Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3086 matches found

Cvelist
Cvelistadded 2022/02/03 12:8 p.m.18 views

CVE-2022-21736 Undefined behavior in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. The implementation of SparseTensorSliceDataset has an undefined behavior: under certain condition it can be made to dereference a nullptr value. The 3 input arguments to SparseTensorSliceDataset represent a sparse tensor. However, there are...

7.6CVSS7.6AI score0.00331EPSS
Exploits1References3
CVE
CVEadded 2022/02/03 11:42 a.m.89 views

CVE-2022-23568

CVE-2022-23568 describes an integer overflow in TensorFlow’s AddManySparseToTensorsMap, causing a CHECK-fail when constructingTensorShape objects. The issue arises from insufficient validation of input tensor shapes and constructing large TensorShape with user-provided dimensions, enabling a deni...

6.5CVSS6.7AI score0.00303EPSS
Exploits1References4Affected Software1
Cvelist
Cvelistadded 2022/02/03 11:37 a.m.14 views

CVE-2022-21731 Type confusion leading to segfault in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for ConcatV2 can be used to trigger a denial of service attack via a segfault caused by a type confusion. The axis argument is translated into concatdim in the ConcatShapeHelper helper function. Then, a...

6.5CVSS6.6AI score0.00303EPSS
Exploits1References4
Vulnrichment
Vulnrichmentadded 2022/02/03 11:28 a.m.5 views

CVE-2022-21733 Memory exhaustion in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. The implementation of StringNGrams can be used to trigger a denial of service attack by causing an out of memory condition after an integer overflow. We are missing a validation on padwitdh and that result in computing a negative value for...

4.3CVSS6.4AI score0.00232EPSS
Exploits1References3
CVE
CVEadded 2022/02/03 11:28 a.m.87 views

CVE-2022-21733

TensorFlow StringNGrams vulnerability CVE-2022-21733 causes memory exhaustion (OOM) due to missing validation of pad_width, which can result in a negative ngram_width used during output allocation. Affects TensorFlow/StringNGrams path in multiple TF versions; remediation is to upgrade to TensorFl...

6.5CVSS5.5AI score0.00232EPSS
Exploits1References3Affected Software1
OSV
OSVadded 2022/02/03 11:21 a.m.16 views

CVE-2022-21732 Memory exhaustion in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. The implementation of ThreadPoolHandle can be used to trigger a denial of service attack by allocating too much memory. This is because the numthreads argument is only checked to not be negative, but there is no upper bound on its value. Th...

4.3CVSS6.3AI score0.0022EPSS
Exploits1References5
CVE
CVEadded 2022/02/03 11:21 a.m.124 views

CVE-2022-21732

CVE-2022-21732 affects TensorFlow’s ThreadPoolHandle. The vulnerability stems from allowing an unbounded num_threads value (only checked to be non-negative), enabling memory exhaustion and a potential denial-of-service. A fix is available in TensorFlow 2.8.0, with cherry-picks to 2.7.1, 2.6.3 and...

6.5CVSS5.3AI score0.0022EPSS
Exploits1References3Affected Software1
NVD
NVDadded 2022/02/03 11:15 a.m.14 views

CVE-2022-21728

Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for ReverseSequence does not fully validate the value of batchdim and can result in a heap OOB read. There is a check to make sure the value of batchdim does not go over the rank of the input, but there...

8.1CVSS0.01078EPSS
Exploits1References4
NVD
NVDadded 2022/02/03 11:15 a.m.8 views

CVE-2022-21730

Tensorflow is an Open Source Machine Learning Framework. The implementation of FractionalAvgPoolGrad does not consider cases where the input tensors are invalid allowing an attacker to read from outside of bounds of heap. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this...

8.1CVSS0.00316EPSS
Exploits1References3
NVD
NVDadded 2022/02/03 11:15 a.m.15 views

CVE-2022-21727

Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for Dequantize is vulnerable to an integer overflow weakness. The axis argument can be -1 the default value for the optional argument or any other positive value at most the number of dimensions of the...

