Lucene search
+L

76 matches found

Debian CVE
Debian CVE
added 2021/11/05 10:5 p.m.56 views

CVE-2021-41218

TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for AllToAll can be made to execute a division by 0. This occurs whenever the splitcount argument is 0. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on...

5.5CVSS7.3AI score0.00128EPSS
Exploits0
CVE
CVE
added 2021/11/05 10:5 p.m.96 views

CVE-2021-41206

CVE-2021-41206 is described across multiple connected sources as a TensorFlow issue where several TF ops fail to validate the shapes of tensor arguments, potentially causing undefined behavior, crashes (segfaults or CHECK failures), and heap-related reads/writes. The issue affects TensorFlow’s co...

7.8CVSS7.2AI score0.00174EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2021/11/05 9:50 p.m.39 views

CVE-2021-41207 Division by zero in `ParallelConcat`

TensorFlow is an open source platform for machine learning. In affected versions the implementation of ParallelConcat misses some input validation and can produce a division by 0. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow...

5.5CVSS5.7AI score0.00136EPSS
Exploits0References2
CVE
CVE
added 2021/11/05 9:50 p.m.91 views

CVE-2021-41207

TensorFlow ParallelConcat vulnerability (CVE-2021-41207) arises from insufficient input validation in the ParallelConcat implementation, which can lead to a division by zero in affected TensorFlow versions. The issue affects multiple releases and is slated to be fixed in TensorFlow 2.7.0; Sony ch...

5.5CVSS5.6AI score0.00136EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/11/05 9:45 p.m.83 views

CVE-2021-41209

CVE-2021-41209 affects TensorFlow: in affected versions, convolution operator implementations may trigger a division by zero when given empty filter tensor arguments. The issue is fixed in TensorFlow 2.7.0, with cherry-picks to 2.6.1, 2.5.2, and 2.4.4 in scope. Affected products/versions include ...

5.5CVSS5.6AI score0.00136EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2021/11/05 9:15 p.m.30 views

CVE-2021-41205

TensorFlow is an open source platform for machine learning. In affected versions the shape inference functions for the QuantizeAndDequantizeV operations can trigger a read outside of bounds of heap allocated array. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit ...

7.1CVSS0.00148EPSS
Exploits0References2
PyPA
PyPA
added 2021/11/05 9:15 p.m.9 views

PYSEC-2021-415

TensorFlow is an open source platform for machine learning. In affected versions the implementation of FusedBatchNorm kernels is vulnerable to a heap OOB access. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow...

7.1CVSS7AI score0.00201EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2021/11/05 9:15 p.m.13 views

Null pointer dereference

TensorFlow is an open source platform for machine learning. In affected versions the process of building the control flow graph for a TensorFlow model is vulnerable to a null pointer exception when nodes that should be paired are not. This occurs because the code assumes that the first node in th...

2.1CVSS5.6AI score0.00181EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2021/11/05 9:15 p.m.18 views

Heap overflow

TensorFlow is an open source platform for machine learning. In affected versions the code for sparse matrix multiplication is vulnerable to undefined behavior via binding a reference to nullptr. This occurs whenever the dimensions of a or b are 0 or less. In the case on one of these is 0, an empt...

4.6CVSS7.5AI score0.00204EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/11/05 9:15 p.m.9 views

PYSEC-2021-624

TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for DeserializeSparse can trigger a null pointer dereference. This is because the shape inference function assumes that the serializesparse tensor is a tensor with positive rank and having 3 ...

5.5CVSS7.1AI score0.00181EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/11/05 9:15 p.m.8 views

PYSEC-2021-821

TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for tf.ragged.cross has an undefined behavior due to binding a reference to nullptr. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1,...

7.8CVSS7.2AI score0.0021EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2021/11/05 9:15 p.m.10 views

PYSEC-2021-396

TensorFlow is an open source platform for machine learning. In affected versions an attacker can trigger undefined behavior, integer overflows, segfaults and CHECK-fail crashes if they can change saved checkpoints from outside of TensorFlow. This is because the checkpoints loading infrastructure ...

7.8CVSS7.1AI score0.00183EPSS
Exploits0References5
OSV
OSV
added 2021/11/05 9:15 p.m.5 views

PYSEC-2021-821

TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for tf.ragged.cross has an undefined behavior due to binding a reference to nullptr. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1,...

7.8CVSS7.1AI score0.0021EPSS
Exploits1References2
Cvelist
Cvelist
added 2021/11/05 8:55 p.m.39 views

CVE-2021-41215 Null pointer exception in `DeserializeSparse`

TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for DeserializeSparse can trigger a null pointer dereference. This is because the shape inference function assumes that the serializesparse tensor is a tensor with positive rank and having 3 ...

5.5CVSS5.8AI score0.00181EPSS
Exploits1References2
CVE
CVE
added 2021/11/05 8:55 p.m.82 views

CVE-2021-41215

CVE-2021-41215 affects TensorFlow: the shape inference for DeserializeSparse can trigger a null pointer dereference when the serialize_sparse tensor has positive rank (last dimension 3). A fix is available in TensorFlow 2.7.0, with cherry-picks for 2.6.1, 2.5.2, and 2.4.4. Remediation: upgrade to...

5.5CVSS5.6AI score0.00181EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2021/11/05 8:50 p.m.96 views

CVE-2021-41214

CVE-2021-41214 affects TensorFlow’s ragged.cross shape inference: binding a reference to nullptr causes undefined behavior. A fix is planned for TensorFlow 2.7.0, with cherry-picks to 2.6.1, 2.5.2, and 2.4.4 (still in supported range). Implication: vulnerable versions may crash or behave unexpect...

7.8CVSS7.5AI score0.0021EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/11/05 8:45 p.m.38 views

CVE-2021-41204 Segfault while copying constant resource tensor

TensorFlow is an open source platform for machine learning. In affected versions during TensorFlow's Grappler optimizer phase, constant folding might attempt to deep copy a resource tensor. This results in a segfault, as these tensors are supposed to not change. The fix will be included in...

5.5CVSS5.6AI score0.00136EPSS
Exploits0References2
CVE
CVE
added 2021/11/05 8:45 p.m.91 views

CVE-2021-41204

CVE-2021-41204 concerns TensorFlow. In affected builds, during Grappler optimizer constant folding, a deep copy of a resource tensor may be attempted, causing a segfault because such tensors should not change. The issue is addressed with a fix in TensorFlow 2.7.0, and a cherry-pick was applied to...

5.5CVSS5.5AI score0.00136EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2021/11/05 8:20 p.m.3 views

CVE-2021-41223

TensorFlow is an open source platform for machine learning. In affected versions the implementation of FusedBatchNorm kernels is vulnerable to a heap OOB access. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow...

7.1CVSS7AI score0.00201EPSS
Exploits1
NVD
NVD
added 2021/11/05 8:15 p.m.34 views

CVE-2021-41201

TensorFlow is an open source platform for machine learning. In affeced versions during execution, EinsumHelper::ParseEquation is supposed to set the flags in inputhasellipsis vector and outputhasellipsis boolean to indicate whether there is ellipsis in the corresponding inputs and output. However...

7.8CVSS0.00241EPSS
Exploits1References2
Rows per page
Query Builder