Lucene search
K

389 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 3:43 a.m.4 views

SUSE CVE-2021-29591

TensorFlow is an end-to-end open source platform for machine learning. TFlite graphs must not have loops between nodes. However, this condition was not checked and an attacker could craft models that would result in infinite loop during evaluation. In certain cases, the infinite loop would be...

7.8CVSS7.5AI score0.00262EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:42 a.m.3 views

SUSE CVE-2021-29594

TensorFlow is an end-to-end open source platform for machine learning. TFLite's convolution codehttps://github.com/tensorflow/tensorflow/blob/09c73bca7d648e961dd05898292d91a8322a9d45/tensorflow/lite/kernels/conv.cc has multiple division where the divisor is controlled by the user and not checked ...

7.8CVSS7.5AI score0.00201EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:42 a.m.3 views

SUSE CVE-2021-29600

TensorFlow is an end-to-end open source platform for machine learning. The implementation of the OneHot TFLite operator is vulnerable to a division by zero errorhttps://github.com/tensorflow/tensorflow/blob/f61c57bd425878be108ec787f4d96390579fb83e/tensorflow/lite/kernels/onehot.ccL68-L72. An...

7.8CVSS7.4AI score0.00201EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:42 a.m.2 views

SUSE CVE-2021-29601

TensorFlow is an end-to-end open source platform for machine learning. The TFLite implementation of concatenation is vulnerable to an integer overflow issuehttps://github.com/tensorflow/tensorflow/blob/7b7352a724b690b11bfaae2cd54bc3907daf6285/tensorflow/lite/kernels/concatenation.ccL70-L76. An...

7.1CVSS6.9AI score0.00192EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:42 a.m.2 views

SUSE CVE-2021-29605

TensorFlow is an end-to-end open source platform for machine learning. The TFLite code for allocating TFLiteIntArrays is vulnerable to an integer overflow issuehttps://github.com/tensorflow/tensorflow/blob/4ceffae632721e52bf3501b736e4fe9d1221cdfa/tensorflow/lite/c/common.cL24-L27. An attacker can...

7.1CVSS5.9AI score0.0022EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:39 a.m.4 views

SUSE CVE-2021-37682

TensorFlow is an end-to-end open source platform for machine learning. In affected versions all TFLite operations that use quantization can be made to use unitialized values. For example. The issue stems from the fact that quantization.params is only valid if quantization.type is different that...

7.1CVSS5.5AI score0.0018EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 3:39 a.m.2 views

SUSE CVE-2021-37683

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of division in TFLite is vulnerable to a division by 0 error. There is no check that the divisor tensor does not contain zero elements. We have patched the issue in GitHub commit...

5.5CVSS4.8AI score0.00154EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 3:39 a.m.4 views

SUSE CVE-2021-37685

TensorFlow is an end-to-end open source platform for machine learning. In affected versions TFLite's expanddims.cc contains a vulnerability which allows reading one element outside of bounds of heap allocated data. If axis is a large negative value e.g., -100000, then after the first if it would...

5.5CVSS4.9AI score0.00172EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 3:39 a.m.2 views

SUSE CVE-2021-37687

TensorFlow is an end-to-end open source platform for machine learning. In affected versions TFLite's GatherNd implementation does not support negative indices but there are no checks for this situation. Hence, an attacker can read arbitrary data from the heap by carefully crafting a model with...

5.5CVSS5AI score0.00191EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 3:39 a.m.2 views

SUSE CVE-2021-37688

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a crash and denial of service. The implementation unconditionally dereferences a pointer. We have...

5.5CVSS4.9AI score0.00165EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 3:39 a.m.5 views

SUSE CVE-2021-37691

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a division by zero error in LSH implementation. We have patched the issue in GitHub commit 0575b640091680cfb70f4dd93e70658de43b94f9. The fix will be...

5.5CVSS4.9AI score0.00152EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 3:29 a.m.3 views

SUSE CVE-2022-21741

Tensorflow is an Open Source Machine Learning Framework. Impact An attacker can craft a TFLite model that would trigger a division by zero in the implementation of depthwise convolutions. The parameters of the convolution can be user controlled and are also used within a division operation to...

6.5CVSS6.4AI score0.00821EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:28 a.m.3 views

SUSE CVE-2022-23560

Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would allow limited reads and writes outside of arrays in TFLite. This exploits missing validation in the conversion from sparse tensors to dense tensors. The fix is included in TensorFlow 2.8.0. We...

8.8CVSS8.3AI score0.00837EPSS
Exploits1References3
Microsoft CVE
Microsoft CVE
added 2022/12/02 8:0 a.m.2 views

Buffer overflow in `CONV_3D_TRANSPOSE` on TFLite

...

8.1CVSS8.1AI score0.00523EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2022/11/21 8:44 p.m.35 views

Buffer overflow in `CONV_3D_TRANSPOSE` on TFLite

Impact The reference kernel of the CONV3DTRANSPOSE TensorFlow Lite operator wrongly increments the dataptr when adding the bias to the result. Instead of dataptr += numchannels; it should be dataptr += outputnumchannels; as if the number of input channels is different than the number of output...

8.1CVSS8.1AI score0.00523EPSS
Exploits1References5Affected Software1
Snyk
Snyk
added 2022/11/20 9:12 a.m.2 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS when SparseFillEmptyRowsGrad is given empty inputs. Details Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users. Unlike other...

7.5CVSS7AI score0.0044EPSS
Exploits1References2
Snyk
Snyk
added 2022/11/20 9:8 a.m.1 views

Out-of-Bounds

Overview Affected versions of this package are vulnerable to Out-of-Bounds in DynamicStitch due to missing validation when it receives a differing number of inputs, such as when it is called with an indices size 1 and a data size 2. Remediation Upgrade tensorflow-lite to version 2.12.0 or higher...

7.5CVSS6.8AI score0.0035EPSS
Exploits1References2
Snyk
Snyk
added 2022/11/20 9:8 a.m.3 views

Always-Incorrect Control Flow Implementation

Overview Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation when a numpy array is created with a shape such that one element is zero and the sum of others is a large number. Remediation Upgrade tensorflow-lite to version 2.12.0 or higher. References -...

7.5CVSS6.9AI score0.0033EPSS
Exploits1References2
Snyk
Snyk
added 2022/11/20 9:8 a.m.5 views

Buffer Overflow

Overview Affected versions of this package are vulnerable to Buffer Overflow via tf.rawops.ImageProjectiveTransformV2 when a large output shape is given. Remediation Upgrade tensorflow-lite to version 2.12.0 or higher. References - GitHub Commit - Vulnerable Code Credit: Neophytos Christou from S...

7.5CVSS7AI score0.0043EPSS
Exploits1References2
Snyk
Snyk
added 2022/11/20 9:8 a.m.3 views

Incorrect Calculation of Buffer Size

Overview Affected versions of this package are vulnerable to Incorrect Calculation of Buffer Size via tf.keras.losses.poisson which receives a ypred and ytrue that are passed through functor::mul in BinaryOp. If the resulting dimensions overflow an int32, TensorFlow will crash due to a size...

7.5CVSS7.2AI score0.0044EPSS
Exploits1References2
Rows per page
Query Builder