All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
TensorFlow, an open source machine learning platform, has a vulnerability where an attacker can cause a division by zero error (crashing the program by dividing by zero) in the `tf.raw_ops.QuantizedConv2D` function by controlling a value that the code divides by. This happens because the code doesn't check if that value is zero before using it in math.
Fix: The fix will be included in TensorFlow 2.5.0. The vulnerability is also being patched in earlier versions: TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3, and TensorFlow 2.1.4.
NVD/CVE DatabaseTensorFlow, a machine learning platform, has a vulnerability where an attacker can cause a division by zero error in the Conv2D function (a tool that processes image data) by controlling certain input values. This crash occurs because the code divides by a number that comes directly from the attacker's input without checking if it's zero first.
TensorFlow, a machine learning platform, has a vulnerability where an attacker can cause a division by zero error in a specific function called `tf.raw_ops.Conv2DBackpropInput` by controlling certain input values. This happens because the code divides by a number that comes from the attacker's input without checking if it's zero first.
TensorFlow, an open source machine learning platform, has a vulnerability where an attacker can cause a division by zero error (a crash caused by attempting math with zero as a divisor) in a specific function called `tf.raw_ops.Conv2DBackpropFilter` by controlling a value used in a modulus operation (a calculation that finds remainders). This bug affects multiple older versions of the software.
TensorFlow (an open source machine learning platform) has a vulnerability where an attacker can crash the program through a denial of service attack by sending malicious input to the `AddManySparseToTensorsMap` function. The problem occurs because the code uses an outdated constructor method that fails abruptly when it encounters numeric overflow (when a number gets too large for the system to handle), rather than handling the error gracefully.
A bug in TensorFlow (an open source machine learning platform) allows attackers to cause a denial of service (making a system unavailable) by triggering a division by zero error in the `tf.raw_ops.Conv3DBackprop*` operations. The operations don't check if input tensors are empty before using them in calculations, which crashes the system if an attacker controls the input sizes.
TensorFlow (an open source platform for machine learning) has a bug where passing a negative number in the dense shape parameter to `tf.raw_ops.SparseCountSparseOutput` causes a crash. This happens because the code assumes the shape values are always positive and doesn't validate them before using them to create a data structure, which violates the safety rules of the underlying `std::vector` (a list-like data structure in C++).
TensorFlow, a machine learning platform, has a vulnerability in its `tf.raw_ops.Conv3DBackprop*` operations where missing validation of input arguments can cause a heap buffer overflow (a crash or security issue where a program writes data beyond its allocated memory). The problem occurs because the code assumes three data structures (called tensors) have matching shapes, but doesn't check this before accessing them simultaneously.
TensorFlow, a machine learning platform, has a vulnerability in its `tf.raw_ops.SparseCross` function that can crash a program (denial of service) by tricking the code into mixing incompatible data types (string type with integer type). The vulnerability occurs because the implementation incorrectly processes a tensor, thinking it contains one type of data when it actually contains another.
TensorFlow has a vulnerability where eager mode (the default execution style in TensorFlow 2.0+) allows users to call raw operations that shouldn't work, causing a null pointer dereference (an error where the program tries to use an empty memory reference). The problem occurs because the code doesn't check whether the session state pointer is valid before using it, leading to undefined behavior (unpredictable outcomes).
A vulnerability in TensorFlow (an open source platform for machine learning) allows a malicious user to crash the program by providing specially crafted input to the Conv3D function (a tool for processing 3D image data). The vulnerability occurs because the code performs a division or modulo operation (mathematical operations that can fail) based on user-provided data, and if certain values are zero, the program crashes.
TensorFlow, a machine learning platform, has a vulnerability in the `RaggedTensorToVariant` function where passing invalid ragged tensors (data structures for irregular-shaped arrays) causes a null pointer dereference (accessing memory that hasn't been set, crashing the program). The function doesn't check whether the ragged tensor is empty before trying to use it.
TensorFlow (an open-source machine learning platform) has a vulnerability in its `MatrixDiag*` operations (functions that create diagonal matrices from tensor data) because the code doesn't check whether the input tensors are empty, which could cause the program to crash or behave unexpectedly. This bug affects multiple versions of TensorFlow.
TensorFlow has a vulnerability in its RaggedBincount operation where invalid input arguments can cause a heap buffer overflow (a crash or memory corruption from accessing memory outside allocated bounds). An attacker can craft malicious input to make the code read or write to memory it shouldn't access, potentially compromising the system running the code.
TensorFlow, a machine learning platform, has a vulnerability where operations that expect numeric tensors (data types representing numbers) crash when given non-numeric tensors instead, due to a type confusion bug (mixing up data types) in the conversion from Python code to C++ code. The developers have fixed this issue and will release it in multiple versions.
