Lucene search
K
PypaMost viewed

5624 matches found

PyPA
PyPA
•added 2021/05/14 8:15 p.m.•6 views

PYSEC-2021-528

TensorFlow is an end-to-end open source platform for machine learning. The implementation of the OneHot TFLite operator is vulnerable to a division by zero errorhttps://github.com/tensorflow/tensorflow/blob/f61c57bd425878be108ec787f4d96390579fb83e/tensorflow/lite/kernels/onehot.ccL68-L72. An...

7.8CVSS6.9AI score0.00201EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•6 views

PYSEC-2021-189

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service by controlling the values of numsegments tensor argument for UnsortedSegmentJoin. This is because the...

5.5CVSS6.8AI score0.00189EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•6 views

PYSEC-2021-691

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a null pointer dereference in the implementation of tf.rawops.SparseFillEmptyRows. This is because of missing...

5.5CVSS6.9AI score0.00189EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•6 views

PYSEC-2021-254

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via CHECK-fail in tf.strings.substr with invalid arguments. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3,...

5.5CVSS6.8AI score0.0023EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•6 views

PYSEC-2021-545

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via CHECK-fail in tf.strings.substr with invalid arguments. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3,...

5.5CVSS6.8AI score0.0023EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•6 views

PYSEC-2021-670

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in tf.rawops.QuantizeAndDequantizeV4Grad. This is because the...

5.5CVSS6.7AI score0.0031EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•6 views

PYSEC-2021-533

TensorFlow is an end-to-end open source platform for machine learning. The TFLite code for allocating TFLiteIntArrays is vulnerable to an integer overflow issuehttps://github.com/tensorflow/tensorflow/blob/4ceffae632721e52bf3501b736e4fe9d1221cdfa/tensorflow/lite/c/common.cL24-L27. An attacker can...

7.1CVSS7.4AI score0.0022EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•6 views

PYSEC-2021-158

TensorFlow is an end-to-end open source platform for machine learning. Specifying a negative dense shape in tf.rawops.SparseCountSparseOutput results in a segmentation fault being thrown out from the standard library as std::vector invariants are broken. This is because the...

5.5CVSS6.9AI score0.00189EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•6 views

PYSEC-2021-449

TensorFlow is an end-to-end open source platform for machine learning. Specifying a negative dense shape in tf.rawops.SparseCountSparseOutput results in a segmentation fault being thrown out from the standard library as std::vector invariants are broken. This is because the...

5.5CVSS6.9AI score0.00189EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•6 views

PYSEC-2021-212

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.ReverseSequence allows for stack overflow and/or CHECK-fail based denial of service. The...

5.5CVSS7.4AI score0.00198EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•6 views

PYSEC-2021-659

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK failure by passing an empty image to tf.rawops.DrawBoundingBoxes. This is because the...

5.5CVSS7AI score0.00217EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•6 views

PYSEC-2021-231

TensorFlow is an end-to-end open source platform for machine learning. TFLite's convolution codehttps://github.com/tensorflow/tensorflow/blob/09c73bca7d648e961dd05898292d91a8322a9d45/tensorflow/lite/kernels/conv.cc has multiple division where the divisor is controlled by the user and not checked ...

7.8CVSS7AI score0.00201EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•6 views

PYSEC-2021-256

TensorFlow is an end-to-end open source platform for machine learning. Passing invalid arguments e.g., discovered via fuzzing to tf.rawops.SparseCountSparseOutput results in segfault. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow...

5.5CVSS7AI score0.00194EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•6 views

PYSEC-2021-732

TensorFlow is an end-to-end open source platform for machine learning. A specially crafted TFLite model could trigger an OOB read on heap in the TFLite implementation of...

7.8CVSS6.8AI score0.00215EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•6 views

PYSEC-2021-208

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.MaxPoolGradWithArgmax can cause reads outside of bounds of heap allocated data if attacker supplies specially crafted inputs. The...

7.8CVSS7.7AI score0.0024EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•6 views

PYSEC-2021-500

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.SdcaOptimizer triggers undefined behavior due to dereferencing a null pointer. The...

5.5CVSS6.9AI score0.00189EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•6 views

PYSEC-2021-507

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.MaxPoolGrad is vulnerable to a heap buffer overflow. The...

7.8CVSS7.3AI score0.00214EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•6 views

PYSEC-2021-190

TensorFlow is an end-to-end open source platform for machine learning. An attacker can read data outside of bounds of heap allocated buffer in tf.rawops.QuantizeAndDequantizeV3. This is because the...

7.1CVSS7.1AI score0.00198EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•6 views

PYSEC-2021-547

TensorFlow is an end-to-end open source platform for machine learning. Passing invalid arguments e.g., discovered via fuzzing to tf.rawops.SparseCountSparseOutput results in segfault. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow...

5.5CVSS7AI score0.00194EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•6 views

PYSEC-2021-169

TensorFlow is an end-to-end open source platform for machine learning. An attacker can force accesses outside the bounds of heap allocated arrays by passing in invalid tensor values to tf.rawops.RaggedCross. This is because the...

7.1CVSS6.8AI score0.00198EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•6 views

PYSEC-2021-506

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.FractionalAvgPoolGrad is vulnerable to a heap buffer overflow. The...

7.8CVSS7.3AI score0.00211EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•6 views

PYSEC-2021-473

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in converting sparse tensors to CSR Sparse matrices. This is because the...

5.5CVSS6.9AI score0.00189EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•6 views

PYSEC-2021-168

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a CHECK fail in PNG encoding by providing an empty input tensor as the pixel data. This is because the...

5.5CVSS7AI score0.00189EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•6 views

PYSEC-2021-646

TensorFlow is an end-to-end open source platform for machine learning. Missing validation between arguments to tf.rawops.Conv3DBackprop operations can result in heap buffer overflows. This is because the...

7.8CVSS7.2AI score0.00224EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•6 views

PYSEC-2021-688

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service by exploiting a CHECK-failure coming from the implementation of tf.rawops.IRFFT. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2,...

5.5CVSS6.8AI score0.00189EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•6 views

PYSEC-2021-726

TensorFlow is an end-to-end open source platform for machine learning. The implementation of the OneHot TFLite operator is vulnerable to a division by zero errorhttps://github.com/tensorflow/tensorflow/blob/f61c57bd425878be108ec787f4d96390579fb83e/tensorflow/lite/kernels/onehot.ccL68-L72. An...

7.8CVSS6.9AI score0.00201EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•6 views

PYSEC-2021-226

TensorFlow is an end-to-end open source platform for machine learning. The reference implementation of the GatherNd TFLite operator is vulnerable to a division by zero...

7.8CVSS6.9AI score0.00201EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•6 views

PYSEC-2021-230

TensorFlow is an end-to-end open source platform for machine learning. The implementation of the BatchToSpaceNd TFLite operator is vulnerable to a division by zero...

7.8CVSS6.9AI score0.00201EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•6 views

PYSEC-2021-220

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.FusedBatchNorm is vulnerable to a heap buffer overflow. If the tensors are empty, the same implementation can trigger undefined behavior by dereferencing null pointers. The...

7.8CVSS7.3AI score0.00211EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•6 views

PYSEC-2021-654

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in tf.rawops.QuantizedMul. This is because the...

5.5CVSS7AI score0.00189EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•6 views

PYSEC-2021-177

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow to occur in Conv2DBackpropFilter. This is because the...

7.8CVSS7.6AI score0.00215EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•6 views

PYSEC-2021-496

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger undefined behavior by binding to null pointer in tf.rawops.ParameterizedTruncatedNormal. This is because the...

7.8CVSS7AI score0.00197EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•6 views

PYSEC-2021-247

TensorFlow is an end-to-end open source platform for machine learning. The validation in tf.rawops.QuantizeAndDequantizeV2 allows invalid values for axis argument:. The...

7.8CVSS7AI score0.00201EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•6 views

PYSEC-2021-723

TensorFlow is an end-to-end open source platform for machine learning. The implementation of the SpaceToBatchNd TFLite operator is vulnerable to a division by zero error. An attacker can craft a model such that one dimension of the block input is 0. Hence, the corresponding value in blockshape is...

7.8CVSS6.9AI score0.00201EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•6 views

PYSEC-2021-248

TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in SparseReshape results in a denial of service based on a CHECK-failure. The...

