VYPR

Tensorflow

by Nbsdx

pypi: tensorflow

Source repositories

CVEs (430)

  • CVE-2022-35967MedSep 16, 2022
    risk 0.31cvss 5.9epss 0.00

    TensorFlow is an open source platform for machine learning. If `QuantizedAdd` is given `min_input` or `max_input` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit…

  • CVE-2022-35966MedSep 16, 2022
    risk 0.31cvss 5.9epss 0.00

    TensorFlow is an open source platform for machine learning. If `QuantizedAvgPool` is given `min_input` or `max_input` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit…

  • CVE-2022-35965MedSep 16, 2022
    risk 0.31cvss 5.9epss 0.00

    TensorFlow is an open source platform for machine learning. If `LowerBound` or `UpperBound` is given an empty`sorted_inputs` input, it results in a `nullptr` dereference, leading to a segfault that can be used to trigger a denial of service attack. We have patched the issue in…

  • CVE-2022-35964MedSep 16, 2022
    risk 0.31cvss 5.9epss 0.00

    TensorFlow is an open source platform for machine learning. The implementation of `BlockLSTMGradV2` does not fully validate its inputs. This results in a a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit…

  • CVE-2022-35963MedSep 16, 2022
    risk 0.31cvss 5.9epss 0.00

    TensorFlow is an open source platform for machine learning. The implementation of `FractionalAvgPoolGrad` does not fully validate the input `orig_input_tensor_shape`. This results in an overflow that results in a `CHECK` failure which can be used to trigger a denial of service…

  • CVE-2022-35960MedSep 16, 2022
    risk 0.31cvss 5.9epss 0.01

    TensorFlow is an open source platform for machine learning. In `core/kernels/list_kernels.cc's TensorListReserve`, `num_elements` is assumed to be a tensor of size 1. When a `num_elements` of more than 1 element is provided, then `tf.raw_ops.TensorListReserve` fails the…

  • CVE-2022-35959MedSep 16, 2022
    risk 0.31cvss 5.9epss 0.00

    TensorFlow is an open source platform for machine learning. The implementation of `AvgPool3DGradOp` does not fully validate the input `orig_input_shape`. This results in an overflow that results in a `CHECK` failure which can be used to trigger a denial of service attack. We…

  • CVE-2022-35952MedSep 16, 2022
    risk 0.31cvss 5.9epss 0.01

    TensorFlow is an open source platform for machine learning. The `UnbatchGradOp` function takes an argument `id` that is assumed to be a scalar. A nonscalar `id` can trigger a `CHECK` failure and crash the program. It also requires its argument `batch_index` to contain three…

  • CVE-2022-35941MedSep 16, 2022
    risk 0.31cvss 5.9epss 0.01

    TensorFlow is an open source platform for machine learning. The `AvgPoolOp` function takes an argument `ksize` that must be positive but is not checked. A negative `ksize` can trigger a `CHECK` failure and crash the program. We have patched the issue in GitHub commit…

  • CVE-2022-35940MedSep 16, 2022
    risk 0.31cvss 5.9epss 0.01

    TensorFlow is an open source platform for machine learning. The `RaggedRangOp` function takes an argument `limits` that is eventually used to construct a `TensorShape` as an `int64`. If `limits` is a very large float, it can overflow when converted to an `int64`. This triggers…

  • CVE-2022-35935MedSep 16, 2022
    risk 0.31cvss 5.9epss 0.00

    TensorFlow is an open source platform for machine learning. The implementation of SobolSampleOp is vulnerable to a denial of service via CHECK-failure (assertion failure) caused by assuming `input(0)`, `input(1)`, and `input(2)` to be scalar. This issue has been patched in…

  • CVE-2022-35934MedSep 16, 2022
    risk 0.31cvss 5.9epss 0.00

    TensorFlow is an open source platform for machine learning. The implementation of tf.reshape op in TensorFlow is vulnerable to a denial of service via CHECK-failure (assertion failure) caused by overflowing the number of elements in a tensor. This issue has been patched in…

  • CVE-2022-23593MedFeb 4, 2022
    risk 0.31cvss 5.9epss 0.01

    Tensorflow is an Open Source Machine Learning Framework. The `simplifyBroadcast` function in the MLIR-TFRT infrastructure in TensorFlow is vulnerable to a segfault (hence, denial of service), if called with scalar shapes. If all shapes are scalar, then `maxRank` is 0, so we…

  • CVE-2022-23590MedFeb 4, 2022
    risk 0.31cvss 5.9epss 0.01

    Tensorflow is an Open Source Machine Learning Framework. A `GraphDef` from a TensorFlow `SavedModel` can be maliciously altered to cause a TensorFlow process to crash due to encountering a `StatusOr` value that is an error and forcibly extracting the value from it. We have…

  • CVE-2020-15265MedOct 21, 2020
    risk 0.31cvss 5.9epss 0.01

    In Tensorflow before version 2.4.0, an attacker can pass an invalid `axis` value to `tf.quantization.quantize_and_dequantize`. This results in accessing a dimension outside the rank of the input tensor in the C++ kernel implementation. However, dim_size only does a DCHECK to…

  • CVE-2020-15209MedSep 25, 2020
    risk 0.31cvss 5.9epss 0.01

    In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a `nullptr` buffer. This can be achieved by changing a buffer index in the flatbuffer serialization to convert a read-only tensor…

  • CVE-2020-15200MedSep 25, 2020
    risk 0.31cvss 5.9epss 0.01

    In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` implementation does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the values in the `splits` tensor generate a valid partitioning of the `values`…

  • CVE-2020-15199MedSep 25, 2020
    risk 0.31cvss 5.9epss 0.01

    In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the `splits` tensor has the minimum required number of elements. Code uses this quantity to…

  • CVE-2022-41889MedNov 18, 2022
    risk 0.29cvss 5.5epss 0.00

    TensorFlow is an open source platform for machine learning. If a list of quantized tensors is assigned to an attribute, the pywrap code fails to parse the tensor and returns a `nullptr`, which is not caught. An example can be seen in `tf.compat.v1.extract_volume_patches` by…

  • CVE-2022-29213MedMay 21, 2022
    risk 0.29cvss 5.5epss 0.00

    TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the `tf.compat.v1.signal.rfft2d` and `tf.compat.v1.signal.rfft3d` lack input validation and under certain condition can result in crashes (due to `CHECK`-failures).…

Page 11 of 22