service (DoS) via a negative or excessively large dimension value. [CVSS 7.5 HIGH]

A division-by-zero vulnerability in the flow.floor_divide() component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input tensor with zero. [CVSS 6.5 MEDIUM]

A shape mismatch vulnerability in OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via supplying crafted tensor shapes. [CVSS 7.5 HIGH]

Improper input validation in OneFlow v0.9.0 allows attackers to cause a segmentation fault via adding a Python sequence to the native code during broadcasting/type conversion. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.