Lucene search
K

7035 matches found

PyPA
PyPA
added 2 days ago3 views

TensorFlow vulnerable to integer overflow in math ops

ImpactWhen RangeSize receives values that do not fit into an int64t, it crashes.cpp auto size = std::isintegral::value ? Eigen::numext::abslimit - start + Eigen::numext::absdelta - T1 / Eigen::numext::absdelta : Eigen::numext::ceil Eigen::numext::abslimit - start / delta; // This check does not...

7.5CVSS7AI score0.00547EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added 2 days ago3 views

TensorFlow vulnerable to `CHECK`-fail in `tensorflow::full_type::SubstituteFromAttrs`

ImpactWhen tensorflow::fulltype::SubstituteFromAttrs receives a FullTypeDef& t that is not exactly three args, it triggers a CHECK-fail instead of returning a status.cppStatus SubstituteForEachAttrMap& attrs, FullTypeDef& t DCHECKEQt.argssize, 3; const auto& cont = t.args0; const auto& tmpl =...

7.5CVSS7AI score0.00547EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added 2 days ago2 views

TensorFlow vulnerable to integer overflow in math ops

ImpactWhen RangeSize receives values that do not fit into an int64t, it crashes.cpp auto size = std::isintegral::value ? Eigen::numext::abslimit - start + Eigen::numext::absdelta - T1 / Eigen::numext::absdelta : Eigen::numext::ceil Eigen::numext::abslimit - start / delta; // This check does not...

7.5CVSS7AI score0.00547EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added 2 days ago3 views

TensorFlow vulnerable to assertion fail on MLIR empty edge names

ImpactWhen mlir::tfg::ConvertGenericFunctionToFunctionDef is given empty function attributes, it crashes.cpp// We pre-allocate the array of operands and populate it using the// outputnametoposition and controloutputtoposition populated// previously.SmallVector retvalsfunc.retsize +...

7.5CVSS7AI score0.00547EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added 2 days ago5 views

TensorFlow vulnerable to `CHECK` fail in `DenseBincount`

ImpactDenseBincount assumes its input tensor weights to either have the same shape as its input tensor input or to be length-0. A different weights shape will trigger a CHECK fail that can be used to trigger a denial of service attack.pythonimport tensorflow as tfbinaryoutput = Trueinput =...

7.5CVSS6.9AI score0.00396EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added 2 days ago4 views

TensorFlow vulnerable to null-dereference in `mlir::tfg::TFOp::nameAttr`

ImpactWhen mlir::tfg::TFOp::nameAttr receives null type list attributes, it crashes.cppStatusOr GraphDefImporter::ArgNumTypeconst NamedAttrList , const OpDef::ArgDef def, SmallVectorImpl // Check whether a type list attribute is specified. if !argdef.typelistattr.empty if auto v =...

7.5CVSS7AI score0.00559EPSS
Exploits0References9Affected Software1
PyPA
PyPA
added 2 days ago4 views

TensorFlow vulnerable to `CHECK` fail in `RaggedTensorToVariant`

ImpactIf RaggedTensorToVariant is given a rtnestedsplits list that contains tensors of ranks other than one, it results in a CHECK fail that can be used to trigger a denial of service attack.pythonimport tensorflow as tfbatchedinput = Truertnestedsplits = tf.constant0,32,64, shape=3,...

7.5CVSS6.9AI score0.00383EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added 2 days ago4 views

TensorFlow vulnerable to `CHECK` failure in `AvgPoolOp`

ImpactThe AvgPoolOp function takes an argument ksize that must be positive but is not checked. A negative ksize can trigger a CHECK failure and crash the program.pythonimport tensorflow as tfimport numpy as npvalue = np.ones1, 1, 1, 1ksize = 1, 1e20, 1, 1strides = 1, 1, 1, 1padding =...

