Lucene search
K

14311 matches found

CVE
CVE
added 2022/02/03 2:30 p.m.144 views

CVE-2022-21740

CVE-2022-21740 concerns TensorFlow’s SparseCountSparseOutput, where the vulnerability is a heap-based overflow in that operation. The issue arises from improper bounds checking in the SparseCountSparseOutput path, enabling heap overflow and potential arbitrary-code execution on affected systems. ...

8.8CVSS8AI score0.00788EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2022/02/03 2:30 p.m.24 views

CVE-2022-21740 Heap overflow in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. The implementation of SparseCountSparseOutput is vulnerable to a heap overflow. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also...

7.6CVSS8.6AI score0.00788EPSS
Exploits1References6
Debian CVE
Debian CVE
added 2022/02/03 2:30 p.m.3 views

CVE-2022-21740

Tensorflow is an Open Source Machine Learning Framework. The implementation of SparseCountSparseOutput is vulnerable to a heap overflow. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also...

8.8CVSS7.1AI score0.00788EPSS
Exploits1
Cvelist
Cvelist
added 2022/02/03 2:27 p.m.36 views

CVE-2022-21741 Division by zero in TFLite

Tensorflow is an Open Source Machine Learning Framework. Impact An attacker can craft a TFLite model that would trigger a division by zero in the implementation of depthwise convolutions. The parameters of the convolution can be user controlled and are also used within a division operation to...

6.5CVSS6.6AI score0.00821EPSS
Exploits1References3
CVE
CVE
added 2022/02/03 2:27 p.m.128 views

CVE-2022-21741

TensorFlow’s CVE-2022-21741 affects TFLite depthwise convolutions where a division by zero can occur due to user-controlled convolution parameters and no positivity check before division. The issue enables a potential denial of service via crafted models. The fix is planned for TensorFlow 2.8.0, ...

6.5CVSS6.5AI score0.00821EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2022/02/03 2:27 p.m.26 views

CVE-2022-21741 Division by zero in TFLite

Tensorflow is an Open Source Machine Learning Framework. Impact An attacker can craft a TFLite model that would trigger a division by zero in the implementation of depthwise convolutions. The parameters of the convolution can be user controlled and are also used within a division operation to...

6.5CVSS6.3AI score0.00821EPSS
Exploits1References5
Debian CVE
Debian CVE
added 2022/02/03 2:27 p.m.5 views

CVE-2022-21741

Tensorflow is an Open Source Machine Learning Framework. Impact An attacker can craft a TFLite model that would trigger a division by zero in the implementation of depthwise convolutions. The parameters of the convolution can be user controlled and are also used within a division operation to...

6.5CVSS6.9AI score0.00821EPSS
Exploits1
NVD
NVD
added 2022/02/03 2:15 p.m.34 views

CVE-2022-21738

Tensorflow is an Open Source Machine Learning Framework. The implementation of SparseCountSparseOutput can be made to crash a TensorFlow process by an integer overflow whose result is then used in a memory allocation. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this comm...

6.5CVSS0.00783EPSS
Exploits1References3
NVD
NVD
added 2022/02/03 2:15 p.m.26 views

CVE-2022-21739

Tensorflow is an Open Source Machine Learning Framework. The implementation of QuantizedMaxPool has an undefined behavior where user controlled inputs can trigger a reference binding to null pointer. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow...

6.5CVSS0.00783EPSS
Exploits1References3
NVD
NVD
added 2022/02/03 2:15 p.m.31 views

CVE-2022-21737

Tensorflow is an Open Source Machine Learning Framework. The implementation of Bincount operations allows malicious users to cause denial of service by passing in arguments which would trigger a CHECK-fail. There are several conditions that the input arguments must satisfy. Some are not caught...

6.5CVSS0.00783EPSS
Exploits1References3
PyPA
PyPA
added 2022/02/03 2:15 p.m.3 views

PYSEC-2022-117

Tensorflow is an Open Source Machine Learning Framework. The implementation of SparseCountSparseOutput can be made to crash a TensorFlow process by an integer overflow whose result is then used in a memory allocation. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this comm...

