Lucene search
K

751 matches found

Microsoft CVE
Microsoft CVE
added 2022/12/02 8:0 a.m.3 views

Invalid char to bool conversion when printing a tensor in Tensorflow

...

7.5CVSS7.7AI score0.00389EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2022/12/02 8:0 a.m.3 views

`CHECK_EQ` fail in `tf.raw_ops.TensorListResize` in Tensorflow

...

7.5CVSS7.7AI score0.00439EPSS
Exploits1
Microsoft CVE
Microsoft CVE
added 2022/12/02 8:0 a.m.3 views

Segfault in `CompositeTensorVariantToComponents` in Tensorflow

...

7.5CVSS7.7AI score0.0049EPSS
Exploits1
OSV
OSV
added 2022/11/21 11:51 p.m.1 views

GHSA-XF83-Q765-XM6M `CHECK` fail in `TensorListScatter` and `TensorListScatterV2` in eager mode

Impact Another instance of CVE-2022-35991, where TensorListScatter and TensorListScatterV2 crash via non scalar inputs inelementshape, was found in eager mode and fixed. python import tensorflow as tf arg0=tf.random.uniformshape=2, 2, 2, dtype=tf.float16, maxval=None arg1=tf.random.uniformshape=2...

6.8AI score
Exploits0References2
OSV
OSV
added 2022/11/21 10:17 p.m.5 views

GHSA-RJX6-V474-2CH9 Segfault in `CompositeTensorVariantToComponents`

Impact An input encoded that is not a valid CompositeTensorVariant tensor will trigger a segfault in tf.rawops.CompositeTensorVariantToComponents. python import tensorflow as tf encode = tf.rawops.EmptyTensorListelementdtype=tf.int32, elementshape=10, 15, maxnumelements=2 meta= ""...

4.8CVSS7AI score0.0049EPSS
Exploits1References6
Snyk
Snyk
added 2022/11/20 9:8 a.m.2 views

Reachable Assertion

Overview Affected versions of this package are vulnerable to Reachable Assertion when tf.rawops.TensorListResize is given a nonscalar value for input size. It will results in a CHECK fail which can be used to trigger a denial of service attack. Remediation Upgrade tensorflow-lite to version 2.12....

7.5CVSS6.8AI score0.00439EPSS
Exploits1References3
Snyk
Snyk
added 2022/11/20 9:8 a.m.1 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS when an input encoded is not a valid CompositeTensorVariant tensor. This will trigger a segfault in tf.rawops.CompositeTensorVariantToComponents. Details Denial of Service DoS describes a family of attacks, all aim...

7.5CVSS7AI score0.0049EPSS
Exploits1References2
OSV
OSV
added 2022/11/18 10:15 p.m.5 views

AZL-11543 CVE-2022-41909 affecting package tensorflow for versions less than 2.11.0-1

TensorFlow is an open source platform for machine learning. An input encoded that is not a valid CompositeTensorVariant tensor will trigger a segfault in tf.rawops.CompositeTensorVariantToComponents. We have patched the issue in GitHub commits bf594d08d377dc6a3354d9fdb494b32d45f91971 and...

7.5CVSS7.3AI score0.0049EPSS
Exploits1References1
OSV
OSV
added 2022/11/18 10:15 p.m.5 views

AZL-11531 CVE-2022-41893 affecting package tensorflow for versions less than 2.11.0-1

TensorFlow is an open source platform for machine learning. If tf.rawops.TensorListResize is given a nonscalar value for input size, it results CHECK fail which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 888e34b49009a4e734c27ab0c43b0b5102682c56...

7.5CVSS7.2AI score0.00439EPSS
Exploits1References1
Prion
Prion
added 2022/11/18 10:15 p.m.16 views

Stack overflow

TensorFlow is an open source platform for machine learning. If a list of quantized tensors is assigned to an attribute, the pywrap code fails to parse the tensor and returns a nullptr, which is not caught. An example can be seen in tf.compat.v1.extractvolumepatches by passing in quantized tensors...

5CVSS7.9AI score0.00404EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2022/11/18 12:0 a.m.4 views

Google TensorFlow 安全漏洞

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A denial of service vulnerability exists in Google TensorFlow versions prior to 2.8.4, 2.9.0 and later, 2.9.3 and later, 2.10.0 and later, and 2.10.1. TensorListConcat" is given "elementshape=", resulti...

