Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

14326 matches found

OSV
OSVadded 2022/02/04 11:15 p.m.18 views

PYSEC-2022-96

Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow is vulnerable to an integer overflow during cost estimation for crop and resize. Since the cropping parameters are user controlled, a malicious person can trigger undefined behavior...

9.8CVSS3.2AI score0.00874EPSS
Exploits1References3
OSV
OSVadded 2022/02/04 11:15 p.m.1 views

PYSEC-2022-122

Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in TfLiteIntArrayCreate. The TfLiteIntArrayGetSizeInBytes returns an int instead of a sizet. An attacker can control model inputs such that computedsize overflows the...

8.8CVSS5.9AI score0.00799EPSS
Exploits1References4
OSV
OSVadded 2022/02/04 11:15 p.m.2 views

PYSEC-2022-126

Tensorflow is an Open Source Machine Learning Framework. The implementation of Range suffers from integer overflows. These can trigger undefined behavior or, in some scenarios, extremely large allocations. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on...

8.8CVSS5.9AI score0.00569EPSS
Exploits0References4
OSV
OSVadded 2022/02/04 11:15 p.m.21 views

PYSEC-2022-68

Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in embedding lookup operations. Both embeddingsize and lookupsize are products of values provided by the user. Hence, a malicious user could trigger overflows in the...

8.8CVSS3.3AI score0.01155EPSS
Exploits1References5
OSV
OSVadded 2022/02/04 11:15 p.m.14 views

PYSEC-2022-81

Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, TensorFlow can fail to specialize a type during shape inference. This case is covered by the DCHECK function however, DCHECK is a no-op in production builds and an assertion failure in debug builds. In the first cas...

6.5CVSS1AI score0.00968EPSS
Exploits1References3
OSV
OSVadded 2022/02/04 11:15 p.m.1 views

PYSEC-2022-148

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a use after free behavior when decoding PNG images. After png::CommonFreeDecode&decode gets called, the values of decode.width and decode.height are in an unspecified state. The fix will be included in TensorFlow...

7.6CVSS5.9AI score0.00714EPSS
Exploits1References3
OSV
OSVadded 2022/02/04 11:15 p.m.25 views

PYSEC-2022-94

Tensorflow is an Open Source Machine Learning Framework. When decoding PNG images TensorFlow can produce a memory leak if the image is invalid. After calling png::CommonInitDecode..., &decode, the decode value contains allocated buffers which can only be freed by calling...

6.5CVSS2AI score0.00929EPSS
Exploits1References3
OSV
OSVadded 2022/02/04 11:15 p.m.18 views

PYSEC-2022-97

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a SavedModel such that Grappler optimizer would attempt to build a tensor using a reference dtype. This would result in a crash due to a CHECK-fail in the Tensor constructor as...

6.5CVSS2AI score0.00851EPSS
Exploits1References4
OSV
OSVadded 2022/02/04 11:15 p.m.16 views

PYSEC-2022-101

Tensorflow is an Open Source Machine Learning Framework. TensorFlow's type inference can cause a heap out of bounds read as the bounds checking is done in a DCHECK which is a no-op during production. An attacker can control the inputidx variable such that ix would be larger than the number of...

8.1CVSS3.5AI score0.00845EPSS
Exploits1References3
Vulnrichment
Vulnrichmentadded 2022/02/04 10:32 p.m.4 views

CVE-2022-23561 Out of bounds write in TFLite

Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause a write outside of bounds of an array in TFLite. In fact, the attacker can override the linked list used by the memory allocator. This can be leveraged for an arbitrary write primitive...

8.8CVSS8.8AI score0.00531EPSS
Exploits0References2
CVE
CVEadded 2022/02/04 10:32 p.m.109 views

CVE-2022-23561

CVE-2022-23561 affects TensorFlow’s TFLite, enabling out-of-bounds writes by crafting a TFLite model that can corrupt the memory allocator’s linked list. This vulnerability allows an arbitrary write primitive under certain conditions as described in the CVE description. Affected details in connec...

8.8CVSS8.7AI score0.00531EPSS
Exploits0References2Affected Software1
OSV
OSVadded 2022/02/04 10:32 p.m.33 views

CVE-2022-23561 Out of bounds write in TFLite

Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause a write outside of bounds of an array in TFLite. In fact, the attacker can override the linked list used by the memory allocator. This can be leveraged for an arbitrary write primitive...

8.8CVSS8.6AI score0.00531EPSS
Exploits0References4
Debian CVE
Debian CVEadded 2022/02/04 10:32 p.m.2 views

CVE-2022-23561

Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause a write outside of bounds of an array in TFLite. In fact, the attacker can override the linked list used by the memory allocator. This can be leveraged for an arbitrary write primitive...

8.8CVSS7.1AI score0.00531EPSS
Exploits0
Cvelist
Cvelistadded 2022/02/04 10:32 p.m.35 views

CVE-2022-23561 Out of bounds write in TFLite

Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause a write outside of bounds of an array in TFLite. In fact, the attacker can override the linked list used by the memory allocator. This can be leveraged for an arbitrary write primitive...

8.8CVSS9AI score0.00531EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2022/02/04 10:32 p.m.6 views

CVE-2022-23557 Division by zero in TFLite

Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would trigger a division by zero in BiasAndClamp implementation. There is no check that the biassize is non zero. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on...

6.5CVSS6.4AI score0.00745EPSS
Exploits1References3
CVE
CVEadded 2022/02/04 10:32 p.m.129 views

CVE-2022-23557

TensorFlow/TFLite BiasAndClamp vulnerability: a crafted TFLite model can trigger a division by zero due to missing non-zero bias_size checks in BiasAndClamp. The issue affects TFLite in TensorFlow and will be fixed in TensorFlow 2.8.0, with cherry-picks planned for TensorFlow 2.7.1, 2.6.3, and 2....

6.5CVSS6.6AI score0.00745EPSS
Exploits1References3Affected Software1
Debian CVE
Debian CVEadded 2022/02/04 10:32 p.m.3 views

CVE-2022-23557

Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would trigger a division by zero in BiasAndClamp implementation. There is no check that the biassize is non zero. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on...

6.5CVSS7AI score0.00745EPSS
Exploits1
Cvelist
Cvelistadded 2022/02/04 10:32 p.m.21 views

CVE-2022-23557 Division by zero in TFLite

Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would trigger a division by zero in BiasAndClamp implementation. There is no check that the biassize is non zero. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on...

6.5CVSS6.7AI score0.00745EPSS
Exploits1References3
OSV
OSVadded 2022/02/04 10:32 p.m.19 views

CVE-2022-23557 Division by zero in TFLite

Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would trigger a division by zero in BiasAndClamp implementation. There is no check that the biassize is non zero. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on...

6.5CVSS6.4AI score0.00745EPSS
Exploits1References5
Vulnrichment
Vulnrichmentadded 2022/02/04 10:32 p.m.6 views

CVE-2022-23558 Integer overflow in TFLite array creation

Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in TfLiteIntArrayCreate. The TfLiteIntArrayGetSizeInBytes returns an int instead of a sizet. An attacker can control model inputs such that computedsize overflows the...

7.6CVSS8.8AI score0.00799EPSS
Exploits1References4
Rows per page
Query Builder