Lucene search
K

157 matches found

RedhatCVE
RedhatCVE
added 2025/02/06 12:57 a.m.12 views

CVE-2022-21726

Tensorflow is an Open Source Machine Learning Framework. The implementation of Dequantize does not fully validate the value of axis and can result in heap OOB accesses. The axis argument can be -1 the default value for the optional argument or any other positive value at most the number of...

8.8CVSS6.8AI score0.00818EPSS
Exploits1References1
Microsoft CVE
Microsoft CVE
added 2024/06/30 2:0 p.m.4 views

TensorFlow vulnerable to heap out-of-buffer read in the QuantizeAndDequantize operation

...

9.8CVSS7.2AI score0.00831EPSS
Exploits1
OSV
OSV
added 2024/03/06 11:15 a.m.17 views

BIT-TENSORFLOW-2022-21726 Out of bounds read in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. The implementation of Dequantize does not fully validate the value of axis and can result in heap OOB accesses. The axis argument can be -1 the default value for the optional argument or any other positive value at most the number of...

8.8CVSS8.4AI score0.00818EPSS
Exploits1References4
OSV
OSV
added 2024/03/06 11:15 a.m.19 views

BIT-TENSORFLOW-2022-21727 Integer overflow in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for Dequantize is vulnerable to an integer overflow weakness. The axis argument can be -1 the default value for the optional argument or any other positive value at most the number of dimensions of the...

8.8CVSS8.2AI score0.00659EPSS
Exploits1References4
Snyk
Snyk
added 2023/03/26 7:38 a.m.3 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in QuantizedMatMulWithBiasAndDequantize with MKL enabled. PoC import tensorflow as tf func = tf.rawops.QuantizedMatMulWithBiasAndDequantize para='a': tf.constant138, dtype=tf.quint8, 'b': tf.constant4,...

7.5CVSS7AI score0.00391EPSS
Exploits0References2
OSV
OSV
added 2023/03/25 12:15 a.m.6 views

AZL-35315 CVE-2023-25670 affecting package tensorflow for versions less than 2.11.1-1

TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 have a null point error in QuantizedMatMulWithBiasAndDequantize with MKL enabled. A fix is included in TensorFlow version 2.12.0 and version 2.11.1...

7.5CVSS6.7AI score0.00391EPSS
Exploits0References1
OSV
OSV
added 2023/03/25 12:15 a.m.6 views

AZL-31214 CVE-2023-25670 affecting package tensorflow for versions less than 2.11.1-1

TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 have a null point error in QuantizedMatMulWithBiasAndDequantize with MKL enabled. A fix is included in TensorFlow version 2.12.0 and version 2.11.1...

7.5CVSS6.7AI score0.00391EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/03/25 12:0 a.m.4 views

Google TensorFlow 代码问题漏洞

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google, Inc. in the United States. A code issue vulnerability exists in TensorFlow version 2.12 prior to version 2.12.0 and version 2.11 prior to version 2.11.1, which stems from a zero error in MKL-enabled...

7.5CVSS6.6AI score0.00391EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2023/03/24 11:32 p.m.1 views

CVE-2023-25670

TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 have a null point error in QuantizedMatMulWithBiasAndDequantize with MKL enabled. A fix is included in TensorFlow version 2.12.0 and version 2.11.1...

7.5CVSS6.9AI score0.00391EPSS
Exploits0
OSV
OSV
added 2023/03/24 9:57 p.m.7 views

GHSA-GW97-FF7C-9V96 TensorFlow has a heap out-of-buffer read vulnerability in the QuantizeAndDequantize operation

Impact Attackers using Tensorflow can exploit the vulnerability. They can access heap memory which is not in the control of user, leading to a crash or RCE. When axis is larger than the dim of input, c-Diminput,axis goes out of bound. Same problem occurs in the QuantizeAndDequantizeV2/V3/V4/V4Gra...

9.8CVSS6.8AI score0.00831EPSS
Exploits1References4
OSV
OSV
added 2023/03/24 9:55 p.m.4 views

GHSA-49RQ-HWC3-X77W TensorFlow has Null Pointer Error in QuantizedMatMulWithBiasAndDequantize

Impact NPE in QuantizedMatMulWithBiasAndDequantize with MKL enable python import tensorflow as tf func = tf.rawops.QuantizedMatMulWithBiasAndDequantize para='a': tf.constant138, dtype=tf.quint8, 'b': tf.constant4, dtype=tf.qint8, 'bias': 31.81644630432129, 47.21876525878906, 109.95201110839844,...

7.5CVSS5.8AI score0.00391EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/03/24 12:0 a.m.4 views

PT-2023-20229

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.12.0 TensorFlow versions prior to 2.11.1 Description TensorFlow is an open source platform for machine learning. Attackers using TensorFlow can access heap memory which is not in the control of the user, leading ...

9.8CVSS7AI score0.00831EPSS
Exploits1References20
SUSE CVE
SUSE CVE
added 2023/02/15 4:55 a.m.3 views

SUSE CVE-2016-9397

The jpcdequantize function in jpcdec.c in JasPer 1.900.13 allows remote attackers to cause a denial of service assertion failure via unspecified vectors...

3.3CVSS6.9AI score0.03588EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 4:28 a.m.4 views

SUSE CVE-2018-10778

Read access violation in the IIIdequantizesample function in mpglibDBL/layer3.c in mp3gain through 1.5.2-r2 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact, a different vulnerability than CVE-2017-9872 and CVE-2017-14409...

7.8CVSS8.3AI score0.0107EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 3:43 a.m.6 views

SUSE CVE-2021-29544

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in tf.rawops.QuantizeAndDequantizeV4Grad. This is because the implementation does not validate the rank of the input tensors. In turn, this results in the tensors...

5.5CVSS5.2AI score0.0031EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:43 a.m.10 views

SUSE CVE-2021-29553

TensorFlow is an end-to-end open source platform for machine learning. An attacker can read data outside of bounds of heap allocated buffer in tf.rawops.QuantizeAndDequantizeV3. This is because the...

7.1CVSS7AI score0.00198EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:43 a.m.4 views

SUSE CVE-2021-29582

TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in tf.rawops.Dequantize, an attacker can trigger a read from outside of bounds of heap allocated data. The...

7.1CVSS6.9AI score0.00198EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:42 a.m.7 views

SUSE CVE-2021-29610

TensorFlow is an end-to-end open source platform for machine learning. The validation in tf.rawops.QuantizeAndDequantizeV2 allows invalid values for axis argument:. The...

7.8CVSS7.6AI score0.00201EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:40 a.m.5 views

SUSE CVE-2021-34085

Read access violation in the IIIdequantizesample function in mpglibDBL/layer3.c in mp3gain through 1.5.2-r2 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact, a different vulnerability than CVE-2017-9872. CVE-2017-14409, and...

9.8CVSS8.3AI score0.01775EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:39 a.m.8 views

SUSE CVE-2021-37645

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of tf.rawops.QuantizeAndDequantizeV4Grad is vulnerable to an integer overflow issue caused by converting a signed integer value to an unsigned one and then allocating memory based on thi...

5.5CVSS5.1AI score0.00152EPSS
Exploits0References4
Rows per page
Query Builder