3086 matches found
CVE-2022-29191
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.GetSessionTensor does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack...
Stack overflow
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.DeleteSessionTensor does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack...
Stack overflow
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.QuantizeAndDequantizeV4Grad does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service...
Stack overflow
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.GetSessionTensor does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack...
CVE-2022-29194 Missing validation causes denial of service via `DeleteSessionTensor` in TensorFlow
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.DeleteSessionTensor does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack...
CVE-2022-29194
CVE-2022-29194 affects TensorFlow where the implementation of tf.raw_ops.DeleteSessionTensor does not fully validate its input arguments, leading to a CHECK failure that can trigger a denial of service. The issue is fixed in versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, which contain patches. Connecte...
CVE-2022-29191
CVE-2022-29191 affects TensorFlow: the implementation of tf.raw_ops.GetSessionTensor does not fully validate input arguments, causing a CHECK failure and enabling a denial of service on a local attacker. Affected versions are prior to 2.9.0, 2.8.1, 2.7.2, and 2.6.4; a patch is included in those v...
CVE-2022-29191 Missing validation causes denial of service via `GetSessionTensor` in TensorFlow
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.GetSessionTensor does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack...
CVE-2022-29192
TensorFlow vulnerability CVE-2022-29192 affects tf.raw_ops.QuantizeAndDequantizeV4Grad; it does not fully validate input arguments, causing a CHECK failure that can trigger a denial of service. Affected versions are prior to 2.9.0, 2.8.1, 2.7.2, and 2.6.4. A patch exists in 2.9.0 and has been bac...
CVE-2022-29192 Missing validation crashes `QuantizeAndDequantizeV4Grad` in TensorFlow
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.QuantizeAndDequantizeV4Grad does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service...
CVE-2022-29192 Missing validation crashes `QuantizeAndDequantizeV4Grad` in TensorFlow
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.QuantizeAndDequantizeV4Grad does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service...
Improper Restriction of XML External Entity Reference in Elasticsearch
Elasticsearch Security versions 6.5.0 and 6.5.1 contain an XXE flaw in Machine Learning's findfilestructure API. If a policy allowing external network access has been added to Elasticsearch's Java Security Manager then an attacker could send a specially crafted request capable of leaking content ...
GHSA-CCMR-QJ26-845G Improper Restriction of XML External Entity Reference in Elasticsearch
Elasticsearch Security versions 6.5.0 and 6.5.1 contain an XXE flaw in Machine Learning's findfilestructure API. If a policy allowing external network access has been added to Elasticsearch's Java Security Manager then an attacker could send a specially crafted request capable of leaking content ...
GHSA-MJPC-QX7H-R8C9 Elasticsearch subject to cross site scripting
X-Pack Machine Learning versions before 6.2.4 and 5.6.9 had a cross-site scripting XSS vulnerability. If an attacker is able to inject data into an index that has a ML job running against it, then when another user views the results of the ML job it could allow the attacker to obtain sensitive...
Elasticsearch subject to cross site scripting
X-Pack Machine Learning versions before 6.2.4 and 5.6.9 had a cross-site scripting XSS vulnerability. If an attacker is able to inject data into an index that has a ML job running against it, then when another user views the results of the ML job it could allow the attacker to obtain sensitive...
Microsoft security experts outline next steps after compromise recovery
Who is CRSP? The Microsoft Compromise Recovery Security Practice CRSP is a worldwide team of cybersecurity experts operating in most countries, across both public and private organizations, with deep expertise to secure an environment post-security breach and to help you prevent a breach in the...
Apple’s child safety features are coming to a Messages app near you
Apple will soon be rolling out its promised child safety features in the Messages app for users in Australia, Canada, New Zealand, and the UK. The announcement comes four months after the features initial launch in the US on the iOS, iPad, and macOS devices. To make communicating with Messages...
Security Bulletin: Vulnerability in json4j - CVE-2021-3918 (Publicly disclosed vulnerability) impacts IBM Watson Machine Learning Accelerator
Summary Json4j is used IBM Watson Machine Learning Accelerator. This bulletin provides mitigations for the addressable vulnerability CVE-2021-3918 by upgrading addressable to latest version. Vulnerability Details CVEID: CVE-2021-3918 DESCRIPTION: Json-schema could allow a remote attacker to execu...
Security Bulletin: Vulnerability in [All] Spring Framework - CVE-2021-22060 (Publicly disclosed vulnerability) impacts IBM Watson Machine Learning Accelerator
Summary Spring Framework is used IBM Watson Machine Learning Accelerator. This bulletin provides mitigations for the addressable vulnerability CVE-2021-22060 by upgrading addressable to latest version. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...
CVE-2022-24770
gradio is an open source framework for building interactive machine learning models and demos. Prior to version 2.8.11, gradio suffers from Improper Neutralization of Formula Elements in a CSV File. The gradio library has a flagging functionality which saves input/output data into a CSV file on t...