CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

vulnersOsv•added 2022/02/09 11:28 p.m.•5 views

aadhaar-detection (=0.5.0), accuinsight (>=1.0.84 <=1.0.87) +38 more potentially affected by CVE-2022-23588 via tensorflow (>=2.7.0 <=2.7.0rc1)

tensorflow PYPI version =2.7.0, =1.0.84, =3.0.22, =0.1.11, =0.1.11, =0.1.11, =0.1.0, =0.0.1, =0.1.5.dev202303131412, =0.1.0, =0.1.1 and more Source cves: CVE-2022-23588 Source advisory: OSV:GHSA-FX5C-H9F6-RV7C...

6.5CVSS6.5AI score0.00864EPSS

vulnersOsv•added 2022/02/09 11:28 p.m.•4 views

arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +170 more potentially affected by CVE-2022-23588 via tensorflow-gpu (>=1.10.1 <=2.5.1)

tensorflow-gpu PYPI version =1.10.1, =0.21.0, =0.23.0, =0.9.2, =0.1.0, =0.0.1, =0.0.9, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - brainhance =0.0.1 - cctv-analysis =0.0.2 and more Source cves: CVE-2022-23588 Source advisory: OSV:GHSA-FX5C-H9F6-RV7C...

6.5CVSS6.5AI score0.00864EPSS

OSV•added 2022/02/09 11:28 p.m.•5 views

GHSA-FX5C-H9F6-RV7C `CHECK`-fails due to attempting to build a reference tensor

Impact A malicious user can cause a denial of service by altering a SavedModel such that Grappler optimizer would attempt to build a tensor using a reference dtype. This would result in a crash due to a CHECK-fail in the Tensor constructor as reference types are not allowed. Patches We have patch...

6.5CVSS5.9AI score0.00864EPSS

Exploits1References8

Github Security Blog•added 2022/02/09 11:28 p.m.•30 views

`CHECK`-fails due to attempting to build a reference tensor

6.5CVSS1.8AI score0.00864EPSS

Exploits1References8Affected Software3

animl (>=1.1.2 <=1.1.4), audio-classification-models (=1.0.1) +7 more potentially affected by CVE-2022-23587 via tensorflow-gpu (>=2.6.0 <=2.6.2)

tensorflow-gpu PYPI version =2.6.0, =1.1.2, =0.1.5, =0.1.0, =0.9.0, =1.0.5, =1.0.6 Source cves: CVE-2022-23587 Source advisory: OSV:GHSA-8JJ7-5VXC-PG2Q...

vulnersOsv•added 2022/02/09 11:27 p.m.•3 views

125softnlp (=0.0.1), a2 (>=0.10.11 <=0.10.13) +4847 more potentially affected by CVE-2022-23587 via tensorflow (>=1.0.1 <=2.5.2)

tensorflow PYPI version =1.0.1, =0.10.11, =0.1.0, =0.0.0, =0.6.0, =0.1.6, =1.0.0, =2.0.0, =1.0.0, =0.0.1, =0.0.7 and more Source cves: CVE-2022-23587 Source advisory: OSV:GHSA-8JJ7-5VXC-PG2Q...

9.8CVSS7.7AI score0.00888EPSS

vulnersOsv•added 2022/02/09 11:27 p.m.•9 views

aadhaar-detection (=0.5.0), accuinsight (>=1.0.84 <=1.0.87) +38 more potentially affected by CVE-2022-23587 via tensorflow (>=2.7.0 <=2.7.0rc1)

tensorflow PYPI version =2.7.0, =1.0.84, =3.0.22, =0.1.11, =0.1.11, =0.1.11, =0.1.0, =0.0.1, =0.1.5.dev202303131412, =0.1.0, =0.1.1 and more Source cves: CVE-2022-23587 Source advisory: OSV:GHSA-8JJ7-5VXC-PG2Q...

alwakeupword (=1.0.0), armadillin (>=0.0.2 <=0.53.0) +42 more potentially affected by CVE-2022-23587 via tensorflow (>=2.6.0 <=2.6.2)

tensorflow PYPI version =2.6.0, =0.0.2, =1.0.1, =0.0.9, =0.2.0, =4.4.0, =1.1.2, =0.2.0, =0.0.1, =1.0.0, =1.1.2 - imgtovar =0.8.5 and more Source cves: CVE-2022-23587 Source advisory: OSV:GHSA-8JJ7-5VXC-PG2Q...

