CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

13 matches found

SUSE CVE•added 2023/02/15 3:37 a.m.•2 views

SUSE CVE-2021-41228

TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's savedmodelcli tool is vulnerable to a code injection as it calls eval on user supplied strings. This can be used by attackers to run arbitrary code on the plaform where the CLI tool runs. However, given...

7.8CVSS7.9AI score0.0004EPSS

Exploits1References3

SUSE CVE•added 2023/02/15 3:26 a.m.•4 views

SUSE CVE-2022-29216

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, TensorFlow's savedmodelcli tool is vulnerable to a code injection. This can be used to open a reverse shell. This code path was maintained for compatibility reasons as the maintainers had...

7.8CVSS7.6AI score0.001EPSS

Exploits1References3

OSV•added 2022/05/24 10:16 p.m.•1 views

GHSA-75C9-JRH4-79MC Code injection in `saved_model_cli` in TensorFlow

Impact TensorFlow's savedmodelcli tool is vulnerable to a code injection: savedmodelcli run --inputexprs 'x=print"malicious code to run"' --dir ./ --tagset serve --signaturedef servingdefault This can be used to open a reverse shell savedmodelcli run --inputexprs 'hello=exec"""\nimport...

7.8CVSS7AI score0.001EPSS

Exploits1References10

Debian CVE•added 2022/05/20 11:35 p.m.•2 views

CVE-2022-29216

7.8CVSS7.3AI score0.001EPSS

Exploits1

Positive Technologies•added 2022/05/20 12:0 a.m.•3 views

PT-2022-19469 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.9.0 TensorFlow versions prior to 2.8.1 TensorFlow versions prior to 2.7.2 TensorFlow versions prior to 2.6.4 Description: TensorFlow is an open source platform for machine learning. The saved model cli tool is...

7.8CVSS7.5AI score0.001EPSS

Exploits1References16

OSV•added 2021/11/10 4:54 p.m.•2 views

GHSA-3RCW-9P9X-582V Code injection in `saved_model_cli`

Impact TensorFlow's savedmodelcli tool is vulnerable to a code injection as it calls eval on user supplied strings python def preprocessinputexprsargstringinputexprsstr: ... for inputraw in filterbool, inputexprsstr.split';': ... inputkey, expr = inputraw.split'=', 1 inputdictinputkey = evalexpr...

7.5CVSS6AI score0.0004EPSS

Exploits1References7

OSV•added 2021/11/05 11:15 p.m.•1 views

PYSEC-2021-835

7.8CVSS7.2AI score0.0004EPSS

Exploits1References2

PyPA•added 2021/11/05 11:15 p.m.•5 views

PYSEC-2021-835

7.8CVSS7.8AI score0.0004EPSS

Exploits1References2Affected Software1

PyPA•added 2021/11/05 11:15 p.m.•5 views

PYSEC-2021-637

7.8CVSS7.8AI score0.0004EPSS

Exploits1References2Affected Software1

OSV•added 2021/11/05 11:15 p.m.•2 views

PYSEC-2021-420

7.8CVSS7.2AI score0.0004EPSS

Exploits1References2

Debian CVE•added 2021/11/05 10:25 p.m.•2 views

CVE-2021-41228

7.8CVSS7.8AI score0.0004EPSS

Exploits1

Positive Technologies•added 2021/11/05 12:0 a.m.•2 views

PT-2021-23201 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.7.0 TensorFlow versions 2.6.1 and earlier TensorFlow versions 2.5.2 and earlier TensorFlow versions 2.4.4 and earlier Description: TensorFlow's saved model cli tool is vulnerable to a code injection as it calls...

7.8CVSS7.7AI score0.0004EPSS

Exploits1References19

CNNVD•added 2021/11/05 12:0 a.m.•2 views

Google TensorFlow 代码注入漏洞

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. An operating system command injection vulnerability exists in Google TensorFlow, which stems from the fact that the savedmodelcli tool is vulnerable to code injection because it calls eval on a...

7.8CVSS6.2AI score0.0004EPSS

Exploits1References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by