Lucene search
K
PypaMost viewed

5616 matches found

PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-457

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a heap buffer overflow in tf.rawops.QuantizedResizeBilinear by manipulating input values so that float rounding results in off-by-one error in accessing image elements. This is because the...

7.8CVSS7.6AI score0.00251EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-249

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a heap buffer overflow in Eigen implementation of tf.rawops.BandedTriangularSolve. The...

7.8CVSS7.5AI score0.00287EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-183

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger an integer division by zero undefined behavior in tf.rawops.QuantizedBiasAdd. This is because the implementation of the Eigen...

7.8CVSS6.9AI score0.00201EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-704

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.FractionalAvgPoolGrad is vulnerable to a heap buffer overflow. The...

7.8CVSS7.3AI score0.00211EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-238

TensorFlow is an end-to-end open source platform for machine learning. The TFLite implementation of concatenation is vulnerable to an integer overflow issuehttps://github.com/tensorflow/tensorflow/blob/7b7352a724b690b11bfaae2cd54bc3907daf6285/tensorflow/lite/kernels/concatenation.ccL70-L76. An...

7.1CVSS7.2AI score0.00192EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-523

TensorFlow is an end-to-end open source platform for machine learning. The implementation of the DepthToSpace TFLite operator is vulnerable to a division by zero...

7.8CVSS6.9AI score0.00201EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-710

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in caused by an integer overflow in constructing a new tensor shape. This is because the...

5.5CVSS7.2AI score0.00189EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-175

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a division by zero to occur in Conv2DBackpropFilter. This is because the...

5.5CVSS6.7AI score0.00189EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-495

TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in tf.rawops.SparseDenseCwiseMul, an attacker can trigger denial of service via CHECK-fails or accesses to outside the bounds of heap allocated data. Since the...

5.5CVSS7AI score0.00189EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-676

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a runtime division by zero error and denial of service in tf.rawops.FractionalAvgPool. This is because the...

5.5CVSS6.8AI score0.00189EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-235

TensorFlow is an end-to-end open source platform for machine learning. The implementation of the SVDF TFLite operator is vulnerable to a division by zero errorhttps://github.com/tensorflow/tensorflow/blob/7f283ff806b2031f407db64c4d3edcda8fb9f9f5/tensorflow/lite/kernels/svdf.ccL99-L102. An attacke...

7.8CVSS6.9AI score0.00201EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-240

TensorFlow is an end-to-end open source platform for machine learning. A specially crafted TFLite model could trigger an OOB write on heap in the TFLite implementation of...

7.8CVSS7.2AI score0.00201EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-486

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in tf.rawops.SparseSplit. This is because the...

7.8CVSS7.4AI score0.00211EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-194

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via a FPE runtime error in tf.rawops.SparseMatMul. The division by 0 occurs deep in Eigen code because the b tensor is empty. The fix will be included in TensorFlow 2.5.0. We will also...

5.5CVSS7.1AI score0.00189EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-181

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in tf.rawops.QuantizeAndDequantizeV4Grad. This is because the...

5.5CVSS6.7AI score0.0031EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-224

TensorFlow is an end-to-end open source platform for machine learning. The Prepare step of the SpaceToDepth TFLite operator does not check for 0 before divisionhttps://github.com/tensorflow/tensorflow/blob/5f7975d09eac0f10ed8a17dbb6f5964977725adc/tensorflow/lite/kernels/spacetodepth.ccL63-L67. An...

7.8CVSS6.9AI score0.00201EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-541

TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in tf.rawops.CTCLoss allows an attacker to trigger an OOB read from heap. The fix will be included in TensorFlow 2.5.0. We will also cherrypick these commits on TensorFlow 2.4.2, TensorFlow 2.3.3,...

7.1CVSS6.9AI score0.0024EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-656

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a null pointer dereference by providing an invalid permutation to tf.rawops.SparseMatrixSparseCholesky. This is because the...

7.8CVSS7.2AI score0.00232EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-454

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in tf.rawops.Conv2D. This is because the implementationhttps://github.com/tensorflow/tensorflow/blob/988087bd83f144af14087fe4fecee2d250d93737/tensorflow/core/kernels/convops.ccL261-L263...

5.5CVSS7AI score0.00198EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-159

TensorFlow is an end-to-end open source platform for machine learning. The tf.rawops.Conv3DBackprop operations fail to validate that the input tensors are not empty. In turn, this would result in a division by 0. This is because the...

5.5CVSS6.8AI score0.00189EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-463

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in QuantizedMul by passing in invalid thresholds for the quantization. This is because the...

7.8CVSS7.4AI score0.00211EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-675

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a runtime division by zero error and denial of service in tf.rawops.QuantizedBatchNormWithGlobalNormalization. This is because the...

5.5CVSS6.8AI score0.00189EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-243

TensorFlow is an end-to-end open source platform for machine learning. A specially crafted TFLite model could trigger an OOB read on heap in the TFLite implementation of...

7.8CVSS6.8AI score0.00215EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-535

TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in SparseAdd results in allowing attackers to exploit undefined behavior dereferencing null pointers as well as write outside of bounds of heap allocated data. The...

7.8CVSS7.2AI score0.00234EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-184

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a segfault and denial of service via accessing data outside of bounds in tf.rawops.QuantizedBatchNormWithGlobalNormalization. This is because the...

