440 matches found
PYSEC-2026-945 Overflow in `ResizeNearestNeighborGrad`
Impact When tf.rawops.ResizeNearestNeighborGrad is given a large size input, it overflows. import tensorflow as tf aligncorners = True halfpixelcenters = False grads = tf.constant1, shape=1,8,16,3, dtype=tf.float16 size = tf.constant1879048192,1879048192, shape=2, dtype=tf.int32...
PYSEC-2026-979 TensorFlow vulnerable to `CHECK` fail in `TensorListFromTensor`
Impact When TensorListFromTensor receives an elementshape of a rank greater than one, it gives a CHECK fail that can trigger a denial of service attack. python import tensorflow as tf arg0=tf.random.uniformshape=6, 6, 2, dtype=tf.bfloat16, maxval=None arg1=tf.random.uniformshape=6, 9, 1, 3,...
PYSEC-2026-1002 Missing validation crashes `QuantizeAndDequantizeV4Grad`
Impact The implementation of tf.rawops.QuantizeAndDequantizeV4Grad does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack: python import tensorflow as tf tf.rawops.QuantizeAndDequantizeV4Grad gradients=tf.constant1,...
CVE-2026-2492 affecting package tensorflow for versions less than 2.16.1-11
CVE-2026-2492 affecting package tensorflow for versions less than 2.16.1-11. A patched version of the package is available...
CVE-2021-41198
TensorFlow is an open source platform for machine learning. In affected versions if tf.tile is called with a large input argument then the TensorFlow process will crash due to a CHECK-failure caused by an overflow. The number of elements in the output tensor is too much for the int64t type and th...
EUVD-2020-0186
Malware in sbrugna...
EUVD-2020-0187
Malware in sbrugna...
EUVD-2021-0421
Malware in sbrugna...
EUVD-2020-0198
Malware in sbrugna...
EUVD-2022-0331
Malicious code in bioql PyPI...
EUVD-2022-6652
Malicious code in bioql PyPI...
CVE-2023-25670
TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 have a null point error in QuantizedMatMulWithBiasAndDequantize with MKL enabled. A fix is included in TensorFlow version 2.12.0 and version 2.11.1...
CVE-2021-29552
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service by controlling the values of numsegments tensor argument for UnsortedSegmentJoin. This is because the...
CVE-2021-29606
TensorFlow is an end-to-end open source platform for machine learning. A specially crafted TFLite model could trigger an OOB read on heap in the TFLite implementation of...
CVE-2021-37665
TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in MKL implementation of requantization, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap...
AZL-52449 CVE-2024-9681 affecting package tensorflow for versions less than 2.16.1-7
When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than otherwise intended. This affects curl using applications that enable HSTS and use URLs with the insecure HTTP:// scheme and perform transfers with host...
AZL-42106 CVE-2024-35195 affecting package tensorflow for versions less than 2.16.1-8
Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests Session, if the first request is made with verify=False to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of verif...
BIT-TENSORFLOW-2020-15191 Undefined behavior in Tensorflow
In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an invalid argument to dlpack.todlpack the expected validations will cause variables to bind to nullptr while setting a status variable to the error condition. However, this status argument is not properly checked. Hence, code...
BIT-TENSORFLOW-2023-25676 TensorFlow has null dereference on ParallelConcat with XLA
TensorFlow is an open source machine learning platform. When running versions prior to 2.12.0 and 2.11.1 with XLA, tf.rawops.ParallelConcat segfaults with a nullptr dereference when given a parameter shape with rank that is not greater than zero. A fix is available in TensorFlow 2.12.0 and 2.11.1...
AZL-38032 CVE-2023-28321 affecting package tensorflow for versions less than 2.16.1-1
An improper certificate validation vulnerability exists in curl v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS...