Lucene search
K

153 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 3:26 a.m.4 views

SUSE CVE-2022-29192

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.QuantizeAndDequantizeV4Grad does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service...

5.5CVSS5.3AI score0.0034EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:24 a.m.6 views

SUSE CVE-2022-36026

TensorFlow is an open source platform for machine learning. If QuantizeAndDequantizeV3 is given a nonscalar numbits input tensor, it results in a CHECK fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit f3f9cb38ecfe5a8a703f2c4a8fead434ef291713...

7.5CVSS7.7AI score0.00396EPSS
Exploits0References3
OSV
OSV
added 2022/11/21 10:17 p.m.8 views

GHSA-FRQP-WP83-QGGV Heap overflow in `QuantizeAndDequantizeV2`

Impact The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. python import tensorflow as tf @tf.function def test:...

4.8CVSS7.2AI score0.00401EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2022/09/16 10:5 p.m.9 views

CVE-2022-36026

TensorFlow is an open source platform for machine learning. If QuantizeAndDequantizeV3 is given a nonscalar numbits input tensor, it results in a CHECK fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit f3f9cb38ecfe5a8a703f2c4a8fead434ef291713...

7.5CVSS6.8AI score0.00396EPSS
Exploits0
OSV
OSV
added 2022/09/16 9:15 p.m.1 views

GHSA-9CR2-8PWR-FHFQ TensorFlow vulnerable to `CHECK` fail in `QuantizeAndDequantizeV3`

Impact If QuantizeAndDequantizeV3 is given a nonscalar numbits input tensor, it results in a CHECK fail that can be used to trigger a denial of service attack. python import tensorflow as tf signedinput = True rangegiven = False narrowrange = False axis = -1 input = tf.constant-3.5, shape=1,...

5.9CVSS7AI score0.00396EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/09/16 12:0 a.m.7 views

Google TensorFlow 安全漏洞

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google, Inc. in the United States. A security vulnerability exists in Google TensorFlow, which stems from the fact that if QuantizeAndDequantizeV3 is given a non-scalar numbits input tensor, it will cause t...

7.5CVSS7.4AI score0.00396EPSS
Exploits0References3
OSV
OSV
added 2022/05/24 10:6 p.m.7 views

GHSA-H2WQ-PRV9-2F56 Missing validation crashes `QuantizeAndDequantizeV4Grad`

Impact The implementation of tf.rawops.QuantizeAndDequantizeV4Grad does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack: python import tensorflow as tf tf.rawops.QuantizeAndDequantizeV4Grad gradients=tf.constant1,...

5.5CVSS5.8AI score0.0034EPSS
Exploits1References9
Debian CVE
Debian CVE
added 2022/05/20 8:30 p.m.23 views

CVE-2022-29192

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.QuantizeAndDequantizeV4Grad does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service...

5.5CVSS6.8AI score0.0034EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2022/05/20 12:0 a.m.4 views

PT-2022-19444

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.9.0 TensorFlow versions prior to 2.8.1 TensorFlow versions prior to 2.7.2 TensorFlow versions prior to 2.6.4 Description The implementation of tf.raw ops.QuantizeAndDequantizeV4Grad does not fully validate the...

5.5CVSS6.1AI score0.0034EPSS
Exploits1References18
CNNVD
CNNVD
added 2022/05/20 12:0 a.m.7 views

Google TensorFlow输入验证错误漏洞

Google TensorFlow, an end-to-end open source platform for machine learning from Google, Inc. is vulnerable to an input validation error in versions prior to 2.9.0, 2.8.1, 2.7.2, and 2.6.4, which originates in tf.rawops QuantizeAndDequantizeV4Grad does not fully validate the input parameters and c...

5.5CVSS5.6AI score0.0034EPSS
Exploits1References8
OSV
OSV
added 2022/05/11 6:15 p.m.2 views

DEBIAN-CVE-2021-34085

Read access violation in the IIIdequantizesample function in mpglibDBL/layer3.c in mp3gain through 1.5.2-r2 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact, a different vulnerability than CVE-2017-9872. CVE-2017-14409, and...

