Lucene search
+L

46 matches found

osv
osv
added 2026/07/07 10:17 a.m.4 views

PYSEC-2026-940 TensorFlow vulnerable to `CHECK` fail in `AvgPoolGrad`

Impact The implementation of AvgPoolGrad does not fully validate the input originputshape. This results in a CHECK failure which can be used to trigger a denial of service attack: python import tensorflow as tf ksize = 1, 2, 2, 1 strides = 1, 2, 2, 1 padding = "VALID" dataformat = "NHWC"...

5.9CVSS5.9AI score0.00396EPSS
Exploits0References7
osv
osv
added 2026/07/07 10:17 a.m.3 views

PYSEC-2026-1046 TensorFlow vulnerable to `CHECK` failures in `AvgPool3DGrad`

Impact The implementation of AvgPool3DGradOp does not fully validate the input originputshape. This results in an overflow that results in a CHECK failure which can be used to trigger a denial of service attack: python import tensorflow as tf ksize = 1, 1, 1, 1, 1 strides = 1, 1, 1, 1, 1 padding ...

5.9CVSS7AI score0.00383EPSS
Exploits0References7
osv
osv
added 2026/07/07 10:17 a.m.4 views

PYSEC-2026-969 TensorFlow vulnerable to `CHECK` failures in `FractionalAvgPoolGrad`

Impact The implementation of FractionalAvgPoolGrad does not fully validate the input originputtensorshape. This results in an overflow that results in a CHECK failure which can be used to trigger a denial of service attack. python import tensorflow as tf overlapping = True originputtensorshape =...

5.9CVSS5.9AI score0.00396EPSS
Exploits0References7
osv
osv
added 2026/07/07 10:17 a.m.4 views

PYSEC-2026-1043 TensorFlow vulnerable to `CHECK` fail in `DenseBincount`

Impact DenseBincount assumes its input tensor weights to either have the same shape as its input tensor input or to be length-0. A different weights shape will trigger a CHECK fail that can be used to trigger a denial of service attack. python import tensorflow as tf binaryoutput = True input =...

5.9CVSS5.9AI score0.00396EPSS
Exploits0References7
redhatcve
redhatcve
added 2026/06/05 7:45 p.m.12 views

CVE-2026-31230

The Adversarial Robustness Toolbox ART thru 1.20.1 contains a command-line argument injection vulnerability in its Kubeflow component robustnessevaluationfgsmpytorch.py. The script uses the unsafe eval function to parse string values provided via the --clipvalues and --inputshape command-line...

9.8CVSS6.2AI score0.00554EPSS
Exploits0References1
euvd
euvd
added 2026/05/12 6:30 p.m.13 views

EUVD-2026-29553

The Adversarial Robustness Toolbox ART thru 1.20.1 contains a command-line argument injection vulnerability in its Kubeflow component robustnessevaluationfgsmpytorch.py. The script uses the unsafe eval function to parse string values provided via the --clipvalues and --inputshape command-line...

6.3AI score0.00554EPSS
Exploits0References3
nvd
nvd
added 2026/05/12 6:16 p.m.16 views

CVE-2026-31230

The Adversarial Robustness Toolbox ART thru 1.20.1 contains a command-line argument injection vulnerability in its Kubeflow component robustnessevaluationfgsmpytorch.py. The script uses the unsafe eval function to parse string values provided via the --clipvalues and --inputshape command-line...

9.8CVSS0.00554EPSS
Exploits0References5
cve
cve
added 2026/05/12 12:0 a.m.27 views

CVE-2026-31230

The CVE-2026-31230 vulnerability concerns the Adversarial Robustness Toolbox (ART) up to v1.20.1, specifically in its Kubeflow component (robustness_evaluation_fgsm_pytorch.py). The issue arises from using unsafe eval() to parse string values passed via --clip_values and --input_shape, enabling a...

9.8CVSS6.3AI score0.00554EPSS
Exploits0References5
vulnrichment
vulnrichment
added 2026/05/12 12:0 a.m.6 views

CVE-2026-31230

The Adversarial Robustness Toolbox ART thru 1.20.1 contains a command-line argument injection vulnerability in its Kubeflow component robustnessevaluationfgsmpytorch.py. The script uses the unsafe eval function to parse string values provided via the --clipvalues and --inputshape command-line...

