33 matches found
CVE-2025-62164 VLLM deserialization vulnerability leading to DoS and potential RCE
vLLM is an inference and serving engine for large language models LLMs. From versions 0.10.2 to before 0.11.1, a memory corruption vulnerability could lead to a crash denial-of-service and potentially remote code execution RCE, exists in the Completions API endpoint. When processing user-supplied...
EUVD-2021-0286
Malware in sbrugna...
EUVD-2021-0264
Malware in sbrugna...
EUVD-2022-4559
Malicious code in bioql PyPI...
EUVD-2022-0308
Malicious code in bioql PyPI...
BIT-TENSORFLOW-2023-25665 TensorFlow has Null Pointer Error in SparseSparseMaximum
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when SparseSparseMaximum is given invalid sparse tensors as inputs, it can give a null pointer error. A fix is included in TensorFlow version 2.12 and version 2.11.1...
SUSE CVE-2023-25665
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when SparseSparseMaximum is given invalid sparse tensors as inputs, it can give a null pointer error. A fix is included in TensorFlow version 2.12 and version 2.11.1...
AZL-31216 CVE-2023-25665 affecting package tensorflow for versions less than 2.11.1-1
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when SparseSparseMaximum is given invalid sparse tensors as inputs, it can give a null pointer error. A fix is included in TensorFlow version 2.12 and version 2.11.1...
CVE-2023-25665 TensorFlow has Null Pointer Error in SparseSparseMaximum
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when SparseSparseMaximum is given invalid sparse tensors as inputs, it can give a null pointer error. A fix is included in TensorFlow version 2.12 and version 2.11.1...
CVE-2023-25665
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when SparseSparseMaximum is given invalid sparse tensors as inputs, it can give a null pointer error. A fix is included in TensorFlow version 2.12 and version 2.11.1...
GHSA-6445-FM66-FVQ2 Integer overflows in Tensorflow
Impact The implementation of AddManySparseToTensorsMap is vulnerable to an integer overflow which results in a CHECK-fail when building new TensorShape objects so, an assert failure based denial of service: python import tensorflow as tf import numpy as np tf.rawops.AddManySparseToTensorsMap...
CVE-2022-23560
Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would allow limited reads and writes outside of arrays in TFLite. This exploits missing validation in the conversion from sparse tensors to dense tensors. The fix is included in TensorFlow 2.8.0. We...
CVE-2022-23560 Read and Write outside of bounds in TFLite
Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would allow limited reads and writes outside of arrays in TFLite. This exploits missing validation in the conversion from sparse tensors to dense tensors. The fix is included in TensorFlow 2.8.0. We...
PT-2021-21762 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.6.0 TensorFlow version 2.5.1 TensorFlow version 2.4.3 TensorFlow version 2.3.4 Description: The issue arises when a user does not supply arguments that determine a valid sparse tensor, causing the tf.raw...
GHSA-2CPX-427X-Q2C6 CHECK-fail in AddManySparseToTensorsMap
Impact An attacker can trigger a denial of service via a CHECK-fail in tf.rawops.AddManySparseToTensorsMap: python import tensorflow as tf import numpy as np sparseindices = tf.constant530, shape=1, 1, dtype=tf.int64 sparsevalues = tf.ones1, dtype=tf.int64 shape = tf.Variabletf.ones55,...
Denial Of Service (DoS)
tensorflow is vulnerable to denial of service. A double redirection to access an element of an array allocated on the heap occurs when CHECK-fail in converting sparse tensors to CSR Sparse matrices in SparseTensorToCSRSparseMatrix, allowing an attacker to crash the application...
CVE-2021-29545
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in converting sparse tensors to CSR Sparse matrices. This is because the...
CVE-2021-29545
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in converting sparse tensors to CSR Sparse matrices. This is because the...
PYSEC-2021-182
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in converting sparse tensors to CSR Sparse matrices. This is because the...
PYSEC-2021-244
TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in SparseAdd results in allowing attackers to exploit undefined behavior dereferencing null pointers as well as write outside of bounds of heap allocated data. The...