15 matches found
EUVD-2022-7468
Malicious code in bioql PyPI...
EUVD-2023-0992
Malicious code in bioql PyPI...
CVE-2023-25801
TensorFlow is an open source machine learning platform. Prior to versions 2.12.0 and 2.11.1, nnops.fractionalavgpoolv2 and nnops.fractionalmaxpoolv2 require the first and fourth elements of their parameter poolingratio to be equal to 1.0, as pooling on batch and channel dimensions is not supporte...
Double Free
Overview Affected versions of this package are vulnerable to Double Free. The nnops.fractionalavgpoolv2 and nnops.fractionalmaxpoolv2 functions require the first and fourth elements of their parameter poolingratio to be equal to 1.0, as pooling on batch and channel dimensions is not supported. Po...
AZL-31206 CVE-2023-25801 affecting package tensorflow for versions less than 2.11.1-1
TensorFlow is an open source machine learning platform. Prior to versions 2.12.0 and 2.11.1, nnops.fractionalavgpoolv2 and nnops.fractionalmaxpoolv2 require the first and fourth elements of their parameter poolingratio to be equal to 1.0, as pooling on batch and channel dimensions is not supporte...
Google TensorFlow 资源管理错误漏洞
Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google, Inc. in the United States. A resource management error vulnerability exists in Google TensorFlow version 2.12 prior to version 2.12.0 and version 2.11 prior to version 2.11.1, which stems from the...
CVE-2023-25801
TensorFlow is an open source machine learning platform. Prior to versions 2.12.0 and 2.11.1, nnops.fractionalavgpoolv2 and nnops.fractionalmaxpoolv2 require the first and fourth elements of their parameter poolingratio to be equal to 1.0, as pooling on batch and channel dimensions is not supporte...
TensorFlow has double free in Fractional(Max/Avg)Pool
Impact nnops.fractionalavgpoolv2 and nnops.fractionalmaxpoolv2 require the first and fourth elements of their parameter poolingratio to be equal to 1.0, as pooling on batch and channel dimensions is not supported. python import tensorflow as tf import os import numpy as np from...
PT-2023-20316 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.12.0 and 2.11.1 Description: The issue concerns the nn ops.fractional avg pool v2 and nn ops.fractional max pool v2 functions, which require the first and fourth elements of their pooling ratio parameter to be...
GHSA-XVWP-H6JV-7472 FractionalMaxPool and FractionalAVGPool heap out-of-bounds acess
Impact An input poolingratio that is smaller than 1 will trigger a heap OOB in tf.rawops.FractionalMaxPool and tf.rawops.FractionalAvgPool. Patches We have patched the issue in GitHub commit 216525144ee7c910296f5b05d214ca1327c9ce48. The fix will be included in TensorFlow 2.11.0. We will also cher...
Out-of-bounds Write
Overview Affected versions of this package are vulnerable to Out-of-bounds Write in FractionalMaxAVGPool with illegal poolingratio. Attackers can access heap memory that is not in the user's control, leading to a crash or remote code execution. Remediation Upgrade tensorflow-lite to version 2.12....
AZL-11539 CVE-2022-41900 affecting package tensorflow for versions less than 2.11.0-1
TensorFlow is an open source platform for machine learning. The security vulnerability results in FractionalMaxAVGPool with illegal poolingratio. Attackers using Tensorflow can exploit the vulnerability. They can access heap memory which is not in the control of user, leading to a crash or remote...
CVE-2022-41900
TensorFlow is an open source platform for machine learning. The security vulnerability results in FractionalMaxAVGPool with illegal poolingratio. Attackers using Tensorflow can exploit the vulnerability. They can access heap memory which is not in the control of user, leading to a crash or remote...
Google TensorFlow 缓冲区错误漏洞
Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A security vulnerability exists in Google TensorFlow that causes FractionalMaxAVG Pool to have an illegal poolingratio. attackers using Tensorflow can exploit this vulnerability. They can access heap...
PYSEC-2021-676
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a runtime division by zero error and denial of service in tf.rawops.FractionalAvgPool. This is because the...