Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

14326 matches found

Cvelist
Cvelistadded 2022/02/04 10:32 p.m.30 views

CVE-2022-23592 Out of bounds read in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. TensorFlow's type inference can cause a heap out of bounds read as the bounds checking is done in a DCHECK which is a no-op during production. An attacker can control the inputidx variable such that ix would be larger than the number of...

8.1CVSS8.2AI score0.00845EPSS
Exploits1References3
Debian CVE
Debian CVEadded 2022/02/04 10:32 p.m.2 views

CVE-2022-23587

Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow is vulnerable to an integer overflow during cost estimation for crop and resize. Since the cropping parameters are user controlled, a malicious person can trigger undefined behavior...

9.8CVSS7.2AI score0.00874EPSS
Exploits1
Debian CVE
Debian CVEadded 2022/02/04 10:32 p.m.3 views

CVE-2022-23592

Tensorflow is an Open Source Machine Learning Framework. TensorFlow's type inference can cause a heap out of bounds read as the bounds checking is done in a DCHECK which is a no-op during production. An attacker can control the inputidx variable such that ix would be larger than the number of...

8.1CVSS7AI score0.00845EPSS
Exploits1
Cvelist
Cvelistadded 2022/02/04 10:32 p.m.30 views

CVE-2022-23587 Integer overflow in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow is vulnerable to an integer overflow during cost estimation for crop and resize. Since the cropping parameters are user controlled, a malicious person can trigger undefined behavior...

8.8CVSS9.8AI score0.00874EPSS
Exploits1References3
OSV
OSVadded 2022/02/04 10:32 p.m.19 views

CVE-2022-23592 Out of bounds read in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. TensorFlow's type inference can cause a heap out of bounds read as the bounds checking is done in a DCHECK which is a no-op during production. An attacker can control the inputidx variable such that ix would be larger than the number of...

8.1CVSS7.9AI score0.00845EPSS
Exploits1References5
OSV
OSVadded 2022/02/04 10:32 p.m.29 views

CVE-2022-23587 Integer overflow in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow is vulnerable to an integer overflow during cost estimation for crop and resize. Since the cropping parameters are user controlled, a malicious person can trigger undefined behavior...

8.8CVSS9.2AI score0.00874EPSS
Exploits1References5
Vulnrichment
Vulnrichmentadded 2022/02/04 10:32 p.m.4 views

CVE-2022-23595 Null pointer dereference in TensorFlow

Tensorflow is an Open Source Machine Learning Framework. When building an XLA compilation cache, if default settings are used, TensorFlow triggers a null pointer dereference. In the default scenario, all devices are allowed, so flr-configproto is nullptr. The fix will be included in TensorFlow...

5.3CVSS6.5AI score0.00762EPSS
Exploits1References3
CVE
CVEadded 2022/02/04 10:32 p.m.93 views

CVE-2022-23595

TensorFlow (CVE-2022-23595) is a vulnerability caused by a null pointer dereference when building the XLA compilation cache under default settings, where flr->config_proto may be nullptr. The issue affects TensorFlow releases up to 2.8.0, with cherry-picks planned for 2.7.1, 2.6.3, and 2.5.3. ...

6.5CVSS6AI score0.00762EPSS
Exploits1References3Affected Software1
Debian CVE
Debian CVEadded 2022/02/04 10:32 p.m.4 views

CVE-2022-23595

Tensorflow is an Open Source Machine Learning Framework. When building an XLA compilation cache, if default settings are used, TensorFlow triggers a null pointer dereference. In the default scenario, all devices are allowed, so flr-configproto is nullptr. The fix will be included in TensorFlow...

6.5CVSS7AI score0.00762EPSS
Exploits1
Cvelist
Cvelistadded 2022/02/04 10:32 p.m.12 views

CVE-2022-23595 Null pointer dereference in TensorFlow

Tensorflow is an Open Source Machine Learning Framework. When building an XLA compilation cache, if default settings are used, TensorFlow triggers a null pointer dereference. In the default scenario, all devices are allowed, so flr-configproto is nullptr. The fix will be included in TensorFlow...

5.3CVSS6.7AI score0.00762EPSS
Exploits1References3
OSV
OSVadded 2022/02/04 10:32 p.m.27 views

CVE-2022-23595 Null pointer dereference in TensorFlow

Tensorflow is an Open Source Machine Learning Framework. When building an XLA compilation cache, if default settings are used, TensorFlow triggers a null pointer dereference. In the default scenario, all devices are allowed, so flr-configproto is nullptr. The fix will be included in TensorFlow...

5.3CVSS6.4AI score0.00762EPSS
Exploits1References5
Cvelist
Cvelistadded 2022/02/04 10:32 p.m.21 views

CVE-2022-23594 Out of bounds read in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. The TFG dialect of TensorFlow MLIR makes several assumptions about the incoming GraphDef before converting it to the MLIR-based dialect. If an attacker changes the SavedModel format on disk to invalidate these assumptions and the GraphDef i...

8.8CVSS9AI score0.0014EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2022/02/04 10:32 p.m.6 views

CVE-2022-23594 Out of bounds read in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. The TFG dialect of TensorFlow MLIR makes several assumptions about the incoming GraphDef before converting it to the MLIR-based dialect. If an attacker changes the SavedModel format on disk to invalidate these assumptions and the GraphDef i...

8.8CVSS8.8AI score0.0014EPSS
Exploits0References2
CVE
CVEadded 2022/02/04 10:32 p.m.79 views

CVE-2022-23594

TensorFlow MLIR/TFG GraphDef handling flaw: if a SavedModel is on disk with altered format, conversion to the MLIR-based IR can crash the Python interpreter and may enable heap out-of-bounds reads. Affected scope includes the MLIR import path and associated GraphDef assumptions; exploitation deta...

8.8CVSS5.9AI score0.0014EPSS
Exploits0References2Affected Software1
OSV
OSVadded 2022/02/04 10:32 p.m.15 views

CVE-2022-23594 Out of bounds read in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. The TFG dialect of TensorFlow MLIR makes several assumptions about the incoming GraphDef before converting it to the MLIR-based dialect. If an attacker changes the SavedModel format on disk to invalidate these assumptions and the GraphDef i...

8.8CVSS6.6AI score0.0014EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2022/02/04 10:32 p.m.2 views

CVE-2022-23590 Crash due to erroneous `StatusOr` in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. A GraphDef from a TensorFlow SavedModel can be maliciously altered to cause a TensorFlow process to crash due to encountering a StatusOr value that is an error and forcibly extracting the value from it. We have patched the issue in multiple...

5.9CVSS7.5AI score0.00958EPSS
Exploits1References3
CVE
CVEadded 2022/02/04 10:32 p.m.100 views

CVE-2022-23590

CVE-2022-23590 affects TensorFlow. A maliciously altered GraphDef from a SavedModel can trigger a crash by calling ValueOrDie on an error StatusOr, crashing the TensorFlow process. Patches exist in GitHub commits and will be included in TensorFlow 2.8.0 and 2.7.1; remediation in practice is to up...

7.5CVSS6.4AI score0.00958EPSS
Exploits1References3Affected Software1
Cvelist
Cvelistadded 2022/02/04 10:32 p.m.18 views

CVE-2022-23590 Crash due to erroneous `StatusOr` in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. A GraphDef from a TensorFlow SavedModel can be maliciously altered to cause a TensorFlow process to crash due to encountering a StatusOr value that is an error and forcibly extracting the value from it. We have patched the issue in multiple...

5.9CVSS7.7AI score0.00958EPSS
Exploits1References3
Debian CVE
Debian CVEadded 2022/02/04 10:32 p.m.3 views

CVE-2022-23590

Tensorflow is an Open Source Machine Learning Framework. A GraphDef from a TensorFlow SavedModel can be maliciously altered to cause a TensorFlow process to crash due to encountering a StatusOr value that is an error and forcibly extracting the value from it. We have patched the issue in multiple...

7.5CVSS7AI score0.00958EPSS
Exploits1
OSV
OSVadded 2022/02/04 10:32 p.m.17 views

CVE-2022-23590 Crash due to erroneous `StatusOr` in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. A GraphDef from a TensorFlow SavedModel can be maliciously altered to cause a TensorFlow process to crash due to encountering a StatusOr value that is an error and forcibly extracting the value from it. We have patched the issue in multiple...

5.9CVSS7.4AI score0.00958EPSS
Exploits1References5
Rows per page
Query Builder