7.5CVSS6.4AI score0.0043EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/11/18 12:0 a.m.2 views

Google TensorFlow 代码问题漏洞

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A code issue vulnerability exists in Google TensorFlow, which results from pywrap code failing to parse a tensor and returning an uncaught "nullptr" if a list of quantified tensors is assigned to an...

7.5CVSS6.9AI score0.00404EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2022/11/18 12:0 a.m.12 views

CVE-2022-41911 Invalid char to bool conversion when printing a tensor in Tensorflow

TensorFlow is an open source platform for machine learning. When printing a tensor, we get it's data as a const char array since that's the underlying storage and then we typecast it to the element type. However, conversions from char to bool are undefined if the char is not 0 or 1, so...

4.8CVSS7.5AI score0.00389EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/11/18 12:0 a.m.33 views

CVE-2022-41885 Overflow in `FusedResizeAndPadConv2D` in Tensorflow

TensorFlow is an open source platform for machine learning. When tf.rawops.FusedResizeAndPadConv2D is given a large tensor shape, it overflows. We have patched the issue in GitHub commit d66e1d568275e6a2947de97dca7a102a211e01ce. The fix will be included in TensorFlow 2.11. We will also cherrypick...

4.8CVSS7.7AI score0.0043EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2022/11/18 12:0 a.m.2 views

CVE-2022-41911

TensorFlow is an open source platform for machine learning. When printing a tensor, we get it's data as a const char array since that's the underlying storage and then we typecast it to the element type. However, conversions from char to bool are undefined if the char is not 0 or 1, so...

7.5CVSS6.8AI score0.00389EPSS
Exploits0
Wired Threat Level
Wired Threat Level
added 2022/10/11 7:26 p.m.13 views

Google’s Pixel 7 and Pixel 7 Pro Pack New Android VPN and Tensor G2, Titan M2 Chips

The company says it hardened the security of its new flagship phones—and plans to release a built-in Android VPN...

0.5AI score
Exploits0
CNVD
CNVD
added 2022/09/20 12:0 a.m.25 views

Google TensorFlow Denial of Service Vulnerability (CNVD-2023-15782)

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A denial-of-service vulnerability exists in Google TensorFlow, which stems from the fact that the implementation of tf.reshape op in TensorFlow is vulnerable to an overflow in the number of elements in...

7.5CVSS3.2AI score0.00396EPSS
Exploits0References1
NVD
NVD
added 2022/09/16 11:15 p.m.38 views

CVE-2022-35993

TensorFlow is an open source platform for machine learning. When SetSize receives an input setshape that is not a 1D tensor, it gives a CHECK fails that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit cf70b79d2662c0d3c6af74583641e345fc939467. The fix...

7.5CVSS0.00396EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2022/09/16 10:22 p.m.7 views

animl (>=1.1.2 <=1.1.4), arekit (>=0.21.0 <=0.22.1) +183 more potentially affected by CVE-2022-35973 via tensorflow-gpu (>=1.10.1 <=2.7.0)

tensorflow-gpu PYPI version =1.10.1, =1.1.2, =0.21.0, =0.23.0, =0.9.2, =1.0.0, =0.1.0, =0.0.1, =0.0.9, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - brainhance =0.0.1 and more Source cves: CVE-2022-35973 Source advisory: OSV:GHSA-689C-R7H2-FV9V...

7.5CVSS7.1AI score0.00423EPSS
Exploits0
OSV
OSV
added 2022/09/16 10:15 p.m.4 views

GHSA-VM7X-4QHJ-RRCQ TensorFlow vulnerable to `CHECK` fail in `TensorListScatter` and `TensorListScatterV2`

Impact When TensorListScatter and TensorListScatterV2 receive an elementshape of a rank greater than one, they give a CHECK fail that can trigger a denial of service attack. python import tensorflow as tf arg0=tf.random.uniformshape=2, 2, 2, dtype=tf.float16, maxval=None...

5.9CVSS6.9AI score0.00441EPSS
Exploits0References5
Rows per page
Query Builder