CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

5.5CVSS2.2AI score0.00044EPSS

PYSEC-2021-600

TensorFlow is an end-to-end open source platform for machine learning. In affected versions TFLite's GatherNd implementation does not support negative indices but there are no checks for this situation. Hence, an attacker can read arbitrary data from the heap by carefully crafting a model with...

OSV•added 2021/08/12 11:15 p.m.•22 views

PYSEC-2021-581

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause denial of service in applications serving models using tf.rawops.UnravelIndex by triggering a division by 0. The implementation does not check that the tensor subsumed by dims is not...

5.5CVSS2.4AI score0.00044EPSS

Prion•added 2021/08/12 11:15 p.m.•15 views

Design/Logic Flaw

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a division by zero error in LSH implementation. We have patched the issue in GitHub commit 0575b640091680cfb70f4dd93e70658de43b94f9. The fix will be...

2.1CVSS5.6AI score0.00012EPSS

5.5CVSS5.4AI score0.00032EPSS

PYSEC-2021-587

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a denial of service via a segmentation fault in tf.rawops.MaxPoolGrad caused by missing validation. The implementation misses some validation for the originput and origoutput tensor...

OSV•added 2021/08/12 11:15 p.m.•16 views

PYSEC-2021-598

TensorFlow is an end-to-end open source platform for machine learning. In affected versions TFLite's expanddims.cc contains a vulnerability which allows reading one element outside of bounds of heap allocated data. If axis is a large negative value e.g., -100000, then after the first if it would...

5.5CVSS2.7AI score0.0004EPSS

Prion•added 2021/08/12 11:15 p.m.•15 views

Design/Logic Flaw

2.1CVSS5.5AI score0.00044EPSS

Prion•added 2021/08/12 11:15 p.m.•17 views

Out-of-bounds

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to tf.rawops.UpperBound. The implementation does not validate the rank of sortedinput...

2.1CVSS5.6AI score0.00054EPSS

Prion•added 2021/08/12 11:15 p.m.•14 views

Design/Logic Flaw

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause denial of service in applications serving models using tf.rawops.NonMaxSuppressionV5 by triggering a division by 0. The implementation uses a user controlled argument to resize a...

2.1CVSS5.5AI score0.00032EPSS

Exploits0References3Affected Software1

Prion•added 2021/08/12 11:15 p.m.•12 views

Design/Logic Flaw

TensorFlow is an end-to-end open source platform for machine learning. In affected versions all TFLite operations that use quantization can be made to use unitialized values. For example. The issue stems from the fact that quantization.params is only valid if quantization.type is different that...

3.6CVSS6.8AI score0.00039EPSS

Exploits0References4Affected Software1

OSV•added 2021/08/12 11:15 p.m.•23 views

PYSEC-2021-578

TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in MKL implementation of requantization, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap...

7.8CVSS3.1AI score0.00037EPSS

OSV•added 2021/08/12 11:15 p.m.•17 views

PYSEC-2021-576

TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in tf.rawops.QuantizeV2, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap allocated arrays. Th...

7.8CVSS2AI score0.00013EPSS

5.5CVSS3.1AI score0.00054EPSS

PYSEC-2021-583

OSV•added 2021/08/12 11:15 p.m.•27 views

PYSEC-2021-604

5.5CVSS3.5AI score0.00012EPSS

7.8CVSS1.3AI score0.00032EPSS

PYSEC-2021-592

TensorFlow is an end-to-end open source platform for machine learning. In affected versions it is possible to nest a tf.mapfn within another tf.mapfn call. However, if the input tensor is a RaggedTensor and there is no function signature provided, code assumes the output is a fully specified tens...

Prion•added 2021/08/12 11:15 p.m.•12 views

Design/Logic Flaw

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a denial of service via a CHECK-fail in tf.rawops.MapStage. The implementation does not check that the key input is a valid non-empty tensor. We have patched the issue in GitHub...

2.1CVSS5.5AI score0.00012EPSS

Prion•added 2021/08/12 11:15 p.m.•12 views

Design/Logic Flaw

4.6CVSS7.7AI score0.00037EPSS

Exploits0References3Affected Software1

Prion•added 2021/08/12 11:15 p.m.•20 views

Design/Logic Flaw

4.6CVSS7.6AI score0.00032EPSS

5.5CVSS3.2AI score0.00012EPSS

PYSEC-2021-596

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of division in TFLite is vulnerable to a division by 0 error. There is no check that the divisor tensor does not contain zero elements. We have patched the issue in GitHub commit...

OSV•added 2021/08/12 11:15 p.m.•15 views

PYSEC-2021-605

TensorFlow is an end-to-end open source platform for machine learning. In affected versions under certain conditions, Go code can trigger a segfault in string deallocation. For string tensors, C.TFTStringDealloc is called during garbage collection within a finalizer function. However, tensor...

5.5CVSS2.9AI score0.00032EPSS