CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

14326 matches found

OSV•added 2022/02/03 12:15 p.m.•4 views

PYSEC-2022-132

Tensorflow is an Open Source Machine Learning Framework. The implementation of AddManySparseToTensorsMap is vulnerable to an integer overflow which results in a CHECK-fail when building new TensorShape objects so, an assert failure based denial of service. We are missing some validation on the...

6.5CVSS5.9AI score0.00788EPSS

Exploits1References4

OSV•added 2022/02/03 12:15 p.m.•3 views

PYSEC-2022-111

Tensorflow is an Open Source Machine Learning Framework. The implementation of ThreadPoolHandle can be used to trigger a denial of service attack by allocating too much memory. This is because the numthreads argument is only checked to not be negative, but there is no upper bound on its value. Th...

6.5CVSS5.9AI score0.00753EPSS

Exploits1References3

OSV•added 2022/02/03 12:15 p.m.•7 views

PYSEC-2022-112

Tensorflow is an Open Source Machine Learning Framework. The implementation of StringNGrams can be used to trigger a denial of service attack by causing an out of memory condition after an integer overflow. We are missing a validation on padwitdh and that result in computing a negative value for...

6.5CVSS6.7AI score0.00808EPSS

Exploits1References3

Cvelist•added 2022/02/03 12:8 p.m.•31 views

CVE-2022-21736 Undefined behavior in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. The implementation of SparseTensorSliceDataset has an undefined behavior: under certain condition it can be made to dereference a nullptr value. The 3 input arguments to SparseTensorSliceDataset represent a sparse tensor. However, there are...

7.6CVSS7.6AI score0.00734EPSS

Exploits1References3

CVE•added 2022/02/03 12:8 p.m.•86 views

CVE-2022-21736

TensorFlow CVE-2022-21736: Undefined behavior in SparseTensorSliceDataset can dereference a nullptr under certain preconditions for sparse-tensor arguments. Affected in TensorFlow 2.5.x–2.7.x and fixed in 2.8.0; commits patch this behavior and are cherry-picked to 2.7.1, 2.6.3, and 2.5.3. Remedia...

7.6CVSS6.6AI score0.00734EPSS

Exploits1References3Affected Software1

Vulnrichment•added 2022/02/03 12:8 p.m.•4 views

CVE-2022-21736 Undefined behavior in Tensorflow

7.6CVSS7.4AI score0.00734EPSS

Exploits1References3

OSV•added 2022/02/03 12:8 p.m.•28 views

CVE-2022-21736 Undefined behavior in Tensorflow

7.6CVSS6.3AI score0.00734EPSS

Exploits1References5

Cvelist•added 2022/02/03 11:52 a.m.•15 views

CVE-2022-23567 Integer overflows in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. The implementations of SparseCwise ops are vulnerable to integer overflows. These can be used to trigger large allocations so, OOM based denial of service or CHECK-fails when building new TensorShape objects so, assert failures based denial...

6.5CVSS6.6AI score0.0108EPSS

Exploits1References5

Debian CVE•added 2022/02/03 11:52 a.m.•3 views

CVE-2022-23567

6.5CVSS6.9AI score0.0108EPSS

Exploits1

CVE•added 2022/02/03 11:52 a.m.•104 views

CVE-2022-23567

CVE-2022-23567 concerns TensorFlow: integer overflows in SparseCwise ops can trigger large allocations (OOM) or CHECK failures during TensorShape construction due to missing input-shape validation. The vulnerability affects TensorFlow releases prior to the fixed version and is acknowledged with a...

6.5CVSS6.6AI score0.0108EPSS

Exploits1References5Affected Software1

Vulnrichment•added 2022/02/03 11:52 a.m.•5 views

CVE-2022-23567 Integer overflows in Tensorflow

6.5CVSS6.4AI score0.0108EPSS

Exploits1References5

OSV•added 2022/02/03 11:52 a.m.•21 views

CVE-2022-23567 Integer overflows in Tensorflow

6.5CVSS6.4AI score0.0108EPSS

Exploits1References7

Vulnrichment•added 2022/02/03 11:42 a.m.•11 views

CVE-2022-23568 Integer overflows in Tensorflow

6.5CVSS6.5AI score0.00788EPSS

Exploits1References4

Debian CVE•added 2022/02/03 11:42 a.m.•2 views

CVE-2022-23568

6.5CVSS7.2AI score0.00788EPSS

Exploits1

CVE•added 2022/02/03 11:42 a.m.•89 views

CVE-2022-23568

CVE-2022-23568 describes an integer overflow in TensorFlow’s AddManySparseToTensorsMap, causing a CHECK-fail when constructingTensorShape objects. The issue arises from insufficient validation of input tensor shapes and constructing large TensorShape with user-provided dimensions, enabling a deni...

6.5CVSS6.7AI score0.00788EPSS

Exploits1References4Affected Software1

Cvelist•added 2022/02/03 11:42 a.m.•25 views

CVE-2022-23568 Integer overflows in Tensorflow

6.5CVSS6.8AI score0.00788EPSS

Exploits1References4

OSV•added 2022/02/03 11:42 a.m.•23 views

CVE-2022-23568 Integer overflows in Tensorflow

6.5CVSS6.5AI score0.00788EPSS

Exploits1References6

Vulnrichment•added 2022/02/03 11:37 a.m.•11 views

CVE-2022-21731 Type confusion leading to segfault in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for ConcatV2 can be used to trigger a denial of service attack via a segfault caused by a type confusion. The axis argument is translated into concatdim in the ConcatShapeHelper helper function. Then, a...

6.5CVSS6.3AI score0.00831EPSS

Exploits1References4

CVE•added 2022/02/03 11:37 a.m.•108 views

CVE-2022-21731

Technical details are not publicly available in the provided Connected documents. The Initial Description mentions a TensorFlow shape-inference vulnerability but does not specify affected products/versions beyond general references. Monitor for updates and official advisories for precise impact a...

6.5CVSS6.4AI score0.00831EPSS

Exploits1References4Affected Software1

Cvelist•added 2022/02/03 11:37 a.m.•28 views

CVE-2022-21731 Type confusion leading to segfault in Tensorflow

6.5CVSS6.6AI score0.00831EPSS

Exploits1References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by