CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

SUSE CVE•added 2023/02/15 3:39 a.m.•1 views

SUSE CVE-2021-37677

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the shape inference code for tf.rawops.Dequantize has a vulnerability that could trigger a denial of service via a segfault if an attacker provides invalid arguments. The shape inference implementation use...

5.5CVSS5.3AI score0.00148EPSS

7.1CVSS6.8AI score0.00148EPSS

SUSE CVE-2021-41205

TensorFlow is an open source platform for machine learning. In affected versions the shape inference functions for the QuantizeAndDequantizeV operations can trigger a read outside of bounds of heap allocated array. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit ...

Exploits0References3

SUSE CVE•added 2023/02/15 3:37 a.m.•4 views

SUSE CVE-2021-41210

TensorFlow is an open source platform for machine learning. In affected versions the shape inference functions for SparseCountSparseOutput can trigger a read outside of bounds of heap allocated array. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow...

7.1CVSS6.8AI score0.00148EPSS

Exploits0References3

SUSE CVE•added 2023/02/15 3:37 a.m.•1 views

SUSE CVE-2021-41211

TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for QuantizeV2 can trigger a read outside of bounds of heap allocated array. This occurs whenever axis is a negative value less than -1. In this case, we are accessing data before the start o...

7.1CVSS6.9AI score0.00201EPSS

7.8CVSS7.5AI score0.0021EPSS

SUSE CVE-2021-41214

TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for tf.ragged.cross has an undefined behavior due to binding a reference to nullptr. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1,...

7.1CVSS7AI score0.00201EPSS

SUSE CVE-2021-41212

TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for tf.ragged.cross can trigger a read outside of bounds of heap allocated array. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1,...

SUSE CVE•added 2023/02/15 3:37 a.m.•1 views

SUSE CVE-2021-41215

TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for DeserializeSparse can trigger a null pointer dereference. This is because the shape inference function assumes that the serializesparse tensor is a tensor with positive rank and having 3 ...

5.5CVSS5.6AI score0.00181EPSS

7.8CVSS7.7AI score0.00214EPSS

SUSE CVE-2021-41221

TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for the Cudnn operations in TensorFlow can be tricked into accessing invalid memory, via a heap buffer overflow. This occurs because the ranks of the input, inputh and inputc parameters are n...

SUSE CVE•added 2023/02/15 3:29 a.m.•1 views

SUSE CVE-2022-21727

Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for Dequantize is vulnerable to an integer overflow weakness. The axis argument can be -1 the default value for the optional argument or any other positive value at most the number of dimensions of the...

8.8CVSS8.8AI score0.00659EPSS

SUSE CVE•added 2023/02/15 3:29 a.m.•2 views

SUSE CVE-2022-21731

Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for ConcatV2 can be used to trigger a denial of service attack via a segfault caused by a type confusion. The axis argument is translated into concatdim in the ConcatShapeHelper helper function. Then, a...

6.5CVSS6.3AI score0.00845EPSS

SUSE CVE•added 2023/02/15 3:28 a.m.•1 views

SUSE CVE-2022-23572

Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, TensorFlow can fail to specialize a type during shape inference. This case is covered by the DCHECK function however, DCHECK is a no-op in production builds and an assertion failure in debug builds. In the first cas...

6.5CVSS6.5AI score0.00968EPSS

SUSE CVE•added 2023/02/15 3:28 a.m.•4 views

SUSE CVE-2022-23580

Tensorflow is an Open Source Machine Learning Framework. During shape inference, TensorFlow can allocate a large vector based on a value from a tensor controlled by the user. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, a...

6.5CVSS6.5AI score0.00808EPSS

SUSE CVE•added 2023/02/15 3:28 a.m.•3 views

SUSE CVE-2022-23592

Tensorflow is an Open Source Machine Learning Framework. TensorFlow's type inference can cause a heap out of bounds read as the bounds checking is done in a DCHECK which is a no-op during production. An attacker can control the inputidx variable such that ix would be larger than the number of...

8.1CVSS7.9AI score0.00845EPSS

SUSE CVE•added 2023/02/15 3:22 a.m.•3 views

SUSE CVE-2022-47952

lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file exists, even within a protected directory tree, because "Failed to open" often indicates that a file does not exist, whereas "does not refer to a network namespace path" often indicates...

6.3CVSS4.1AI score0.00702EPSS

Qualys Blog•added 2023/02/09 9:55 a.m.•29 views

Blind SQL Injection – Content-Based, Time-Based Approaches

Blind SQL Injection Overview Blind SQL InjectionBSQL is a type of SQL Injection SQLI vulnerability, where an attacker exploits the application to extract information from the database. An application vulnerable to SQLI displays application-specific information in the response when it is exploited...

8.3AI score

Exploits0

UbuntuCve•added 2023/01/01 6:15 a.m.•30 views

CVE-2022-47952

3.3CVSS5.8AI score0.00702EPSS