Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

14326 matches found

Cvelist
Cvelistadded 2022/02/04 10:32 p.m.31 views

CVE-2022-23563 Insecure temporary file in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. In multiple places, TensorFlow uses tempfile.mktemp to create temporary files. While this is acceptable in testing, in utilities and libraries it is dangerous as a different process can create the file between the check for the filename in...

7.1CVSS7.1AI score0.00109EPSS
Exploits0References1
CVE
CVEadded 2022/02/04 10:32 p.m.102 views

CVE-2022-23563

TensorFlow (CVE-2022-23563) describes a TOCTOU race caused by tempfile.mktemp usage, where a temporary file could be created by another process between the check and the actual creation. Several connected sources confirm this insecure temporary-file pattern and note that the fix replaces mktemp w...

7.1CVSS6.4AI score0.00109EPSS
Exploits0References1Affected Software1
OSV
OSVadded 2022/02/04 10:32 p.m.21 views

CVE-2022-23563 Insecure temporary file in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. In multiple places, TensorFlow uses tempfile.mktemp to create temporary files. While this is acceptable in testing, in utilities and libraries it is dangerous as a different process can create the file between the check for the filename in...

7.1CVSS6.4AI score0.00109EPSS
Exploits0References3
Debian CVE
Debian CVEadded 2022/02/04 10:32 p.m.4 views

CVE-2022-23563

Tensorflow is an Open Source Machine Learning Framework. In multiple places, TensorFlow uses tempfile.mktemp to create temporary files. While this is acceptable in testing, in utilities and libraries it is dangerous as a different process can create the file between the check for the filename in...

7.1CVSS7AI score0.00109EPSS
Exploits0
CVE
CVEadded 2022/02/04 10:32 p.m.119 views

CVE-2022-23559

TensorFlow/TensorFlow Lite contains an integer overflow in embedding_lookup_sparse within TFLite. The vulnerability arises because embedding_size and lookup_size are computed as products of user-supplied values, enabling overflow during multiplication and potentially leading to a heap-based out-o...

8.8CVSS8.7AI score0.01155EPSS
Exploits1References5Affected Software1
Cvelist
Cvelistadded 2022/02/04 10:32 p.m.26 views

CVE-2022-23559 Integer overflow in TFLite

Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in embedding lookup operations. Both embeddingsize and lookupsize are products of values provided by the user. Hence, a malicious user could trigger overflows in the...

8.8CVSS9AI score0.01155EPSS
Exploits1References5
OSV
OSVadded 2022/02/04 10:32 p.m.24 views

CVE-2022-23559 Integer overflow in TFLite

Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in embedding lookup operations. Both embeddingsize and lookupsize are products of values provided by the user. Hence, a malicious user could trigger overflows in the...

8.8CVSS8.5AI score0.01155EPSS
Exploits1References7
Debian CVE
Debian CVEadded 2022/02/04 10:32 p.m.3 views

CVE-2022-23559

Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in embedding lookup operations. Both embeddingsize and lookupsize are products of values provided by the user. Hence, a malicious user could trigger overflows in the...

8.8CVSS7.2AI score0.01155EPSS
Exploits1
Vulnrichment
Vulnrichmentadded 2022/02/04 10:32 p.m.4 views

CVE-2022-23560 Read and Write outside of bounds in TFLite

Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would allow limited reads and writes outside of arrays in TFLite. This exploits missing validation in the conversion from sparse tensors to dense tensors. The fix is included in TensorFlow 2.8.0. We...

8.8CVSS8.6AI score0.00824EPSS
Exploits1References3
OSV
OSVadded 2022/02/04 10:32 p.m.19 views

CVE-2022-23560 Read and Write outside of bounds in TFLite

Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would allow limited reads and writes outside of arrays in TFLite. This exploits missing validation in the conversion from sparse tensors to dense tensors. The fix is included in TensorFlow 2.8.0. We...

8.8CVSS8.2AI score0.00824EPSS
Exploits1References5
CVE
CVEadded 2022/02/04 10:32 p.m.147 views

CVE-2022-23560

CVE-2022-23560 affects TensorFlow/TFLite: a vulnerability in converting sparse tensors to dense tensors allows limited reads/writes outside array bounds due to missing validation in sparsity_format_converter. The issue is addressed with the TensorFlow 2.8.0 fix, with cherry-picks to 2.7.1, 2.6.3,...

