14329 matches found
Denial Of Service (DoS)
tensorflow is vulnerable to denial of service. The vulnerability exists because it does not prevent an attacker to send the values array containing Not a Number NaN elements to tf.histogramfixedwidth, causing an application crash...
Denial Of Service (DoS)
tensorflow is vulnerable to denial of service. The vulnerability exists because the tf.rawops.DeleteSessionTensor in sessionops.cc does not properly validate the input arguments, allowing an attacker to crash the application through the CHECK failure...
Incorrect Logic
tensorflow is using incorrect logic. Comparison of sizet and int values is not done correctly which results in incorrect macros for writing assertions such as CHECKLT, CHECKGT, etc...
Google TensorFlow Input Validation Error Vulnerability (CNVD-2022-44175)
Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. An input validation error vulnerability exists in TensorFlow versions prior to 2.9.0, 2.8.1, 2.7.2, and 2.6.4, which stems from the fact that tf.rawops.UnsortedSegmentJoin does not fully validat...
Google TensorFlow Code Injection Vulnerability
Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. A code injection vulnerability exists in TensorFlow versions prior to 2.9.0, prior to 2.8.1, prior to 2.7.2, and prior to 2.6.4, with no detailed vulnerability details provided at this time...
Google TensorFlow Input Validation Error Vulnerability (CNVD-2022-44208)
Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. An input validation error vulnerability exists in Google TensorFlow versions prior to 2.9.0, prior to 2.8.1, prior to 2.7.2, and prior to 2.6.4, which stems from a vulnerability that can be...
Google TensorFlow Input Validation Error Vulnerability (CNVD-2022-44209)
Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. An input validation error vulnerability exists in Google TensorFlow versions prior to 2.9.0, prior to 2.8.1, prior to 2.7.2, and prior to 2.6.4, which stems from the presence of a non-numeric...
Google TensorFlow suffers from an unspecified vulnerability (CNVD-2022-44210)
Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. A security vulnerability exists in Google TensorFlow version 2.8.0, which stems from the TensorKey hash function using the very poorly implemented constant hash function AllocatedBytes for total...
Google TensorFlow suffers from an unspecified vulnerability (CNVD-2022-44211)
Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. A security vulnerability exists in Google TensorFlow versions prior to 2.9.0, prior to 2.8.1, prior to 2.7.2, and prior to 2.6.4, which stems from incorrect logic when comparing sizet when writi...
Google TensorFlow Input Validation Error Vulnerability (CNVD-2022-44177)
Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. An input validation error vulnerability exists in Google TensorFlow versions prior to 2.9.0, prior to 2.8.1, prior to 2.7.2, and prior to 2.6.4, which stems from the fact that...
Google TensorFlow Input Validation Error Vulnerability (CNVD-2022-44179)
Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. An input validation error vulnerability exists in Google TensorFlow versions prior to 2.9.0, prior to 2.8.1, prior to 2.7.2, and prior to 2.6.4, which stems from the lack of input validation in...
Google TensorFlow Input Validation Error Vulnerability (CNVD-2022-44174)
Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. An input validation error vulnerability exists in TensorFlow versions prior to 2.9.0, 2.8.1, 2.7.2, and 2.6.4, which stems from the fact that tf.rawops.SparseTensorToCSRSparseMatrix does not ful...
Google TensorFlow Input Validation Error Vulnerability (CNVD-2022-44176)
Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. An input validation error vulnerability exists in Google TensorFlow versions prior to 2.9.0, prior to 2.8.1, prior to 2.7.2, and prior to 2.6.4, which stems from the fact that tf.rawops.StagePee...
CVE-2022-29213
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the tf.compat.v1.signal.rfft2d and tf.compat.v1.signal.rfft3d lack input validation and under certain condition can result in crashes due to CHECK-failures. Versions 2.9.0, 2.8.1, 2.7.2,...
CVE-2022-29211
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.histogramfixedwidth is vulnerable to a crash when the values array contain Not a Number NaN elements. The implementation assumes that all floating point operation...
CVE-2022-29210
TensorFlow is an open source platform for machine learning. In version 2.8.0, the TensorKey hash function used total estimated AllocatedBytes, which a is an estimate per tensor, and b is a very poor hash function for constants e.g. int32t. It also tried to access individual tensor bytes through...
CVE-2022-29209
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the macros that TensorFlow uses for writing assertions e.g., CHECKLT, CHECKGT, etc. have an incorrect logic when comparing sizet and int values. Due to type conversion rules, several of t...
CVE-2022-29212
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, certain TFLite models that were created using TFLite model converter would crash when loaded in the TFLite interpreter. The culprit is that during quantization the scale of values could b...
CVE-2022-29216
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, TensorFlow's savedmodelcli tool is vulnerable to a code injection. This can be used to open a reverse shell. This code path was maintained for compatibility reasons as the maintainers had...
Stack overflow
TensorFlow is an open source platform for machine learning. In version 2.8.0, the TensorKey hash function used total estimated AllocatedBytes, which a is an estimate per tensor, and b is a very poor hash function for constants e.g. int32t. It also tried to access individual tensor bytes through...