VYPR

PyPI package

tensorflow-cpu

pkg:pypi/tensorflow-cpu

Vulnerabilities (417)

  • CVE-2022-35979Sep 16, 2022
    affected < 2.7.2fixed 2.7.2

    TensorFlow is an open source platform for machine learning. If `QuantizedRelu` or `QuantizedRelu6` are given nonscalar inputs for `min_features` or `max_features`, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub

  • CVE-2022-35974Sep 16, 2022
    affected < 2.7.2fixed 2.7.2

    TensorFlow is an open source platform for machine learning. If `QuantizeDownAndShrinkRange` is given nonscalar inputs for `input_min` or `input_max`, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 73ad18

  • CVE-2022-35972Sep 16, 2022
    affected < 2.7.2fixed 2.7.2

    TensorFlow is an open source platform for machine learning. If `QuantizedBiasAdd` is given `min_input`, `max_input`, `min_bias`, `max_bias` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in Git

  • CVE-2022-35973Sep 16, 2022
    affected < 2.7.2fixed 2.7.2

    TensorFlow is an open source platform for machine learning. If `QuantizedMatMul` is given nonscalar input for: `min_a`, `max_a`, `min_b`, or `max_b` It gives a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit aca766ac7693

  • CVE-2022-35971Sep 16, 2022
    affected < 2.7.2fixed 2.7.2

    TensorFlow is an open source platform for machine learning. If `FakeQuantWithMinMaxVars` is given `min` or `max` tensors of a nonzero rank, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 785d67a78a1d

  • CVE-2022-35969Sep 16, 2022
    affected < 2.7.2fixed 2.7.2

    TensorFlow is an open source platform for machine learning. The implementation of `Conv2DBackpropInput` requires `input_sizes` to be 4-dimensional. Otherwise, it gives a `CHECK` failure which can be used to trigger a denial of service attack. We have patched the issue in GitHub c

  • CVE-2022-35970Sep 16, 2022
    affected < 2.7.2fixed 2.7.2

    TensorFlow is an open source platform for machine learning. If `QuantizedInstanceNorm` is given `x_min` or `x_max` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 785d67a78a1d53

  • CVE-2022-35968Sep 16, 2022
    affected < 2.7.2fixed 2.7.2

    TensorFlow is an open source platform for machine learning. The implementation of `AvgPoolGrad` does not fully validate the input `orig_input_shape`. This results in a `CHECK` failure which can be used to trigger a denial of service attack. We have patched the issue in GitHub com

  • CVE-2022-35966Sep 16, 2022
    affected < 2.7.2fixed 2.7.2

    TensorFlow is an open source platform for machine learning. If `QuantizedAvgPool` is given `min_input` or `max_input` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 7cdf9d4d208

  • CVE-2022-35967Sep 16, 2022
    affected < 2.7.2fixed 2.7.2

    TensorFlow is an open source platform for machine learning. If `QuantizedAdd` is given `min_input` or `max_input` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 49b3824d83af706

  • CVE-2022-35964Sep 16, 2022
    affected < 2.7.2fixed 2.7.2

    TensorFlow is an open source platform for machine learning. The implementation of `BlockLSTMGradV2` does not fully validate its inputs. This results in a a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 2a458fc4866505be

  • CVE-2022-35965Sep 16, 2022
    affected < 2.7.2fixed 2.7.2

    TensorFlow is an open source platform for machine learning. If `LowerBound` or `UpperBound` is given an empty`sorted_inputs` input, it results in a `nullptr` dereference, leading to a segfault that can be used to trigger a denial of service attack. We have patched the issue in Gi

  • CVE-2022-35963Sep 16, 2022
    affected < 2.7.2fixed 2.7.2

    TensorFlow is an open source platform for machine learning. The implementation of `FractionalAvgPoolGrad` does not fully validate the input `orig_input_tensor_shape`. This results in an overflow that results in a `CHECK` failure which can be used to trigger a denial of service at

  • CVE-2022-35960Sep 16, 2022
    affected < 2.7.2fixed 2.7.2

    TensorFlow is an open source platform for machine learning. In `core/kernels/list_kernels.cc's TensorListReserve`, `num_elements` is assumed to be a tensor of size 1. When a `num_elements` of more than 1 element is provided, then `tf.raw_ops.TensorListReserve` fails the `CHECK_EQ

  • CVE-2022-35959Sep 16, 2022
    affected < 2.7.2fixed 2.7.2

    TensorFlow is an open source platform for machine learning. The implementation of `AvgPool3DGradOp` does not fully validate the input `orig_input_shape`. This results in an overflow that results in a `CHECK` failure which can be used to trigger a denial of service attack. We have

  • CVE-2022-35952Sep 16, 2022
    affected < 2.7.2fixed 2.7.2

    TensorFlow is an open source platform for machine learning. The `UnbatchGradOp` function takes an argument `id` that is assumed to be a scalar. A nonscalar `id` can trigger a `CHECK` failure and crash the program. It also requires its argument `batch_index` to contain three times

  • CVE-2022-35940Sep 16, 2022
    affected < 2.7.2fixed 2.7.2

    TensorFlow is an open source platform for machine learning. The `RaggedRangOp` function takes an argument `limits` that is eventually used to construct a `TensorShape` as an `int64`. If `limits` is a very large float, it can overflow when converted to an `int64`. This triggers an

  • CVE-2022-35941Sep 16, 2022
    affected < 2.7.2fixed 2.7.2

    TensorFlow is an open source platform for machine learning. The `AvgPoolOp` function takes an argument `ksize` that must be positive but is not checked. A negative `ksize` can trigger a `CHECK` failure and crash the program. We have patched the issue in GitHub commit 3a6ac52664c6

  • CVE-2022-35937Sep 16, 2022
    affected < 2.7.2fixed 2.7.2

    TensorFlow is an open source platform for machine learning. The `GatherNd` function takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read is triggered. This issue has

  • CVE-2022-35939Sep 16, 2022
    affected < 2.7.2fixed 2.7.2

    TensorFlow is an open source platform for machine learning. The `ScatterNd` function takes an input argument that determines the indices of of the output tensor. An input index greater than the output tensor or less than zero will either write content at the wrong index or trigge

Page 5 of 21