CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

vulnersOsv•added 2022/02/04 11:15 p.m.•4 views

animl (>=1.1.2 <=1.1.4), arekit (>=0.21.0 <=0.22.1) +182 more potentially affected by CVE-2022-23590 via tensorflow-gpu (>=1.10.1 <=2.7.0)

tensorflow-gpu PYPI version =1.10.1, =1.1.2, =0.21.0, =0.23.0, =0.9.2, =1.0.0, =0.1.0, =0.0.1, =0.0.9, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - brainhance =0.0.1 and more Source cves: CVE-2022-23590 Source advisory: OSV:PYSEC-2022-154...

7.5CVSS7.1AI score0.00973EPSS

7.5CVSS7.4AI score0.00789EPSS

PYSEC-2022-100

Tensorflow is an Open Source Machine Learning Framework. The GraphDef format in TensorFlow does not allow self recursive functions. The runtime assumes that this invariant is satisfied. However, a GraphDef containing a fragment such as the following can be consumed when loading a SavedModel. This...

Exploits0References2Affected Software1

9.8CVSS7.2AI score0.00888EPSS

PYSEC-2022-96

Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow is vulnerable to an integer overflow during cost estimation for crop and resize. Since the cropping parameters are user controlled, a malicious person can trigger undefined behavior...

9.8CVSS7.2AI score0.00888EPSS

PYSEC-2022-151

6.5CVSS6.8AI score0.00864EPSS

PYSEC-2022-97

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a SavedModel such that Grappler optimizer would attempt to build a tensor using a reference dtype. This would result in a crash due to a CHECK-fail in the Tensor constructor as...

Exploits1References4Affected Software1

7.5CVSS6.8AI score0.0087EPSS

PYSEC-2022-102

Tensorflow is an Open Source Machine Learning Framework. The simplifyBroadcast function in the MLIR-TFRT infrastructure in TensorFlow is vulnerable to a segfault hence, denial of service, if called with scalar shapes. If all shapes are scalar, then maxRank is 0, so we build an empty SmallVector...

vulnersOsv•added 2022/02/04 11:15 p.m.•3 views

lsmmdma (>=0.0.4 <=0.1.7), medaka-cpu (>=1.6.0 <=1.7.2) +1 more potentially affected by CVE-2022-23593 via tensorflow-cpu (>=2.7.0 <=2.7.4)

tensorflow-cpu PYPI version =2.7.0, =0.0.4, =1.6.0, =1.7.2 - tpu-tf2 =1.0.0 Source cves: CVE-2022-23593 Source advisory: OSV:PYSEC-2022-102...

7.5CVSS7.1AI score0.0087EPSS

Prion•added 2022/02/04 11:15 p.m.•23 views

Stack overflow

Tensorflow is an Open Source Machine Learning Framework. The TFG dialect of TensorFlow MLIR makes several assumptions about the incoming GraphDef before converting it to the MLIR-based dialect. If an attacker changes the SavedModel format on disk to invalidate these assumptions and the GraphDef i...

2.1CVSS5.9AI score0.00142EPSS

Exploits0References2Affected Software1

PyPA•added 2022/02/04 11:15 p.m.•7 views

PYSEC-2022-156

Tensorflow is an Open Source Machine Learning Framework. TensorFlow's type inference can cause a heap out of bounds read as the bounds checking is done in a DCHECK which is a no-op during production. An attacker can control the inputidx variable such that ix would be larger than the number of...

8.1CVSS6.9AI score0.00858EPSS

PyPA•added 2022/02/04 11:15 p.m.•7 views

PYSEC-2022-101

8.1CVSS6.9AI score0.00858EPSS

vulnersOsv•added 2022/02/04 11:15 p.m.•8 views

lsmmdma (>=0.0.4 <=0.1.7), medaka-cpu (>=1.6.0 <=1.7.2) +1 more potentially affected by CVE-2022-23592 via tensorflow-cpu (>=2.7.0 <=2.7.4)

tensorflow-cpu PYPI version =2.7.0, =0.0.4, =1.6.0, =1.7.2 - tpu-tf2 =1.0.0 Source cves: CVE-2022-23592 Source advisory: OSV:PYSEC-2022-101...

8.1CVSS7.2AI score0.00858EPSS

6.5CVSS6.8AI score0.00821EPSS

PYSEC-2022-88

Tensorflow is an Open Source Machine Learning Framework. The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a SavedModel such that SafeToRemoveIdentity would trigger CHECK failures. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this...

vulnersOsv•added 2022/02/04 11:15 p.m.•6 views

arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +170 more potentially affected by CVE-2022-23578 via tensorflow-gpu (>=1.10.1 <=2.5.1)

tensorflow-gpu PYPI version =1.10.1, =0.21.0, =0.23.0, =0.9.2, =0.1.0, =0.0.1, =0.0.9, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - brainhance =0.0.1 - cctv-analysis =0.0.2 and more Source cves: CVE-2022-23578 Source advisory: OSV:PYSEC-2022-142...

4.3CVSS5.8AI score0.00716EPSS

vulnersOsv•added 2022/02/04 11:15 p.m.•4 views

arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +170 more potentially affected by CVE-2022-23580 via tensorflow-gpu (>=1.10.1 <=2.5.1)

6.5CVSS6.5AI score0.00821EPSS

PyPA•added 2022/02/04 11:15 p.m.•6 views

PYSEC-2022-140

Tensorflow is an Open Source Machine Learning Framework. The implementation of OpLevelCostEstimator::CalculateOutputSize is vulnerable to an integer overflow if an attacker can create an operation which would involve tensors with large enough number of elements. We can have a large enough number ...

6.5CVSS7.2AI score0.00783EPSS

7.5CVSS6.8AI score0.0087EPSS

PYSEC-2022-157

vulnersOsv•added 2022/02/04 11:15 p.m.•4 views

ddpg-tf2 (=1.0.1), rpnet (>=0.0.1 <=0.1.0) +6 more potentially affected by CVE-2022-23592 via tensorflow-gpu (>=2.7.0 <=2.7.2)

tensorflow-gpu PYPI version =2.7.0, =0.0.1, =0.0.5, =1.0.5, =1.1.1 - tpu-tf2 =1.0.0 - troj =1.0.0 Source cves: CVE-2022-23592 Source advisory: OSV:PYSEC-2022-156...

8.1CVSS7.2AI score0.00858EPSS

Prion•added 2022/02/04 11:15 p.m.•16 views

Stack overflow

5CVSS7.4AI score0.0087EPSS

vulnersOsv•added 2022/02/04 11:15 p.m.•5 views

a62-emotion (>=0.10.12 <=0.11.4), aiproteomics (=0.2.1) +97 more potentially affected by CVE-2022-23595 via tensorflow-cpu (>=1.15.0 <=2.4.4)

tensorflow-cpu PYPI version =1.15.0, =0.10.12, =2.0.0, =2.0.0, =1.0.0, =0.0.5, =0.3.0, =0.0.1, =0.8.1, =0.1.1, =1.3.0, =0.1.0.dev1, =0.0.1, =0.3.3 and more Source cves: CVE-2022-23595 Source advisory: OSV:PYSEC-2022-103...

6.5CVSS6.5AI score0.00774EPSS