CVE-2024-28198 XML external entity (XXE) injection in OpenOLAT

OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. By manually manipulating http requests when using the draw.io integration it is possible to read arbitrary files as the configured system user and SSRF. The problem is fixed in version...

Test and evaluate your WAF before hackers

Since 1991, Web Application Firewall, commonly referred to as WAF, has become one of the most common application security technologies available on the market. Since the last century, WAFs have evolved by incorporating the cloud and using Machine Learning instead of RegExp. Currently, few...

AkaNAT: How Akamai Uses Machine Learning to Detect Shared IPs

...

BIT-TENSORFLOW-2021-29512 Heap buffer overflow in `RaggedBinCount`

TensorFlow is an end-to-end open source platform for machine learning. If the splits argument of RaggedBincount does not specify a valid SparseTensorhttps://www.tensorflow.org/apidocs/python/tf/sparse/SparseTensor, then an attacker can trigger a heap buffer overflow. This will cause a read from...

BIT-TENSORFLOW-2021-29514 Heap out of bounds write in `RaggedBinCount`

TensorFlow is an end-to-end open source platform for machine learning. If the splits argument of RaggedBincount does not specify a valid SparseTensorhttps://www.tensorflow.org/apidocs/python/tf/sparse/SparseTensor, then an attacker can trigger a heap buffer overflow. This will cause a read from...

BIT-TENSORFLOW-2021-29515 Reference binding to null pointer in `MatrixDiag*` ops

TensorFlow is an end-to-end open source platform for machine learning. The implementation of MatrixDiag operationshttps://github.com/tensorflow/tensorflow/blob/4c4f420e68f1cfaf8f4b6e8e3eb857e9e4c3ff33/tensorflow/core/kernels/linalg/matrixdiagop.ccL195-L197 does not validate that the tensor...

BIT-TENSORFLOW-2021-29516 Null pointer dereference via invalid Ragged Tensors

TensorFlow is an end-to-end open source platform for machine learning. Calling tf.rawops.RaggedTensorToVariant with arguments specifying an invalid ragged tensor results in a null pointer dereference. The implementation of RaggedTensorToVariant...

BIT-TENSORFLOW-2021-29517 Division by zero in `Conv3D`

TensorFlow is an end-to-end open source platform for machine learning. A malicious user could trigger a division by 0 in Conv3D implementation. The implementationhttps://github.com/tensorflow/tensorflow/blob/42033603003965bffac51ae171b51801565e002d/tensorflow/core/kernels/convops3d.ccL143-L145 do...

BIT-TENSORFLOW-2021-29518 Session operations in eager mode lead to null pointer dereferences

TensorFlow is an end-to-end open source platform for machine learning. In eager mode default in TF 2.0 and later, session operations are invalid. However, users could still call the raw ops associated with them and trigger a null pointer dereference. The...

BIT-TENSORFLOW-2021-29519 CHECK-fail in SparseCross due to type confusion

TensorFlow is an end-to-end open source platform for machine learning. The API of tf.rawops.SparseCross allows combinations which would result in a CHECK-failure and denial of service. This is because the...

BIT-TENSORFLOW-2021-29520 Heap buffer overflow in `Conv3DBackprop*`

TensorFlow is an end-to-end open source platform for machine learning. Missing validation between arguments to tf.rawops.Conv3DBackprop operations can result in heap buffer overflows. This is because the...

BIT-TENSORFLOW-2021-29521 Segfault in SparseCountSparseOutput

TensorFlow is an end-to-end open source platform for machine learning. Specifying a negative dense shape in tf.rawops.SparseCountSparseOutput results in a segmentation fault being thrown out from the standard library as std::vector invariants are broken. This is because the...

BIT-TENSORFLOW-2021-29522 Division by 0 in `Conv3DBackprop*`

TensorFlow is an end-to-end open source platform for machine learning. The tf.rawops.Conv3DBackprop operations fail to validate that the input tensors are not empty. In turn, this would result in a division by 0. This is because the...

BIT-TENSORFLOW-2021-29524 Division by 0 in `Conv2DBackpropFilter`

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in tf.rawops.Conv2DBackpropFilter. This is because the...

BIT-TENSORFLOW-2021-29525 Division by 0 in `Conv2DBackpropInput`

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in tf.rawops.Conv2DBackpropInput. This is because the...

BIT-TENSORFLOW-2021-29526 Division by 0 in `Conv2D`

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in tf.rawops.Conv2D. This is because the implementationhttps://github.com/tensorflow/tensorflow/blob/988087bd83f144af14087fe4fecee2d250d93737/tensorflow/core/kernels/convops.ccL261-L263...

BIT-TENSORFLOW-2021-29527 Division by 0 in `QuantizedConv2D`

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in tf.rawops.QuantizedConv2D. This is because the...

BIT-TENSORFLOW-2021-29529 Heap buffer overflow caused by rounding

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a heap buffer overflow in tf.rawops.QuantizedResizeBilinear by manipulating input values so that float rounding results in off-by-one error in accessing image elements. This is because the...

BIT-TENSORFLOW-2021-29530 Invalid validation in `SparseMatrixSparseCholesky`

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a null pointer dereference by providing an invalid permutation to tf.rawops.SparseMatrixSparseCholesky. This is because the...

BIT-TENSORFLOW-2021-29531 CHECK-fail in tf.raw_ops.EncodePng

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a CHECK fail in PNG encoding by providing an empty input tensor as the pixel data. This is because the...