Lucene search
K
PypaMost viewed

5616 matches found

PyPA
PyPA
•added 2021/08/13 12:15 a.m.•5 views

PYSEC-2021-312

TensorFlow is an end-to-end open source platform for machine learning. In affected versions when running shape functions, some functions such as MutableHashTableShape produce extra output information in the form of a ShapeAndType struct. The shapes embedded in this struct are owned by an inferenc...

6.6CVSS6.9AI score0.00163EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/13 12:15 a.m.•5 views

PYSEC-2021-801

TensorFlow is an end-to-end open source platform for machine learning. In affected versions when running shape functions, some functions such as MutableHashTableShape produce extra output information in the form of a ShapeAndType struct. The shapes embedded in this struct are owned by an inferenc...

6.6CVSS6.9AI score0.00163EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 11:15 p.m.•5 views

PYSEC-2021-795

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementations of pooling in TFLite are vulnerable to division by 0 errors as there are no checks for divisors not being 0. We have patched the issue in GitHub commit...

5.5CVSS6.9AI score0.00138EPSS
Exploits0References1Affected Software1
PyPA
PyPA
•added 2021/08/12 11:15 p.m.•5 views

PYSEC-2021-581

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause denial of service in applications serving models using tf.rawops.UnravelIndex by triggering a division by 0. The implementation does not check that the tensor subsumed by dims is not...

5.5CVSS6.8AI score0.00154EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 11:15 p.m.•5 views

PYSEC-2021-590

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the shape inference code for tf.rawops.Dequantize has a vulnerability that could trigger a denial of service via a segfault if an attacker provides invalid arguments. The shape inference implementation use...

5.5CVSS7.1AI score0.00148EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 11:15 p.m.•5 views

PYSEC-2021-578

TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in MKL implementation of requantization, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap...

7.8CVSS7AI score0.00185EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2021/08/12 11:15 p.m.•5 views

PYSEC-2021-793

TensorFlow is an end-to-end open source platform for machine learning. In affected versions all TFLite operations that use quantization can be made to use unitialized values. For example. The issue stems from the fact that quantization.params is only valid if quantization.type is different that...

7.1CVSS6.9AI score0.0018EPSS
Exploits0References4Affected Software1
PyPA
PyPA
•added 2021/08/12 11:15 p.m.•5 views

PYSEC-2021-576

TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in tf.rawops.QuantizeV2, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap allocated arrays. Th...

7.8CVSS7AI score0.00173EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 11:15 p.m.•5 views

PYSEC-2021-798

TensorFlow is an end-to-end open source platform for machine learning. In affected versions TFLite's GatherNd implementation does not support negative indices but there are no checks for this situation. Hence, an attacker can read arbitrary data from the heap by carefully crafting a model with...

5.5CVSS6.9AI score0.00191EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2021/08/12 11:15 p.m.•5 views

PYSEC-2021-802

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a division by zero error in LSH implementation. We have patched the issue in GitHub commit 0575b640091680cfb70f4dd93e70658de43b94f9. The fix will be...

5.5CVSS7AI score0.00152EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 11:15 p.m.•5 views

PYSEC-2021-309

TensorFlow is an end-to-end open source platform for machine learning. In affected versions TFLite's GatherNd implementation does not support negative indices but there are no checks for this situation. Hence, an attacker can read arbitrary data from the heap by carefully crafting a model with...

5.5CVSS6.9AI score0.00191EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2021/08/12 11:15 p.m.•5 views

PYSEC-2021-299

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the shape inference code for tf.rawops.Dequantize has a vulnerability that could trigger a denial of service via a segfault if an attacker provides invalid arguments. The shape inference implementation use...

5.5CVSS7.1AI score0.00148EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 11:15 p.m.•5 views

PYSEC-2021-781

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to tf.rawops.UpperBound. The implementation does not validate the rank of sortedinput...

5.5CVSS6.9AI score0.00169EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 11:15 p.m.•5 views

PYSEC-2021-780

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause denial of service in applications serving models using tf.rawops.NonMaxSuppressionV5 by triggering a division by 0. The implementation uses a user controlled argument to resize a...

5.5CVSS6.7AI score0.00175EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2021/08/12 11:15 p.m.•5 views

PYSEC-2021-585

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to tf.rawops.SdcaOptimizerV2. The implementation does not check that the length of...

5.5CVSS6.9AI score0.00172EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 11:15 p.m.•5 views

PYSEC-2021-586

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a denial of service via a CHECK-fail in tf.rawops.MapStage. The implementation does not check that the key input is a valid non-empty tensor. We have patched the issue in GitHub...

5.5CVSS6.8AI score0.00154EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 11:15 p.m.•5 views

PYSEC-2021-776

TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in MKL implementation of requantization, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap...

