VYPR

Tensorflow

by Nbsdx

pypi: tensorflow

Source repositories

CVEs (430)

  • CVE-2022-21739MedFeb 3, 2022
    risk 0.35cvss 6.5epss 0.01

    Tensorflow is an Open Source Machine Learning Framework. The implementation of `QuantizedMaxPool` has an undefined behavior where user controlled inputs can trigger a reference binding to null pointer. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this…

  • CVE-2022-21738MedFeb 3, 2022
    risk 0.35cvss 6.5epss 0.01

    Tensorflow is an Open Source Machine Learning Framework. The implementation of `SparseCountSparseOutput` can be made to crash a TensorFlow process by an integer overflow whose result is then used in a memory allocation. The fix will be included in TensorFlow 2.8.0. We will also…

  • CVE-2022-21737MedFeb 3, 2022
    risk 0.35cvss 6.5epss 0.01

    Tensorflow is an Open Source Machine Learning Framework. The implementation of `*Bincount` operations allows malicious users to cause denial of service by passing in arguments which would trigger a `CHECK`-fail. There are several conditions that the input arguments must satisfy.…

  • CVE-2022-21735MedFeb 3, 2022
    risk 0.35cvss 6.5epss 0.01

    Tensorflow is an Open Source Machine Learning Framework. The implementation of `FractionalMaxPool` can be made to crash a TensorFlow process via a division by 0. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow…

  • CVE-2022-21734MedFeb 3, 2022
    risk 0.35cvss 6.5epss 0.01

    Tensorflow is an Open Source Machine Learning Framework. The implementation of `MapStage` is vulnerable a `CHECK`-fail if the key tensor is not a scalar. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and…

  • CVE-2022-21729MedFeb 3, 2022
    risk 0.35cvss 6.5epss 0.01

    Tensorflow is an Open Source Machine Learning Framework. The implementation of `UnravelIndex` is vulnerable to a division by zero caused by an integer overflow bug. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow…

  • CVE-2022-21725MedFeb 3, 2022
    risk 0.35cvss 6.5epss 0.01

    Tensorflow is an Open Source Machine Learning Framework. The estimator for the cost of some convolution operations can be made to execute a division by 0. The function fails to check that the stride argument is strictly positive. Hence, the fix is to add a check for the stride…

  • CVE-2022-23568MedFeb 3, 2022
    risk 0.35cvss 6.5epss 0.01

    Tensorflow is an Open Source Machine Learning Framework. The implementation of `AddManySparseToTensorsMap` is vulnerable to an integer overflow which results in a `CHECK`-fail when building new `TensorShape` objects (so, an assert failure based denial of service). We are missing…

  • CVE-2022-23567MedFeb 3, 2022
    risk 0.35cvss 6.5epss 0.01

    Tensorflow is an Open Source Machine Learning Framework. The implementations of `Sparse*Cwise*` ops are vulnerable to integer overflows. These can be used to trigger large allocations (so, OOM based denial of service) or `CHECK`-fails when building new `TensorShape` objects (so,…

  • CVE-2022-21731MedFeb 3, 2022
    risk 0.35cvss 6.5epss 0.01

    Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `ConcatV2` can be used to trigger a denial of service attack via a segfault caused by a type confusion. The `axis` argument is translated into `concat_dim` in the…

  • CVE-2020-15210MedSep 25, 2020
    risk 0.35cvss 6.5epss 0.01

    In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the…

  • CVE-2019-9635MedApr 24, 2019
    risk 0.35cvss 6.5epss 0.00

    NULL pointer dereference in Google TensorFlow before 1.12.2 could cause a denial of service via an invalid GIF file.

  • CVE-2018-7576MedApr 23, 2019
    risk 0.35cvss 6.5epss 0.00

    Google TensorFlow 1.6.x and earlier is affected by: Null Pointer Dereference. The type of exploitation is: context-dependent.

  • CVE-2021-29613MedMay 14, 2021
    risk 0.34cvss 6.3epss 0.00

    TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in `tf.raw_ops.CTCLoss` allows an attacker to trigger an OOB read from heap. The fix will be included in TensorFlow 2.5.0. We will also cherrypick these commits on TensorFlow 2.4.2,…

  • CVE-2021-29601MedMay 14, 2021
    risk 0.34cvss 6.3epss 0.00

    TensorFlow is an end-to-end open source platform for machine learning. The TFLite implementation of concatenation is vulnerable to an integer overflow issue(https://github.com/tensorflow/tensorflow/blob/7b7352a724b690b11bfaae2cd54bc3907daf6285/tensorflow/lite/kernels/concatenatio…

  • CVE-2020-15197MedSep 25, 2020
    risk 0.34cvss 6.3epss 0.01

    In Tensorflow before version 2.3.1, the `SparseCountSparseOutput` implementation does not validate that the input arguments form a valid sparse tensor. In particular, there is no validation that the `indices` tensor has rank 2. This tensor must be a matrix because code assumes…

  • CVE-2022-36027MedSep 16, 2022
    risk 0.31cvss 5.9epss 0.01

    TensorFlow is an open source platform for machine learning. When converting transposed convolutions using per-channel weight quantization the converter segfaults and crashes the Python process. We have patched the issue in GitHub commit aa0b852a4588cea4d36b74feb05d93055540b450.…

  • CVE-2022-36017MedSep 16, 2022
    risk 0.31cvss 5.9epss 0.00

    TensorFlow is an open source platform for machine learning. If `Requantize` is given `input_min`, `input_max`, `requested_output_min`, `requested_output_max` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have…

  • CVE-2022-36016MedSep 16, 2022
    risk 0.31cvss 5.9epss 0.01

    TensorFlow is an open source platform for machine learning. When `tensorflow::full_type::SubstituteFromAttrs` receives a `FullTypeDef& t` that is not exactly three args, it triggers a `CHECK`-fail instead of returning a status. We have patched the issue in GitHub commit…

  • CVE-2022-36015MedSep 16, 2022
    risk 0.31cvss 5.9epss 0.01

    TensorFlow is an open source platform for machine learning. When `RangeSize` receives values that do not fit into an `int64_t`, it crashes. We have patched the issue in GitHub commit 37e64539cd29fcfb814c4451152a60f5d107b0f0. The fix will be included in TensorFlow 2.10.0. We will…

Page 8 of 22