6.5CVSS7.2AI score0.00783EPSS
Exploits1References3Affected Software1
PyPA
PyPA
added 2022/02/03 2:15 p.m.4 views

PYSEC-2022-118

Tensorflow is an Open Source Machine Learning Framework. The implementation of QuantizedMaxPool has an undefined behavior where user controlled inputs can trigger a reference binding to null pointer. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow...

6.5CVSS6.9AI score0.00783EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2022/02/03 2:15 p.m.17 views

Design/Logic Flaw

Tensorflow is an Open Source Machine Learning Framework. The implementation of Bincount operations allows malicious users to cause denial of service by passing in arguments which would trigger a CHECK-fail. There are several conditions that the input arguments must satisfy. Some are not caught...

4CVSS6.2AI score0.00783EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2022/02/03 2:15 p.m.13 views

Integer overflow

Tensorflow is an Open Source Machine Learning Framework. The implementation of SparseCountSparseOutput can be made to crash a TensorFlow process by an integer overflow whose result is then used in a memory allocation. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this comm...

4CVSS6.7AI score0.00783EPSS
Exploits1References3Affected Software1
PyPA
PyPA
added 2022/02/03 2:15 p.m.4 views

PYSEC-2022-61

Tensorflow is an Open Source Machine Learning Framework. The implementation of Bincount operations allows malicious users to cause denial of service by passing in arguments which would trigger a CHECK-fail. There are several conditions that the input arguments must satisfy. Some are not caught...

6.5CVSS6.7AI score0.00783EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2022/02/03 2:15 p.m.18 views

Null pointer dereference

Tensorflow is an Open Source Machine Learning Framework. The implementation of QuantizedMaxPool has an undefined behavior where user controlled inputs can trigger a reference binding to null pointer. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow...

4CVSS6.6AI score0.00783EPSS
Exploits1References3Affected Software1
PyPA
PyPA
added 2022/02/03 2:15 p.m.6 views

PYSEC-2022-62

Tensorflow is an Open Source Machine Learning Framework. The implementation of SparseCountSparseOutput can be made to crash a TensorFlow process by an integer overflow whose result is then used in a memory allocation. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this comm...

6.5CVSS7.2AI score0.00783EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2022/02/03 2:15 p.m.19 views

PYSEC-2022-61

Tensorflow is an Open Source Machine Learning Framework. The implementation of Bincount operations allows malicious users to cause denial of service by passing in arguments which would trigger a CHECK-fail. There are several conditions that the input arguments must satisfy. Some are not caught...

6.5CVSS2.4AI score0.00783EPSS
Exploits1References3
vulnersOsv
vulnersOsv
added 2022/02/03 2:15 p.m.4 views

animl (>=1.1.2 <=1.1.4), audio-classification-models (=1.0.1) +7 more potentially affected by CVE-2022-21738 via tensorflow-gpu (>=2.6.0 <=2.6.2)

tensorflow-gpu PYPI version =2.6.0, =1.1.2, =0.1.5, =0.1.0, =0.9.0, =1.0.5, =1.0.6 Source cves: CVE-2022-21738 Source advisory: OSV:PYSEC-2022-117...

6.5CVSS6.5AI score0.00783EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2022/02/03 2:15 p.m.5 views

animl (>=1.1.2 <=1.1.4), audio-classification-models (=1.0.1) +7 more potentially affected by CVE-2022-21739 via tensorflow-gpu (>=2.6.0 <=2.6.2)

tensorflow-gpu PYPI version =2.6.0, =1.1.2, =0.1.5, =0.1.0, =0.9.0, =1.0.5, =1.0.6 Source cves: CVE-2022-21739 Source advisory: OSV:PYSEC-2022-118...

6.5CVSS6.5AI score0.00783EPSS
Exploits1
Rows per page
Query Builder