8.8CVSS0.00317EPSS
Exploits1References3
OSV
OSVadded 2022/02/03 11:15 a.m.17 views

PYSEC-2022-54

Tensorflow is an Open Source Machine Learning Framework. The implementation of FractionalAvgPoolGrad does not consider cases where the input tensors are invalid allowing an attacker to read from outside of bounds of heap. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this...

8.1CVSS3.3AI score0.00316EPSS
Exploits1References3
OSV
OSVadded 2022/02/03 11:15 a.m.15 views

PYSEC-2022-52

Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for ReverseSequence does not fully validate the value of batchdim and can result in a heap OOB read. There is a check to make sure the value of batchdim does not go over the rank of the input, but there...

8.1CVSS1.5AI score0.01078EPSS
Exploits1References4
Prion
Prionadded 2022/02/03 11:15 a.m.16 views

Design/Logic Flaw

Tensorflow is an Open Source Machine Learning Framework. The implementation of Dequantize does not fully validate the value of axis and can result in heap OOB accesses. The axis argument can be -1 the default value for the optional argument or any other positive value at most the number of...

6.5CVSS8.8AI score0.00291EPSS
Exploits1References3Affected Software1
Prion
Prionadded 2022/02/03 11:15 a.m.22 views

Integer overflow

Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for Dequantize is vulnerable to an integer overflow weakness. The axis argument can be -1 the default value for the optional argument or any other positive value at most the number of dimensions of the...

6.5CVSS8.8AI score0.00317EPSS
Exploits1References3Affected Software1
OSV
OSVadded 2022/02/03 11:15 a.m.15 views

PYSEC-2022-50

Tensorflow is an Open Source Machine Learning Framework. The implementation of Dequantize does not fully validate the value of axis and can result in heap OOB accesses. The axis argument can be -1 the default value for the optional argument or any other positive value at most the number of...

8.8CVSS1.5AI score0.00291EPSS
Exploits1References3
Prion
Prionadded 2022/02/03 11:15 a.m.13 views

Out-of-bounds

Tensorflow is an Open Source Machine Learning Framework. The implementation of FractionalAvgPoolGrad does not consider cases where the input tensors are invalid allowing an attacker to read from outside of bounds of heap. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this...

5.5CVSS7.8AI score0.00316EPSS
Exploits1References3Affected Software1
CVE
CVEadded 2022/02/03 11:7 a.m.159 views

CVE-2022-21727

CVE-2022-21727 : TensorFlow’s Dequantize shape inference is vulnerable to an integer overflow because the axis bound is not checked before computing axis+1. The fix is to be included in TensorFlow 2.8.0, with cherry-picks to 2.7.1, 2.6.3, and 2.5.3. Remediation guidance across connected sources i...

8.8CVSS8.2AI score0.00317EPSS
Exploits1References3Affected Software1
Cvelist
Cvelistadded 2022/02/03 11:7 a.m.18 views

CVE-2022-21727 Integer overflow in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for Dequantize is vulnerable to an integer overflow weakness. The axis argument can be -1 the default value for the optional argument or any other positive value at most the number of dimensions of the...

7.6CVSS9.1AI score0.00317EPSS
Exploits1References3
Vulnrichment
Vulnrichmentadded 2022/02/03 11:7 a.m.7 views

CVE-2022-21727 Integer overflow in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for Dequantize is vulnerable to an integer overflow weakness. The axis argument can be -1 the default value for the optional argument or any other positive value at most the number of dimensions of the...

7.6CVSS8.9AI score0.00317EPSS
Exploits1References3
CVE
CVEadded 2022/02/03 11:1 a.m.96 views

CVE-2022-21726

TensorFlow CVE-2022-21726 affects the Dequantize path, where axis validation is insufficient and can cause heap-out-of-bounds reads. The issue arises when axis is -1 (default) or any large positive value not checked against input dimensions, reading past the dimensions array. A fix is planned for...

8.8CVSS8.4AI score0.00291EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder