CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

284 matches found

CNNVD•added 2022/05/20 12:0 a.m.•3 views

Google TensorFlow输入验证错误漏洞

Google TensorFlow, an end-to-end open source platform for machine learning from Google, Inc. is vulnerable to an input validation error in versions prior to 2.9.0, 2.8.1, 2.7.2, and 2.6.4, which originates in tf.rawops QuantizeAndDequantizeV4Grad does not fully validate the input parameters and c...

5.5CVSS5.6AI score0.00143EPSS

Exploits1References8

OSV•added 2021/11/10 7:4 p.m.•1 views

GHSA-49RX-X2RW-PC6F Heap OOB read in all `tf.raw_ops.QuantizeAndDequantizeV*` ops

Impact The shape inference functions for the QuantizeAndDequantizeV operations can trigger a read outside of bounds of heap allocated array as illustrated in the following sets of PoCs: python import tensorflow as tf @tf.function def test: data=tf.rawops.QuantizeAndDequantizeV4Grad...

7.1CVSS6.9AI score0.00019EPSS

Exploits0References7

OSV•added 2021/11/10 7:1 p.m.•1 views

GHSA-CVGX-3V3Q-M36C Heap OOB in shape inference for `QuantizeV2`

Impact The shape inference code for QuantizeV2 can trigger a read outside of bounds of heap allocated array: python import tensorflow as tf @tf.function def test: data=tf.rawops.QuantizeV2 input=1.0,1.0, minrange=1.0,10.0, maxrange=1.0,10.0, T=tf.qint32, mode='MINCOMBINED', roundmode='HALFTOEVEN'...

7.1CVSS5.8AI score0.00019EPSS

Exploits1References7

PyPA•added 2021/11/05 9:15 p.m.•5 views

PYSEC-2021-398

TensorFlow is an open source platform for machine learning. In affected versions the shape inference functions for the QuantizeAndDequantizeV operations can trigger a read outside of bounds of heap allocated array. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit ...

7.1CVSS6.9AI score0.00019EPSS

Exploits0References2Affected Software1

PyPA•added 2021/11/05 9:15 p.m.•3 views

PYSEC-2021-813

7.1CVSS6.9AI score0.00019EPSS

Exploits0References2Affected Software1

PyPA•added 2021/11/05 9:15 p.m.•4 views

PYSEC-2021-620

TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for QuantizeV2 can trigger a read outside of bounds of heap allocated array. This occurs whenever axis is a negative value less than -1. In this case, we are accessing data before the start o...

7.1CVSS7AI score0.00019EPSS

Exploits1References2Affected Software1

OSV•added 2021/11/05 9:15 p.m.•2 views

PYSEC-2021-398

7.1CVSS7AI score0.00019EPSS

Exploits0References2

Debian CVE•added 2021/11/05 8:10 p.m.•1 views

CVE-2021-41205

7.1CVSS7AI score0.00019EPSS

Exploits0

Positive Technologies•added 2021/11/05 12:0 a.m.•1 views

PT-2021-23177 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.7.0 TensorFlow versions 2.6.1 and earlier TensorFlow versions 2.5.2 and earlier TensorFlow versions 2.4.4 and earlier Description: The shape inference functions for the QuantizeAndDequantizeV operations can...

7.1CVSS6.7AI score0.00019EPSS

Exploits0References13

CNNVD•added 2021/11/05 12:0 a.m.•1 views

Google TensorFlow 缓冲区错误漏洞

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google, Inc. in the United States. Google TensorFlow suffers from a buffer error vulnerability that stems from the fact that in the affected version, QuantizeV2's shape inference code could trigger a read...

7.1CVSS7.4AI score0.00019EPSS

Exploits1References4

Positive Technologies•added 2021/11/05 12:0 a.m.•1 views

PT-2021-23184 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions 2.6.1 through 2.6.1 TensorFlow versions prior to 2.7.0 Description: The shape inference code for QuantizeV2 can trigger a read outside of bounds of heap allocated array. This occurs whenever axis is a negative value less...

7.1CVSS6.8AI score0.00019EPSS

Exploits1References13

CNNVD•added 2021/11/05 12:0 a.m.•4 views

Google TensorFlow 缓冲区错误漏洞

Google TensorFlow is an end-to-end open source machine learning platform. an out-of-bounds read vulnerability exists in the shape inference function of the QuantizeAndDequantizeV operation in versions prior to TensorFlow 2.7.0 for heap allocation arrays. No detailed vulnerability details are...

7.1CVSS5.6AI score0.00019EPSS

Exploits0References4

OSV•added 2021/08/25 2:43 p.m.•2 views

GHSA-9W2P-5MGW-P94C Integer overflow due to conversion to unsigned

Impact The implementation of tf.rawops.QuantizeAndDequantizeV4Grad is vulnerable to an integer overflow issue caused by converting a signed integer value to an unsigned one and then allocating memory based on this value. python import tensorflow as tf tf.rawops.QuantizeAndDequantizeV4Grad...

5.7CVSS5.9AI score0.00012EPSS

Exploits0References7

OSV•added 2021/08/12 11:15 p.m.•0 views

PYSEC-2021-285

TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in tf.rawops.QuantizeV2, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap allocated arrays. Th...

7.8CVSS5.9AI score0.00013EPSS

Exploits0References2

PyPA•added 2021/08/12 11:15 p.m.•4 views

PYSEC-2021-774

7.8CVSS7AI score0.00013EPSS

Exploits0References2Affected Software1

Debian CVE•added 2021/08/12 10:45 p.m.•1 views

CVE-2021-37663

7.8CVSS6.9AI score0.00013EPSS

Exploits0

OSV•added 2021/08/12 9:15 p.m.•0 views

PYSEC-2021-267

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of tf.rawops.QuantizeAndDequantizeV4Grad is vulnerable to an integer overflow issue caused by converting a signed integer value to an unsigned one and then allocating memory based on thi...

5.5CVSS5.9AI score0.00012EPSS

Exploits0References2