7.8CVSS7AI score0.00185EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2021/08/12 11:15 p.m.•5 views

PYSEC-2021-306

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementations of pooling in TFLite are vulnerable to division by 0 errors as there are no checks for divisors not being 0. We have patched the issue in GitHub commit...

5.5CVSS6.9AI score0.00138EPSS
Exploits0References1Affected Software1
PyPA
PyPA
•added 2021/08/12 11:15 p.m.•5 views

PYSEC-2021-301

TensorFlow is an end-to-end open source platform for machine learning. In affected versions it is possible to nest a tf.mapfn within another tf.mapfn call. However, if the input tensor is a RaggedTensor and there is no function signature provided, code assumes the output is a fully specified tens...

7.8CVSS7.2AI score0.00181EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 11:15 p.m.•5 views

PYSEC-2021-307

TensorFlow is an end-to-end open source platform for machine learning. In affected versions TFLite's expanddims.cc contains a vulnerability which allows reading one element outside of bounds of heap allocated data. If axis is a large negative value e.g., -100000, then after the first if it would...

5.5CVSS6.9AI score0.00172EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 11:15 p.m.•5 views

PYSEC-2021-287

TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in MKL implementation of requantization, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap...

7.8CVSS7AI score0.00185EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2021/08/12 10:15 p.m.•5 views

PYSEC-2021-302

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of fully connected layers in TFLite is vulnerable to a division by zero error. We have patched the issue in GitHub commit 718721986aa137691ee23f03638867151f74935f. The fix will be includ...

5.5CVSS6.9AI score0.00152EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 10:15 p.m.•5 views

PYSEC-2021-588

TensorFlow is an end-to-end open source platform for machine learning. In affected versions most implementations of convolution operators in TensorFlow are affected by a division by 0 vulnerability where an attacker can trigger a denial of service via a crash. The shape inference implementation i...

5.5CVSS6.8AI score0.0016EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 10:15 p.m.•5 views

PYSEC-2021-565

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for tf.rawops.BoostedTreesCreateEnsemble can result in a use after free error if an attacker supplies specially crafted arguments. The implementation uses a reference counted resource an...

7.8CVSS7.1AI score0.00173EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 10:15 p.m.•5 views

PYSEC-2021-561

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the code for tf.rawops.SaveV2 does not properly validate the inputs and an attacker can trigger a null pointer dereference. The implementation uses ValidateInputs to check that the input arguments are vali...

7.8CVSS7.2AI score0.00186EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 10:15 p.m.•5 views

PYSEC-2021-311

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a crash and denial of service. This is caused by the MLIR optimization of L2NormalizeReduceAxis...

7.8CVSS6.9AI score0.00165EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 10:15 p.m.•5 views

PYSEC-2021-297

TensorFlow is an end-to-end open source platform for machine learning. In affected versions most implementations of convolution operators in TensorFlow are affected by a division by 0 vulnerability where an attacker can trigger a denial of service via a crash. The shape inference implementation i...

5.5CVSS6.8AI score0.0016EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 10:15 p.m.•5 views

PYSEC-2021-579

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.RaggedTensorToVariant. The implementation has an incomplete validation of the splits values, missing the case...

7.8CVSS7AI score0.00173EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 10:15 p.m.•5 views

PYSEC-2021-589

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.SparseFillEmptyRows. The shape inference implementation does not validate that the input arguments are not empt...

7.8CVSS6.9AI score0.00173EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 10:15 p.m.•5 views

PYSEC-2021-791

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of fully connected layers in TFLite is vulnerable to a division by zero error. We have patched the issue in GitHub commit 718721986aa137691ee23f03638867151f74935f. The fix will be includ...

5.5CVSS6.9AI score0.00152EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 10:15 p.m.•5 views

PYSEC-2021-308

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the strided slice implementation in TFLite has a logic bug which can allow an attacker to trigger an infinite loop. This arises from newly introduced support for ellipsis in axis definition. An attacker ca...

5.5CVSS7AI score0.00173EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 10:15 p.m.•5 views

PYSEC-2021-799

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a crash and denial of service. The implementation unconditionally dereferences a pointer. We have...

7.8CVSS6.9AI score0.00165EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 10:15 p.m.•5 views

PYSEC-2021-602

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a crash and denial of service. This is caused by the MLIR optimization of L2NormalizeReduceAxis...

7.8CVSS6.9AI score0.00165EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 9:15 p.m.•5 views

PYSEC-2021-773

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can generate undefined behavior via a reference binding to nullptr in BoostedTreesCalculateBestGainsPerFeature and similar attack can occur in BoostedTreesCalculateBestFeatureSplitV2. The...

7.8CVSS6.9AI score0.00189EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2021/08/12 9:15 p.m.•5 views

PYSEC-2021-276

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a crash via a CHECK-fail in debug builds of TensorFlow using tf.rawops.ResourceGather or a read from outside the bounds of heap allocated data in the same API in a release build. Th...

7.3CVSS7.1AI score0.00167EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 9:15 p.m.•5 views

PYSEC-2021-273

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for tf.rawops.FractionalAvgPoolGrad can be tricked into accessing data outside of bounds of heap allocated buffers. The implementation does not validate that the input tensor is non-empt...

7.8CVSS7.4AI score0.00174EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 9:15 p.m.•5 views

PYSEC-2021-284

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can generate undefined behavior via a reference binding to nullptr in BoostedTreesCalculateBestGainsPerFeature and similar attack can occur in BoostedTreesCalculateBestFeatureSplitV2. The...

7.8CVSS6.9AI score0.00189EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2021/08/12 9:15 p.m.•5 views

PYSEC-2021-257

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of sparse reduction operations in TensorFlow can trigger accesses outside of bounds of heap allocated data. The implementation fails to validate that each reduction group does not overfl...

7.3CVSS7.2AI score0.00167EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 9:15 p.m.•5 views

PYSEC-2021-286

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to BoostedTreesSparseCalculateBestFeatureSplit. The implementation needs to validate that...

7.3CVSS6.9AI score0.00167EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 9:15 p.m.•5 views

PYSEC-2021-767

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.RaggedTensorToSparse. The implementation has an incomplete validation of the splits values: it does not check...

7.8CVSS6.9AI score0.00167EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 9:15 p.m.•5 views

PYSEC-2021-752

TensorFlow is an end-to-end open source platform for machine learning. In affected versions if the arguments to tf.rawops.RaggedGather don't determine a valid ragged tensor code can trigger a read from outside of bounds of heap allocated buffers. The implementation directly reads the first...

7.3CVSS7.1AI score0.00167EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 9:15 p.m.•5 views

PYSEC-2021-768

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type tf.rawops.MatrixDiagV. The implementation has incomplete validation that the value of k is a valid...

7.8CVSS7.1AI score0.00167EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 9:15 p.m.•5 views

PYSEC-2021-277

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a read from outside of bounds of heap allocated data by sending invalid arguments to tf.rawops.ResourceScatterUpdate. The implementation has an incomplete validation of the...

7.3CVSS7.2AI score0.00167EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 9:15 p.m.•5 views

PYSEC-2021-746

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of sparse reduction operations in TensorFlow can trigger accesses outside of bounds of heap allocated data. The implementation fails to validate that each reduction group does not overfl...

7.3CVSS7.2AI score0.00167EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 7:15 p.m.•5 views

PYSEC-2021-551

TensorFlow is an end-to-end open source platform for machine learning. Sending invalid argument for rowpartitiontypes of tf.rawops.RaggedTensorToTensor API results in a null pointer dereference and undefined behavior. The implementation accesses the first element of a user supplied list of values...

7.8CVSS6.9AI score0.00167EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 7:15 p.m.•5 views

PYSEC-2021-260

TensorFlow is an end-to-end open source platform for machine learning. Sending invalid argument for rowpartitiontypes of tf.rawops.RaggedTensorToTensor API results in a null pointer dereference and undefined behavior. The implementation accesses the first element of a user supplied list of values...

7.8CVSS6.9AI score0.00167EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 7:15 p.m.•5 views

PYSEC-2021-760

TensorFlow is an end-to-end open source platform for machine learning. The code for tf.rawops.UncompressElement can be made to trigger a null pointer dereference. The implementation obtains a pointer to a CompressedElement from a Variant tensor and then proceeds to dereference it for decompressin...

7.7CVSS7.1AI score0.0016EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 7:15 p.m.•5 views

PYSEC-2021-748

TensorFlow is an end-to-end open source platform for machine learning. It is possible to trigger a null pointer dereference in TensorFlow by passing an invalid input to tf.rawops.CompressElement. The implementation was accessing the size of a buffer obtained from the return of a separate function...

7.7CVSS7.1AI score0.0016EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 7:15 p.m.•5 views

PYSEC-2021-265

TensorFlow is an end-to-end open source platform for machine learning. If a user does not provide a valid padding value to tf.rawops.MatrixDiagPartOp, then the code triggers a null pointer dereference if input is empty or produces invalid behavior, ignoring all values after the first. The...

7.7CVSS7.2AI score0.0016EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 6:15 p.m.•5 views

PYSEC-2021-258

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of tf.rawops.SparseDenseCwiseDiv is vulnerable to a division by 0 error. The implementation uses a common class for all binary operations but fails to treat the division by 0 case...

5.5CVSS7AI score0.00152EPSS
Exploits0References2Affected Software1
Total number of security vulnerabilities5000