rpnet (>=0.0.1 <=0.1.0), rpnet-dev (>=0.0.5 <=0.0.12) +4 more potentially affected by CVE-2022-23587 via tensorflow-gpu (=2.7.0)

tensorflow-gpu PYPI version =2.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-gpu and may be impacted: - rpnet =0.0.1, =0.0.5, =1.0.5, =1.1.1 - tpu-tf2 =1.0.0 - troj =1.0.0 Source cves: CVE-2022-23587 Source advisory:...

vulnersOsv•added 2022/02/09 11:27 p.m.•6 views

a62-emotion (>=0.10.12 <=0.11.4), aiproteomics (=0.2.1) +97 more potentially affected by CVE-2022-23587 via tensorflow-cpu (>=1.15.0 <=2.4.4)

tensorflow-cpu PYPI version =1.15.0, =0.10.12, =2.0.0, =2.0.0, =1.0.0, =0.0.5, =0.3.0, =0.0.1, =0.8.1, =0.1.1, =1.3.0, =0.1.0.dev1, =0.0.1, =0.3.3 and more Source cves: CVE-2022-23587 Source advisory: OSV:GHSA-8JJ7-5VXC-PG2Q...

vulnersOsv•added 2022/02/09 11:27 p.m.•4 views

lsmmdma (>=0.0.4 <=0.1.7), tpu-tf2 (=1.0.0) potentially affected by CVE-2022-23587 via tensorflow-cpu (=2.7.0)

tensorflow-cpu PYPI version =2.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-cpu and may be impacted: - lsmmdma =0.0.4, =0.1.7 - tpu-tf2 =1.0.0 Source cves: CVE-2022-23587 Source advisory: OSV:GHSA-8JJ7-5VXC-PG2Q...

vulnersOsv•added 2022/02/09 11:27 p.m.•4 views

arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +170 more potentially affected by CVE-2022-23587 via tensorflow-gpu (>=1.10.1 <=2.5.1)

OSV•added 2022/02/09 11:27 p.m.•1 views

GHSA-8JJ7-5VXC-PG2Q Integer overflow in TensorFlow

Impact Under certain scenarios, Grappler component of TensorFlow is vulnerable to an integer overflow during cost estimation for crop and resize. Since the cropping parameters are user controlled, a malicious person can trigger undefined behavior. Patches We have patched the issue in GitHub commi...

8.8CVSS5.9AI score0.00888EPSS

Exploits1References7

Github Security Blog•added 2022/02/09 11:27 p.m.•48 views

Integer overflow in TensorFlow

9.8CVSS2.4AI score0.00888EPSS

Exploits1References7Affected Software3

vulnersOsv•added 2022/02/09 11:27 p.m.•3 views

rpnet (>=0.0.1 <=0.1.0), rpnet-dev (>=0.0.5 <=0.0.12) +4 more potentially affected by CVE-2022-23586 via tensorflow-gpu (=2.7.0)

vulnersOsv•added 2022/02/09 11:27 p.m.•7 views

a62-emotion (>=0.10.12 <=0.11.4), aiproteomics (=0.2.1) +97 more potentially affected by CVE-2022-23586 via tensorflow-cpu (>=1.15.0 <=2.4.4)

vulnersOsv•added 2022/02/09 11:27 p.m.•4 views

lsmmdma (>=0.0.4 <=0.1.7), tpu-tf2 (=1.0.0) potentially affected by CVE-2022-23586 via tensorflow-cpu (=2.7.0)

arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +170 more potentially affected by CVE-2022-23586 via tensorflow-gpu (>=1.10.1 <=2.5.1)

animl (>=1.1.2 <=1.1.4), audio-classification-models (=1.0.1) +7 more potentially affected by CVE-2022-23586 via tensorflow-gpu (>=2.6.0 <=2.6.2)

tensorflow-gpu PYPI version =2.6.0, =1.1.2, =0.1.5, =0.1.0, =0.9.0, =1.0.5, =1.0.6 Source cves: CVE-2022-23586 Source advisory: OSV:GHSA-43JF-985Q-588J...