Lucene search
K

162 matches found

Debian CVE
Debian CVE
added 2022/02/04 10:32 p.m.4 views

CVE-2022-23583

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a SavedModel such that any binary op would trigger CHECK failures. This occurs when the protobuf part corresponding to the tensor arguments is modified such that the dtype no longer...

6.5CVSS6.8AI score0.00789EPSS
Exploits1
OSV
OSV
added 2022/02/04 10:32 p.m.22 views

CVE-2022-23583 `CHECK`-failures in binary ops in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a SavedModel such that any binary op would trigger CHECK failures. This occurs when the protobuf part corresponding to the tensor arguments is modified such that the dtype no longer...

6.5CVSS6.3AI score0.00789EPSS
Exploits1References5
Cvelist
Cvelist
added 2022/02/04 10:32 p.m.26 views

CVE-2022-23582 `CHECK`-failures in `TensorByteSize` in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a SavedModel such that TensorByteSize would trigger CHECK failures. TensorShape constructor throws a CHECK-fail if shape is partial or has a number of elements that would overflow t...

6.5CVSS6.5AI score0.00783EPSS
Exploits1References3
CVE
CVE
added 2022/02/04 10:32 p.m.109 views

CVE-2022-23582

CVE-2022-23582 affects TensorFlow: a malicious SavedModel can trigger a denial of service via TensorByteSize CHECK failures caused by shape handling in TensorShape/PartialTensorShape (shape partials or large element counts). Root cause is TensorShape throwing on partial/large shapes; PartialTenso...

6.5CVSS6.4AI score0.00783EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2022/02/04 10:32 p.m.19 views

CVE-2022-23594 Out of bounds read in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. The TFG dialect of TensorFlow MLIR makes several assumptions about the incoming GraphDef before converting it to the MLIR-based dialect. If an attacker changes the SavedModel format on disk to invalidate these assumptions and the GraphDef i...

8.8CVSS6.6AI score0.00142EPSS
Exploits0References4
Cvelist
Cvelist
added 2022/02/04 10:32 p.m.24 views

CVE-2022-23594 Out of bounds read in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. The TFG dialect of TensorFlow MLIR makes several assumptions about the incoming GraphDef before converting it to the MLIR-based dialect. If an attacker changes the SavedModel format on disk to invalidate these assumptions and the GraphDef i...

8.8CVSS9AI score0.00142EPSS
Exploits0References2
CVE
CVE
added 2022/02/04 10:32 p.m.83 views

CVE-2022-23594

TensorFlow MLIR/TFG GraphDef handling flaw: if a SavedModel is on disk with altered format, conversion to the MLIR-based IR can crash the Python interpreter and may enable heap out-of-bounds reads. Affected scope includes the MLIR import path and associated GraphDef assumptions; exploitation deta...

8.8CVSS5.9AI score0.00142EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/02/04 10:32 p.m.23 views

CVE-2022-23590 Crash due to erroneous `StatusOr` in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. A GraphDef from a TensorFlow SavedModel can be maliciously altered to cause a TensorFlow process to crash due to encountering a StatusOr value that is an error and forcibly extracting the value from it. We have patched the issue in multiple...

5.9CVSS7.7AI score0.00973EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2022/02/04 10:32 p.m.3 views

CVE-2022-23590

Tensorflow is an Open Source Machine Learning Framework. A GraphDef from a TensorFlow SavedModel can be maliciously altered to cause a TensorFlow process to crash due to encountering a StatusOr value that is an error and forcibly extracting the value from it. We have patched the issue in multiple...

7.5CVSS7AI score0.00973EPSS
Exploits1
OSV
OSV
added 2022/02/04 10:32 p.m.17 views

CVE-2022-23590 Crash due to erroneous `StatusOr` in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. A GraphDef from a TensorFlow SavedModel can be maliciously altered to cause a TensorFlow process to crash due to encountering a StatusOr value that is an error and forcibly extracting the value from it. We have patched the issue in multiple...

