Tensorflow@2.9.0 Security Vulnerabilities and Issues — Tensorflow@2.9.0 CVE List

Lucene search

GoogleTensorflow2.9.0

26 matches found

CVE•added 2022/05/20 10:16 p.m.•727 views

CVE-2022-29207

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, multiple TensorFlow operations misbehave in eager mode when the resource handle provided to them is invalid. In graph mode, it would have been impossible to perform these API calls, but mig...

5.5CVSS5.6AI score0.00045EPSS

CVE•added 2022/05/20 10:16 p.m.•599 views

CVE-2022-29200

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.raw_ops.LSTMBlockCell does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack. The code...

5.5CVSS5.6AI score0.00044EPSS

CVE•added 2022/05/20 10:16 p.m.•125 views

CVE-2022-29193

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.raw_ops.TensorSummaryV2 does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack. Versio...

5.5CVSS5.4AI score0.00043EPSS

CVE•added 2022/05/20 11:15 p.m.•112 views

CVE-2022-29202

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.ragged.constant does not fully validate the input arguments. This results in a denial of service by consuming all available memory. Versions 2.9.0, 2.8.1, 2.7.2, an...

5.5CVSS5.5AI score0.00051EPSS

CVE•added 2022/05/21 12:15 a.m.•111 views

CVE-2022-29213

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the tf.compat.v1.signal.rfft2d and tf.compat.v1.signal.rfft3d lack input validation and under certain condition can result in crashes (due to CHECK-failures). Versions 2.9.0, 2.8.1, 2.7.2, ...

5.5CVSS5.5AI score0.00118EPSS

CVE•added 2022/05/20 11:15 p.m.•108 views

CVE-2022-29201

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.raw_ops.QuantizedConv2D does not fully validate the input arguments. In this case, references get bound to nullptr for each argument that is empty. Versions 2.9.0, ...

5.5CVSS5.5AI score0.00044EPSS

CVE•added 2022/05/21 12:15 a.m.•108 views

CVE-2022-29216

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, TensorFlow's saved_model_cli tool is vulnerable to a code injection. This can be used to open a reverse shell. This code path was maintained for compatibility reasons as the maintainers had...

7.8CVSS7.8AI score0.00147EPSS

CVE•added 2022/05/21 12:15 a.m.•106 views

CVE-2022-29209

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the macros that TensorFlow uses for writing assertions (e.g., CHECK_LT, CHECK_GT, etc.) have an incorrect logic when comparing size_t and int values. Due to type conversion rules, several o...

5.5CVSS5.5AI score0.00078EPSS

CVE•added 2022/05/20 10:16 p.m.•105 views

CVE-2022-29199

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.raw_ops.LoadAndRemapMatrix does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack. The...

5.5CVSS5.5AI score0.00044EPSS

CVE•added 2022/05/20 10:16 p.m.•104 views

CVE-2022-29197

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.raw_ops.UnsortedSegmentJoin does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack. Th...

5.5CVSS5.5AI score0.00044EPSS

CVE•added 2022/05/20 9:15 p.m.•98 views

CVE-2022-29191

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.raw_ops.GetSessionTensor does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack. Versi...

5.5CVSS5.4AI score0.00113EPSS

CVE•added 2022/05/20 11:15 p.m.•96 views

CVE-2022-29204

5.5CVSS5.5AI score0.00049EPSS

CVE•added 2022/05/20 11:15 p.m.•94 views

CVE-2022-29203

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.raw_ops.SpaceToBatchND (in all backends such as XLA and handwritten kernels) is vulnerable to an integer overflow: The result of this integer overflow is used to al...

5.5CVSS5.5AI score0.00045EPSS

CVE•added 2022/05/20 9:15 p.m.•93 views

CVE-2022-29192

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.raw_ops.QuantizeAndDequantizeV4Grad does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service at...

5.5CVSS5.4AI score0.00072EPSS

CVE•added 2022/05/21 12:15 a.m.•93 views

CVE-2022-29211

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.histogram_fixed_width is vulnerable to a crash when the values array contain Not a Number (NaN) elements. The implementation assumes that all floating point operati...

5.5CVSS5.5AI score0.0008EPSS

CVE•added 2022/05/20 11:15 p.m.•92 views

CVE-2022-29205

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, there is a potential for segfault / denial of service in TensorFlow by calling tf.compat.v1.* ops which don't yet have support for quantized types, which was added after migration to Tensor...

5.5CVSS5.4AI score0.0005EPSS

CVE•added 2022/05/20 11:15 p.m.•92 views

CVE-2022-29208

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.raw_ops.EditDistance has incomplete validation. Users can pass negative values to cause a segmentation fault based denial of service. In multiple places throughout ...

7.1CVSS6.8AI score0.00116EPSS

CVE•added 2022/05/20 9:15 p.m.•89 views

CVE-2022-29194

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.raw_ops.DeleteSessionTensor does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack. Ve...

5.5CVSS5.4AI score0.00072EPSS

CVE•added 2022/05/20 10:16 p.m.•89 views

CVE-2022-29195

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.raw_ops.StagePeek does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack. The code ass...

5.5CVSS5.5AI score0.00044EPSS

CVE•added 2022/05/20 11:15 p.m.•89 views

CVE-2022-29206

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.raw_ops.SparseTensorDenseAdd does not fully validate the input arguments. In this case, a reference gets bound to a nullptr during kernel execution. This is undefin...

5.5CVSS5.5AI score0.00066EPSS

CVE•added 2022/09/16 8:15 p.m.•88 views

CVE-2022-35959

TensorFlow is an open source platform for machine learning. The implementation of AvgPool3DGradOp does not fully validate the input orig_input_shape. This results in an overflow that results in a CHECK failure which can be used to trigger a denial of service attack. We have patched the issue in Git...

7.5CVSS6.5AI score0.00194EPSS

CVE•added 2022/05/20 10:16 p.m.•87 views

CVE-2022-29196

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.raw_ops.Conv3DBackpropFilterV2 does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack....

5.5CVSS5.6AI score0.00044EPSS

CVE•added 2022/05/20 10:16 p.m.•87 views

CVE-2022-29198

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.raw_ops.SparseTensorToCSRSparseMatrix does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service ...

5.5CVSS5.5AI score0.00044EPSS

CVE•added 2022/09/16 8:15 p.m.•82 views

CVE-2022-35963

TensorFlow is an open source platform for machine learning. The implementation of FractionalAvgPoolGrad does not fully validate the input orig_input_tensor_shape. This results in an overflow that results in a CHECK failure which can be used to trigger a denial of service attack. We have patched the...

7.5CVSS6.5AI score0.00194EPSS

CVE•added 2022/05/21 12:15 a.m.•81 views

CVE-2022-29212

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, certain TFLite models that were created using TFLite model converter would crash when loaded in the TFLite interpreter. The culprit is that during quantization the scale of values could be ...

5.5CVSS5.6AI score0.00084EPSS

CVE•added 2022/09/16 8:15 p.m.•73 views

CVE-2022-35960

TensorFlow is an open source platform for machine learning. In core/kernels/list_kernels.cc's TensorListReserve, num_elements is assumed to be a tensor of size 1. When a num_elements of more than 1 element is provided, then tf.raw_ops.TensorListReserve fails the CHECK_EQ in CheckIsAlignedAndSingleE...

7.5CVSS6.5AI score0.00278EPSS