TensorFlow, a machine learning platform, has a vulnerability where an attacker can cause a denial of service (making a service unavailable) through a FPE (floating-point exception, a math error when dividing by zero) in a specific operation. The bug exists because the code divides by a value computed from user input without first checking if that value is zero.
TensorFlow, an open-source machine learning platform, has a vulnerability in its `RaggedBincount` operation where improper validation of the `splits` argument can allow an attacker to trigger a heap buffer overflow (reading memory outside the intended bounds). An attacker could craft malicious input that causes the code to read from invalid memory locations, potentially leading to crashes or information disclosure.
Google's FLoC (federated learning of cohorts) is a proposed alternative to cookie-based user tracking in Chrome that assigns users to interest groups based on their browsing history. The system makes user fingerprinting (identifying individuals by combining their FLoC ID with their IP address) easier and more accurate, potentially compromising privacy even though FLoC IDs are recalculated regularly and Google has disabled it in the European Union due to privacy concerns.
A vulnerability in Oracle Coherence (a data management tool used in Oracle Fusion Middleware) allows attackers on a network to access it without authentication over HTTP and read sensitive data. The vulnerability affects versions 3.7.1.0 through 14.1.1.0.0 and has a CVSS score (a 0-10 rating of how severe a vulnerability is) of 7.5, indicating it is serious.
A critical vulnerability (CVE-2021-2135) exists in Oracle WebLogic Server's Coherence Container component, affecting versions 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0, that allows an attacker without authentication to take over the server through network access. The vulnerability has a CVSS score (a 0-10 rating of how severe a vulnerability is) of 9.8, meaning it is extremely serious and can compromise the confidentiality (keeping data private), integrity (ensuring data isn't modified), and availability (keeping systems running) of the affected server.
Fix: The fix will be included in TensorFlow 2.5.0. It will also be included in TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3, and TensorFlow 2.1.4.
NVD/CVE DatabaseFix: The fix will be included in TensorFlow 2.5.0. The vulnerability will also be patched in TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3, and TensorFlow 2.1.4.
NVD/CVE DatabaseFix: The fix will be included in TensorFlow 2.5.0. The vulnerability will also be patched in earlier versions: TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3, and TensorFlow 2.1.4.
NVD/CVE DatabaseFix: The fix will be included in TensorFlow 2.5.0. Additionally, the fix will be applied to TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3, and TensorFlow 2.1.4, which are still in the supported range.
NVD/CVE DatabaseFix: The fix will be included in TensorFlow 2.5.0. It will also be applied to TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3, and TensorFlow 2.1.4.
NVD/CVE DatabaseFix: The fix will be included in TensorFlow 2.5.0. This commit will also be applied to TensorFlow 2.4.2 and TensorFlow 2.3.3. The solution ensures that the `dense_shape` argument is validated to be a valid tensor shape, meaning all elements must be non-negative.
NVD/CVE DatabaseFix: The fix will be included in TensorFlow 2.5.0 and will be backported to TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3, and TensorFlow 2.1.4.
NVD/CVE DatabaseFix: The fix prevents mixing `DT_STRING` and `DT_INT64` types and will be included in TensorFlow 2.5.0. The fix will also be applied to TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3, and TensorFlow 2.1.4.
NVD/CVE DatabaseFix: The fix will be included in TensorFlow 2.5.0. TensorFlow 2.4.2, 2.3.3, 2.2.3, and 2.1.4 will also receive this fix through a cherrypick (backporting the security patch to older supported versions).
NVD/CVE DatabaseFix: The fix will be included in TensorFlow 2.5.0. Additionally, the fix will be backported (applied to older versions still being supported) to TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3, and TensorFlow 2.1.4.
NVD/CVE DatabaseFix: The fix will be included in TensorFlow 2.5.0. It will also be backported to TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3, and TensorFlow 2.1.4.
NVD/CVE DatabaseFix: The fix will be included in TensorFlow 2.5.0. It will also be backported (added to earlier versions still being supported) in TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3, and TensorFlow 2.1.4.
NVD/CVE DatabaseFix: The fix will be included in TensorFlow 2.5.0. The vulnerability will also be patched in TensorFlow 2.4.2 and TensorFlow 2.3.3.
NVD/CVE DatabaseFix: The fix will be included in TensorFlow 2.5.0. The fix will also be backported (applied to older versions still being supported) to TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3, and TensorFlow 2.1.4.
NVD/CVE DatabaseFix: The fix will be included in TensorFlow 2.5.0. A cherrypick (a targeted code fix applied to older versions) will also be included in TensorFlow 2.4.2 and TensorFlow 2.3.3.
NVD/CVE DatabaseFix: The fix will be included in TensorFlow 2.5.0. The vulnerability will also be patched in TensorFlow 2.4.2 and TensorFlow 2.3.3.
NVD/CVE Database