Lucene search
K

14315 matches found

OSV
OSV
added 2023/02/23 8:15 p.m.8 views

AZL-38043 CVE-2023-23914 affecting package tensorflow for versions less than 2.16.1-1

A cleartext transmission of sensitive information vulnerability exists in curl v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. Using its HSTS support, curl can be instructed to use HTTPS instead of usingan insecure clear-text HTTP step even when HTTP is...

9.1CVSS6.7AI score0.00858EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2023/02/15 4:29 a.m.4 views

SUSE CVE-2018-7575

Google TensorFlow 1.7.x and earlier is affected by a Buffer Overflow vulnerability. The type of exploitation is context-dependent...

9.8CVSS9.3AI score0.00486EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:29 a.m.1 views

SUSE CVE-2018-7576

Google TensorFlow 1.6.x and earlier is affected by: Null Pointer Dereference. The type of exploitation is: context-dependent...

6.5CVSS6.4AI score0.0038EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:29 a.m.3 views

SUSE CVE-2018-7577

Memcpy parameter overlap in Google Snappy library 1.1.4, as used in Google TensorFlow before 1.7.1, could result in a crash or read from other parts of process memory...

8.1CVSS7.9AI score0.0043EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:29 a.m.1 views

SUSE CVE-2018-8825

Google TensorFlow 1.7 and below is affected by: Buffer Overflow. The impact is: execute arbitrary code local...

8.8CVSS9.1AI score0.00646EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:28 a.m.4 views

SUSE CVE-2018-10055

Invalid memory access and/or a heap buffer overflow in the TensorFlow XLA compiler in Google TensorFlow before 1.7.1 could cause a crash or read from other parts of process memory via a crafted configuration file...

8.1CVSS8.1AI score0.00442EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:20 a.m.4 views

SUSE CVE-2018-21233

TensorFlow before 1.7.0 has an integer overflow that causes an out-of-bounds read, possibly causing disclosure of the contents of process memory. This occurs in the DecodeBmp feature of the BMP decoder in core/kernels/decodebmpop.cc...

6.5CVSS6.7AI score0.00485EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:14 a.m.3 views

SUSE CVE-2019-9635

NULL pointer dereference in Google TensorFlow before 1.12.2 could cause a denial of service via an invalid GIF file...

6.5CVSS6.1AI score0.00453EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:7 a.m.2 views

SUSE CVE-2019-16778

In TensorFlow before 1.15, a heap buffer overflow in UnsortedSegmentSum can be produced when the Index template argument is int32. In this case datasize and numsegments fields are truncated from int64 to int32 and can produce negative numbers, resulting in accessing out of bounds heap memory. Thi...

9.8CVSS9.5AI score0.00777EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:57 a.m.1 views

SUSE CVE-2020-15190

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the tf.rawops.Switch operation takes as input a tensor and a boolean and outputs two tensors. Depending on the boolean value, one of the tensors is exactly the input tensor whereas the other one should be an empty tensor. Howeve...

5.3CVSS5.3AI score0.00943EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:57 a.m.2 views

SUSE CVE-2020-15192

In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes a list of strings to dlpack.todlpack there is a memory leak following an expected validation failure. The issue occurs because the status argument during validation failures is not properly checked. Since each of the above methods ca...

4.3CVSS4.6AI score0.00684EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:57 a.m.3 views

SUSE CVE-2020-15191

In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an invalid argument to dlpack.todlpack the expected validations will cause variables to bind to nullptr while setting a status variable to the error condition. However, this status argument is not properly checked. Hence, code...

5.3CVSS5.5AI score0.00749EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:56 a.m.2 views

SUSE CVE-2020-15193

In Tensorflow before versions 2.2.1 and 2.3.1, the implementation of dlpack.todlpack can be made to use uninitialized memory resulting in further memory corruption. This is because the pybind11 glue code assumes that the argument is a tensor. However, there is nothing stopping users from passing ...

7.1CVSS6.8AI score0.00681EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:56 a.m.2 views

SUSE CVE-2020-15195

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the implementation of SparseFillEmptyRowsGrad uses a double indexing pattern. It is possible for reverseindexmapi to be an index outside of bounds of gradvalues, thus resulting in a heap buffer overflow. The issue is patched in...

8.8CVSS8.7AI score0.00938EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:56 a.m.3 views

SUSE CVE-2020-15194

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the SparseFillEmptyRowsGrad implementation has incomplete validation of the shapes of its arguments. Although reverseindexmapt and gradvaluest are accessed in a similar pattern, only reverseindexmapt is validated to be of proper...

5.3CVSS5.3AI score0.01017EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:56 a.m.1 views

SUSE CVE-2020-15203

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the fill argument of tf.strings.asstring, a malicious attacker is able to trigger a format string vulnerability due to the way the internal format use in a printf call is constructed. This may result in segmentati...

7.5CVSS7.3AI score0.00952EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:56 a.m.2 views

SUSE CVE-2020-15204

In eager mode, TensorFlow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 does not set the session state. Hence, calling tf.rawops.GetSessionHandle or tf.rawops.GetSessionHandleV2 results in a null pointer dereference In linked snippet, in eager mode, ctx-sessionstate returns nullptr. Since...

5.3CVSS5.5AI score0.00903EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:56 a.m.3 views

SUSE CVE-2020-15205

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the datasplits argument of tf.rawops.StringNGrams lacks validation. This allows a user to pass values that can cause heap overflow errors and even leak contents of memory In the linked code snippet, all the binary strings after ...

9.8CVSS9.2AI score0.01015EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:56 a.m.4 views

SUSE CVE-2020-15202

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the Shard API in TensorFlow expects the last argument to be a function taking two int64 i.e., long long arguments. However, there are several places in TensorFlow where a lambda taking int or int32 arguments is being used. In...

9CVSS8.9AI score0.01235EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:56 a.m.3 views

SUSE CVE-2020-15206

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, changing the TensorFlow's SavedModel protocol buffer and altering the name of required keys results in segfaults and data corruption while loading the model. This can cause a denial of service in products using tensorflow-servin...

7.5CVSS7.9AI score0.00944EPSS
Exploits1References3
Rows per page
Query Builder