Google TensorFlow has an unspecified vulnerability (CNVD-2021-92554)

A security vulnerability in Google TensorFlow, an end-to-end open source platform for machine learning from Google, stems from the use of uninitialized variables in the Grappler optimizer. If the trainnodes vector obtained from the saved optimization model does not contain Dequeue nodes, then...

Google TensorFlow buffer overflow vulnerability (CNVD-2021-87050)

Google TensorFlow is an end-to-end open source platform for machine learning from Google Google. Google TensorFlow is vulnerable to a buffer overflow vulnerability that stems from Transpose's shape inference function being vulnerable to a heap buffer overflow. No details of the vulnerability are...

Google TensorFlow has an unspecified vulnerability (CNVD-2021-92553)

Google TensorFlow is an end-to-end open source platform for machine learning from Google. Google TensorFlow has a security vulnerability that stems from an implementation of SplitV that can trigger a segment error, and no details of the vulnerability are currently available...

Google TensorFlow Numeric Error Vulnerability (CNVD-2021-88254)

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. Google TensorFlow versions prior to 2.7.0 suffer from a numeric error vulnerability that stems from the fact that TensorFlow's ParallelConcat loses some input validation and produces a divide by...

Google TensorFlow resource management error vulnerability

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A resource management error vulnerability exists in Google TensorFlow, which stems from the fact that when two tf.function-modified Python functions recurse on each other, the code behind the tf.functio...

Moodle Cross Site Scripting / Server-Side Request Forgery Vulnerabilities

Moodle versions 3.10 to 3.10.1, 3.9 to 3.9.4, 3.8 to 3.8.7, and 3.5 to 3.5.16 suffer from cross site scripting and server-side request forgery vulnerabilities. Moodle is an opensource learning management system, popular in universities and workplaces largely used to manage courses, activities and...

XSS Vulnerability in Learning Express Cloud Drive

Founded in 1993, Beijing Century Super Star Information Technology Development Limited Liability Company is one of the early companies in China engaged in the digitization of paper materials and the production of electronic publications. An XSS vulnerability exists in Study Pass Cloud Drive, whic...

Google TensorFlow heap allocation array out-of-bounds read vulnerability

Google TensorFlow is an end-to-end open source machine learning platform. an out-of-bounds read vulnerability exists in the shape inference function of the QuantizeAndDequantizeV operation in versions prior to TensorFlow 2.7.0 for heap allocation arrays. No detailed vulnerability details are...

Google TensorFlow heap allocation array out-of-bounds read vulnerability (CNVD-2021-85885)

Google TensorFlow is an end-to-end open source machine learning platform. An out-of-bounds read vulnerability exists in the shape inference code of tf.ragged.cross in versions prior to TensorFlow 2.7.0 for heap allocation arrays. No details of the vulnerability are currently available...

Google TensorFlow heap out-of-bounds access vulnerability

Google TensorFlow is an end-to-end open source machine learning platform. a heap out-of-bounds access vulnerability exists in the implementation of the FusedBatchNorm kernel in versions prior to TensorFlow 2.7.0. No details of the vulnerability are currently available...

Google TensorFlow heap allocation array out-of-bounds read vulnerability (CNVD-2021-85884)

Google TensorFlow is an end-to-end open source machine learning platform. an out-of-bounds read vulnerability exists in the shape inference function of SparseCountSparseOutput in versions prior to TensorFlow 2.7.0 for heap allocation arrays. No detailed vulnerability details are currently availab...

Google TensorFlow Heap Out-of-Bounds Access Vulnerability (CNVD-2021-85883)

Google TensorFlow, an end-to-end open source machine learning platform, suffers from a heap out-of-bounds access vulnerability in the SparseBinCount implementation in versions prior to TensorFlow 2.7.0. The vulnerability stems from missing validation between the elements of the values parameter a...

Google TensorFlow Heap Out-of-Bounds Access Vulnerability (CNVD-2021-85882)

Google TensorFlow is an end-to-end open source machine learning platform. a heap out-of-bounds access vulnerability exists in the SparseFillEmptyRows implementation in versions prior to TensorFlow 2.7.0. No details of the vulnerability are currently available...

Google TensorFlow null pointer dereference vulnerability (CNVD-2021-85888)

Google TensorFlow, an end-to-end open source machine learning platform, is vulnerable to a null pointer dereference in the shape inference code of DeserializeSparse in versions of TensorFlow prior to 2.7.0. The vulnerability stems from the shape inference function assuming that the serializespars...

CVE-2021-41228

TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's savedmodelcli tool is vulnerable to a code injection as it calls eval on user supplied strings. This can be used by attackers to run arbitrary code on the plaform where the CLI tool runs. However, given...

CVE-2021-41213

TensorFlow is an open source platform for machine learning. In affected versions the code behind tf.function API can be made to deadlock when two tf.function decorated Python functions are mutually recursive. This occurs due to using a non-reentrant Lock Python object. Loading any model which...

CVE-2021-41221

TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for the Cudnn operations in TensorFlow can be tricked into accessing invalid memory, via a heap buffer overflow. This occurs because the ranks of the input, inputh and inputc parameters are n...

CVE-2021-41222

TensorFlow is an open source platform for machine learning. In affected versions the implementation of SplitV can trigger a segfault is an attacker supplies negative arguments. This occurs whenever sizesplits contains more than one value and at least one value is negative. The fix will be include...

CVE-2021-41225

TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's Grappler optimizer has a use of unitialized variable. If the trainnodes vector obtained from the saved model that gets optimized does not contain a Dequeue node, then dequeuenode is left unitialized. The...

CVE-2021-41216

TensorFlow is an open source platform for machine learning. In affected versions the shape inference function for Transpose is vulnerable to a heap buffer overflow. This occurs whenever perm contains negative elements. The shape inference function does not validate that the indices in perm are al...