VYPR

Tensorflow

by Nbsdx

pypi: tensorflow

Source repositories

CVEs (430)

  • CVE-2021-29546May 14, 2021
    risk 0.00cvss epss 0.00

    TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger an integer division by zero undefined behavior in `tf.raw_ops.QuantizedBiasAdd`. This is because the implementation of the Eigen kernel(https://github.com/tensorflow/tensorflow/blob/61b…

  • CVE-2021-29547May 14, 2021
    risk 0.00cvss epss 0.00

    TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a segfault and denial of service via accessing data outside of bounds in `tf.raw_ops.QuantizedBatchNormWithGlobalNormalization`. This is because the…

  • CVE-2021-29548May 14, 2021
    risk 0.00cvss epss 0.00

    TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a runtime division by zero error and denial of service in `tf.raw_ops.QuantizedBatchNormWithGlobalNormalization`. This is because the implementation(https://github.com/tensorflow/tensorfl…

  • CVE-2021-29549May 14, 2021
    risk 0.00cvss epss 0.00

    TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a runtime division by zero error and denial of service in `tf.raw_ops.QuantizedBatchNormWithGlobalNormalization`. This is because the implementation(https://github.com/tensorflow/tensorfl…

  • CVE-2021-29550May 14, 2021
    risk 0.00cvss epss 0.00

    TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a runtime division by zero error and denial of service in `tf.raw_ops.FractionalAvgPool`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/acc8ee69f5f46f92…

  • CVE-2021-29551May 14, 2021
    risk 0.00cvss epss 0.00

    TensorFlow is an end-to-end open source platform for machine learning. The implementation of `MatrixTriangularSolve`(https://github.com/tensorflow/tensorflow/blob/8cae746d8449c7dda5298327353d68613f16e798/tensorflow/core/kernels/linalg/matrix_triangular_solve_op_impl.h#L160-L240)…

  • CVE-2021-29552May 14, 2021
    risk 0.00cvss epss 0.00

    TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service by controlling the values of `num_segments` tensor argument for `UnsortedSegmentJoin`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob…

  • CVE-2021-29553May 14, 2021
    risk 0.00cvss epss 0.00

    TensorFlow is an end-to-end open source platform for machine learning. An attacker can read data outside of bounds of heap allocated buffer in `tf.raw_ops.QuantizeAndDequantizeV3`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/11ff7f80667e6490d7…

  • CVE-2021-29554May 14, 2021
    risk 0.00cvss epss 0.00

    TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via a FPE runtime error in `tf.raw_ops.DenseCountSparseOutput`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/efff014f3b2d8ef6141da3…

  • CVE-2021-29512May 14, 2021
    risk 0.00cvss epss 0.00

    TensorFlow is an end-to-end open source platform for machine learning. If the `splits` argument of `RaggedBincount` does not specify a valid `SparseTensor`(https://www.tensorflow.org/api_docs/python/tf/sparse/SparseTensor), then an attacker can trigger a heap buffer overflow.…

  • CVE-2020-26266Dec 10, 2020
    risk 0.00cvss epss 0.00

    In affected versions of TensorFlow under certain cases a saved model can trigger use of uninitialized values during code execution. This is caused by having tensor buffers be filled with the default value of the type but forgetting to default initialize the quantized floating…

  • CVE-2020-26267Dec 10, 2020
    risk 0.00cvss epss 0.00

    In affected versions of TensorFlow the tf.raw_ops.DataFormatVecPermute API does not validate the src_format and dst_format attributes. The code assumes that these two arguments define a permutation of NHWC. This can result in uninitialized memory accesses, read outside of bounds…

  • CVE-2020-26268Dec 10, 2020
    risk 0.00cvss epss 0.00

    In affected versions of TensorFlow the tf.raw_ops.ImmutableConst operation returns a constant tensor created from a memory mapped file which is assumed immutable. However, if the type of the tensor is not an integral type, the operation crashes the Python interpreter as it tries…

  • CVE-2020-26269Dec 10, 2020
    risk 0.00cvss epss 0.01

    In TensorFlow release candidate versions 2.4.0rc*, the general implementation for matching filesystem paths to globbing pattern is vulnerable to an access out of bounds of the array holding the directories. There are multiple invariants and preconditions that are assumed by the…

  • CVE-2020-26270Dec 10, 2020
    risk 0.00cvss epss 0.00

    In affected versions of TensorFlow running an LSTM/GRU model where the LSTM/GRU layer receives an input with zero-length results in a CHECK failure when using the CUDA backend. This can result in a query-of-death vulnerability, via denial of service, if users can control the…

  • CVE-2020-26271Dec 10, 2020
    risk 0.00cvss epss 0.00

    In affected versions of TensorFlow under certain cases, loading a saved model can result in accessing uninitialized memory while building the computation graph. The MakeEdge function creates an edge between one output tensor of the src node (given by output_index) and the input…

  • CVE-2020-15266Oct 21, 2020
    risk 0.00cvss epss 0.01

    In Tensorflow before version 2.4.0, when the `boxes` argument of `tf.image.crop_and_resize` has a very large value, the CPU kernel implementation receives it as a C++ `nan` floating point value. Attempting to operate on this is undefined behavior which later produces a…

  • CVE-2020-15265Oct 21, 2020
    risk 0.00cvss epss 0.01

    In Tensorflow before version 2.4.0, an attacker can pass an invalid `axis` value to `tf.quantization.quantize_and_dequantize`. This results in accessing a dimension outside the rank of the input tensor in the C++ kernel implementation. However, dim_size only does a DCHECK to…

  • CVE-2020-15212Sep 25, 2020
    risk 0.00cvss epss 0.01

    In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor. Users having access to `segment_ids_data` can alter `output_index` and then write…

  • CVE-2020-15213Sep 25, 2020
    risk 0.00cvss epss 0.01

    In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a denial of service by causing an out of memory allocation in the implementation of segment sum. Since code uses the last element of the tensor holding them to determine the dimensionality…