Lucene search
K

55 matches found

OSV
OSV
added 2021/11/10 7:3 p.m.5 views

GHSA-PGCQ-H79J-2F69 Incomplete validation of shapes in multiple TF ops

Impact Several TensorFlow operations are missing validation for the shapes of the tensor arguments involved in the call. Depending on the API, this can result in undefined behavior and segfault or CHECK-fail related crashes but in some scenarios writes and reads from heap populated arrays are als...

7.3CVSS7.1AI score0.00174EPSS
Exploits0References12
PyPA
PyPA
added 2021/11/05 10:15 p.m.5 views

PYSEC-2021-843

TensorFlow is an open source platform for machine learning. In affected versions several TensorFlow operations are missing validation for the shapes of the tensor arguments involved in the call. Depending on the API, this can result in undefined behavior and segfault or CHECK-fail related crashes...

7.8CVSS7.1AI score0.00174EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added 2021/11/05 10:15 p.m.5 views

PYSEC-2021-845

TensorFlow is an open source platform for machine learning. In affected versions several TensorFlow operations are missing validation for the shapes of the tensor arguments involved in the call. Depending on the API, this can result in undefined behavior and segfault or CHECK-fail related crashes...

7.8CVSS7.1AI score0.00174EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added 2021/11/05 10:15 p.m.5 views

PYSEC-2021-847

TensorFlow is an open source platform for machine learning. In affected versions several TensorFlow operations are missing validation for the shapes of the tensor arguments involved in the call. Depending on the API, this can result in undefined behavior and segfault or CHECK-fail related crashes...

7.8CVSS7.1AI score0.00174EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2021/11/05 10:15 p.m.3 views

PYSEC-2021-847

TensorFlow is an open source platform for machine learning. In affected versions several TensorFlow operations are missing validation for the shapes of the tensor arguments involved in the call. Depending on the API, this can result in undefined behavior and segfault or CHECK-fail related crashes...

7.8CVSS7.1AI score0.00174EPSS
Exploits0References7
OSV
OSV
added 2021/11/05 10:15 p.m.5 views

PYSEC-2021-843

TensorFlow is an open source platform for machine learning. In affected versions several TensorFlow operations are missing validation for the shapes of the tensor arguments involved in the call. Depending on the API, this can result in undefined behavior and segfault or CHECK-fail related crashes...

7.8CVSS5.9AI score0.00174EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2021/11/05 10:5 p.m.2 views

CVE-2021-41206

TensorFlow is an open source platform for machine learning. In affected versions several TensorFlow operations are missing validation for the shapes of the tensor arguments involved in the call. Depending on the API, this can result in undefined behavior and segfault or CHECK-fail related crashes...

7.8CVSS7.2AI score0.00174EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2021/11/05 12:0 a.m.7 views

PT-2021-23178 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.7.0 TensorFlow version 2.6.1 TensorFlow version 2.5.2 TensorFlow version 2.4.4 Description: Several TensorFlow operations are missing validation for the shapes of the tensor arguments involved in the call...

7.8CVSS7.5AI score0.00174EPSS
Exploits0References20
CNNVD
CNNVD
added 2021/11/05 12:0 a.m.6 views

Google TensorFlow 安全漏洞

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google, Inc. in the United States. A security vulnerability exists in Google TensorFlow versions prior to 2.7.0, which stems from a lack of validation of the shape of the tensor parameter involved in a call...

7.8CVSS7.3AI score0.00174EPSS
Exploits0References9
PyPA
PyPA
added 2021/08/12 9:15 p.m.7 views

PYSEC-2021-568

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a read from outside of bounds of heap allocated data by sending invalid arguments to tf.rawops.ResourceScatterUpdate. The implementation has an incomplete validation of the...

7.3CVSS7.2AI score0.00167EPSS
Exploits0References2Affected Software1
PyPA
PyPA
added 2021/08/12 9:15 p.m.6 views

PYSEC-2021-766

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a read from outside of bounds of heap allocated data by sending invalid arguments to tf.rawops.ResourceScatterUpdate. The implementation has an incomplete validation of the...