5.5CVSS6.9AI score0.00189EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-182

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in converting sparse tensors to CSR Sparse matrices. This is because the...

5.5CVSS6.9AI score0.00189EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-520

TensorFlow is an end-to-end open source platform for machine learning. The fix for CVE-2020-15209https://vulners.com/cve/CVE-2020-15209 missed the case when the target shape of Reshape operator is given by the elements of a 1-D tensor. As such, the fix for the...

7.8CVSS6.9AI score0.008EPSS
Exploits2References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-152

TensorFlow is an end-to-end open source platform for machine learning. The implementation of MatrixDiag operationshttps://github.com/tensorflow/tensorflow/blob/4c4f420e68f1cfaf8f4b6e8e3eb857e9e4c3ff33/tensorflow/core/kernels/linalg/matrixdiagop.ccL195-L197 does not validate that the tensor...

7.8CVSS7AI score0.00201EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-178

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a dereference of a null pointer in tf.rawops.StringNGrams. This is because the...

5.5CVSS6.9AI score0.00189EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-690

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a null pointer dereference in the implementation of tf.rawops.EditDistance. This is because the...

5.5CVSS7AI score0.00189EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-702

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.MaxPool3DGradGrad is vulnerable to a heap buffer overflow. The...

7.8CVSS7.3AI score0.00211EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-203

TensorFlow is an end-to-end open source platform for machine learning. An attacker can write outside the bounds of heap allocated arrays by passing invalid arguments to tf.rawops.Dilation2DBackpropInput. This is because the...

7.8CVSS7AI score0.00201EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-677

TensorFlow is an end-to-end open source platform for machine learning. The implementation of MatrixTriangularSolvehttps://github.com/tensorflow/tensorflow/blob/8cae746d8449c7dda5298327353d68613f16e798/tensorflow/core/kernels/linalg/matrixtriangularsolveopimpl.hL160-L240 fails to terminate kernel...

5.5CVSS7AI score0.00217EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-644

TensorFlow is an end-to-end open source platform for machine learning. In eager mode default in TF 2.0 and later, session operations are invalid. However, users could still call the raw ops associated with them and trigger a null pointer dereference. The...

7.8CVSS6.8AI score0.00201EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-706

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.FractionalMaxPoolGrad triggers an undefined behavior if one of the input tensors is empty. The code is also vulnerable to a denial of service attack as a CHECK condition becomes false and aborts...

5.5CVSS7AI score0.00189EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-685

TensorFlow is an end-to-end open source platform for machine learning. An attacker can access data outside of bounds of heap allocated array in tf.rawops.UnicodeEncode. This is because the...

7.1CVSS7AI score0.00198EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-478

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a runtime division by zero error and denial of service in tf.rawops.FractionalAvgPool. This is because the...

5.5CVSS6.8AI score0.00189EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-734

TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in tf.rawops.RaggedTensorToTensor, an attacker can exploit an undefined behavior if input arguments are empty. The...

7.8CVSS7AI score0.00234EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-672

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger an integer division by zero undefined behavior in tf.rawops.QuantizedBiasAdd. This is because the implementation of the Eigen...

7.8CVSS6.9AI score0.00201EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-162

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in tf.rawops.Conv2DBackpropInput. This is because the...

7.8CVSS7AI score0.00201EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-475

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a segfault and denial of service via accessing data outside of bounds in tf.rawops.QuantizedBatchNormWithGlobalNormalization. This is because the...

5.5CVSS6.9AI score0.00189EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-692

TensorFlow is an end-to-end open source platform for machine learning. An attacker can write outside the bounds of heap allocated arrays by passing invalid arguments to tf.rawops.Dilation2DBackpropInput. This is because the...

7.8CVSS7AI score0.00201EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-174

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in QuantizedResizeBilinear by passing in invalid thresholds for the quantization. This is because the...

7.8CVSS7.4AI score0.00211EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-709

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.FusedBatchNorm is vulnerable to a heap buffer overflow. If the tensors are empty, the same implementation can trigger undefined behavior by dereferencing null pointers. The...

7.8CVSS7.3AI score0.00211EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-204

TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in tf.rawops.SparseDenseCwiseMul, an attacker can trigger denial of service via CHECK-fails or accesses to outside the bounds of heap allocated data. Since the...

5.5CVSS7AI score0.00189EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-540

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a heap buffer overflow in Eigen implementation of tf.rawops.BandedTriangularSolve. The...

7.8CVSS7.5AI score0.00287EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-514

TensorFlow is an end-to-end open source platform for machine learning. Optimized pooling implementations in TFLite fail to check that the stride arguments are not 0 before calling...

7.8CVSS6.9AI score0.00201EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-210

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.MaxPoolGradWithArgmax is vulnerable to a division by 0. The...

5.5CVSS6.9AI score0.00189EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-480

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service by controlling the values of numsegments tensor argument for UnsortedSegmentJoin. This is because the...

5.5CVSS6.8AI score0.00189EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-647

TensorFlow is an end-to-end open source platform for machine learning. Specifying a negative dense shape in tf.rawops.SparseCountSparseOutput results in a segmentation fault being thrown out from the standard library as std::vector invariants are broken. This is because the...

5.5CVSS6.9AI score0.00189EPSS
Exploits1References2Affected Software1
Total number of security vulnerabilities5000