PYSEC-2021-744

TensorFlow is an end-to-end open source platform for machine learning. Passing a complex argument to tf.transpose at the same time as passing conjugate=True argument results in a crash. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFl...

PYSEC-2021-546

TensorFlow is an end-to-end open source platform for machine learning. Passing a complex argument to tf.transpose at the same time as passing conjugate=True argument results in a crash. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFl...

CVE-2021-29618 Crash in `tf.transpose` with complex inputs

TensorFlow is an end-to-end open source platform for machine learning. Passing a complex argument to tf.transpose at the same time as passing conjugate=True argument results in a crash. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFl...

Google TensorFlow 安全漏洞

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. Google TensorFlow has a security vulnerability that can be exploited by an attacker to cause a crash by passing a complex parameter to tf.transpose while passing the conjugate=True parameter to...

PT-2021-18369 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions 2.1.4 through 2.4.2 TensorFlow version 2.5.0 is not affected as it includes the fix. Description: Passing a complex argument to tf.transpose at the same time as passing conjugate=True argument results in a crash. The issue...

PT-2024-11332 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: There is an issue with the ASPM optional capability checking function in the Linux kernel. A device might be attached to the root complex directly, resulting in a null pointer...

How Cyrebro Can Unify Multiple Cybersecurity Defenses to Optimize Protection

Many enterprises rely on more than one security tool to protect their technology assets, devices, and networks. This is particularly true for organizations that use hybrid systems or a combination of cloud and local applications. Likewise, companies whose networks include a multitude of smartphon...

GHSA-G9FW-9X87-RMRJ Privilege Context Switching Error in Elasticsearch

Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain complex queries. This could result in the search disclosing the existence of documen...

UBUNTU-CVE-2021-28650

autoar-extractor.c in GNOME gnome-autoar before 0.3.1, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE: this issue exists because of an incomplet...

Microsoft brings advanced hardware security to Server and Edge with Secured-core

A cursory look at recent headlines reveals two clear trends. First, organizations around the world are embracing digital transformation using technologies across cloud and edge computing to better serve their customers and thrive in fast-paced environments. Second, attackers are constantly...

Exploit Details Emerge for Unpatched Microsoft Bug

New details have emerged about an unpatched security vulnerability in Microsoft’s Internet Explorer that was recently used in a complex campaign against security researchers. A fresh analysis from 0patch offers further insight into where the bug exists and how it can be triggered in real-world...

dracut bug fix and enhancement update

The dracut packages contain an event-driven initial RAM file system initramfs generator infrastructure based on the udev device manager. The virtual file system, initramfs, is loaded together with the kernel at boot time and initializes the system, so it can read and boot from the root partition...

Connect, Share, and Learn at Imperva Amplify 2021

On the heels of high-profile breaches, attacks e.g., Sunburst, Raindrop and COVID-19, rapid digital transformation places even more pressure on security. We’re seizing the opportunity to launch our first virtual user conference -- Imperva Amplify -- to share our knowledge so together, we can bett...

CVE-2021-2102

Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle Supply Chain component: Dialog Box. Supported versions that are affected are 11.5.10, 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

CVE-2021-2104

Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle Supply Chain component: Dialog Box. Supported versions that are affected are 11.5.10, 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

Design/Logic Flaw

Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle Supply Chain component: Dialog Box. Supported versions that are affected are 11.5.10, 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

Design/Logic Flaw

Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle Supply Chain component: Dialog Box. Supported versions that are affected are 11.5.10, 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

CVE-2021-2104

The CVE-2021-2104 entry concerns Oracle Complex Maintenance, Repair, and Overhaul (Dialog Box) in Oracle Supply Chain. Affected versions are 11.5.10, 12.1, and 12.2. The issue is a component-level access-control flaw allowing a network-remote, unauthenticated attacker to access or modify data via...

CVE-2021-2103

Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle Supply Chain component: Dialog Box. Supported versions that are affected are 11.5.10, 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

CVE-2021-2102

Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle Supply Chain component: Dialog Box. Supported versions that are affected are 11.5.10, 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...