Security Vulnerabilities - CVEs Published In August 2021
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause a floating point exception by calling inplace operations with crafted arguments that would result in a division by 0. The [implementation](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/inplace_ops.cc#L283) has a logic error: it should skip processing if `x` and `v` are empty but the code uses `||` instead of `&&`. We have patched the issue in GitHub commit e86605c0a336c088b638da02135ea6f9f6753618. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.
CVSS Score
5.5
EPSS Score
0.0
Published
2021-08-12
Microsoft Office Remote Code Execution Vulnerability
CVSS Score
7.8
EPSS Score
0.095
Published
2021-08-12
Scripting Engine Memory Corruption Vulnerability
CVSS Score
6.8
EPSS Score
0.031
Published
2021-08-12
Windows Print Spooler Elevation of Privilege Vulnerability
CVSS Score
7.8
EPSS Score
0.004
Published
2021-08-12
CVE-2021-34484
Windows User Profile Service Elevation of Privilege Vulnerability
Known exploited
CVSS Score
7.8
EPSS Score
0.028
Published
2021-08-12
.NET Core and Visual Studio Information Disclosure Vulnerability
CVSS Score
5.0
EPSS Score
0.007
Published
2021-08-12
CVE-2021-34486
Windows Event Tracing Elevation of Privilege Vulnerability
Known exploited
CVSS Score
7.8
EPSS Score
0.365
Published
2021-08-12
Windows Event Tracing Elevation of Privilege Vulnerability
CVSS Score
7.0
EPSS Score
0.002
Published
2021-08-12
Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability
CVSS Score
8.1
EPSS Score
0.016
Published
2021-08-12
Windows Graphics Component Remote Code Execution Vulnerability
CVSS Score
7.8
EPSS Score
0.056
Published
2021-08-12