Lucene search
K

69 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 11:54 p.m.10 views

CVE-2022-41880

TensorFlow is an open source platform for machine learning. When the BaseCandidateSamplerOp function receives a value in trueclasses larger than rangemax, a heap oob read occurs. We have patched the issue in GitHub commit b389f5c944cadfdfe599b3f1e4026e036f30d2d4. The fix will be included in...

9.1CVSS6.7AI score0.0038EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:49 p.m.4 views

CVE-2022-41909

TensorFlow is an open source platform for machine learning. An input encoded that is not a valid CompositeTensorVariant tensor will trigger a segfault in tf.rawops.CompositeTensorVariantToComponents. We have patched the issue in GitHub commits bf594d08d377dc6a3354d9fdb494b32d45f91971 and...

7.5CVSS6.7AI score0.0049EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:10 p.m.5 views

CVE-2022-36018

TensorFlow is an open source platform for machine learning. If RaggedTensorToVariant is given a rtnestedsplits list that contains tensors of ranks other than one, it results in a CHECK fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...

7.5CVSS6.6AI score0.00383EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:55 p.m.6 views

CVE-2022-35972

TensorFlow is an open source platform for machine learning. If QuantizedBiasAdd is given mininput, maxinput, minbias, maxbias tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...

7.5CVSS6.6AI score0.00409EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:23 p.m.8 views

CVE-2021-29525

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in tf.rawops.Conv2DBackpropInput. This is because the...

7.8CVSS6.7AI score0.00201EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:23 p.m.4 views

CVE-2021-29530

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a null pointer dereference by providing an invalid permutation to tf.rawops.SparseMatrixSparseCholesky. This is because the...

7.8CVSS6.9AI score0.00232EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:36 p.m.5 views

CVE-2021-29557

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via a FPE runtime error in tf.rawops.SparseMatMul. The division by 0 occurs deep in Eigen code because the b tensor is empty. The fix will be included in TensorFlow 2.5.0. We will also...

5.5CVSS6.8AI score0.00189EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:36 p.m.5 views

CVE-2021-29589

TensorFlow is an end-to-end open source platform for machine learning. The reference implementation of the GatherNd TFLite operator is vulnerable to a division by zero...

7.8CVSS6.6AI score0.00201EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:36 p.m.6 views

CVE-2021-29517

TensorFlow is an end-to-end open source platform for machine learning. A malicious user could trigger a division by 0 in Conv3D implementation. The implementationhttps://github.com/tensorflow/tensorflow/blob/42033603003965bffac51ae171b51801565e002d/tensorflow/core/kernels/convops3d.ccL143-L145 do...

5.5CVSS6.7AI score0.00189EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:40 p.m.5 views

CVE-2021-37690

TensorFlow is an end-to-end open source platform for machine learning. In affected versions when running shape functions, some functions such as MutableHashTableShape produce extra output information in the form of a ShapeAndType struct. The shapes embedded in this struct are owned by an inferenc...

6.6CVSS6.6AI score0.00163EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:30 p.m.18 views

CVE-2021-29540

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow to occur in Conv2DBackpropFilter. This is because the...

7.8CVSS7.3AI score0.00215EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:25 p.m.8 views

CVE-2018-21233

TensorFlow before 1.7.0 has an integer overflow that causes an out-of-bounds read, possibly causing disclosure of the contents of process memory. This occurs in the DecodeBmp feature of the BMP decoder in core/kernels/decodebmpop.cc...

6.5CVSS7AI score0.00485EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/06 4:45 a.m.10 views

CVE-2021-37652

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for tf.rawops.BoostedTreesCreateEnsemble can result in a use after free error if an attacker supplies specially crafted arguments. The implementation uses a reference counted resource an...

7.8CVSS6.8AI score0.00173EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/06 4:44 a.m.4 views

CVE-2021-37678

TensorFlow is an end-to-end open source platform for machine learning. In affected versions TensorFlow and Keras can be tricked to perform arbitrary code execution when deserializing a Keras model from YAML format. The implementation uses yaml.unsafeload which can perform arbitrary code execution...

9.3CVSS7.3AI score0.00451EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/06 4:44 a.m.8 views

CVE-2021-37638

TensorFlow is an end-to-end open source platform for machine learning. Sending invalid argument for rowpartitiontypes of tf.rawops.RaggedTensorToTensor API results in a null pointer dereference and undefined behavior. The implementation accesses the first element of a user supplied list of values...

7.8CVSS6.6AI score0.00167EPSS
Exploits0References1
CERT
CERT
added 2024/04/16 12:0 a.m.41 views

Keras 2 Lambda Layers Allow Arbitrary Code Injection in TensorFlow Models

Overview Lambda Layers in third party TensorFlow-based Keras models allow attackers to inject arbitrary code into versions built prior to Keras 2.13 that may then unsafely run with the same permissions as the running application. For example, an attacker could use this feature to trojanize a...

9.8CVSS9.7AI score0.01745EPSS
Exploits1References6
OSV
OSV
added 2024/03/06 11:20 a.m.22 views

BIT-TENSORFLOW-2020-15265 Segfault in Tensorflow

In Tensorflow before version 2.4.0, an attacker can pass an invalid axis value to tf.quantization.quantizeanddequantize. This results in accessing a dimension outside the rank of the input tensor in the C++ kernel implementation. However, dimsize only does a DCHECK to validate the argument and th...

7.5CVSS7AI score0.00886EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2023/03/24 11:41 p.m.12 views

CVE-2023-25662 TensorFlow vulnerable to integer overflow in EditDistance

TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 are vulnerable to integer overflow in EditDistance. A fix is included in TensorFlow version 2.12.0 and version 2.11.1...

7.5CVSS7.6AI score0.00391EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 3:43 a.m.4 views

SUSE CVE-2021-29546

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger an integer division by zero undefined behavior in tf.rawops.QuantizedBiasAdd. This is because the implementation of the Eigen...

7.8CVSS7.5AI score0.00201EPSS
Exploits1References3
OSV
OSV
added 2022/11/21 8:42 p.m.2 views

GHSA-H246-CGH4-7475 `CHECK` fail in `BCast` overflow

Impact If BCast::ToShape is given input larger than an int32, it will crash, despite being supposed to handle up to an int64. An example can be seen in tf.experimental.numpy.outer by passing in large input to the input b. python import tensorflow as tf value = tf.constantshape=2, 1024, 1024, 1024...

4.8CVSS6.9AI score0.00439EPSS
Exploits1References5
Rows per page
Query Builder