Security Bulletin: Multiple TensorFlow Vulnerabilities Affect IBM Watson Machine Learning on CP4D

Summary TensorFlow is vulnerable to a denial of service on IBM Watson Machine Learning on CP4D Vulnerability Details CVEID: CVE-2021-29608 DESCRIPTION: TensorFlow is vulnerable to a denial of service, caused by a heap out-of-bounds and NULL pointer dereference flaw in "RaggedTensorToTensor". By...

Is Traffic Mirroring for NDR Worth the Trouble? We Argue It Isn't

Network Detection & Response NDR is an emerging technology developed to close the blind security spots left by conventional security solutions, which hackers exploited to gain a foothold in target networks. Nowadays, enterprises are using a plethora of security solutions to protect their network...

Researchers Propose Machine Learning-based Bluetooth Authentication Scheme

A group of academics has proposed a machine learning approach that uses authentic interactions between devices in Bluetooth networks as a foundation to handle device-to-device authentication reliably. Called "Verification of Interaction Authenticity" aka VIA, the recurring authentication scheme...

Security Bulletin: IBM Watson Machine Learning Accelerator is affected by a vulnerability in Nginx

Summary IBM Watson Machine Learning Accelerator is affected by a vulnerability in Nginx. IBM Watson Machine Learning Accelerator havs addressed the CVE-2021-23017. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected...

Google TensorFlow code issue vulnerability (CNVD-2022-09857)

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. Google TensorFlow is vulnerable to a code issue that arises from the fact that if the user does not provide a valid padding value for "tf.rawops.MatrixDiagPartOp", the code triggers a null point...

Google TensorFlow code issue vulnerability (CNVD-2022-09856)

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. Google TensorFlow suffers from a code issue vulnerability that stems from the fact that when recovering a tensor via the raw API, TensorFlow may be tricked into referencing a null pointer if the...

Google TensorFlow null pointer dereference vulnerability (CNVD-2021-64071)

Google TensorFlow is an end-to-end open source machine learning platform. a null pointer dereference vulnerability exists in the rowpartitiontypes of the tf.rawops.RaggedTensorToTensor API in versions prior to Google TensorFlow 2.6.0. An attacker can exploit this vulnerability by sending invalid...

Google TensorFlow integer overflow vulnerability (CNVD-2021-64075)

Google TensorFlow is an end-to-end open source machine learning platform. An integer overflow vulnerability exists in the implementation of tf.rawops.QuantizeAndDequantizeV4Grad in versions prior to Google TensorFlow 2.6.0. The vulnerability stems from converting a signed integer value to an...

Google TensorFlow Dezero Error Vulnerability (CNVD-2021-64067)

Google TensorFlow is an end-to-end open source machine learning platform. tf.rawops.ResourceScatterDiv implementation in versions prior to Google TensorFlow 2.6.0 is vulnerable to a dezero error. No detailed vulnerability details are available at this time...

Google TensorFlow Dezero Error Vulnerability (CNVD-2021-64070)

Google TensorFlow is an end-to-end open source machine learning platform. the implementation of tf.rawops.SparseDenseCwiseDiv in versions prior to Google TensorFlow 2.6.0 is vulnerable to a dezero error. No details of the vulnerability are currently available...

Google TensorFlow null pointer dereference vulnerability (CNVD-2021-64072)

Google TensorFlow is an end-to-end open source machine learning platform. tf.rawops.CompressElement in versions prior to Google TensorFlow 2.6.0 is vulnerable to null pointer dereference. An attacker could exploit the vulnerability by passing invalid input to cause a null pointer dereference...

Google TensorFlow null pointer dereference vulnerability (CNVD-2021-64073)

Google TensorFlow is an end-to-end open source machine learning platform. tf.rawops.UncompressElement code in versions prior to Google TensorFlow 2.6.0 is vulnerable to null pointer dereference. No detailed vulnerability details are available at this time...

Google TensorFlow Dezero Error Vulnerability (CNVD-2021-64069)

Google TensorFlow, an end-to-end open source machine learning platform, is vulnerable to a divide by zero error in versions prior to Google TensorFlow 2.6.0. An attacker could exploit the vulnerability through a specially crafted parameter call in-place to cause a floating point exception, which...

Google TensorFlow integer division by zero error vulnerability

Google TensorFlow is an end-to-end open source machine learning platform. An integer division by zero error vulnerability exists in the implementation of tf.rawops.SparseReshape in versions prior to Google TensorFlow 2.6.0. No details of the vulnerability are currently available...

Apple: Image-Detection Backdoor ‘Narrow’ in Scope

Apple provided additional design and security details this week about the planned rollout of a feature aimed at detecting child sexual abuse material CSAM images stored in iCloud Photos. Privacy groups like the Electronic Frontier Foundation warned that the process of flagging CSAM images...

Google TensorFlow Go Denial of Service Vulnerability

Google TensorFlow is an end-to-end open source platform for machine learning from Google Google, Inc. A local attacker can exploit this vulnerability to cause a denial of service situation...

Google TensorFlow Denial of Service Vulnerability (CNVD-2021-63060)

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A denial-of-service vulnerability exists in Google Tensorflow, which can be exploited by local attackers to cause a denial of service...

Google TensorFlow buffer overflow vulnerability (CNVD-2021-64528)

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A security vulnerability exists in Google TensorFlow, which stems from the fact that in affected versions, an attacker can cause undefined behavior by binding references to null pointers in...

Google TensorFlow code issue vulnerability (CNVD-2021-64530)

A security vulnerability in Google TensorFlow, an end-to-end open source platform for machine learning from Google, can be exploited to cause undefined behavior by binding references to null pointers in the tf.rawops.Map and tf.rawops. OrderedMap operations to cause undefined behavior by binding ...

Google TensorFlow buffer overflow vulnerability (CNVD-2021-64529)

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A security vulnerability exists in Google TensorFlow that could be exploited to cause TensorFlow to terminate abnormally...