7.5CVSS6.9AI score0.00562EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added 2 days ago4 views

TensorFlow segfault TFLite converter on per-channel quantized transposed convolutions

ImpactWhen converting transposed convolutions using per-channel weight quantization the converter segfaults and crashes the Python process.pythonimport tensorflow as tfclass QuantConv2DTransposedtf.keras.layers.Layer: def buildself, inputshape: self.kernel = self.addweight"kernel", 3, 3,...

7.5CVSS6.9AI score0.00596EPSS
Exploits1References8Affected Software1
PyPA
PyPA
added 2 days ago4 views

TensorFlow vulnerable to `CHECK` failure in `AvgPoolOp`

ImpactThe AvgPoolOp function takes an argument ksize that must be positive but is not checked. A negative ksize can trigger a CHECK failure and crash the program.pythonimport tensorflow as tfimport numpy as npvalue = np.ones1, 1, 1, 1ksize = 1, 1e20, 1, 1strides = 1, 1, 1, 1padding =...

7.5CVSS6.9AI score0.00562EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added 2 days ago3 views

TensorFlow vulnerable to `CHECK` fail in `FakeQuantWithMinMaxVarsPerChannel`

ImpactIf FakeQuantWithMinMaxVarsPerChannel is given min or max tensors of a rank other than one, it results in a CHECK fail that can be used to trigger a denial of service attack.pythonimport tensorflow as tfnumbits = 8narrowrange = Falseinputs = tf.constant0, shape=4, dtype=tf.float32min =...

7.5CVSS6.9AI score0.00396EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added 2 days ago4 views

TensorFlow vulnerable to `CHECK` fail in `RaggedTensorToVariant`

ImpactIf RaggedTensorToVariant is given a rtnestedsplits list that contains tensors of ranks other than one, it results in a CHECK fail that can be used to trigger a denial of service attack.pythonimport tensorflow as tfbatchedinput = Truertnestedsplits = tf.constant0,32,64, shape=3,...

7.5CVSS6.9AI score0.00383EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added 2 days ago4 views

TensorFlow vulnerable to `CHECK` fail in `QuantizeAndDequantizeV3`

ImpactIf QuantizeAndDequantizeV3 is given a nonscalar numbits input tensor, it results in a CHECK fail that can be used to trigger a denial of service attack.pythonimport tensorflow as tfsignedinput = Truerangegiven = Falsenarrowrange = Falseaxis = -1input = tf.constant-3.5, shape=1,...

7.5CVSS6.9AI score0.00396EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added 2 days ago4 views

TensorFlow vulnerable to `CHECK` fail in `QuantizeAndDequantizeV3`

ImpactIf QuantizeAndDequantizeV3 is given a nonscalar numbits input tensor, it results in a CHECK fail that can be used to trigger a denial of service attack.pythonimport tensorflow as tfsignedinput = Truerangegiven = Falsenarrowrange = Falseaxis = -1input = tf.constant-3.5, shape=1,...

7.5CVSS6.9AI score0.00396EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added 2 days ago4 views

TensorFlow vulnerable to `CHECK` fail in `FakeQuantWithMinMaxVarsPerChannel`

ImpactIf FakeQuantWithMinMaxVarsPerChannel is given min or max tensors of a rank other than one, it results in a CHECK fail that can be used to trigger a denial of service attack.pythonimport tensorflow as tfnumbits = 8narrowrange = Falseinputs = tf.constant0, shape=4, dtype=tf.float32min =...

7.5CVSS6.9AI score0.00396EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added 2 days ago3 views

TensorFlow segfault TFLite converter on per-channel quantized transposed convolutions

ImpactWhen converting transposed convolutions using per-channel weight quantization the converter segfaults and crashes the Python process.pythonimport tensorflow as tfclass QuantConv2DTransposedtf.keras.layers.Layer: def buildself, inputshape: self.kernel = self.addweight"kernel", 3, 3,...

7.5CVSS6.9AI score0.00596EPSS
Exploits1References8Affected Software1
PyPA
PyPA
added 2 days ago4 views

PYSEC-2026-3442

Authenticated SSRF in Gravitino JobManager allows server-side HTTP requests to internal network and cloud metadata endpoints via unvalidated job template URIs. A vulnerability in Apache Gravitino.This issue affects Apache Gravitino: from 1.0.0 through 1.2.1.Users are recommended to upgrade to...

6.5CVSS6.1AI score0.00502EPSS
Exploits0References2Affected Software1
PyPA
PyPA
added 2 days ago4 views

PYSEC-2026-3441

URL path injection via unencoded user-supplied identifiers vulnerability in Apache Gravitino.This issue affects Apache Gravitino: from 1.0.0 before 1.2.1.Users are recommended to upgrade to version 1.2.1, which fixes the issue...

9.1CVSS6.1AI score0.00592EPSS
Exploits0References2Affected Software1
PyPA
PyPA
added 5 days ago4 views

PYSEC-2026-3443

Crawl4AI before 0.8.7 contains a server-side request forgery SSRF vulnerability in the Docker API server's /crawl/job and /llm/job endpoints, which accept webhook URLs without destination validation. An attacker can supply webhook URLs pointing to private or internal IP ranges, Docker networks, o...

9.2CVSS6.1AI score0.00371EPSS
Exploits0References3Affected Software1
PyPA
PyPA
added 6 days ago3 views

TensorFlow vulnerable to OOB write in `scatter_nd` in TF Lite

ImpactThe ScatterNd function takes an input argument that determines the indices of of the output tensor. An input index greater than the output tensor or less than zero will either write content at the wrong index or trigger a crash. PatchesWe have patched the issue in GitHub commit...

9.8CVSS7AI score0.00441EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added 6 days ago3 views

TensorFlow vulnerable to `CHECK` failure in tf.reshape via overflows

ImpactThe implementation of tf.reshape op in TensorFlow is vulnerable to a denial of service via CHECK-failure assertion failure caused by overflowing the number of elements in a tensor:pythonimport tensorflow as tftf.reshapetensor=1,shape=tf.constant0 for i in range255, dtype=tf.int64This is...

7.5CVSS6.9AI score0.00396EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added 6 days ago3 views

TensorFlow vulnerable to `CHECK` fail in `tf.sparse.cross`

ImpactIf tf.sparse.cross receives an input separator that is not a scalar, it gives a CHECK fail that can be used to trigger a denial of service attack.pythonimport tensorflow as tftf.sparse.crossinputs=,name='a',separator=tf.constant'a', 'b',dtype=tf.string PatchesWe have patched the issue in...

7.5CVSS6.9AI score0.00405EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added 6 days ago4 views

TensorFlow vulnerable to `CHECK` fail in `tf.sparse.cross`

ImpactIf tf.sparse.cross receives an input separator that is not a scalar, it gives a CHECK fail that can be used to trigger a denial of service attack.pythonimport tensorflow as tftf.sparse.crossinputs=,name='a',separator=tf.constant'a', 'b',dtype=tf.string PatchesWe have patched the issue in...

7.5CVSS6.9AI score0.00405EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added 6 days ago3 views

TensorFlow vulnerable to OOB read in `Gather_nd` in TF Lite

ImpactThe GatherNd function takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read is triggered. PatchesWe have patched the issue in GitHub commit...

9.1CVSS7AI score0.00441EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added 6 days ago3 views

TensorFlow vulnerable to OOB read in `Gather_nd` in TF Lite

ImpactThe GatherNd function takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read is triggered. PatchesWe have patched the issue in GitHub commit...

9.1CVSS7AI score0.00441EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added 6 days ago2 views

TensorFlow vulnerable to `CHECK` failure in tf.reshape via overflows

ImpactThe implementation of tf.reshape op in TensorFlow is vulnerable to a denial of service via CHECK-failure assertion failure caused by overflowing the number of elements in a tensor:pythonimport tensorflow as tftf.reshapetensor=1,shape=tf.constant0 for i in range255, dtype=tf.int64This is...

7.5CVSS6.9AI score0.00396EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added 6 days ago3 views

TensorFlow vulnerable to `CHECK` failure in `SobolSample` via missing validation

ImpactThe implementation of SobolSampleOp is vulnerable to a denial of service via CHECK-failure assertion failure caused by assuming input0, input1, and input2 to be scalar.pythonimport tensorflow as tftf.rawops.SobolSampledim=tf.constant1,0, numresults=tf.constant1, skip=tf.constant1 PatchesWe...

7.5CVSS6.9AI score0.00441EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added 6 days ago2 views

TensorFlow vulnerable to `CHECK` failure in `SobolSample` via missing validation

ImpactThe implementation of SobolSampleOp is vulnerable to a denial of service via CHECK-failure assertion failure caused by assuming input0, input1, and input2 to be scalar.pythonimport tensorflow as tftf.rawops.SobolSampledim=tf.constant1,0, numresults=tf.constant1, skip=tf.constant1 PatchesWe...

7.5CVSS6.9AI score0.00441EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added 6 days ago6 views

TensorFlow vulnerable to OOB write in `scatter_nd` in TF Lite

ImpactThe ScatterNd function takes an input argument that determines the indices of of the output tensor. An input index greater than the output tensor or less than zero will either write content at the wrong index or trigger a crash. PatchesWe have patched the issue in GitHub commit...

9.8CVSS7AI score0.00441EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added 6 days ago4 views

TensorFlow vulnerable to `CHECK` fail in `Conv2DBackpropInput`

ImpactWhen Conv2DBackpropInput receives empty outbackprop inputs e.g. 3, 1, 0, 1, the current CPU/GPU kernels CHECK fail one with dnnl, the other with cudnn. This can be used to trigger a denial of service attack.pythonimport tensorflow as tfimport numpy as npinputsizes = 3, 1, 1, 2filter =...

7.5CVSS6.9AI score0.00396EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added 6 days ago2 views

Incomplete validation in signal ops leads to crashes in TensorFlow

ImpactThe tf.compat.v1.signal.rfft2d and tf.compat.v1.signal.rfft3d lack input validation and under certain condition can result in crashes due to CHECK-failures. Patches We have patched the issue in GitHub commit 0a8a781e597b18ead006d19b7d23d0a369e9ad73 merging GitHub PR 55274.The fix will be...

5.5CVSS6.2AI score0.0031EPSS
Exploits1References12Affected Software1
PyPA
PyPA
added 6 days ago4 views

Code injection in `saved_model_cli` in TensorFlow

ImpactTensorFlow's savedmodelcli tool is vulnerable to a code injection:savedmodelcli run --inputexprs 'x=print"malicious code to run"' --dir ./--tagset serve --signaturedef servingdefaultThis can be used to open a reverse shell savedmodelcli run --inputexprs 'hello=exec"""\nimport...

7.8CVSS6.9AI score0.00536EPSS
Exploits1References12Affected Software1
PyPA
PyPA
added 6 days ago4 views

Code injection in `saved_model_cli` in TensorFlow

ImpactTensorFlow's savedmodelcli tool is vulnerable to a code injection:savedmodelcli run --inputexprs 'x=print"malicious code to run"' --dir ./--tagset serve --signaturedef servingdefaultThis can be used to open a reverse shell savedmodelcli run --inputexprs 'hello=exec"""\nimport...

7.8CVSS6.9AI score0.00536EPSS
Exploits1References12Affected Software1
PyPA
PyPA
added 6 days ago4 views

Microsoft: CBC Padding Oracle in Azure Blob Storage Encryption Library

SummaryThe Azure Storage Encryption library in Java and other languages is vulnerable to a CBC Padding Oracle attack, similar to CVE-2020-8911. The library is not vulnerable to the equivalent of CVE-2020-8912, but only because it currently only supports AES-CBC as encryption mode. SeverityModerat...

4.7CVSS6.4AI score0.00521EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 6 days ago3 views

Core dump when loading TFLite models with quantization in TensorFlow

ImpactCertain TFLite models that were created using TFLite model converter would crash when loaded in the TFLite interpreter. The culprit is that during quantization the scale of values could be greater than 1 but code was always assuming sub-unit scaling.Thus, since code was calling...

5.5CVSS6.2AI score0.00316EPSS
Exploits1References12Affected Software1
PyPA
PyPA
added 6 days ago4 views

Incomplete validation in signal ops leads to crashes in TensorFlow

ImpactThe tf.compat.v1.signal.rfft2d and tf.compat.v1.signal.rfft3d lack input validation and under certain condition can result in crashes due to CHECK-failures. Patches We have patched the issue in GitHub commit 0a8a781e597b18ead006d19b7d23d0a369e9ad73 merging GitHub PR 55274.The fix will be...

5.5CVSS6.2AI score0.0031EPSS
Exploits1References12Affected Software1
PyPA
PyPA
added 6 days ago4 views

Core dump when loading TFLite models with quantization in TensorFlow

ImpactCertain TFLite models that were created using TFLite model converter would crash when loaded in the TFLite interpreter. The culprit is that during quantization the scale of values could be greater than 1 but code was always assuming sub-unit scaling.Thus, since code was calling...

5.5CVSS6.2AI score0.00316EPSS
Exploits1References12Affected Software1
PyPA
PyPA
added 6 days ago4 views

TensorFlow vulnerable to `CHECK` fail in `Conv2DBackpropInput`

ImpactWhen Conv2DBackpropInput receives empty outbackprop inputs e.g. 3, 1, 0, 1, the current CPU/GPU kernels CHECK fail one with dnnl, the other with cudnn. This can be used to trigger a denial of service attack.pythonimport tensorflow as tfimport numpy as npinputsizes = 3, 1, 1, 2filter =...

7.5CVSS6.9AI score0.00396EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added 6 days ago3 views

Uncontrolled Resource Consumption in asyncua and opcua

All versions of package opcua; all versions of package asyncua are vulnerable to Denial of Service DoS due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited numb...

7.5CVSS7AI score0.01063EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added 6 days ago4 views

Heap buffer overflow due to incorrect hash function in TensorFlow

ImpactThe TensorKey hash function used total estimated AllocatedBytes, which a is an estimate per tensor, and b is a very poor hash function for constants e.g. int32t. It also tried to access individual tensor bytes through tensor.data of size AllocatedBytes. This led to ASAN failures because the...

5.5CVSS6.2AI score0.00225EPSS
Exploits0References9Affected Software1
PyPA
PyPA
added 6 days ago4 views

Heap buffer overflow due to incorrect hash function in TensorFlow

ImpactThe TensorKey hash function used total estimated AllocatedBytes, which a is an estimate per tensor, and b is a very poor hash function for constants e.g. int32t. It also tried to access individual tensor bytes through tensor.data of size AllocatedBytes. This led to ASAN failures because the...

5.5CVSS6.2AI score0.00225EPSS
Exploits0References9Affected Software1
PyPA
PyPA
added 6 days ago3 views

Segfault and OOB write due to incomplete validation in `EditDistance` in TensorFlow

ImpactThe implementation of tf.rawops.EditDistance has incomplete validation. Users can pass negative values to cause a segmentation fault based denial of service:pythonimport tensorflow as tfhypothesisindices = tf.constant-1250999896764, shape=3, 3, dtype=tf.int64 hypothesisvalues = tf.constant0...

7.1CVSS7AI score0.00378EPSS
Exploits1References10Affected Software1
PyPA
PyPA
added 6 days ago3 views

Missing validation results in undefined behavior in `SparseTensorDenseAdd

ImpactThe implementation of tf.rawops.SparseTensorDenseAdd does not fully validate the input arguments:pythonimport tensorflow as tfaindices = tf.constant0, shape=17, 2, dtype=tf.int64avalues = tf.constant, shape=0, dtype=tf.float32ashape = tf.constant6, 12, shape=2, dtype=tf.int64b =...

