CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

6.5CVSS6.8AI score0.00864EPSS

PYSEC-2022-152

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a SavedModel such that Grappler optimizer would attempt to build a tensor using a reference dtype. This would result in a crash due to a CHECK-fail in the Tensor constructor as...

Exploits1References4Affected Software1

6.5CVSS6.5AI score0.00864EPSS

a62-emotion (>=0.10.12 <=0.11.4), aiproteomics (=0.2.1) +97 more potentially affected by CVE-2022-23588 via tensorflow-cpu (>=1.15.0 <=2.4.4)

tensorflow-cpu PYPI version =1.15.0, =0.10.12, =2.0.0, =2.0.0, =1.0.0, =0.0.5, =0.3.0, =0.0.1, =0.8.1, =0.1.1, =1.3.0, =0.1.0.dev1, =0.0.1, =0.3.3 and more Source cves: CVE-2022-23588 Source advisory: OSV:PYSEC-2022-97...

6.5CVSS6.5AI score0.01097EPSS

animl (>=1.1.2 <=1.1.4), audio-classification-models (=1.0.1) +7 more potentially affected by CVE-2022-23589 via tensorflow-gpu (>=2.6.0 <=2.6.2)

tensorflow-gpu PYPI version =2.6.0, =1.1.2, =0.1.5, =0.1.0, =0.9.0, =1.0.5, =1.0.6 Source cves: CVE-2022-23589 Source advisory: OSV:PYSEC-2022-153...

Prion•added 2022/02/04 11:15 p.m.•21 views

Heap overflow

Tensorflow is an Open Source Machine Learning Framework. TensorFlow's type inference can cause a heap out of bounds read as the bounds checking is done in a DCHECK which is a no-op during production. An attacker can control the inputidx variable such that ix would be larger than the number of...

5.5CVSS7.8AI score0.00858EPSS

7.5CVSS7.4AI score0.00789EPSS

PYSEC-2022-155

Tensorflow is an Open Source Machine Learning Framework. The GraphDef format in TensorFlow does not allow self recursive functions. The runtime assumes that this invariant is satisfied. However, a GraphDef containing a fragment such as the following can be consumed when loading a SavedModel. This...

Exploits0References2Affected Software1

Prion•added 2022/02/04 11:15 p.m.•20 views

Null pointer dereference

4CVSS6.6AI score0.01097EPSS

Exploits1References5Affected Software1

6.5CVSS7.2AI score0.00783EPSS

PYSEC-2022-139

Tensorflow is an Open Source Machine Learning Framework. The implementation of OpLevelCostEstimator::CalculateTensorSize is vulnerable to an integer overflow if an attacker can create an operation which would involve a tensor with large enough number of elements. The fix will be included in...

Prion•added 2022/02/04 11:15 p.m.•30 views

Null pointer dereference

Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, TensorFlow might do a null-dereference if attributes of some mutable arguments to some operations are missing from the proto. This is guarded by a DCHECK. However, DCHECK is a no-op in production builds...

4CVSS6.6AI score0.00992EPSS

PyPA•added 2022/02/04 11:15 p.m.•10 views

PYSEC-2022-79

6.5CVSS6.9AI score0.00992EPSS

6.5CVSS7AI score0.01034EPSS

PYSEC-2022-81

Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, TensorFlow can fail to specialize a type during shape inference. This case is covered by the DCHECK function however, DCHECK is a no-op in production builds and an assertion failure in debug builds. In the first cas...

8.8CVSS7.2AI score0.00837EPSS

arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +170 more potentially affected by CVE-2022-23560 via tensorflow-gpu (>=1.10.1 <=2.5.1)

tensorflow-gpu PYPI version =1.10.1, =0.21.0, =0.23.0, =0.9.2, =0.1.0, =0.0.1, =0.0.9, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - brainhance =0.0.1 - cctv-analysis =0.0.2 and more Source cves: CVE-2022-23560 Source advisory: OSV:PYSEC-2022-124...

vulnersOsv•added 2022/02/04 11:15 p.m.•6 views

animl (>=1.1.2 <=1.1.4), audio-classification-models (=1.0.1) +7 more potentially affected by CVE-2022-23557 via tensorflow-gpu (>=2.6.0 <=2.6.2)

tensorflow-gpu PYPI version =2.6.0, =1.1.2, =0.1.5, =0.1.0, =0.9.0, =1.0.5, =1.0.6 Source cves: CVE-2022-23557 Source advisory: OSV:PYSEC-2022-121...

6.5CVSS6.5AI score0.00757EPSS

6.5CVSS7AI score0.01034EPSS

PYSEC-2022-136

8.8CVSS7.1AI score0.01173EPSS

PYSEC-2022-68

Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in embedding lookup operations. Both embeddingsize and lookupsize are products of values provided by the user. Hence, a malicious user could trigger overflows in the...

Exploits1References5Affected Software1

6.5CVSS6.9AI score0.00774EPSS

PYSEC-2022-103

Tensorflow is an Open Source Machine Learning Framework. When building an XLA compilation cache, if default settings are used, TensorFlow triggers a null pointer dereference. In the default scenario, all devices are allowed, so flr-configproto is nullptr. The fix will be included in TensorFlow...

6.5CVSS7AI score0.00821EPSS

PYSEC-2022-89

Tensorflow is an Open Source Machine Learning Framework. During shape inference, TensorFlow can allocate a large vector based on a value from a tensor controlled by the user. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, a...

6.5CVSS6.5AI score0.00821EPSS

a62-emotion (>=0.10.12 <=0.11.4), aiproteomics (=0.2.1) +97 more potentially affected by CVE-2022-23579 via tensorflow-cpu (>=1.15.0 <=2.4.4)

vulnersOsv•added 2022/02/04 11:15 p.m.•8 views

arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +170 more potentially affected by CVE-2022-23579 via tensorflow-gpu (>=1.10.1 <=2.5.1)

6.5CVSS6.5AI score0.00821EPSS