5.9CVSS7.4AI score0.00973EPSS
Exploits1References5
Cvelist
Cvelist
added 2022/02/04 10:32 p.m.41 views

CVE-2022-23591 Stack overflow in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. The GraphDef format in TensorFlow does not allow self recursive functions. The runtime assumes that this invariant is satisfied. However, a GraphDef containing a fragment such as the following can be consumed when loading a SavedModel. This...

7.5CVSS7.9AI score0.00789EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2022/02/04 10:32 p.m.3 views

CVE-2022-23591

Tensorflow is an Open Source Machine Learning Framework. The GraphDef format in TensorFlow does not allow self recursive functions. The runtime assumes that this invariant is satisfied. However, a GraphDef containing a fragment such as the following can be consumed when loading a SavedModel. This...

7.5CVSS7.4AI score0.00789EPSS
Exploits0
CNNVD
CNNVD
added 2022/02/04 12:0 a.m.4 views

Google TensorFlow 安全漏洞

Google TensorFlow is an end-to-end open source platform for machine learning from Google. Google TensorFlow has a security vulnerability that could be exploited by an attacker to cause a denial of service by changing SavedModel...

6.5CVSS5.7AI score0.00789EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2022/02/04 12:0 a.m.6 views

PT-2022-16108 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.8.0 TensorFlow versions 2.7.1 and earlier TensorFlow versions 2.6.3 and earlier TensorFlow versions 2.5.3 and earlier Description: The GraphDef format in TensorFlow does not allow self recursive functions...

7.5CVSS7.5AI score0.00789EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2022/02/04 12:0 a.m.7 views

PT-2022-16103 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.8.0 TensorFlow versions 2.7.1 and earlier TensorFlow versions 2.6.3 and earlier TensorFlow versions 2.5.3 and earlier Description: A malicious user can cause a denial of service by altering a SavedModel such tha...

6.5CVSS6.2AI score0.008EPSS
Exploits1References14
Positive Technologies
Positive Technologies
added 2022/02/04 12:0 a.m.3 views

PT-2022-16098 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.8.0 TensorFlow versions 2.7.1 and earlier TensorFlow versions 2.6.3 and earlier TensorFlow versions 2.5.3 and earlier Description: The Grappler optimizer in TensorFlow can be used to cause a denial of service by...

6.5CVSS6.2AI score0.012EPSS
Exploits1References14
CNNVD
CNNVD
added 2022/02/04 12:0 a.m.4 views

Google Tensorflow 安全漏洞

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. Google TensorFlow has a security vulnerability that can be exploited by an attacker to cause a denial of service by modifying SavedModel...

6.5CVSS5.7AI score0.00864EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2022/02/04 12:0 a.m.2 views

PT-2022-16096 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.8.0 TensorFlow versions 2.7.1 and earlier TensorFlow versions 2.6.3 and earlier TensorFlow versions 2.5.3 and earlier Description: The Grappler optimizer in TensorFlow can be used to cause a denial of service by...

6.5CVSS6.2AI score0.00821EPSS
Exploits1References12
CNNVD
CNNVD
added 2022/02/04 12:0 a.m.3 views

Google Tensorflow 安全漏洞

Google TensorFlow is an end-to-end open source platform for machine learning from Google. Google Tensorflow has a security vulnerability that could be exploited to cause a denial of service by modifying SavedModel to trigger a CHECK failure...

6.5CVSS5.6AI score0.00821EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/02/04 12:0 a.m.5 views

Google TensorFlow 缓冲区错误漏洞

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. Google TensorFlow suffers from a buffer overflow vulnerability that can be exploited by an attacker to change the format of the SavedModel on disk to invalidate these assumptions, and then...

8.8CVSS6.1AI score0.00142EPSS
Exploits0References3
Rows per page
Query Builder