Lucene search
K

41 matches found

Debian CVE
Debian CVE
added 2022/09/16 8:40 p.m.3 views

CVE-2022-35968

TensorFlow is an open source platform for machine learning. The implementation of AvgPoolGrad does not fully validate the input originputshape. This results in a CHECK failure which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...

7.5CVSS6.8AI score0.00396EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2022/09/16 8:40 p.m.7 views

CVE-2022-35968 `CHECK` fail in `AvgPoolGrad` in TensorFlow

TensorFlow is an open source platform for machine learning. The implementation of AvgPoolGrad does not fully validate the input originputshape. This results in a CHECK failure which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...

5.9CVSS7.4AI score0.00396EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2022/09/16 8:10 p.m.4 views

CVE-2022-35963

TensorFlow is an open source platform for machine learning. The implementation of FractionalAvgPoolGrad does not fully validate the input originputtensorshape. This results in an overflow that results in a CHECK failure which can be used to trigger a denial of service attack. We have patched the...

7.5CVSS7AI score0.00396EPSS
Exploits0
Debian CVE
Debian CVE
added 2022/09/16 7:55 p.m.3 views

CVE-2022-35959

TensorFlow is an open source platform for machine learning. The implementation of AvgPool3DGradOp does not fully validate the input originputshape. This results in an overflow that results in a CHECK failure which can be used to trigger a denial of service attack. We have patched the issue in...

7.5CVSS7AI score0.00383EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2022/09/16 12:0 a.m.3 views

PT-2022-23062 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier Description: The implementation of FractionalAvgPoolGrad does not fully validate the input...

7.5CVSS7.8AI score0.00396EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2022/09/16 12:0 a.m.4 views

PT-2022-23067 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier Description: The implementation of AvgPoolGrad does not fully validate the input orig input...

7.5CVSS7.3AI score0.00396EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2022/09/16 12:0 a.m.5 views

PT-2022-23058 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier Description: The implementation of AvgPool3DGradOp does not fully validate the input orig...

7.5CVSS7.4AI score0.00383EPSS
Exploits0References9
CNNVD
CNNVD
added 2022/09/16 12:0 a.m.5 views

Google TensorFlow 安全漏洞

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google, Inc. in the United States. Google TensorFlow suffers from a security vulnerability that stems from an implementation of FractionalAvgPoolGrad that does not fully validate the input...

7.5CVSS7.6AI score0.00396EPSS
Exploits0References3
CNVD
CNVD
added 2022/07/01 12:0 a.m.29 views

Huawei MindSpore Community numeric error vulnerability

Huawei MindSpore Community is an open source deep learning framework from Huawei China.A numerical error vulnerability exists in versions prior to Huawei MindSpore Community 1.3.0, which stems from the fact that when performing the initialization operation of the Split operator, if a dimension in...

7.5CVSS0.9AI score0.0083EPSS
Exploits0References1
Prion
Prion
added 2022/06/27 5:15 p.m.12 views

Heap overflow

When performing the inference shape operation of the Transpose operator, if the value in the perm element is greater than or equal to the size of the inputshape, it will access data outside of bounds of inputshape which allocated from heap buffers...

5CVSS7.5AI score0.00852EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/06/27 4:26 p.m.16 views

CVE-2021-33654

When performing the initialization operation of the Split operator, if a dimension in the input shape is 0, it will cause a division by 0 exception...

7.7AI score0.0083EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/06/27 12:0 a.m.4 views

Huawei MindSpore Community 缓冲区错误漏洞

Huawei MindSpore Community, an open source deep learning framework from Huawei, China, is vulnerable to an information disclosure vulnerability in Huawei MindSpore Community Transpose, which results from accessing sensitive data when the value in the perm element is greater than or equal to the...

7.5CVSS5.6AI score0.00852EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/06/27 12:0 a.m.5 views

Huawei MindSpore Community 缓冲区错误漏洞

Huawei MindSpore Community is an open source deep learning framework from Huawei, China. Huawei MindSpore Community suffers from an information disclosure vulnerability that stems from accessing a shape allocated from the heap buffer if the input shape size is 0 when performing inferred shape...

7.5CVSS6AI score0.00852EPSS
Exploits0References2
OSV
OSV
added 2022/02/09 11:34 p.m.11 views

GHSA-WCV5-VRVR-3RX2 Integer Overflow or Wraparound in TensorFlow

Impact The Grappler component of TensorFlow is vulnerable to a denial of service via CHECK-failure assertion failure in constant folding: cc for const auto& outputprop : outputprops const PartialTensorShape outputshapeoutputprop.shape; // ... The outputprop tensor has a shape that is controlled b...

5.5CVSS6.1AI score
Exploits0References4
Veracode
Veracode
added 2021/08/13 5:50 a.m.40 views

Denial Of Service (DoS)

tensorflow is vulnerable to denial of service. Lack of checking that shape of the input or the target shape have both a non-zero number of elements causes an integral division by 0 exception...

5.5CVSS3.6AI score0.00152EPSS
Exploits0References2Affected Software3
OSV
OSV
added 2021/05/21 2:26 p.m.2 views

GHSA-V6R6-84GR-92RM Heap buffer overflow in `AvgPool3DGrad`

Impact The implementation of tf.rawops.AvgPool3DGrad is vulnerable to a heap buffer overflow: python import tensorflow as tf originputshape = tf.constant10, 6, 3, 7, 7, shape=5, dtype=tf.int32 grad = tf.constant0.01, 0, 0, shape=3, 1, 1, 1, 1, dtype=tf.float32 ksize = 1, 1, 1, 1, 1 strides = 1, 1...

2.5CVSS7.1AI score0.00211EPSS
Exploits1References7
Veracode
Veracode
added 2021/05/17 11:36 a.m.22 views

Denial Of Service (DoS)

tensorflow is vulnerable to denial of service. The vulnerability exists due to a heap buffer overflow because the system does not validate the originputshape and grad tensors...

7.8CVSS3.8AI score0.00211EPSS
Exploits1References2Affected Software3
PyPA
PyPA
added 2021/05/14 8:15 p.m.5 views

PYSEC-2021-505

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.AvgPool3DGrad is vulnerable to a heap buffer overflow. The...

7.8CVSS7.3AI score0.00211EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2021/05/14 8:15 p.m.2 views

PYSEC-2021-197

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in tf.rawops.RaggedTensorToTensor. This is because the...

7.1CVSS7.2AI score0.00208EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2021/05/14 12:0 a.m.3 views

PT-2021-18328 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.5.0 TensorFlow versions 2.4.2 and earlier TensorFlow versions 2.3.3 and earlier TensorFlow versions 2.2.3 and earlier TensorFlow versions 2.1.4 and earlier Description: The implementation of tf.raw...

7.8CVSS7.6AI score0.00211EPSS
Exploits1References13
Rows per page
Query Builder