CVE-2021-41201

TensorFlow CVE-2021-41201: The issue is an uninitialized flag in EinsumHelper::ParseEquation that only ever sets input_has_ellipsis/output_has_ellipsis to true, leaving potential uninitialized access when callers expect both true/false values. This affects multiple TF releases (2.4.x–2.7.x) and i...

CVE-2021-41200 Incomplete validation in `tf.summary.create_file_writer`

TensorFlow is an open source platform for machine learning. In affected versions if tf.summary.createfilewriter is called with non-scalar arguments code crashes due to a CHECK-fail. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow...

CVE-2021-41200

CVE-2021-41200 concerns TensorFlow’s tf.summary.create_file_writer: when called with non-scalar arguments, affected builds can crash due to a CHECK failure. The provided documents specify the issue in TensorFlow’s open-source code path and confirm a fix in TensorFlow 2.7.0, with cherry-picks to o...

CVE-2021-41197

CVE-2021-41197 concerns TensorFlow where treating large tensor shapes can overflow int64, causing a CHECK-failure abort during shape construction (notably in operations like tf.math.segment_, SparseCwise , and depthwise-related paths). The issue is addressed by upstream fixes, with the primary pa...

CVE-2021-41198

CVE-2021-41198 affects TensorFlow where calling tf.tile with very large inputs can trigger a CHECK failure due to int64 overflow, crashing the process. The issue is rooted in the tile operation’s handling of output size and overflow detection. Remediation is available: TensorFlow 2.7.0 includes t...

CVE-2021-41198 Overflow/crash in `tf.tile` when tiling tensor is large

TensorFlow is an open source platform for machine learning. In affected versions if tf.tile is called with a large input argument then the TensorFlow process will crash due to a CHECK-failure caused by an overflow. The number of elements in the output tensor is too much for the int64t type and th...

CVE-2021-41199

CVE-2021-41199 refers to an overflow crash in TensorFlow’s tf.image.resize when the output size is very large. Affected TF versions up to 2.7.0 (and cherry-picks for 2.6.1, 2.5.2, 2.4.4) abort the process via a CHECK failure due to int64 overflow while computing the output tensor size. Connected ...

CVE-2021-41196

CVE-2021-41196 affects TensorFlow (Keras pooling layers). In affected builds, pooling operations can segfault when pool size is 0 or a dimension is negative because values in the sliding window are not checked to be strictly positive. The issue is tied to TensorFlow’s pooling implementation, with...

CVE-2021-41195

TensorFlow CVE-2021-41195 affects tf.math.segment_* implementations; large segment_ids can trigger a CHECK failure and abort due to int64 overflow when computing output shapes. Vulnerable CPU/GPU paths use AddDim, with AddDimWithStatus needed to prevent overflow. The fix is planned for TensorFlow...

How we took part in MLSEC and (almost) won

This summer Kaspersky experts took part in the Machine Learning Security Evasion Competition MLSEC — a series of trials testing contestants ability to create and attack machine learning models. The event is comprised of two main challenges — one for attackers, and the other for defenders. The...

elearning.marcoaurelio.comune.roma.it Cross Site Scripting vulnerability OBB-2210825

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

e-learning.outsphera.it Cross Site Scripting vulnerability OBB-2210815

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2021-41127

Rasa is an open source machine learning framework to automate text-and voice-based conversations. In affected versions a vulnerability exists in the functionality that loads a trained model tar.gz file which allows a malicious actor to craft a model.tar.gz file which can overwrite or replace bot...

PYSEC-2021-381

Rasa is an open source machine learning framework to automate text-and voice-based conversations. In affected versions a vulnerability exists in the functionality that loads a trained model tar.gz file which allows a malicious actor to craft a model.tar.gz file which can overwrite or replace bot...

CVE-2021-41127

CVE-2021-41127 affects Rasa open source framework. A vulnerability exists in the model-loading path for trained archives (model.tar.gz) that can be crafted to overwrite or replace bot files in the bot directory. Root cause: arbitrary file write via crafted model archives during load. Impact per s...

Using Machine Learning to Guess PINs from Video

Researchers trained a machine-learning system on videos of people typing their PINs into ATMs: By using three tries, which is typically the maximum allowed number of attempts before the card is withheld, the researchers reconstructed the correct sequence for 5-digit PINs 30% of the time, and...

Easytest licensing issue vulnerability

Easytest is an online learning quiz platform of China's Huaju Digital Technology, Inc. Easytest is vulnerable to authorization issues, which can be exploited by remote attackers to access user and administrator account information other than passwords by constructing URL parameters after gaining...

Easytest SQL Injection Vulnerability

Easytest is an online learning quiz platform of China's Hua Ju Digital Technology, Inc. Easytest is vulnerable to SQL injection, which can be exploited by attackers to inject SQL commands into the parameters of the elective course management page after gaining user privileges to gain all database...

Easytest SQL Injection Vulnerability (CNVD-2021-83597)

Easytest is an online learning quiz platform of China's Hua Ju Digital Technology, Inc. Easytest is vulnerable to SQL injection, which can be exploited by attackers to inject SQL commands into the parameters of the learning history page after gaining user privileges to access all databases and ga...

Easytest Cross-Site Scripting Vulnerability

Easytest is an online learning quiz platform of China's Huaju Digital Technology Co. Easytest suffers from a cross-site scripting vulnerability that could be exploited by remote attackers to inject JavaScript and perform stored XSS attacks...