7.3CVSS7.2AI score0.00167EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2021/08/12 9:15 p.m.6 views

CVE-2021-37655

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a read from outside of bounds of heap allocated data by sending invalid arguments to tf.rawops.ResourceScatterUpdate. The implementation has an incomplete validation of the...

7.3CVSS5.7AI score0.00167EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2021/08/12 9:15 p.m.9 views

PYSEC-2021-766

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a read from outside of bounds of heap allocated data by sending invalid arguments to tf.rawops.ResourceScatterUpdate. The implementation has an incomplete validation of the...

7.3CVSS6.5AI score0.00167EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/08/12 8:25 p.m.32 views

CVE-2021-37655 Heap OOB in `ResourceScatterUpdate` in TensorFlow

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a read from outside of bounds of heap allocated data by sending invalid arguments to tf.rawops.ResourceScatterUpdate. The implementation has an incomplete validation of the...

7.3CVSS7.6AI score0.00167EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2021/08/12 8:25 p.m.2 views

CVE-2021-37655

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a read from outside of bounds of heap allocated data by sending invalid arguments to tf.rawops.ResourceScatterUpdate. The implementation has an incomplete validation of the...

7.3CVSS7.2AI score0.00167EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2021/08/12 12:0 a.m.6 views

PT-2021-21771 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.6.0 TensorFlow versions 2.5.1 and earlier TensorFlow versions 2.4.3 and earlier TensorFlow versions 2.3.4 and earlier Description: An attacker can trigger a read from outside of bounds of heap allocated data by...

9.3CVSS5.8AI score0.00451EPSS
Exploits5References87
OSV
OSV
added 2021/05/21 2:26 p.m.3 views

GHSA-6F89-8J54-29XF Heap buffer overflow in `FractionalAvgPoolGrad`

Impact The implementation of tf.rawops.FractionalAvgPoolGrad is vulnerable to a heap buffer overflow: python import tensorflow as tf originputtensorshape = tf.constant1, 3, 2, 3, shape=4, dtype=tf.int64 outbackprop = tf.constant2, shape=1, 1, 1, 1, dtype=tf.int64 rowpoolingsequence = tf.constant1...

2.5CVSS7AI score0.00211EPSS
Exploits1References7
OSV
OSV
added 2021/05/21 2:26 p.m.2 views

GHSA-V6R6-84GR-92RM Heap buffer overflow in `AvgPool3DGrad`

Impact The implementation of tf.rawops.AvgPool3DGrad is vulnerable to a heap buffer overflow: python import tensorflow as tf originputshape = tf.constant10, 6, 3, 7, 7, shape=5, dtype=tf.int32 grad = tf.constant0.01, 0, 0, shape=3, 1, 1, 1, 1, dtype=tf.float32 ksize = 1, 1, 1, 1, 1 strides = 1, 1...

2.5CVSS7.1AI score0.00211EPSS
Exploits1References7
OSV
OSV
added 2021/05/21 2:21 p.m.7 views

GHSA-WCV5-QRJ6-9PFM Heap buffer overflow in `Conv3DBackprop*`

Impact Missing validation between arguments to tf.rawops.Conv3DBackprop operations can result in heap buffer overflows: python import tensorflow as tf inputsizes = tf.constant1, 1, 1, 1, 2, shape=5, dtype=tf.int32 filtertensor = tf.constant734.6274508233133, -10.0, -10.0, -10.0, -10.0, -10.0,...

2.5CVSS7.1AI score0.00224EPSS
Exploits1References7
PyPA
PyPA
added 2021/05/14 8:15 p.m.3 views

PYSEC-2021-205

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger undefined behavior by binding to null pointer in tf.rawops.ParameterizedTruncatedNormal. This is because the...

7.8CVSS7AI score0.00197EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder