CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Prion•added 2022/02/04 11:15 p.m.•12 views

Null pointer dereference

Tensorflow is an Open Source Machine Learning Framework. When building an XLA compilation cache, if default settings are used, TensorFlow triggers a null pointer dereference. In the default scenario, all devices are allowed, so flr-configproto is nullptr. The fix will be included in TensorFlow...

4CVSS6.6AI score0.00762EPSS

vulnersOsv•added 2022/02/04 11:15 p.m.•1 views

a62-emotion (>=0.10.12 <=0.11.4), aiproteomics (=0.2.1) +97 more potentially affected by CVE-2022-23558 via tensorflow-cpu (>=1.15.0 <=2.4.4)

tensorflow-cpu PYPI version =1.15.0, =0.10.12, =2.0.0, =2.0.0, =1.0.0, =0.0.5, =0.3.0, =0.0.1, =0.8.1, =0.1.1, =1.3.0, =0.1.0.dev1, =0.0.1, =0.3.3 and more Source cves: CVE-2022-23558 Source advisory: OSV:PYSEC-2022-67...

8.8CVSS7.2AI score0.00799EPSS

OSV•added 2022/02/04 11:15 p.m.•21 views

PYSEC-2022-90

Tensorflow is an Open Source Machine Learning Framework. The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a SavedModel such that IsSimplifiableReshape would trigger CHECK failures. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this...

6.5CVSS2.8AI score0.01181EPSS

Exploits1References5

OSV•added 2022/02/04 11:15 p.m.•2 views

PYSEC-2022-126

Tensorflow is an Open Source Machine Learning Framework. The implementation of Range suffers from integer overflows. These can trigger undefined behavior or, in some scenarios, extremely large allocations. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on...

8.8CVSS5.9AI score0.00569EPSS

Exploits0References4

OSV•added 2022/02/04 11:15 p.m.•27 views

PYSEC-2022-73

Tensorflow is an Open Source Machine Learning Framework. When decoding a resource handle tensor from protobuf, a TensorFlow process can encounter cases where a CHECK assertion is invalidated based on user controlled arguments. This allows attackers to cause denial of services in TensorFlow...

6.5CVSS1.9AI score0.00462EPSS

Exploits0References2

OSV•added 2022/02/04 11:15 p.m.•22 views

PYSEC-2022-87

Tensorflow is an Open Source Machine Learning Framework. If a graph node is invalid, TensorFlow can leak memory in the implementation of ImmutableExecutorState::Initialize. Here, we set item-kernel to nullptr but it is a simple OpKernel pointer so the memory that was previously allocated to it...

4.3CVSS3.2AI score0.00705EPSS

OSV•added 2022/02/04 11:15 p.m.•21 views

PYSEC-2022-102

Tensorflow is an Open Source Machine Learning Framework. The simplifyBroadcast function in the MLIR-TFRT infrastructure in TensorFlow is vulnerable to a segfault hence, denial of service, if called with scalar shapes. If all shapes are scalar, then maxRank is 0, so we build an empty SmallVector...

7.5CVSS3.4AI score0.00857EPSS

vulnersOsv•added 2022/02/04 11:15 p.m.•4 views

animl (>=1.1.2 <=1.1.4), audio-classification-models (=1.0.1) +7 more potentially affected by CVE-2022-23581 via tensorflow-gpu (>=2.6.0 <=2.6.2)

tensorflow-gpu PYPI version =2.6.0, =1.1.2, =0.1.5, =0.1.0, =0.9.0, =1.0.5, =1.0.6 Source cves: CVE-2022-23581 Source advisory: OSV:PYSEC-2022-145...

6.5CVSS6.5AI score0.01181EPSS

vulnersOsv•added 2022/02/04 11:15 p.m.•2 views

animl (>=1.1.2 <=1.1.4), audio-classification-models (=1.0.1) +7 more potentially affected by CVE-2022-23558 via tensorflow-gpu (>=2.6.0 <=2.6.2)

tensorflow-gpu PYPI version =2.6.0, =1.1.2, =0.1.5, =0.1.0, =0.9.0, =1.0.5, =1.0.6 Source cves: CVE-2022-23558 Source advisory: OSV:PYSEC-2022-122...

8.8CVSS7.2AI score0.00799EPSS

PyPA•added 2022/02/04 11:15 p.m.•6 views

PYSEC-2022-148

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a use after free behavior when decoding PNG images. After png::CommonFreeDecode gets called, the values of decode.width and decode.height are in an unspecified state. The fix will be included in TensorFlow 2.8.0. ...

7.6CVSS7AI score0.00714EPSS

vulnersOsv•added 2022/02/04 11:15 p.m.•2 views

a62-emotion (>=0.10.12 <=0.11.4), aiproteomics (=0.2.1) +97 more potentially affected by CVE-2022-23595 via tensorflow-cpu (>=1.15.0 <=2.4.4)

6.5CVSS6.5AI score0.00762EPSS

OSV•added 2022/02/04 11:15 p.m.•2 views

PYSEC-2022-153

Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow can trigger a null pointer dereference. There are 2 places where this can occur, for the same malicious alteration of a SavedModel file fixing the first one would trigger the same...

6.5CVSS5.9AI score0.0108EPSS

Exploits1References5

OSV•added 2022/02/04 11:15 p.m.•1 views

PYSEC-2022-124

Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would allow limited reads and writes outside of arrays in TFLite. This exploits missing validation in the conversion from sparse tensors to dense tensors. The fix is included in TensorFlow 2.8.0. We...

8.8CVSS5.9AI score0.00824EPSS

OSV•added 2022/02/04 11:15 p.m.•20 views

PYSEC-2022-69

8.8CVSS3.8AI score0.00824EPSS

Prion•added 2022/02/04 11:15 p.m.•16 views

Stack overflow

5CVSS7.4AI score0.00857EPSS

PyPA•added 2022/02/04 11:15 p.m.•6 views

PYSEC-2022-87

4.3CVSS6.9AI score0.00705EPSS