Malicious code in gradient-stringss (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 57723e32d648c25724e92b0bae70a4858b05de601bcd3c204359d4c4ca01286f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-3438 Malicious code in gradient-stringn (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 113c8aa7e58460260ad95b3d81fb9e9e4630315cd65aca4be2e12ba86400a49e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-3440 Malicious code in gradient-strings (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 85b41f21443655193e21b66bf003d6b42f6bad9f00cc324004094871ca932651 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Manipulating Machine-Learning Systems through the Order of the Training Data

Yet another adversarial ML attack: Most deep neural networks are trained by stochastic gradient descent. Now “stochastic” is a fancy Greek word for “random”; it means that the training data are fed into the model in random order. So what happens if the bad guys can cause the order to be not rando...

GHSA-VJG4-V33C-GGC4 Out of bounds read in Tensorflow

Impact The implementation of FractionalAvgPoolGrad does not consider cases where the input tensors are invalid allowing an attacker to read from outside of bounds of heap: python import tensorflow as tf @tf.function def test: y = tf.rawops.FractionalAvgPoolGrad originputtensorshape=2,2,2,2,...

PYSEC-2022-54

Tensorflow is an Open Source Machine Learning Framework. The implementation of FractionalAvgPoolGrad does not consider cases where the input tensors are invalid allowing an attacker to read from outside of bounds of heap. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this...

PT-2022-15064 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.8.0 TensorFlow versions 2.7.1 and earlier TensorFlow versions 2.6.3 and earlier TensorFlow versions 2.5.3 and earlier Description: The estimator for the cost of some convolution operations in TensorFlow can be...

GHSA-7GHQ-FVR3-PJ2X Incomplete validation in `MaxPoolGrad`

Impact An attacker can trigger a denial of service via a segmentation fault in tf.rawops.MaxPoolGrad caused by missing validation: python import tensorflow as tf tf.rawops.MaxPoolGrad originput = tf.constant, shape=3, 0, 0, 2, dtype=tf.float32, origoutput = tf.constant, shape=3, 0, 0, 2,...

CVE-2021-37674

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a denial of service via a segmentation fault in tf.rawops.MaxPoolGrad caused by missing validation. The implementation misses some validation for the originput and origoutput tensor...

PYSEC-2021-564

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for tf.rawops.FractionalAvgPoolGrad can be tricked into accessing data outside of bounds of heap allocated buffers. The implementation does not validate that the input tensor is non-empt...

GHSA-6F89-8J54-29XF Heap buffer overflow in `FractionalAvgPoolGrad`

Impact The implementation of tf.rawops.FractionalAvgPoolGrad is vulnerable to a heap buffer overflow: python import tensorflow as tf originputtensorshape = tf.constant1, 3, 2, 3, shape=4, dtype=tf.int64 outbackprop = tf.constant2, shape=1, 1, 1, 1, dtype=tf.int64 rowpoolingsequence = tf.constant1...

GHSA-6G85-3HM8-83F9 CHECK-fail in `QuantizeAndDequantizeV4Grad`

Impact An attacker can trigger a denial of service via a CHECK-fail in tf.rawops.QuantizeAndDequantizeV4Grad: python import tensorflow as tf gradienttensor = tf.constant0.0, shape=1 inputtensor = tf.constant0.0, shape=1 inputmin = tf.constant0.0, shape=1, 1 inputmax = tf.constant0.0, shape=1, 1...

CVE-2021-31320

Telegram Android 7.1.0 2090, Telegram iOS 7.1, and Telegram macOS 7.1 are affected by a Heap Buffer Overflow in the VGradientCache::generateGradientColorTable function of their custom fork of the rlottie library. A remote attacker might be able to overwrite heap memory out-of-bounds on a victim...

UBUNTU-CVE-2021-31320

Telegram Android 7.1.0 2090, Telegram iOS 7.1, and Telegram macOS 7.1 are affected by a Heap Buffer Overflow in the VGradientCache::generateGradientColorTable function of their custom fork of the rlottie library. A remote attacker might be able to overwrite heap memory out-of-bounds on a victim...

Telegram 缓冲区错误漏洞

Telegram is an instant messaging mobile application. A heap buffer overflow vulnerability exists in the custom derived VGradientCache :: generateGradientColorTable function of the Rlottie library for Telegram Android version prior to 7.1.0 2090, iOS version prior to 7.1, and macOS version prior t...

PYSEC-2021-210

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.MaxPoolGradWithArgmax is vulnerable to a division by 0. The...

PYSEC-2021-703

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.AvgPool3DGrad is vulnerable to a heap buffer overflow. The...

PYSEC-2021-699

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.MaxPoolGradWithArgmax is vulnerable to a division by 0. The...

PYSEC-2021-508

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.FractionalMaxPoolGrad triggers an undefined behavior if one of the input tensors is empty. The code is also vulnerable to a denial of service attack as a CHECK condition becomes false and aborts...

PYSEC-2021-506

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.FractionalAvgPoolGrad is vulnerable to a heap buffer overflow. The...