8 matches found
What Is Hive Pro’s End-to-End CTEM Solution?
The difference between a good security program and a great one often comes down to context. Without it, a list of 10,000 vulnerabilities is just a list. But when you can see that three of those vulnerabilities are being actively exploited by a threat group targeting your industry, your priorities...
EUVD-2021-0299
Malware in sbrugna...
Wallarm at Black Hat USA 2023 Booth #3131
Wallarm is excited to be back at Black Hat USA this year and meet with our friends in the community wanting or perhaps needing to learn more about integrated web app and API protection. We look forward to seeing you there! Expo Hours If you’re attending in person, the Business Hall is open for tw...
CVE-2021-37666 Reference binding to nullptr in `RaggedTensorToVariant` in TensorFlow
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.RaggedTensorToVariant. The implementation has an incomplete validation of the splits values, missing the case...
CVE-2021-37667
TensorFlow: CVE-2021-37667 involves a NULL pointer dereference in UnicodeEncode where the code reads input_splits[0] before validating emptiness. A patch is in commit 2e0ee46f..., fixes to be included in TensorFlow 2.6.0 and backported to 2.5.1, 2.4.3, and 2.3.4. Affected: tf.raw_ops.UnicodeEncod...
Input validation
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can generate undefined behavior via a reference binding to nullptr in BoostedTreesCalculateBestGainsPerFeature and similar attack can occur in BoostedTreesCalculateBestFeatureSplitV2. The...
Google TensorFlow suffers from an unspecified vulnerability (CNVD-2021-46659)
Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. A security vulnerability exists in TensorFlow 2.4.2,2.3.3,2.2.3,2.1.4, which stems from the fact that tf.rawops.SparseCountSparseOutput causes a segmentation error to be thrown from the standard...
Design/Logic Flaw
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in tf.rawops.QuantizedMul. This is because the...