CVE-2021-29547

CVE-2021-29547 affects TensorFlow QuantizedBatchNormWithGlobalNormalization. The issue is a heap/out-of-bounds vulnerability caused by inputs being allowed to be empty; when any input is empty, flat()(0) accesses data outside of bounds, enabling a segfault/denial of service. Patches were applied ...

CVE-2021-29548

TensorFlow vulnerability CVE-2021-29548 concerns the QuantizedBatchNormWithGlobalNormalization path. The issue is a runtime division-by-zero that can cause a denial of service due to insufficient validation of the op contract in the quantized batch-norm kernel. A fix is planned and will be includ...

CVE-2021-29548 Division by 0 in `QuantizedBatchNormWithGlobalNormalization`

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a runtime division by zero error and denial of service in tf.rawops.QuantizedBatchNormWithGlobalNormalization. This is because the...

CVE-2021-29549

CVE-2021-29549 (TensorFlow) is a division-by-zero vulnerability in tf.raw_ops.QuantizedAdd/QuantizedBatchNormWithGlobalNormalization that can trigger a runtime error and denial of service. The root cause is a modulo operation applied with vector_num_elements that can be zero because it is derived...

CVE-2021-29549 Division by 0 in `QuantizedAdd`

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a runtime division by zero error and denial of service in tf.rawops.QuantizedBatchNormWithGlobalNormalization. This is because the...

CVE-2021-29550

TensorFlow CVE-2021-29550 concerns a runtime division-by-zero in tf.raw_ops.FractionalAvgPool within the FractionalAvgPool implementation. The root cause is that the operator computes output_size by floor-dividing input_size[i] by pooling_ratio[i], where both values are user-controlled; if input_...

CVE-2021-29551

TensorFlow CVE-2021-29551 relates to MatrixTriangularSolve: the kernel failed to terminate when input validation fails, enabling a potential heap OOB read with crafted tensors. The issue is tied to OP_REQUIRES paths not aborting before using inputs, leading to invalid data usage in bcast construc...

CVE-2021-29553

TensorFlow vulnerability CVE-2021-29553 involves a heap-based out-of-bounds read in tf.raw_ops.QuantizeAndDequantizeV3 caused by not validating the user-supplied axis before indexing the input. Affected TensorFlow versions are in the 2.x range, with a fix planned for TensorFlow 2.5.0 and cherry-p...

CVE-2021-29554

CVE-2021-29554 affects TensorFlow: DenseCountSparseOutput can cause a denial of service via a division-by-zero runtime error. Root cause is computing a divisor from user data without validating zero, yielding num_batch_elements = 0 and a divide operation. Affected TF releases are mitigated by a f...

CVE-2021-29512

TensorFlow RaggedBincount vulnerability (CVE-2021-29512) involves a heap-based buffer overflow when the splits argument does not specify a valid SparseTensor. Affected path shows reads beyond splits bounds inside RaggedBincount. The issue is triggered by user-controlled splits containing a single...

File Upload Vulnerability in Online Learning Management System

Online Learning Management System is an online learning management system. A file upload vulnerability exists in Online Learning Management System, which can be exploited by an attacker to gain control of the server...

ILIAS Information Disclosure Vulnerability

ILIAS is a powerful open source learning management system for developing and implementing web-based e-learning. An information disclosure vulnerability exists in ILIAS versions prior to 5.3.19, 5.4.12, and 6.0. An attacker can exploit this vulnerability to gain access to uploaded data paths via ...

Ilias 信息泄露漏洞

ILIAS is a powerful open source learning management system for developing and implementing web-based e-learning. An information disclosure vulnerability exists in ILIAS versions prior to 5.3.19, 5.4.12, and 6.0. An attacker can exploit this vulnerability to gain access to uploaded data paths via ...

Juniper Junos OS DoS (JSA11137)

The version of Junos OS installed on the remote host is affected by a denial of service vulnerability as referenced in the JSA11137 advisory. An unauthenicated remote attacker can bypass the storm-control feature on devices due to a rare race condition exists in the Layer 2 Address Learning Daemo...

CyberBattleSim - An Experimentation And Research Platform To Investigate The Interaction Of Automated Agents In An Abstract Simulated Network Environments

CyberBattleSim is an experimentation research platform to investigate the interaction of automated agents operating in a simulated abstract enterprise network environment. The simulation provides a high-level abstraction of computer networks and cyber security concepts. Its Python-based Open AI G...

How chat platforms are using Machine Learning for content moderation?

By Uzair Amir More and more online services are using Machine Learning ML, the method of data analysis that will automate the building of analytical mode. This is a post from HackRead.com Read the original post: How chat platforms are using Machine Learning for content moderation?...

Security Bulletin: GO is is vulnerable to a denial of service on IBM Watson Machine Learning on CP4D

Summary Golang golang.org/x/crypto is vulnerable to a denial of service, caused by an error during signature verification in the golang.org/x/crypto/ssh package on IBM Watson Machine Learning on CP4D Vulnerability Details CVEID: CVE-2020-9283 DESCRIPTION: Golang golang.org/x/crypto is vulnerable ...

Security Bulletin: Go is vulnerable to a denial of service on IBM Watson Machine Learning on CP4D

Summary Golang Go is vulnerable to a denial of service and bypass security restrictions on IBM Watson Machine Learning on CP4D Vulnerability Details CVEID: CVE-2020-15586 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a data race in some net/http servers. By sending...

Security Bulletin: GO is suspectible for denial of service on IBM Watson Machine Learning on CP4D

Summary GO is suspectible for denial of service on IBM Watson Machine Learning on CP4D Vulnerability Details CVEID: CVE-2020-16845 DESCRIPTION: Go Language is vulnerable to a denial of service, caused by an infinite read loop in ReadUvarint and ReadVarint in encoding/binary. By sending a...

Security Bulletin: Go can panic upon an attempt to process network traffic on IBM Watson Machine Learning on CP4D

Summary Go is vulnerable to a denial of service and can panic upon an attempt to process network traffic on IBM Watson Machine Learning on CP4D Vulnerability Details CVEID: CVE-2019-17596 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw when verifying invalid DSA publ...