MediaTek Chipsets 安全漏洞

MediaTek Chipsets are a series of chips developed by MediaTek Corporation in China. The MediaTek Chipsets contain security vulnerabilities; these vulnerabilities stem from the lack of boundary checks, which allows for out-of-bound writes, potentially leading to remote privilege escalation...

CVE-2022-23582

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a SavedModel such that TensorByteSize would trigger CHECK failures. TensorShape constructor throws a CHECK-fail if shape is partial or has a number of elements that would overflow t...

EUVD-2022-0300

Malicious code in bioql PyPI...

EUVD-2022-0329

Malicious code in bioql PyPI...

EUVD-2022-0327

Malicious code in bioql PyPI...

EUVD-2022-0330

Malicious code in bioql PyPI...

CVE-2022-21737

Tensorflow is an Open Source Machine Learning Framework. The implementation of Bincount operations allows malicious users to cause denial of service by passing in arguments which would trigger a CHECK-fail. There are several conditions that the input arguments must satisfy. Some are not caught...

BIT-TENSORFLOW-2022-23579 `CHECK`-failures during Grappler's `SafeToRemoveIdentity` in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a SavedModel such that SafeToRemoveIdentity would trigger CHECK failures. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this...

BIT-TENSORFLOW-2022-23581 `CHECK`-failures during Grappler's `IsSimplifiableReshape` in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a SavedModel such that IsSimplifiableReshape would trigger CHECK failures. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this...

BIT-TENSORFLOW-2022-23582 `CHECK`-failures in `TensorByteSize` in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a SavedModel such that TensorByteSize would trigger CHECK failures. TensorShape constructor throws a CHECK-fail if shape is partial or has a number of elements that would overflow t...

BIT-TENSORFLOW-2022-23583 `CHECK`-failures in binary ops in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a SavedModel such that any binary op would trigger CHECK failures. This occurs when the protobuf part corresponding to the tensor arguments is modified such that the dtype no longer...

CVE-2022-35981

TensorFlow is an open source platform for machine learning. FractionalMaxPoolGrad validates its inputs with CHECK failures instead of with returning errors. If it gets incorrectly sized inputs, the CHECK failure can be used to trigger a denial of service attack. We have patched the issue in GitHu...

CVE-2022-35952 `CHECK` failures in `UnbatchGradOp` in TensorFlow

TensorFlow is an open source platform for machine learning. The UnbatchGradOp function takes an argument id that is assumed to be a scalar. A nonscalar id can trigger a CHECK failure and crash the program. It also requires its argument batchindex to contain three times the number of elements as...

GHSA-2VV3-56QG-G2CF Missing validation causes denial of service via `LSTMBlockCell`

Impact The implementation of tf.rawops.LSTMBlockCell does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack: python import tensorflow as tf tf.rawops.LSTMBlockCell x=tf.constant0.837607, shape=28,29, dtype=tf.float32,...

CVE-2022-29200 Missing validation causes denial of service in TensorFlow via `LSTMBlockCell`

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.LSTMBlockCell does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack. The cod...

PT-2022-19466 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.9.0 TensorFlow versions prior to 2.8.1 TensorFlow versions prior to 2.7.2 TensorFlow versions prior to 2.6.4 Description: The issue is related to the lack of input validation in the tf.compat.v1.signal.rfft2d an...

GHSA-GJQC-Q9G6-Q2J3 `CHECK`-failures in binary ops in Tensorflow

Impact A malicious user can cause a denial of service by altering a SavedModel such that any binary op would trigger CHECK failures. This occurs when the protobuf part corresponding to the tensor arguments is modified such that the dtype no longer matches the dtype expected by the op. In that cas...

Denial Of Service (DoS)

tensorflow is vulnerable to denial of service. An attacker can send a malicious input which alters a SavedModel such that SafeToRemoveIdentity, triggering CHECK failures...

Denial Of Service (DoS)

Tensorflow is vulnerable to denial of service. An attacker may crash the system by altering a SavedModel such that any binary op would trigger CHECK failures...

CVE-2022-23581

Tensorflow is an Open Source Machine Learning Framework. The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a SavedModel such that IsSimplifiableReshape would trigger CHECK failures. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this...