404 matches found
EUVD-2021-0422
Malware in sbrugna...
EUVD-2021-0359
Malware in sbrugna...
EUVD-2022-0312
Malicious code in bioql PyPI...
EUVD-2022-0320
Malicious code in bioql PyPI...
EUVD-2022-0332
Malicious code in bioql PyPI...
CVE-2021-37680
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of fully connected layers in TFLite is vulnerable to a division by zero error. We have patched the issue in GitHub commit 718721986aa137691ee23f03638867151f74935f. The fix will be includ...
BIT-TENSORFLOW-2021-29518 Session operations in eager mode lead to null pointer dereferences
TensorFlow is an end-to-end open source platform for machine learning. In eager mode default in TF 2.0 and later, session operations are invalid. However, users could still call the raw ops associated with them and trigger a null pointer dereference. The...
BIT-TENSORFLOW-2021-29531 CHECK-fail in tf.raw_ops.EncodePng
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a CHECK fail in PNG encoding by providing an empty input tensor as the pixel data. This is because the...
BIT-TENSORFLOW-2021-29541 Null pointer dereference in `StringNGrams`
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a dereference of a null pointer in tf.rawops.StringNGrams. This is because the...
BIT-TENSORFLOW-2021-29543 CHECK-fail in `CTCGreedyDecoder`
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in tf.rawops.CTCGreedyDecoder. This is because the...
BIT-TENSORFLOW-2021-29546 Division by 0 in `QuantizedBiasAdd`
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger an integer division by zero undefined behavior in tf.rawops.QuantizedBiasAdd. This is because the implementation of the Eigen...
BIT-TENSORFLOW-2021-29556 Division by 0 in `Reverse`
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via a FPE runtime error in tf.rawops.Reverse. This is because the...
BIT-TENSORFLOW-2021-29557 Division by 0 in `SparseMatMul`
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via a FPE runtime error in tf.rawops.SparseMatMul. The division by 0 occurs deep in Eigen code because the b tensor is empty. The fix will be included in TensorFlow 2.5.0. We will also...
BIT-TENSORFLOW-2021-29562 CHECK-fail in `tf.raw_ops.IRFFT`
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service by exploiting a CHECK-failure coming from the implementation of tf.rawops.IRFFT. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2,...
BIT-TENSORFLOW-2021-29572 Reference binding to nullptr in `SdcaOptimizer`
TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.SdcaOptimizer triggers undefined behavior due to dereferencing a null pointer. The...
BIT-TENSORFLOW-2021-29575 Overflow/denial of service in `tf.raw_ops.ReverseSequence`
TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.ReverseSequence allows for stack overflow and/or CHECK-fail based denial of service. The...
BIT-TENSORFLOW-2021-29577 Heap buffer overflow in `AvgPool3DGrad`
TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.AvgPool3DGrad is vulnerable to a heap buffer overflow. The...
BIT-TENSORFLOW-2021-29582 Heap OOB read in `tf.raw_ops.Dequantize`
TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in tf.rawops.Dequantize, an attacker can trigger a read from outside of bounds of heap allocated data. The...
BIT-TENSORFLOW-2021-29583 Heap buffer overflow and undefined behavior in `FusedBatchNorm`
TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.FusedBatchNorm is vulnerable to a heap buffer overflow. If the tensors are empty, the same implementation can trigger undefined behavior by dereferencing null pointers. The...
BIT-TENSORFLOW-2021-29589 Division by zero in TFLite's implementation of `GatherNd`
TensorFlow is an end-to-end open source platform for machine learning. The reference implementation of the GatherNd TFLite operator is vulnerable to a division by zero...