5.5CVSS6.2AI score0.00338EPSS
Exploits1References11Affected Software1
PyPA
PyPA
added 6 days ago3 views

Undefined behavior when users supply invalid resource handles

ImpactMultiple TensorFlow operations misbehave in eager mode when the resource handle provided to them is invalid:pythonimport tensorflow as tftf.rawops.QueueIsClosedV2handle=pythonimport tensorflow as tftf.summary.flushwriter= In graph mode, it would have been impossible to perform these API...

5.5CVSS6.2AI score0.00317EPSS
Exploits1References11Affected Software1
PyPA
PyPA
added 6 days ago4 views

Segfault and OOB write due to incomplete validation in `EditDistance` in TensorFlow

ImpactThe implementation of tf.rawops.EditDistance has incomplete validation. Users can pass negative values to cause a segmentation fault based denial of service:pythonimport tensorflow as tfhypothesisindices = tf.constant-1250999896764, shape=3, 3, dtype=tf.int64 hypothesisvalues = tf.constant0...

7.1CVSS7AI score0.00378EPSS
Exploits1References10Affected Software1
PyPA
PyPA
added 6 days ago4 views

Undefined behavior when users supply invalid resource handles

ImpactMultiple TensorFlow operations misbehave in eager mode when the resource handle provided to them is invalid:pythonimport tensorflow as tftf.rawops.QueueIsClosedV2handle=pythonimport tensorflow as tftf.summary.flushwriter= In graph mode, it would have been impossible to perform these API...

5.5CVSS6.2AI score0.00317EPSS
Exploits1References11Affected Software1
PyPA
PyPA
added 6 days ago3 views

Type confusion leading to `CHECK`-failure based denial of service in TensorFlow

ImpactThe macros that TensorFlow uses for writing assertions e.g., CHECKLT, CHECKGT, etc. have an incorrect logic when comparing sizet and int values. Due to type conversion rules, several of the macros would trigger incorrectly. PatchesWe have patched the issue in GitHub commit...

5.5CVSS6.2AI score0.00386EPSS
Exploits1References13Affected Software1
PyPA
PyPA
added 6 days ago3 views

Segfault if `tf.histogram_fixed_width` is called with NaN values in TensorFlow

ImpactThe implementation of tf.histogramfixedwidth is vulnerable to a crash when the values array contain NaN elements:pythonimport tensorflow as tfimport numpy as nptf.histogramfixedwidthvalues=np.nan, valuerange=1,2The implementation assumes that all floating point operations are defined and th...

5.5CVSS6.2AI score0.00314EPSS
Exploits1References13Affected Software1
PyPA
PyPA
added 6 days ago3 views

Type confusion leading to `CHECK`-failure based denial of service in TensorFlow

ImpactThe macros that TensorFlow uses for writing assertions e.g., CHECKLT, CHECKGT, etc. have an incorrect logic when comparing sizet and int values. Due to type conversion rules, several of the macros would trigger incorrectly. PatchesWe have patched the issue in GitHub commit...

5.5CVSS6.2AI score0.00386EPSS
Exploits1References13Affected Software1
PyPA
PyPA
added 6 days ago2 views

Segfault if `tf.histogram_fixed_width` is called with NaN values in TensorFlow

ImpactThe implementation of tf.histogramfixedwidth is vulnerable to a crash when the values array contain NaN elements:pythonimport tensorflow as tfimport numpy as nptf.histogramfixedwidthvalues=np.nan, valuerange=1,2The implementation assumes that all floating point operations are defined and th...

5.5CVSS6.2AI score0.00314EPSS
Exploits1References13Affected Software1
Total number of security vulnerabilities7035