VYPR

Tensorflow

by Nbsdx

pypi: tensorflow

Source repositories

CVEs (430)

  • CVE-2022-29191MedMay 20, 2022
    risk 0.29cvss 5.5epss 0.00

    TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.GetSessionTensor` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial…

  • CVE-2021-41225MedNov 5, 2021
    risk 0.29cvss 5.5epss 0.00

    TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's Grappler optimizer has a use of unitialized variable. If the `train_nodes` vector (obtained from the saved model that gets optimized) does not contain a `Dequeue` node, then…

  • CVE-2021-41222MedNov 5, 2021
    risk 0.29cvss 5.5epss 0.00

    TensorFlow is an open source platform for machine learning. In affected versions the implementation of `SplitV` can trigger a segfault is an attacker supplies negative arguments. This occurs whenever `size_splits` contains more than one value and at least one value is negative.…

  • CVE-2021-41216MedNov 5, 2021
    risk 0.29cvss 5.5epss 0.00

    TensorFlow is an open source platform for machine learning. In affected versions the shape inference function for `Transpose` is vulnerable to a heap buffer overflow. This occurs whenever `perm` contains negative elements. The shape inference function does not validate that the…

  • CVE-2021-41213MedNov 5, 2021
    risk 0.29cvss 5.5epss 0.00

    TensorFlow is an open source platform for machine learning. In affected versions the code behind `tf.function` API can be made to deadlock when two `tf.function` decorated Python functions are mutually recursive. This occurs due to using a non-reentrant `Lock` Python object.…

  • CVE-2021-41218MedNov 5, 2021
    risk 0.29cvss 5.5epss 0.00

    TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `AllToAll` can be made to execute a division by 0. This occurs whenever the `split_count` argument is 0. The fix will be included in TensorFlow 2.7.0. We will also…

  • CVE-2021-41209MedNov 5, 2021
    risk 0.29cvss 5.5epss 0.00

    TensorFlow is an open source platform for machine learning. In affected versions the implementations for convolution operators trigger a division by 0 if passed empty filter tensor arguments. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on…

  • CVE-2021-41207MedNov 5, 2021
    risk 0.29cvss 5.5epss 0.00

    TensorFlow is an open source platform for machine learning. In affected versions the implementation of `ParallelConcat` misses some input validation and can produce a division by 0. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow…

  • CVE-2021-41202MedNov 5, 2021
    risk 0.29cvss 5.5epss 0.00

    TensorFlow is an open source platform for machine learning. In affected versions while calculating the size of the output within the `tf.range` kernel, there is a conditional statement of type `int64 = condition ? int64 : double`. Due to C++ implicit conversion rules, both…

  • CVE-2021-41217MedNov 5, 2021
    risk 0.29cvss 5.5epss 0.00

    TensorFlow is an open source platform for machine learning. In affected versions the process of building the control flow graph for a TensorFlow model is vulnerable to a null pointer exception when nodes that should be paired are not. This occurs because the code assumes that…

  • CVE-2021-41215MedNov 5, 2021
    risk 0.29cvss 5.5epss 0.00

    TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `DeserializeSparse` can trigger a null pointer dereference. This is because the shape inference function assumes that the `serialize_sparse` tensor is a tensor with…

  • CVE-2021-41204MedNov 5, 2021
    risk 0.29cvss 5.5epss 0.00

    TensorFlow is an open source platform for machine learning. In affected versions during TensorFlow's Grappler optimizer phase, constant folding might attempt to deep copy a resource tensor. This results in a segfault, as these tensors are supposed to not change. The fix will be…

  • CVE-2021-41200MedNov 5, 2021
    risk 0.29cvss 5.5epss 0.00

    TensorFlow is an open source platform for machine learning. In affected versions if `tf.summary.create_file_writer` is called with non-scalar arguments code crashes due to a `CHECK`-fail. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on…

  • CVE-2021-41199MedNov 5, 2021
    risk 0.29cvss 5.5epss 0.00

    TensorFlow is an open source platform for machine learning. In affected versions if `tf.image.resize` is called with a large input argument then the TensorFlow process will crash due to a `CHECK`-failure caused by an overflow. The number of elements in the output tensor is too…

  • CVE-2021-41198MedNov 5, 2021
    risk 0.29cvss 5.5epss 0.00

    TensorFlow is an open source platform for machine learning. In affected versions if `tf.tile` is called with a large input argument then the TensorFlow process will crash due to a `CHECK`-failure caused by an overflow. The number of elements in the output tensor is too much for…

  • CVE-2021-41197MedNov 5, 2021
    risk 0.29cvss 5.5epss 0.00

    TensorFlow is an open source platform for machine learning. In affected versions TensorFlow allows tensor to have a large number of dimensions and each dimension can be as large as desired. However, the total number of elements in a tensor must fit within an `int64_t`. If an…

  • CVE-2021-41196MedNov 5, 2021
    risk 0.29cvss 5.5epss 0.00

    TensorFlow is an open source platform for machine learning. In affected versions the Keras pooling layers can trigger a segfault if the size of the pool is 0 or if a dimension is negative. This is due to the TensorFlow's implementation of pooling operations where the values in…

  • CVE-2021-41195MedNov 5, 2021
    risk 0.29cvss 5.5epss 0.00

    TensorFlow is an open source platform for machine learning. In affected versions the implementation of `tf.math.segment_*` operations results in a `CHECK`-fail related abort (and denial of service) if a segment id in `segment_ids` is large. This is similar to CVE-2021-29584 (and…

  • CVE-2021-37692MedAug 12, 2021
    risk 0.29cvss 5.5epss 0.00

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions under certain conditions, Go code can trigger a segfault in string deallocation. For string tensors, `C.TF_TString_Dealloc` is called during garbage collection within a finalizer…

  • CVE-2021-37691MedAug 12, 2021
    risk 0.29cvss 5.5epss 0.00

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a division by zero error in LSH [implementation](https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b810…

Page 13 of 22