6.3AI score0.00554EPSS
Exploits0References2
cvelist
cvelist
added 2026/05/12 12:0 a.m.38 views

CVE-2026-31230

The Adversarial Robustness Toolbox ART thru 1.20.1 contains a command-line argument injection vulnerability in its Kubeflow component robustnessevaluationfgsmpytorch.py. The script uses the unsafe eval function to parse string values provided via the --clipvalues and --inputshape command-line...

0.00554EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/01/09 11:26 a.m.8 views

CVE-2021-33654

When performing the initialization operation of the Split operator, if a dimension in the input shape is 0, it will cause a division by 0 exception...

7.5CVSS6.8AI score0.0085EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/11/21 1:22 a.m.3 views

CVE-2025-62372 vLLM vulnerable to DoS with incorrect shape of multimodal embedding inputs

vLLM is an inference and serving engine for large language models LLMs. From version 0.5.5 to before 0.11.1, users can crash the vLLM engine serving multimodal models by passing multimodal embedding inputs with correct ndim but incorrect shape e.g. hidden dimension is wrong, regardless of whether...

8.3CVSS6.5AI score0.00338EPSS
Exploits0References4
osv
osv
added 2025/11/21 1:22 a.m.9 views

CVE-2025-62372 vLLM vulnerable to DoS with incorrect shape of multimodal embedding inputs

vLLM is an inference and serving engine for large language models LLMs. From version 0.5.5 to before 0.11.1, users can crash the vLLM engine serving multimodal models by passing multimodal embedding inputs with correct ndim but incorrect shape e.g. hidden dimension is wrong, regardless of whether...

8.3CVSS6.7AI score0.00338EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2025/11/20 12:0 a.m.8 views

PT-2025-47649

Name of the Vulnerable Software and Affected Versions vLLM versions 0.5.5 through 0.11.0 Description vLLM is an inference and serving engine for large language models LLMs. Users can cause the vLLM engine to crash when serving multimodal models by providing multimodal embedding inputs with a...

8.3CVSS6.5AI score0.00338EPSS
Exploits0References19
euvd
euvd
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-20331

Malware in sbrugna...

7.5CVSS7.6AI score0.0085EPSS
Exploits0References2
euvd
euvd
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-20326

Malware in sbrugna...

7.5CVSS7.6AI score0.00872EPSS
Exploits0References2
redhatcve
redhatcve
added 2025/05/22 11:10 p.m.6 views

CVE-2022-36004

TensorFlow is an open source platform for machine learning. When tf.random.gamma receives large input shape and rates, it gives a CHECK fail that can trigger a denial of service attack. We have patched the issue in GitHub commit 552bfced6ce4809db5f3ca305f60ff80dd40c5a3. The fix will be included i...

7.5CVSS6.7AI score0.00405EPSS
Exploits0
susecve
susecve
added 2023/02/15 3:24 a.m.3 views

SUSE CVE-2022-35959

TensorFlow is an open source platform for machine learning. The implementation of AvgPool3DGradOp does not fully validate the input originputshape. This results in an overflow that results in a CHECK failure which can be used to trigger a denial of service attack. We have patched the issue in...

7.5CVSS7.8AI score0.00383EPSS
Exploits0References3
susecve
susecve
added 2023/02/15 3:24 a.m.4 views

SUSE CVE-2022-35963

TensorFlow is an open source platform for machine learning. The implementation of FractionalAvgPoolGrad does not fully validate the input originputtensorshape. This results in an overflow that results in a CHECK failure which can be used to trigger a denial of service attack. We have patched the...

7.5CVSS8.2AI score0.00396EPSS
Exploits0References3
susecve
susecve
added 2023/02/15 3:24 a.m.5 views

SUSE CVE-2022-35968

TensorFlow is an open source platform for machine learning. The implementation of AvgPoolGrad does not fully validate the input originputshape. This results in a CHECK failure which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...

7.5CVSS7.6AI score0.00396EPSS
Exploits0References3
Rows per page
Query Builder