Lucene search
+L

64 matches found

NVD
NVD
added 2021/05/14 8:15 p.m.31 views

CVE-2021-29570

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.MaxPoolGradWithArgmax can cause reads outside of bounds of heap allocated data if attacker supplies specially crafted inputs. The...

7.1CVSS0.00154EPSS
Exploits0References2
OSV
OSV
added 2021/05/14 8:15 p.m.19 views

CVE-2021-29563

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service by exploiting a CHECK-failure coming from the implementation of tf.rawops.RFFT. Eigen code operating on an empty matrix can trigger on an assertion and will cause program termination...

5.5CVSS5.5AI score
Exploits0References2
OSV
OSV
added 2021/05/14 8:15 p.m.26 views

CVE-2021-29569

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.MaxPoolGradWithArgmax can cause reads outside of bounds of heap allocated data if attacker supplies specially crafted inputs. The...

7.1CVSS6.9AI score
Exploits0References2
NVD
NVD
added 2021/05/14 8:15 p.m.48 views

CVE-2021-29521

TensorFlow is an end-to-end open source platform for machine learning. Specifying a negative dense shape in tf.rawops.SparseCountSparseOutput results in a segmentation fault being thrown out from the standard library as std::vector invariants are broken. This is because the...

5.5CVSS0.00189EPSS
Exploits1References2
OSV
OSV
added 2021/05/14 8:15 p.m.14 views

CVE-2021-29530

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a null pointer dereference by providing an invalid permutation to tf.rawops.SparseMatrixSparseCholesky. This is because the...

7.8CVSS7.7AI score
Exploits0References2
Prion
Prion
added 2021/05/14 8:15 p.m.18 views

Design/Logic Flaw

TensorFlow is an end-to-end open source platform for machine learning. The reference implementation of the GatherNd TFLite operator is vulnerable to a division by zero...

4.6CVSS7.5AI score0.00201EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/05/14 8:15 p.m.7 views

PYSEC-2021-253

TensorFlow is an end-to-end open source platform for machine learning. The implementation of TrySimplifyhttps://github.com/tensorflow/tensorflow/blob/c22d88d6ff33031aa113e48aa3fc9aa74ed79595/tensorflow/core/grappler/optimizers/arithmeticoptimizer.ccL390-L401 has undefined behavior due to...

7.8CVSS6.9AI score0.00206EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/05/14 8:15 p.m.7 views

PYSEC-2021-715

TensorFlow is an end-to-end open source platform for machine learning. The reference implementation of the GatherNd TFLite operator is vulnerable to a division by zero...

7.8CVSS6.9AI score0.00201EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/05/14 8:15 p.m.10 views

PYSEC-2021-728

TensorFlow is an end-to-end open source platform for machine learning. The implementation of the DepthwiseConv TFLite operator is vulnerable to a division by zero...

5.5CVSS6.9AI score0.00189EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2021/05/14 8:15 p.m.21 views

Design/Logic Flaw

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger an integer division by zero undefined behavior in tf.rawops.QuantizedBiasAdd. This is because the implementation of the Eigen...

4.6CVSS7.5AI score0.00201EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2021/05/14 8:15 p.m.23 views

Code injection

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service by exploiting a CHECK-failure coming from tf.rawops.LoadAndRemapMatrix. This is because the...

2.1CVSS5.3AI score0.00189EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2021/05/14 8:15 p.m.14 views

Type confusion

TensorFlow is an end-to-end open source platform for machine learning. The API of tf.rawops.SparseCross allows combinations which would result in a CHECK-failure and denial of service. This is because the...

2.1CVSS5.3AI score0.00189EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2021/05/14 8:15 p.m.15 views

Heap overflow

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow by passing crafted inputs to tf.rawops.StringNGrams. This is because the...

2.1CVSS5.6AI score0.00198EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2021/05/14 8:15 p.m.15 views

Heap overflow

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.MaxPoolGrad is vulnerable to a heap buffer overflow. The...

4.6CVSS5.8AI score0.00214EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/05/14 8:15 p.m.6 views

PYSEC-2021-252

TensorFlow is an end-to-end open source platform for machine learning. The implementation of ParseAttrValuehttps://github.com/tensorflow/tensorflow/blob/c22d88d6ff33031aa113e48aa3fc9aa74ed79595/tensorflow/core/framework/attrvalueutil.ccL397-L453 can be tricked into stack overflow due to recursion...

5.5CVSS7.2AI score0.00204EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2021/05/14 8:15 p.m.20 views

PYSEC-2021-499

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.MaxPoolGradWithArgmax can cause reads outside of bounds of heap allocated data if attacker supplies specially crafted inputs. The...

7.8CVSS1.1AI score0.0024EPSS
Exploits1References2
OSV
OSV
added 2021/05/14 8:15 p.m.22 views

PYSEC-2021-463

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in QuantizedMul by passing in invalid thresholds for the quantization. This is because the...

7.8CVSS1.5AI score0.00211EPSS
Exploits1References2
OSV
OSV
added 2021/05/14 8:15 p.m.26 views

PYSEC-2021-448

TensorFlow is an end-to-end open source platform for machine learning. Missing validation between arguments to tf.rawops.Conv3DBackprop operations can result in heap buffer overflows. This is because the...

7.8CVSS1.6AI score0.00224EPSS
Exploits1References2
OSV
OSV
added 2021/05/14 8:15 p.m.7 views

PYSEC-2021-194

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via a FPE runtime error in tf.rawops.SparseMatMul. The division by 0 occurs deep in Eigen code because the b tensor is empty. The fix will be included in TensorFlow 2.5.0. We will also...

5.5CVSS5.9AI score0.00189EPSS
Exploits1References2
OSV
OSV
added 2021/05/14 8:15 p.m.31 views

PYSEC-2021-536

TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in tf.rawops.RaggedTensorToTensor, an attacker can exploit an undefined behavior if input arguments are empty. The...

7.8CVSS0.00234EPSS
Exploits1References4
Rows per page
Query Builder