Cybercriminals Selling Access to Compromised Networks: 3 Surprising Research Findings

Cybercriminals are innovative, always finding ways to adapt to new circumstances and opportunities. The proof of this can be seen in the rise of a certain variety of activity on the dark web: the sale of access to compromised networks. This type of dark web activity has existed for decades, but i...

hw: Information disclosure issue in Intel SGX via RAPL interface

A vulnerability was found in Intel's implementation of RAPL Running Average Power Limit. An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem...

PYSEC-2021-564

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for tf.rawops.FractionalAvgPoolGrad can be tricked into accessing data outside of bounds of heap allocated buffers. The implementation does not validate that the input tensor is non-empt...

PYSEC-2021-762

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for tf.rawops.FractionalAvgPoolGrad can be tricked into accessing data outside of bounds of heap allocated buffers. The implementation does not validate that the input tensor is non-empt...

PT-2021-21767 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.6.0 TensorFlow version 2.5.1 TensorFlow version 2.4.3 TensorFlow version 2.3.4 Description: The implementation for tf.raw ops.FractionalAvgPoolGrad can be tricked into accessing data outside of bounds of heap...

hw: Information disclosure issue in Intel SGX via RAPL interface

A vulnerability was found in Intel's implementation of RAPL Running Average Power Limit. An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem...

Streaming Numbers Jump for European Football Tournament Delivered by Akamai

The video streaming traffic that Akamai delivered for more than 30 rights-holding customers during the July 11 Italy-England football soccer final as part of the delayed-to-2021European soccer tournament peaked at 34.9 Tbps on the Akamai edge platform. The traffic peak during the final match was...

A market's hourly average price can be biased by a large number of trades

Handle shw Vulnerability details Impact An attacker can artificially move a market's hourly average price i.e., the result of getHourlyAvgTracerPrice by executing a large number of trades on the market with only paying gas fees. Proof of Concept The hourly average price is calculated by the...

GHSA-6F89-8J54-29XF Heap buffer overflow in `FractionalAvgPoolGrad`

Impact The implementation of tf.rawops.FractionalAvgPoolGrad is vulnerable to a heap buffer overflow: python import tensorflow as tf originputtensorshape = tf.constant1, 3, 2, 3, shape=4, dtype=tf.int64 outbackprop = tf.constant2, shape=1, 1, 1, 1, dtype=tf.int64 rowpoolingsequence = tf.constant1...

GHSA-F78G-Q7R4-9WCV Division by 0 in `FractionalAvgPool`

Impact An attacker can cause a runtime division by zero error and denial of service in tf.rawops.FractionalAvgPool: python import tensorflow as tf value = tf.constant60, shape=1, 1, 1, 1, dtype=tf.int32 poolingratio = 1.0, 1.0000014345305555, 1.0, 1.0 pseudorandom = False overlapping = False...

PYSEC-2021-703

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.AvgPool3DGrad is vulnerable to a heap buffer overflow. The...

PYSEC-2021-478

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a runtime division by zero error and denial of service in tf.rawops.FractionalAvgPool. This is because the...

PYSEC-2021-187

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a runtime division by zero error and denial of service in tf.rawops.FractionalAvgPool. This is because the...

PYSEC-2021-676

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a runtime division by zero error and denial of service in tf.rawops.FractionalAvgPool. This is because the...

CVE-2021-29578

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.FractionalAvgPoolGrad is vulnerable to a heap buffer overflow. The...

Google TensorFlow 缓冲区错误漏洞

Google TensorFlow is an end-to-end open source machine learning platform. A heap buffer overflow vulnerability exists in tf.rawops.FractionalAvgPoolGrad in Google TensorFlow. No detailed vulnerability details are provided at this time...

Ubuntu: Security Advisory (USN-4678-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-4678-1: Linux kernel vulnerabilities

It was discovered that the AMD Running Average Power Limit RAPL driver in the Linux kernel did not properly restrict access to power data. A local attacker could possibly use this to expose sensitive information. CVE-2020-12912 Jann Horn discovered that the iouring subsystem in the Linux kernel d...

hw: Information disclosure issue in Intel SGX via RAPL interface

A vulnerability was found in Intel's implementation of RAPL Running Average Power Limit. An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem...

hw: Information disclosure issue in Intel SGX via RAPL interface

A vulnerability was found in Intel's implementation of RAPL Running Average Power Limit. An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem...