295 matches found
PT-2022-3914 · Apache · Apache Mxnet
Name of the Vulnerable Software and Affected Versions: Apache MXNet versions prior to 1.9.1 Description: A regular expression used in Apache MXNet is vulnerable to a potential denial-of-service by excessive resource consumption. The issue could be exploited when loading a model in Apache MXNet th...
GHSA-H22X-HM8G-RXPG Improper Restriction of XML External Entity Reference in Apache OpenNLP
When loading models or dictionaries that contain XML it is possible to perform an XXE attack, since Apache OpenNLP is a library, this only affects applications that load models or dictionaries from untrusted sources. The versions 1.5.0 to 1.5.3, 1.6.0, 1.7.0 to 1.7.2, 1.8.0 to 1.8.1 of Apache...
GHSA-H67M-XG8F-FXCF Deadlock in mutually recursive `tf.function` objects
Impact The code behind tf.function API can be made to deadlock when two tf.function decorated Python functions are mutually recursive: python import tensorflow as tf @tf.function def fun1num: if num == 1: return printnum fun2num-1 @tf.function def fun2num: if num == 0: return printnum fun1num-1...
PYSEC-2021-820
TensorFlow is an open source platform for machine learning. In affected versions the code behind tf.function API can be made to deadlock when two tf.function decorated Python functions are mutually recursive. This occurs due to using a non-reentrant Lock Python object. Loading any model which...
PYSEC-2021-405
TensorFlow is an open source platform for machine learning. In affected versions the code behind tf.function API can be made to deadlock when two tf.function decorated Python functions are mutually recursive. This occurs due to using a non-reentrant Lock Python object. Loading any model which...
CVE-2021-41213
TensorFlow is an open source platform for machine learning. In affected versions the code behind tf.function API can be made to deadlock when two tf.function decorated Python functions are mutually recursive. This occurs due to using a non-reentrant Lock Python object. Loading any model which...
CVE-2020-26271
In affected versions of TensorFlow under certain cases, loading a saved model can result in accessing uninitialized memory while building the computation graph. The MakeEdge function creates an edge between one output tensor of the src node given by outputindex and the input slot of the dst node...
PT-2020-16394 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 1.15.5 TensorFlow versions prior to 2.0.4 TensorFlow versions prior to 2.1.3 TensorFlow versions prior to 2.2.2 TensorFlow versions prior to 2.3.2 TensorFlow versions prior to 2.4.0 Description: In affected versio...
CVE-2020-15211
In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indice...
Out-of-bounds
In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indice...
PYSEC-2020-291
In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indice...
CVE-2020-15211
CVE-2020-15211 : In TensorFlow Lite (before 1.15.4, 2.0.3, 2.1.2, 2.2.1, 2.3.1), a negative -1 tensor index used for optional inputs can be treated as a valid index during validation, allowing out-of-bounds reads/writes in some operators. The root cause is the double indexing scheme for tensors i...
CVE-2018-14672
In ClickHouse before 18.12.13, functions for loading CatBoost models allowed path traversal and reading arbitrary files through error messages...
Fixed in ClickHouse Release 18.12.13, 2018-09-10
Functions for loading CatBoost models allowed path traversal and reading arbitrary files through error messages...
CVE-2017-12620
CVE-2017-12620 describes an XML External Entity (XXE) vulnerability in Apache OpenNLP when loading models or dictionaries that contain XML from untrusted sources. The connected documents identify the affected OpenNLP versions: 1.5.0–1.5.3, 1.6.0, and 1.7.0–1.7.2, 1.8.0–1.8.1. The XXE issue is the...