102 matches found
August 2021 Security Releases
August 2021 Security Releases Update 11-Aug-2021 Security releases available Updates are now available for v16.x, v14.x, and v12.x Node.js release lines for the following issues. cares upgrade - Improper handling of untypical characters in domain names High CVE-2021-22931 Node.js was vulnerable t...
Input validation
A vulnerability in the Cisco Identity Services Engine ISE integration feature of the Cisco DNA Center Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability is due to an incomplete validation of the X.509 certificate used when...
Cisco DNA Center Certificate Validation Vulnerability
A vulnerability in the Cisco Identity Services Engine ISE integration feature of the Cisco DNA Center Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability is due to an incomplete validation of the X.509 certificate used when...
Null pointer dereference in `StringNGrams`
Impact An attacker can trigger a dereference of a null pointer in tf.rawops.StringNGrams: python import tensorflow as tf data=tf.constant'' 11, shape=11, dtype=tf.string splits = 0115 splits.append3 datasplits=tf.constantsplits, shape=116, dtype=tf.int64 tf.rawops.StringNGramsdata=data,...
Google TensorFlow Denial of Service Vulnerability (CNVD-2021-36352)
Google TensorFlow is an end-to-end open source machine learning platform. Google TensorFlow has a security vulnerability. The vulnerability stems from incomplete validation of SparseAdd. No details of the vulnerability are provided at this time...
CVE-2021-29613
TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in tf.rawops.CTCLoss allows an attacker to trigger an OOB read from heap. The fix will be included in TensorFlow 2.5.0. We will also cherrypick these commits on TensorFlow 2.4.2, TensorFlow 2.3.3,...
CVE-2021-29611
TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in SparseReshape results in a denial of service based on a CHECK-failure. The...
CVE-2021-29609
TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in SparseAdd results in allowing attackers to exploit undefined behavior dereferencing null pointers as well as write outside of bounds of heap allocated data. The...
Out-of-bounds
TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in SparseAdd results in allowing attackers to exploit undefined behavior dereferencing null pointers as well as write outside of bounds of heap allocated data. The...
CVE-2021-29607 Incomplete validation in `SparseSparseMinimum`
TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in SparseAdd results in allowing attackers to exploit undefined behavior dereferencing null pointers as well as write outside of bounds of heap allocated data. The...
CVE-2021-29609 Incomplete validation in `SparseAdd`
TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in SparseAdd results in allowing attackers to exploit undefined behavior dereferencing null pointers as well as write outside of bounds of heap allocated data. The...
CVE-2021-29611 Incomplete validation in `SparseReshape`
TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in SparseReshape results in a denial of service based on a CHECK-failure. The...
CVE-2021-29613 Incomplete validation in `tf.raw_ops.CTCLoss`
TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in tf.rawops.CTCLoss allows an attacker to trigger an OOB read from heap. The fix will be included in TensorFlow 2.5.0. We will also cherrypick these commits on TensorFlow 2.4.2, TensorFlow 2.3.3,...
PT-2021-18360 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.5.0 TensorFlow versions 2.1.4 through 2.4.2 Description: Incomplete validation in SparseAdd results in allowing attackers to exploit undefined behavior, such as dereferencing null pointers and writing outside of...
Google TensorFlow 代码问题漏洞
Google TensorFlow is an end-to-end open source machine learning platform. Google TensorFlow has a security vulnerability. The vulnerability stems from incomplete validation of SparseAdd. No details of the vulnerability are provided at this time...
CVE-2021-1384 Cisco IOx for IOS XE Software Command Injection Vulnerability
A vulnerability in Cisco IOx application hosting environment of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands into the underlying operating system as the root user. This vulnerability is due to incomplete validation of fields in the application packages...
CVE-2020-15194
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the SparseFillEmptyRowsGrad implementation has incomplete validation of the shapes of its arguments. Although reverseindexmapt and gradvaluest are accessed in a similar pattern, only reverseindexmapt is validated to be of proper...
PYSEC-2020-117
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the SparseFillEmptyRowsGrad implementation has incomplete validation of the shapes of its arguments. Although reverseindexmapt and gradvaluest are accessed in a similar pattern, only reverseindexmapt is validated to be of proper...
Input validation
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the SparseFillEmptyRowsGrad implementation has incomplete validation of the shapes of its arguments. Although reverseindexmapt and gradvaluest are accessed in a similar pattern, only reverseindexmapt is validated to be of proper...
CVE-2020-15194 Denial of Service in Tensorflow
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the SparseFillEmptyRowsGrad implementation has incomplete validation of the shapes of its arguments. Although reverseindexmapt and gradvaluest are accessed in a similar pattern, only reverseindexmapt is validated to be of proper...