Security Vulnerabilities - CVEs Published In August 2021
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause a floating point exception by calling inplace operations with crafted arguments that would result in a division by 0. The [implementation](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/inplace_ops.cc#L283) has a logic error: it should skip processing if `x` and `v` are empty but the code uses `||` instead of `&&`. We have patched the issue in GitHub commit e86605c0a336c088b638da02135ea6f9f6753618. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.
CVSS Score
5.5
EPSS Score
0.0
Published
2021-08-12
Microsoft Office Remote Code Execution Vulnerability
CVSS Score
7.8
EPSS Score
0.042
Published
2021-08-12
Scripting Engine Memory Corruption Vulnerability
CVSS Score
6.8
EPSS Score
0.055
Published
2021-08-12
Windows Print Spooler Elevation of Privilege Vulnerability
CVSS Score
7.8
EPSS Score
0.004
Published
2021-08-12
CVE-2021-34484
Windows User Profile Service Elevation of Privilege Vulnerability
Known exploited
CVSS Score
7.8
EPSS Score
0.151
Published
2021-08-12
.NET Core and Visual Studio Information Disclosure Vulnerability
CVSS Score
5.0
EPSS Score
0.009
Published
2021-08-12
CVE-2021-34486
Windows Event Tracing Elevation of Privilege Vulnerability
Known exploited
CVSS Score
7.8
EPSS Score
0.31
Published
2021-08-12
Windows Event Tracing Elevation of Privilege Vulnerability
CVSS Score
7.0
EPSS Score
0.003
Published
2021-08-12
Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability
CVSS Score
8.1
EPSS Score
0.012
Published
2021-08-12
Windows Graphics Component Remote Code Execution Vulnerability
CVSS Score
7.8
EPSS Score
0.031
Published
2021-08-12