9.8CVSS8AI score0.01775EPSS
Exploits1References1
CNVD
CNVD
added 2022/02/16 12:0 a.m.24 views

Google TensorFlow buffer overflow vulnerability (CNVD-2022-11509)

Google TensorFlow is an end-to-end open source platform for machine learning from Google Google. Google Tensorflow has a buffer overflow vulnerability that stems from the fact that Dequantize's implementation does not fully validate the value of axis, which can be exploited by an attacker to caus...

8.8CVSS2.5AI score0.00818EPSS
Exploits1References1
OSV
OSV
added 2022/02/09 6:29 p.m.2 views

GHSA-C6FH-56W7-FVJW Integer overflow in Tensorflow

Impact The implementation of shape inference for Dequantize is vulnerable to an integer overflow weakness: python import tensorflow as tf input = tf.constant1,1,dtype=tf.qint32 @tf.function def test: y = tf.rawops.Dequantize input=input, minrange=1.0, maxrange=10.0, mode='MINCOMBINED',...

7.6CVSS5.9AI score0.00659EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2022/02/09 6:29 p.m.29 views

Integer overflow in Tensorflow

Impact The implementation of shape inference for Dequantize is vulnerable to an integer overflow weakness: python import tensorflow as tf input = tf.constant1,1,dtype=tf.qint32 @tf.function def test: y = tf.rawops.Dequantize input=input, minrange=1.0, maxrange=10.0, mode='MINCOMBINED',...

8.8CVSS2.4AI score0.00659EPSS
Exploits1References7Affected Software3
OSV
OSV
added 2022/02/09 6:28 p.m.1 views

GHSA-23HM-7W47-XW72 Out of bounds read in Tensorflow

Impact The implementation of Dequantize does not fully validate the value of axis and can result in heap OOB accesses: python import tensorflow as tf @tf.function def test: y = tf.rawops.Dequantize input=tf.constant1,1,dtype=tf.qint32, minrange=1.0, maxrange=10.0, mode='MINCOMBINED',...

8.1CVSS7AI score0.00818EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2022/02/09 6:28 p.m.31 views

Out of bounds read in Tensorflow

Impact The implementation of Dequantize does not fully validate the value of axis and can result in heap OOB accesses: python import tensorflow as tf @tf.function def test: y = tf.rawops.Dequantize input=tf.constant1,1,dtype=tf.qint32, minrange=1.0, maxrange=10.0, mode='MINCOMBINED',...

8.8CVSS1.2AI score0.00818EPSS
Exploits1References7Affected Software3
Veracode
Veracode
added 2022/02/04 5:12 p.m.28 views

Denial Of Service (DoS)

tensorflow is vulnerable to denial of service. The vulnerability exists due to the lack of validation of the value of axis and an out-of-bound access allowing an attacker to crash the system via the implementation of Dequantize...

8.8CVSS4AI score0.00818EPSS
Exploits1References6Affected Software3
NVD
NVD
added 2022/02/03 11:15 a.m.35 views

CVE-2022-21726

Tensorflow is an Open Source Machine Learning Framework. The implementation of Dequantize does not fully validate the value of axis and can result in heap OOB accesses. The axis argument can be -1 the default value for the optional argument or any other positive value at most the number of...

8.8CVSS0.00818EPSS
Exploits1References3
PyPA
PyPA
added 2022/02/03 11:15 a.m.10 views

PYSEC-2022-105

Tensorflow is an Open Source Machine Learning Framework. The implementation of Dequantize does not fully validate the value of axis and can result in heap OOB accesses. The axis argument can be -1 the default value for the optional argument or any other positive value at most the number of...

8.8CVSS7AI score0.00818EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2022/02/03 11:15 a.m.24 views

PYSEC-2022-51

Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for Dequantize is vulnerable to an integer overflow weakness. The axis argument can be -1 the default value for the optional argument or any other positive value at most the number of dimensions of the...

8.8CVSS2.6AI score0.00659EPSS
Exploits1References3
Rows per page
Query Builder