8.8CVSS8.6AI score0.00824EPSS
Exploits1References3Affected Software1
Cvelist
Cvelistadded 2022/02/04 10:32 p.m.41 views

CVE-2022-23560 Read and Write outside of bounds in TFLite

Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would allow limited reads and writes outside of arrays in TFLite. This exploits missing validation in the conversion from sparse tensors to dense tensors. The fix is included in TensorFlow 2.8.0. We...

8.8CVSS8.9AI score0.00824EPSS
Exploits1References3
Vulnrichment
Vulnrichmentadded 2022/02/04 10:32 p.m.5 views

CVE-2022-23574 Out of bounds read and write in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. There is a typo in TensorFlow's SpecializeType which results in heap OOB read/write. Due to a typo, arg is initialized to the ith mutable argument in a loop where the loop index is j. Hence it is possible to assign to arg from outside the...

8.8CVSS8.6AI score0.00824EPSS
Exploits1References3
Cvelist
Cvelistadded 2022/02/04 10:32 p.m.24 views

CVE-2022-23574 Out of bounds read and write in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. There is a typo in TensorFlow's SpecializeType which results in heap OOB read/write. Due to a typo, arg is initialized to the ith mutable argument in a loop where the loop index is j. Hence it is possible to assign to arg from outside the...

8.8CVSS8.9AI score0.00824EPSS
Exploits1References3
CVE
CVEadded 2022/02/04 10:32 p.m.112 views

CVE-2022-23574

CVE-2022-23574 affects TensorFlow. A typo in SpecializeType leads to a heap out-of-bounds read/write by initializing arg to the i-th mutable argument in a loop, enabling writes/read beyond bounds. The issue is fixed in TensorFlow 2.8.0, with cherry-picks for TensorFlow 2.7.1 and 2.6.3. Affected r...

8.8CVSS8.6AI score0.00824EPSS
Exploits1References3Affected Software1
OSV
OSVadded 2022/02/04 10:32 p.m.38 views

CVE-2022-23574 Out of bounds read and write in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. There is a typo in TensorFlow's SpecializeType which results in heap OOB read/write. Due to a typo, arg is initialized to the ith mutable argument in a loop where the loop index is j. Hence it is possible to assign to arg from outside the...

8.8CVSS8.6AI score0.00824EPSS
Exploits1References5
Debian CVE
Debian CVEadded 2022/02/04 10:32 p.m.3 views

CVE-2022-23574

Tensorflow is an Open Source Machine Learning Framework. There is a typo in TensorFlow's SpecializeType which results in heap OOB read/write. Due to a typo, arg is initialized to the ith mutable argument in a loop where the loop index is j. Hence it is possible to assign to arg from outside the...

8.8CVSS6.9AI score0.00824EPSS
Exploits1
Vulnrichment
Vulnrichmentadded 2022/02/04 10:32 p.m.5 views

CVE-2022-23571 Reachable Assertion in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, a TensorFlow process can encounter cases where a CHECK assertion is invalidated based on user controlled arguments, if the tensors have an invalid dtype and 0 elements or an invalid shape. This allows...

6.5CVSS7AI score0.00462EPSS
Exploits0References2
Cvelist
Cvelistadded 2022/02/04 10:32 p.m.49 views

CVE-2022-23571 Reachable Assertion in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, a TensorFlow process can encounter cases where a CHECK assertion is invalidated based on user controlled arguments, if the tensors have an invalid dtype and 0 elements or an invalid shape. This allows...

6.5CVSS6.6AI score0.00462EPSS
Exploits0References2
CVE
CVEadded 2022/02/04 10:32 p.m.139 views

CVE-2022-23571

CVE-2022-23571 concerns TensorFlow, where decoding a tensor from protobuf can trigger a invalid CHECK assertion when tensors have an invalid dtype with 0 elements or an invalid shape, enabling a denial-of-service in affected TF processes. Root cause: CHECK failure during tensor protobuf decoding....

6.5CVSS6.5AI score0.00462EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder