CVE-2021-37675

TensorFlow is an end-to-end open source platform for machine learning. In affected versions most implementations of convolution operators in TensorFlow are affected by a division by 0 vulnerability where an attacker can trigger a denial of service via a crash. The shape inference implementation i...

CVE-2021-37675 Division by 0 in most convolution operators in TensorFlow

TensorFlow is an end-to-end open source platform for machine learning. In affected versions most implementations of convolution operators in TensorFlow are affected by a division by 0 vulnerability where an attacker can trigger a denial of service via a crash. The shape inference implementation i...

PT-2021-21793 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.6.0 TensorFlow version 2.5.1 TensorFlow version 2.4.3 TensorFlow version 2.3.4 Description: The issue is related to a division by 0 vulnerability in most implementations of convolution operators in TensorFlow,...

Homeland Security Releases New Cybersecurity Rules

DHS's second issue requires pipeline operators to implement various cybersecurity measures to protect their operations from cyber attacks. This directive also builds upon the department's May directive following the Colonial Pipeline attack...

World-Class OTT Streaming from MwareTV with Akamai

Written by: Ina Christova Since the onset of the pandemic, home entertainment has never been more important. Millions of users across the globe have turned to over-the-top OTT streaming and live TV to bring much-needed diversion and exciting content into their lives. MwareTV provides content...

Booking Core has an unspecified vulnerability

Booking Core is an application. A Laravel-based booking system designed for travel websites, malls, travel agents, tour operators, B&Bs, villa rentals, resort rentals, Make Travel websites.Booking Core has a security vulnerability that stems from the subscription functionality in Ultimate Booking...

Booking Core Cross-Site Scripting Vulnerability

Booking Core is an application. A Laravel-based booking system designed for travel websites, malls, travel agents, tour operators, B&Bs, villa rentals, resort rentals, Make Travel websites.Booking Core suffers from a cross-site scripting vulnerability, which stems from a cross-site scripting XSS...

Command Execution Vulnerability in TamronOS IPTV System ISP Edition Stable Version

TamronOS IPTV system is a live and on-demand system solution for broadband operators, hotels, schools and other high traffic scenarios. A command execution vulnerability exists in the stable version of TamronOS IPTV System ISP Edition, which can be exploited by attackers to remotely execute code...

Command execution vulnerability in TamronOS IPTV/VOD system (CNVD-2021-49564)

TamronOS IPTV/VOD system is a set of Linux kernel-based development of broadband operators, hotels, schools, live on-demand all-in-one solution, the system provides a variety of clients Android set-top box, TV, PC on-demand, cell phone on-demand to facilitate user access through different devices...

WAF-A-MoLE - A Guided Mutation-Based Fuzzer For ML-based Web Application Firewalls

A guided mutation-based fuzzer for ML-based Web Application Firewalls, inspired by AFL and based on the FuzzingBook by Andreas Zeller et al. Given an input SQL injection query, it tries to produce a semantic invariant query that is able to bypass the target WAF. You can use this tool for assessin...

Google for OpSec data discovery

Following last months post about what OpSec is and how it can benefit your company I wanted go a step further, and look at some of the ways you can super charge your searches to find interesting data about your company. Basic search parameters As I mentioned last month, one of the most useful too...

5G Security Vulnerabilities Fluster Mobile Operators

As 5G private networks roll out in the coming years, security may be a key issue for enterprises. A survey released at Mobile World Congress on Monday shows that major gaps persist in security capabilities among mobile operators. Some 68 percent of operators already sell private wireless networks...

Russia bans VyprVPN, Opera VPN services for not complying with blacklist request

Russia's telecommunications and media regulator Roskomnadzor RKN on Thursday introduced restrictions on the operation of VyprVPN and Opera VPN services in the country. "In accordance with the regulation on responding to threats to circumvent restrictions on access to child pornography, suicidal,...

Experts Shed Light On Distinctive Tactics Used by Hades Ransomware

Cybersecurity researchers on Tuesday disclosed "distinctive" tactics, techniques, and procedures TTPs adopted by operators of Hades ransomware that set it apart from the rest of the pack, attributing it to a financially motivated threat group called GOLD WINTER. "In many ways, the GOLD WINTER...

TamronOS IPTV V5 System Backend Contains Arbitrary File Download Vulnerability

TamronOS IPTV system is a live and on-demand system solution for broadband operators, hotels, schools and other high traffic scenarios. TamronOS IPTV V5 system has an arbitrary file download vulnerability in the background, which can be exploited by attackers to obtain sensitive information...

CVE-2021-23204

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gallagher Command Centre Server allows OSDP key material to be exposed to Command Centre Operators. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 MR3; 8.30 versions prior to 8.30.1359 MR3...

CVE-2021-23230

A SQL Injection vulnerability in the OPCUA interface of Gallagher Command Centre allows a remote unprivileged Command Centre Operator to modify Command Centre databases undetected. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 MR3; 8.30 versions prior to 8.30.1359...

CVE-2021-23136

Improper Authorization vulnerability in Gallagher Command Centre Server allows macro overrides to be performed by an unprivileged Command Centre Operator. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 MR3; 8.30 versions prior to 8.30.1359 MR3; 8.20 versions prior t...

CVE-2021-23204

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gallagher Command Centre Server allows OSDP key material to be exposed to Command Centre Operators. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 MR3; 8.30 versions prior to 8.30.1359 MR3...

PYSEC-2021-716

TensorFlow is an end-to-end open source platform for machine learning. The implementations of the Minimum and Maximum TFLite operators can be used to read data outside of bounds of heap allocated objects, if any of the two input tensor arguments are empty. This is because the broadcasting...