Lucene search
K

440 matches found

OSV
OSV
added 2026/07/07 10:17 a.m.3 views

PYSEC-2026-945 Overflow in `ResizeNearestNeighborGrad`

Impact When tf.rawops.ResizeNearestNeighborGrad is given a large size input, it overflows. import tensorflow as tf aligncorners = True halfpixelcenters = False grads = tf.constant1, shape=1,8,16,3, dtype=tf.float16 size = tf.constant1879048192,1879048192, shape=2, dtype=tf.int32...

4.8CVSS7AI score0.0044EPSS
Exploits1References7
OSV
OSV
added 2026/07/07 10:17 a.m.6 views

PYSEC-2026-979 TensorFlow vulnerable to `CHECK` fail in `TensorListFromTensor`

Impact When TensorListFromTensor receives an elementshape of a rank greater than one, it gives a CHECK fail that can trigger a denial of service attack. python import tensorflow as tf arg0=tf.random.uniformshape=6, 6, 2, dtype=tf.bfloat16, maxval=None arg1=tf.random.uniformshape=6, 9, 1, 3,...

5.9CVSS5.9AI score0.00396EPSS
Exploits0References7
OSV
OSV
added 2026/07/06 8:3 a.m.4 views

PYSEC-2026-1002 Missing validation crashes `QuantizeAndDequantizeV4Grad`

Impact The implementation of tf.rawops.QuantizeAndDequantizeV4Grad does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack: python import tensorflow as tf tf.rawops.QuantizeAndDequantizeV4Grad gradients=tf.constant1,...

5.5CVSS5.9AI score0.0034EPSS
Exploits1References11
CBLMariner
CBLMariner
added 2026/02/27 3:7 p.m.9 views

CVE-2026-2492 affecting package tensorflow for versions less than 2.16.1-11

CVE-2026-2492 affecting package tensorflow for versions less than 2.16.1-11. A patched version of the package is available...

7.8CVSS5.9AI score0.00252EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/09 9:21 a.m.16 views

CVE-2021-41198

TensorFlow is an open source platform for machine learning. In affected versions if tf.tile is called with a large input argument then the TensorFlow process will crash due to a CHECK-failure caused by an overflow. The number of elements in the output tensor is too much for the int64t type and th...

5.5CVSS6.8AI score0.0023EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2020-0186

Malware in sbrugna...

5.3CVSS5.2AI score0.00943EPSS
Exploits1References10
EUVD
EUVD
added 2025/10/07 12:30 a.m.16 views

EUVD-2020-0187

Malware in sbrugna...

5.3CVSS5.2AI score0.00749EPSS
Exploits1References10
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2021-0421

Malware in sbrugna...

5.5CVSS5.3AI score0.0023EPSS
Exploits1References10
EUVD
EUVD
added 2025/10/07 12:30 a.m.21 views

EUVD-2020-0198

Malware in sbrugna...

9CVSS8.8AI score0.01235EPSS
Exploits1References11
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-0331

Malicious code in bioql PyPI...

6.5CVSS6.4AI score0.00872EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2022-6652

Malicious code in bioql PyPI...

7.5CVSS7.7AI score0.00396EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/05/23 5:28 a.m.6 views

CVE-2023-25670

TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 have a null point error in QuantizedMatMulWithBiasAndDequantize with MKL enabled. A fix is included in TensorFlow version 2.12.0 and version 2.11.1...

7.5CVSS6.8AI score0.00391EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:23 p.m.9 views

CVE-2021-29552

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service by controlling the values of numsegments tensor argument for UnsortedSegmentJoin. This is because the...

5.5CVSS6.6AI score0.00189EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:58 p.m.8 views

CVE-2021-29606

TensorFlow is an end-to-end open source platform for machine learning. A specially crafted TFLite model could trigger an OOB read on heap in the TFLite implementation of...

7.8CVSS6.7AI score0.00215EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/06 4:43 a.m.9 views

CVE-2021-37665

TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in MKL implementation of requantization, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap...

7.8CVSS6.7AI score0.00185EPSS
Exploits0References1
OSV
OSV
added 2024/11/06 8:15 a.m.9 views

AZL-52449 CVE-2024-9681 affecting package tensorflow for versions less than 2.16.1-7

When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than otherwise intended. This affects curl using applications that enable HSTS and use URLs with the insecure HTTP:// scheme and perform transfers with host...

6.5CVSS6.7AI score0.0197EPSS
Exploits1References1
OSV
OSV
added 2024/05/20 9:15 p.m.7 views

AZL-42106 CVE-2024-35195 affecting package tensorflow for versions less than 2.16.1-8

Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests Session, if the first request is made with verify=False to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of verif...

5.6CVSS6.6AI score0.0034EPSS
Exploits0References1
OSV
OSV
added 2024/03/06 11:20 a.m.17 views

BIT-TENSORFLOW-2020-15191 Undefined behavior in Tensorflow

In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an invalid argument to dlpack.todlpack the expected validations will cause variables to bind to nullptr while setting a status variable to the error condition. However, this status argument is not properly checked. Hence, code...

5.3CVSS5.3AI score0.00749EPSS
Exploits1References5
OSV
OSV
added 2024/03/06 11:7 a.m.29 views

BIT-TENSORFLOW-2023-25676 TensorFlow has null dereference on ParallelConcat with XLA

TensorFlow is an open source machine learning platform. When running versions prior to 2.12.0 and 2.11.1 with XLA, tf.rawops.ParallelConcat segfaults with a nullptr dereference when given a parameter shape with rank that is not greater than zero. A fix is available in TensorFlow 2.12.0 and 2.11.1...

7.5CVSS7.3AI score0.00391EPSS
Exploits0References3
OSV
OSV
added 2023/05/26 9:15 p.m.8 views

AZL-38032 CVE-2023-28321 affecting package tensorflow for versions less than 2.16.1-1

An improper certificate validation vulnerability exists in curl v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS...

5.9CVSS6.7AI score0.0181EPSS
Exploits1References1
Rows per page
Query Builder