5.5CVSS6.9AI score0.00202EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•6 views

PYSEC-2021-724

TensorFlow is an end-to-end open source platform for machine learning. The implementation of the SVDF TFLite operator is vulnerable to a division by zero errorhttps://github.com/tensorflow/tensorflow/blob/7f283ff806b2031f407db64c4d3edcda8fb9f9f5/tensorflow/lite/kernels/svdf.ccL99-L102. An attacke...

7.8CVSS6.9AI score0.00201EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•6 views

PYSEC-2021-236

TensorFlow is an end-to-end open source platform for machine learning. The implementation of the Split TFLite operator is vulnerable to a division by zero errorhttps://github.com/tensorflow/tensorflow/blob/e2752089ef7ce9bcf3db0ec618ebd23ea119d0c7/tensorflow/lite/kernels/split.ccL63-L65. An attack...

7.8CVSS6.9AI score0.00209EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•6 views

PYSEC-2021-524

TensorFlow is an end-to-end open source platform for machine learning. The implementation of the EmbeddingLookup TFLite operator is vulnerable to a division by zero...

7.8CVSS6.9AI score0.00201EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•6 views

PYSEC-2021-711

TensorFlow is an end-to-end open source platform for machine learning. The TFLite computation for size of output after padding, ComputeOutSizehttps://github.com/tensorflow/tensorflow/blob/0c9692ae7b1671c983569e5d3de5565843d500cf/tensorflow/lite/kernels/padding.hL43-L55, does not check that the...

7.8CVSS6.9AI score0.00201EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•6 views

PYSEC-2021-216

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.MaxPoolGrad is vulnerable to a heap buffer overflow. The...

7.8CVSS7.3AI score0.00214EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•6 views

PYSEC-2021-234

TensorFlow is an end-to-end open source platform for machine learning. The implementation of the SpaceToBatchNd TFLite operator is vulnerable to a division by zero error. An attacker can craft a model such that one dimension of the block input is 0. Hence, the corresponding value in blockshape is...

7.8CVSS6.9AI score0.00201EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•6 views

PYSEC-2021-497

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.MaxPoolGradWithArgmax can cause reads outside of bounds of heap allocated data if attacker supplies specially crafted inputs. The...

7.1CVSS7AI score0.00198EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•6 views

PYSEC-2021-661

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in QuantizedMul by passing in invalid thresholds for the quantization. This is because the...

7.8CVSS7.4AI score0.00211EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•6 views

PYSEC-2021-733

TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in SparseAdd results in allowing attackers to exploit undefined behavior dereferencing null pointers as well as write outside of bounds of heap allocated data. The...

7.8CVSS7.2AI score0.00234EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•6 views

PYSEC-2021-446

TensorFlow is an end-to-end open source platform for machine learning. In eager mode default in TF 2.0 and later, session operations are invalid. However, users could still call the raw ops associated with them and trigger a null pointer dereference. The...

7.8CVSS6.8AI score0.00201EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•6 views

PYSEC-2021-466

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a division by zero to occur in Conv2DBackpropFilter. This is because the...

5.5CVSS6.7AI score0.00189EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•6 views

PYSEC-2021-207

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.MaxPoolGradWithArgmax can cause reads outside of bounds of heap allocated data if attacker supplies specially crafted inputs. The...

7.1CVSS7AI score0.00154EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•6 views

PYSEC-2021-715

TensorFlow is an end-to-end open source platform for machine learning. The reference implementation of the GatherNd TFLite operator is vulnerable to a division by zero...

7.8CVSS6.9AI score0.00201EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•6 views

PYSEC-2021-255

TensorFlow is an end-to-end open source platform for machine learning. Passing a complex argument to tf.transpose at the same time as passing conjugate=True argument results in a crash. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFl...

5.5CVSS6.9AI score0.0023EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2021/05/14 7:15 p.m.•6 views

PYSEC-2021-680

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via a FPE runtime error in tf.rawops.DenseCountSparseOutput. This is because the...

5.5CVSS6.8AI score0.00189EPSS
Exploits1References2Affected Software1
Total number of security vulnerabilities5000