CVE-2022-41891

CVE-2022-41891 (TensorFlow) : A segmentation fault occurs in tf.raw_ops.TensorListConcat when element_shape is []; this can trigger a denial-of-service. A patch was committed (fc33f3dc4c14051a83eec6535b608abe1d355fde) and will be included in TensorFlow 2.11. TensorFlow 2.10.1, 2.9.3, and 2.8.4 wi...

CVE-2022-41907 Overflow in `ResizeNearestNeighborGrad` in Tensorflow

TensorFlow is an open source platform for machine learning. When tf.rawops.ResizeNearestNeighborGrad is given a large size input, it overflows. We have patched the issue in GitHub commit 00c821af032ba9e5f5fa3fe14690c8d28a657624. The fix will be included in TensorFlow 2.11. We will also cherrypick...

CVE-2022-41908

TensorFlow CVE-2022-41908: CHECK fail in tf.raw_ops.PyFunc triggered by non-UTF-8 input tokens. Patch committed (9f03a9d3bafe902c1e6beb105b2f24172f238645); fix slated for TensorFlow 2.11 with cherry-picks to 2.10.1, 2.9.3, and 2.8.4. No exploit details provided in the documents.

CVE-2022-41886

CVE-2022-41886 affects TensorFlow. The vulnerability occurs in the operator tf.raw_ops.ImageProjectiveTransformV2 when it outputs a large shape, causing an overflow. A patch is in the GitHub commit 8faa6ea692985dbe6ce10e1a3168e0bd60a723ba and the fix will be included in TensorFlow 2.11; TensorFlo...

CVE-2022-41883 Out of bounds segmentation fault due to unequal op inputs in Tensorflow

TensorFlow is an open source platform for machine learning. When ops that have specified input sizes receive a differing number of inputs, the executor will crash. We have patched the issue in GitHub commit f5381e0e10b5a61344109c1b7c174c68110f7629. The fix will be included in TensorFlow 2.11. We...

CVE-2022-41897

CVE-2022-41897 affects TensorFlow when FractionMaxPoolGrad receives outsize inputs in row_pooling_sequence or col_pooling_sequence, causing a crash due to a heap/out-of-bounds read. The issue is addressed in a GitHub commit (d71090c3e5ca325bdf4b02eb236cfb3ee823e927) and the fix will be included i...

CVE-2022-41895 `MirrorPadGrad` heap out of bounds read in Tensorflow

TensorFlow is an open source platform for machine learning. If MirrorPadGrad is given outsize input paddings, TensorFlow will give a heap OOB error. We have patched the issue in GitHub commit 717ca98d8c3bba348ff62281fdf38dcb5ea1ec92. The fix will be included in TensorFlow 2.11. We will also...

CVE-2022-41898 `CHECK` fail via inputs in `SparseFillEmptyRowsGrad` in Tensorflow

TensorFlow is an open source platform for machine learning. If SparseFillEmptyRowsGrad is given empty inputs, TensorFlow will crash. We have patched the issue in GitHub commit af4a6a3c8b95022c351edae94560acc61253a1b8. The fix will be included in TensorFlow 2.11. We will also cherrypick this commi...

CVE-2022-41885 Overflow in `FusedResizeAndPadConv2D` in Tensorflow

TensorFlow is an open source platform for machine learning. When tf.rawops.FusedResizeAndPadConv2D is given a large tensor shape, it overflows. We have patched the issue in GitHub commit d66e1d568275e6a2947de97dca7a102a211e01ce. The fix will be included in TensorFlow 2.11. We will also cherrypick...

Announcing the Microsoft Machine Learning Membership Inference Competition (MICO)

We’re excited to announce the launch of a new competition focusing on the security and privacy of machine learning ML systems. Machine learning has already become a key enabler in many products and services, and this trend is likely to continue. It is therefore critical to understand the security...

Rapid7 Takes Home 2 Awards and a Highly Commended Recognition at the 2022 Belfast Telegraph IT Awards

Rapid7 was honored at the Belfast Telegraph's annual IT Awards, Friday, taking home a pair of awards including the coveted “Best Place to Work in IT” in the large company category award, and the “Cyber Security Project of the Year” award, for groundbreaking machine learning research in applicatio...

Announcing the Microsoft Machine Learning Membership Inference Competition (MICO)

We’re excited to announce the launch of a new competition focusing on the security and privacy of machine learning ML systems. Machine learning has already become a key enabler in many products and services, and this trend is likely to continue. It is therefore critical to understand the security...

Announcing the Microsoft Machine Learning Membership Inference Competition (MICO)

We’re excited to announce the launch of a new competition focusing on the security and privacy of machine learning ML systems. Machine learning has already become a key enabler in many products and services, and this trend is likely to continue. It is therefore critical to understand the security...

New Updates for ESET's Advanced Home Solutions

It's no secret that antivirus software is as essential to your computer as a power cord. However, the threats don't stop at your devices. For example, criminals trying to steal your data can attack your Wi-Fi router, and phishing attempts can target your email. ESET's latest consumer product...

NGWAF - First Iteration Of ML Based Feedback WAF

The Motivation | What is the N3XT ST3P? With the explosive growth of web applications since the early 2000s, web-based attacks have progressively become more rampant. One common solution is the Web Application Firewall WAF. However, tweaking rules of current WAFs to improve the detection mechanis...

4 Major Benefits of Next Gen SIEM

By Owais Sultan Next gen SIEM is a cloud-native cyberscurity tool that utilizes artificial intelligence and machine learning to discover malicious activity in real-time. This is a post from HackRead.com Read the original post: 4 Major Benefits of Next Gen SIEM...

Oracle Database Server (Oct 2022 CPU)

The 19c and 21c versions of Oracle Database Server installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2022 CPU advisory. - Vulnerability in the Oracle Database - Machine Learning Numpy component of Oracle Database Server. The supported version that ...

The benefits of taking an intent-based approach to detecting Business Email Compromise

BEC is a multi-stage attack. Adversaries first identify targets, then they establish rapport with the victim before exploiting them for whatever their end goal is. In the case of BEC, a threat actor can impersonate any employee in the organization to trick targets. A policy that checks for...

The benefits of taking an intent-based approach to detecting Business Email Compromise

By Abhishek Singh. BEC is a multi-stage attack. Adversaries first identify targets, then they establish rapport with the victim before exploiting them for whatever their end goal is. In the case of BEC, a threat actor can impersonate any employee in the organization to trick targets. A policy tha...

libzdnn bug fix and enhancement update

An update is available for libzdnn. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libzdnn package enables user and applications to leverage the zDNN...