CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

162 matches found

OSV•added 2022/02/04 11:15 p.m.•12 views

PYSEC-2022-99

Tensorflow is an Open Source Machine Learning Framework. A GraphDef from a TensorFlow SavedModel can be maliciously altered to cause a TensorFlow process to crash due to encountering a StatusOr value that is an error and forcibly extracting the value from it. We have patched the issue in multiple...

7.5CVSS7.1AI score0.00958EPSS

Exploits1References3

OSV•added 2022/02/04 11:15 p.m.•21 views

PYSEC-2022-90

Tensorflow is an Open Source Machine Learning Framework. The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a SavedModel such that IsSimplifiableReshape would trigger CHECK failures. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this...

6.5CVSS2.8AI score0.01181EPSS

Exploits1References5

OSV•added 2022/02/04 11:15 p.m.•19 views

PYSEC-2022-92

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a SavedModel such that any binary op would trigger CHECK failures. This occurs when the protobuf part corresponding to the tensor arguments is modified such that the dtype no longer...

6.5CVSS1.8AI score0.00777EPSS

Exploits1References3

OSV•added 2022/02/04 11:15 p.m.•2 views

PYSEC-2022-147

6.5CVSS5.9AI score0.00777EPSS

Exploits1References3

Cvelist•added 2022/02/04 10:32 p.m.•41 views

CVE-2022-23565 `CHECK`-failures in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. An attacker can trigger denial of service via assertion failure by altering a SavedModel on disk such that AttrDefs of some operation are duplicated. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on...

6.5CVSS6.6AI score0.00462EPSS

Exploits0References2

Debian CVE•added 2022/02/04 10:32 p.m.•3 views

CVE-2022-23565

6.5CVSS6.9AI score0.00462EPSS

Exploits0

Cvelist•added 2022/02/04 10:32 p.m.•24 views

CVE-2022-23579 `CHECK`-failures during Grappler's `SafeToRemoveIdentity` in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a SavedModel such that SafeToRemoveIdentity would trigger CHECK failures. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this...

6.5CVSS6.5AI score0.00808EPSS

Exploits1References3

Debian CVE•added 2022/02/04 10:32 p.m.•3 views

CVE-2022-23579

6.5CVSS6.8AI score0.00808EPSS

Exploits1

Debian CVE•added 2022/02/04 10:32 p.m.•2 views

CVE-2022-23581

6.5CVSS6.8AI score0.01181EPSS

Exploits1

Vulnrichment•added 2022/02/04 10:32 p.m.•6 views

CVE-2022-23588 `CHECK`-fails due to attempting to build a reference tensor in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a SavedModel such that Grappler optimizer would attempt to build a tensor using a reference dtype. This would result in a crash due to a CHECK-fail in the Tensor constructor as...

6.5CVSS6.3AI score0.00851EPSS

Exploits1References4

Cvelist•added 2022/02/04 10:32 p.m.•41 views

CVE-2022-23588 `CHECK`-fails due to attempting to build a reference tensor in Tensorflow

6.5CVSS6.5AI score0.00851EPSS

Exploits1References4

OSV•added 2022/02/04 10:32 p.m.•27 views

CVE-2022-23588 `CHECK`-fails due to attempting to build a reference tensor in Tensorflow

6.5CVSS6.2AI score0.00851EPSS

Exploits1References6

Cvelist•added 2022/02/04 10:32 p.m.•29 views

CVE-2022-23589 Null pointer dereference in Grappler's `IsConstant` in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow can trigger a null pointer dereference. There are 2 places where this can occur, for the same malicious alteration of a SavedModel file fixing the first one would trigger the same...

6.5CVSS6.7AI score0.0108EPSS

Exploits1References5

Debian CVE•added 2022/02/04 10:32 p.m.•4 views

CVE-2022-23589

6.5CVSS7AI score0.0108EPSS

Exploits1

OSV•added 2022/02/04 10:32 p.m.•30 views

CVE-2022-23589 Null pointer dereference in Grappler's `IsConstant` in Tensorflow

6.5CVSS6.4AI score0.0108EPSS

Exploits1References7

CVE•added 2022/02/04 10:32 p.m.•115 views

CVE-2022-23586

TensorFlow vulnerability CVE-2022-23586 affects the SavedModel path via assertions in function.cc, enabling denial of service by a malicious SavedModel that crashes the Python interpreter. Root cause is CHECK/assertion failures in function.cc when a SavedModel is altered. Affected releases map to...

6.5CVSS6.4AI score0.00788EPSS

Exploits1References4Affected Software1

OSV•added 2022/02/04 10:32 p.m.•18 views

CVE-2022-23586 Multiple `CHECK`-fails in `function.cc` in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a SavedModel such that assertions in function.cc would be falsified and crash the Python interpreter. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this comm...

6.5CVSS6.3AI score0.00788EPSS

Exploits1References6

Vulnrichment•added 2022/02/04 10:32 p.m.•5 views

CVE-2022-23586 Multiple `CHECK`-fails in `function.cc` in Tensorflow

6.5CVSS6.4AI score0.00788EPSS

Exploits1References4

Debian CVE•added 2022/02/04 10:32 p.m.•5 views

CVE-2022-23586

6.5CVSS6.8AI score0.00788EPSS

Exploits1

CVE•added 2022/02/04 10:32 p.m.•120 views

CVE-2022-23583

TensorFlow vulnerability CVE-2022-23583: a type confusion caused by modifying the SavedModel’s tensor protobufs can let a remote attacker trigger CHECK failures in templated binary operators, leading to a denial of service. Affected: various TF releases up to 2.8.x (and cherry-picks on 2.7.1, 2.6...

6.5CVSS6.4AI score0.00777EPSS

Exploits1References3Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by