VYPR

PyPI package

tensorflow

pkg:pypi/tensorflow

Vulnerabilities (427)

  • CVE-2022-35983MedSep 16, 2022
    affected < 2.7.2fixed 2.7.2

    TensorFlow is an open source platform for machine learning. If `Save` or `SaveSlices` is run over tensors of an unsupported `dtype`, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 5dd7b86b84a864b834c

  • CVE-2022-35982MedSep 16, 2022
    affected < 2.7.2fixed 2.7.2

    TensorFlow is an open source platform for machine learning. If `SparseBincount` is given inputs for `indices`, `values`, and `dense_shape` that do not make a valid sparse tensor, it results in a segfault that can be used to trigger a denial of service attack. We have patched the

  • CVE-2022-35981MedSep 16, 2022
    affected < 2.7.2fixed 2.7.2

    TensorFlow is an open source platform for machine learning. `FractionalMaxPoolGrad` validates its inputs with `CHECK` failures instead of with returning errors. If it gets incorrectly sized inputs, the `CHECK` failure can be used to trigger a denial of service attack. We have pat

  • CVE-2022-35979MedSep 16, 2022
    affected < 2.7.2fixed 2.7.2

    TensorFlow is an open source platform for machine learning. If `QuantizedRelu` or `QuantizedRelu6` are given nonscalar inputs for `min_features` or `max_features`, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub

  • CVE-2022-35974MedSep 16, 2022
    affected < 2.7.2fixed 2.7.2

    TensorFlow is an open source platform for machine learning. If `QuantizeDownAndShrinkRange` is given nonscalar inputs for `input_min` or `input_max`, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 73ad18

  • CVE-2022-35973MedSep 16, 2022
    affected < 2.7.2fixed 2.7.2

    TensorFlow is an open source platform for machine learning. If `QuantizedMatMul` is given nonscalar input for: `min_a`, `max_a`, `min_b`, or `max_b` It gives a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit aca766ac7693

  • CVE-2022-35972MedSep 16, 2022
    affected < 2.7.2fixed 2.7.2

    TensorFlow is an open source platform for machine learning. If `QuantizedBiasAdd` is given `min_input`, `max_input`, `min_bias`, `max_bias` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in Git

  • CVE-2022-35971MedSep 16, 2022
    affected < 2.7.2fixed 2.7.2

    TensorFlow is an open source platform for machine learning. If `FakeQuantWithMinMaxVars` is given `min` or `max` tensors of a nonzero rank, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 785d67a78a1d

  • CVE-2022-35970MedSep 16, 2022
    affected < 2.7.2fixed 2.7.2

    TensorFlow is an open source platform for machine learning. If `QuantizedInstanceNorm` is given `x_min` or `x_max` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 785d67a78a1d53

  • CVE-2022-35969MedSep 16, 2022
    affected < 2.7.2fixed 2.7.2

    TensorFlow is an open source platform for machine learning. The implementation of `Conv2DBackpropInput` requires `input_sizes` to be 4-dimensional. Otherwise, it gives a `CHECK` failure which can be used to trigger a denial of service attack. We have patched the issue in GitHub c

  • CVE-2022-35968MedSep 16, 2022
    affected < 2.7.2fixed 2.7.2

    TensorFlow is an open source platform for machine learning. The implementation of `AvgPoolGrad` does not fully validate the input `orig_input_shape`. This results in a `CHECK` failure which can be used to trigger a denial of service attack. We have patched the issue in GitHub com

  • CVE-2022-35967MedSep 16, 2022
    affected < 2.7.2fixed 2.7.2

    TensorFlow is an open source platform for machine learning. If `QuantizedAdd` is given `min_input` or `max_input` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 49b3824d83af706

  • CVE-2022-35966MedSep 16, 2022
    affected < 2.7.2fixed 2.7.2

    TensorFlow is an open source platform for machine learning. If `QuantizedAvgPool` is given `min_input` or `max_input` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 7cdf9d4d208

  • CVE-2022-35965MedSep 16, 2022
    affected < 2.7.2fixed 2.7.2

    TensorFlow is an open source platform for machine learning. If `LowerBound` or `UpperBound` is given an empty`sorted_inputs` input, it results in a `nullptr` dereference, leading to a segfault that can be used to trigger a denial of service attack. We have patched the issue in Gi

  • CVE-2022-35964MedSep 16, 2022
    affected < 2.7.2fixed 2.7.2

    TensorFlow is an open source platform for machine learning. The implementation of `BlockLSTMGradV2` does not fully validate its inputs. This results in a a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 2a458fc4866505be

  • CVE-2022-35963MedSep 16, 2022
    affected < 2.7.2fixed 2.7.2

    TensorFlow is an open source platform for machine learning. The implementation of `FractionalAvgPoolGrad` does not fully validate the input `orig_input_tensor_shape`. This results in an overflow that results in a `CHECK` failure which can be used to trigger a denial of service at

  • CVE-2022-35960MedSep 16, 2022
    affected < 2.7.2fixed 2.7.2

    TensorFlow is an open source platform for machine learning. In `core/kernels/list_kernels.cc's TensorListReserve`, `num_elements` is assumed to be a tensor of size 1. When a `num_elements` of more than 1 element is provided, then `tf.raw_ops.TensorListReserve` fails the `CHECK_EQ

  • CVE-2022-35959MedSep 16, 2022
    affected < 2.7.2fixed 2.7.2

    TensorFlow is an open source platform for machine learning. The implementation of `AvgPool3DGradOp` does not fully validate the input `orig_input_shape`. This results in an overflow that results in a `CHECK` failure which can be used to trigger a denial of service attack. We have

  • CVE-2022-35952MedSep 16, 2022
    affected < 2.7.2fixed 2.7.2

    TensorFlow is an open source platform for machine learning. The `UnbatchGradOp` function takes an argument `id` that is assumed to be a scalar. A nonscalar `id` can trigger a `CHECK` failure and crash the program. It also requires its argument `batch_index` to contain three times

  • CVE-2022-35941MedSep 16, 2022
    affected < 2.7.2fixed 2.7.2

    TensorFlow is an open source platform for machine learning. The `AvgPoolOp` function takes an argument `ksize` that must be positive but is not checked. A negative `ksize` can trigger a `CHECK` failure and crash the program. We have patched the issue in GitHub commit 3a6ac52664c6

Page 5 of 22