737 matches found
PYSEC-2021-710
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in caused by an integer overflow in constructing a new tensor shape. This is because the...
PYSEC-2021-221
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in caused by an integer overflow in constructing a new tensor shape. This is because the...
PYSEC-2021-686
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in tf.rawops.RaggedTensorToTensor. This is because the...
PYSEC-2021-641
TensorFlow is an end-to-end open source platform for machine learning. The implementation of MatrixDiag operationshttps://github.com/tensorflow/tensorflow/blob/4c4f420e68f1cfaf8f4b6e8e3eb857e9e4c3ff33/tensorflow/core/kernels/linalg/matrixdiagop.ccL195-L197 does not validate that the tensor...
PYSEC-2021-682
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via a FPE runtime error in tf.rawops.Reverse. This is because the...
PYSEC-2021-642
TensorFlow is an end-to-end open source platform for machine learning. Calling tf.rawops.RaggedTensorToVariant with arguments specifying an invalid ragged tensor results in a null pointer dereference. The implementation of RaggedTensorToVariant...
a2grunnerp (>=0.1.0 <=0.1.8), abba-python (>=0.1.6 <=0.3.0) +1361 more potentially affected by CVE-2021-29529 via tensorflow (>=1.0.1 <=2.1.2)
tensorflow PYPI version =1.0.1, =0.1.0, =0.1.6, =0.0.6, =0.1.0, =0.0.1, =1.1.2, =0.0.1, =2.0.0, =0.3.26, =0.2.1, =7.13.1, =0.0.1, =0.0.2 and more Source cves: CVE-2021-29529 Source advisory: OSV:PYSEC-2021-166...
PYSEC-2021-676
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a runtime division by zero error and denial of service in tf.rawops.FractionalAvgPool. This is because the...
PYSEC-2021-221
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in caused by an integer overflow in constructing a new tensor shape. This is because the...
PYSEC-2021-710
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in caused by an integer overflow in constructing a new tensor shape. This is because the...
PYSEC-2021-171
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in tf.rawops.SparseConcat. This is because the...
PYSEC-2021-505
TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.AvgPool3DGrad is vulnerable to a heap buffer overflow. The...
PYSEC-2021-248
TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in SparseReshape results in a denial of service based on a CHECK-failure. The...
PYSEC-2021-657
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a CHECK fail in PNG encoding by providing an empty input tensor as the pixel data. This is because the...
Input validation
TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in SparseReshape results in a denial of service based on a CHECK-failure. The...
Null pointer dereference
TensorFlow is an end-to-end open source platform for machine learning. Calling tf.rawops.RaggedTensorToVariant with arguments specifying an invalid ragged tensor results in a null pointer dereference. The implementation of RaggedTensorToVariant...
brainhance (=0.0.1), crystal4d (>=0.0.4 <=0.1.2) +4 more potentially affected by CVE-2021-29608 via tensorflow-gpu (>=2.4.0 <=2.4.2)
tensorflow-gpu PYPI version =2.4.0, =0.0.4, =1.1.1, =0.1.0.dev98, =1.0.0, =1.0.1 - tf-yarn-gpu =0.6.3 Source cves: CVE-2021-29608 Source advisory: OSV:PYSEC-2021-734...
PYSEC-2021-734
TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in tf.rawops.RaggedTensorToTensor, an attacker can exploit an undefined behavior if input arguments are empty. The...
PYSEC-2021-460
TensorFlow is an end-to-end open source platform for machine learning. An attacker can force accesses outside the bounds of heap allocated arrays by passing in invalid tensor values to tf.rawops.RaggedCross. This is because the...
PYSEC-2021-245
TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in tf.rawops.RaggedTensorToTensor, an attacker can exploit an undefined behavior if input arguments are empty. The...