VYPR

Tensorflow

by Nbsdx

pypi: tensorflow

Source repositories

CVEs (430)

  • CVE-2022-41897MedNov 18, 2022
    risk 0.24cvss 4.8epss 0.00

    TensorFlow is an open source platform for machine learning. If `FractionMaxPoolGrad` is given outsize inputs `row_pooling_sequence` and `col_pooling_sequence`, TensorFlow will crash. We have patched the issue in GitHub commit d71090c3e5ca325bdf4b02eb236cfb3ee823e927. The fix…

  • CVE-2022-41896MedNov 18, 2022
    risk 0.24cvss 4.8epss 0.00

    TensorFlow is an open source platform for machine learning. If `ThreadUnsafeUnigramCandidateSampler` is given input `filterbank_channel_count` greater than the allowed max size, TensorFlow will crash. We have patched the issue in GitHub commit…

  • CVE-2022-41895MedNov 18, 2022
    risk 0.24cvss 4.8epss 0.00

    TensorFlow is an open source platform for machine learning. If `MirrorPadGrad` is given outsize input `paddings`, TensorFlow will give a heap OOB error. We have patched the issue in GitHub commit 717ca98d8c3bba348ff62281fdf38dcb5ea1ec92. The fix will be included in TensorFlow…

  • CVE-2022-41893MedNov 18, 2022
    risk 0.24cvss 4.8epss 0.00

    TensorFlow is an open source platform for machine learning. If `tf.raw_ops.TensorListResize` is given a nonscalar value for input `size`, it results `CHECK` fail which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit…

  • CVE-2022-41891MedNov 18, 2022
    risk 0.24cvss 4.8epss 0.00

    TensorFlow is an open source platform for machine learning. If `tf.raw_ops.TensorListConcat` is given `element_shape=[]`, it results segmentation fault which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit…

  • CVE-2022-41890MedNov 18, 2022
    risk 0.24cvss 4.8epss 0.00

    TensorFlow is an open source platform for machine learning. If `BCast::ToShape` is given input larger than an `int32`, it will crash, despite being supposed to handle up to an `int64`. An example can be seen in `tf.experimental.numpy.outer` by passing in large input to the input…

  • CVE-2022-41888MedNov 18, 2022
    risk 0.24cvss 4.8epss 0.00

    TensorFlow is an open source platform for machine learning. When running on GPU, `tf.image.generate_bounding_box_proposals` receives a `scores` input that must be of rank 4 but is not checked. We have patched the issue in GitHub commit cf35502463a88ca7185a99daa7031df60b3c1c98.…

  • CVE-2022-41887MedNov 18, 2022
    risk 0.24cvss 4.8epss 0.00

    TensorFlow is an open source platform for machine learning. `tf.keras.losses.poisson` receives a `y_pred` and `y_true` that are passed through `functor::mul` in `BinaryOp`. If the resulting dimensions overflow an `int32`, TensorFlow will crash due to a size mismatch during…

  • CVE-2022-41886MedNov 18, 2022
    risk 0.24cvss 4.8epss 0.00

    TensorFlow is an open source platform for machine learning. When `tf.raw_ops.ImageProjectiveTransformV2` is given a large output shape, it overflows. We have patched the issue in GitHub commit 8faa6ea692985dbe6ce10e1a3168e0bd60a723ba. The fix will be included in TensorFlow 2.11.…

  • CVE-2022-41885MedNov 18, 2022
    risk 0.24cvss 4.8epss 0.00

    TensorFlow is an open source platform for machine learning. When `tf.raw_ops.FusedResizeAndPadConv2D` is given a large tensor shape, it overflows. We have patched the issue in GitHub commit d66e1d568275e6a2947de97dca7a102a211e01ce. The fix will be included in TensorFlow 2.11. We…

  • CVE-2022-41884MedNov 18, 2022
    risk 0.24cvss 4.8epss 0.00

    TensorFlow is an open source platform for machine learning. If a numpy array is created with a shape such that one element is zero and the others sum to a large number, an error will be raised. We have patched the issue in GitHub commit 2b56169c16e375c521a3bc8ea658811cc0793784.…

  • CVE-2020-15211MedSep 25, 2020
    risk 0.24cvss 4.8epss 0.01

    In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer…

  • CVE-2020-15201MedSep 25, 2020
    risk 0.24cvss 4.8epss 0.01

    In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` implementation does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the values in the `splits` tensor generate a valid partitioning of the `values`…

  • CVE-2021-37682MedAug 12, 2021
    risk 0.22cvss 4.4epss 0.00

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions all TFLite operations that use quantization can be made to use unitialized values. [For example](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tens…

  • CVE-2021-29592MedMay 14, 2021
    risk 0.22cvss 4.4epss 0.00

    TensorFlow is an end-to-end open source platform for machine learning. The fix for CVE-2020-15209(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15209) missed the case when the target shape of `Reshape` operator is given by the elements of a 1-D tensor. As such, the fix…

  • CVE-2021-29571MedMay 14, 2021
    risk 0.22cvss 4.5epss 0.00

    TensorFlow is an end-to-end open source platform for machine learning. The implementation of `tf.raw_ops.MaxPoolGradWithArgmax` can cause reads outside of bounds of heap allocated data if attacker supplies specially crafted inputs. The implementation(https://github.com/tensorflow…

  • CVE-2020-26270MedDec 10, 2020
    risk 0.22cvss 4.4epss 0.00

    In affected versions of TensorFlow running an LSTM/GRU model where the LSTM/GRU layer receives an input with zero-length results in a CHECK failure when using the CUDA backend. This can result in a query-of-death vulnerability, via denial of service, if users can control the…

  • CVE-2020-26268MedDec 10, 2020
    risk 0.22cvss 4.4epss 0.00

    In affected versions of TensorFlow the tf.raw_ops.ImmutableConst operation returns a constant tensor created from a memory mapped file which is assumed immutable. However, if the type of the tensor is not an integral type, the operation crashes the Python interpreter as it tries…

  • CVE-2020-26267MedDec 10, 2020
    risk 0.22cvss 4.4epss 0.00

    In affected versions of TensorFlow the tf.raw_ops.DataFormatVecPermute API does not validate the src_format and dst_format attributes. The code assumes that these two arguments define a permutation of NHWC. This can result in uninitialized memory accesses, read outside of bounds…

  • CVE-2020-26266MedDec 10, 2020
    risk 0.22cvss 4.4epss 0.00

    In affected versions of TensorFlow under certain cases a saved model can trigger use of uninitialized values during code execution. This is caused by having tensor buffers be filled with the default value of the type but forgetting to default initialize the quantized floating…

Page 16 of 22