NotCVE - vendor:"Google" product:"Tensorflow" version:" >= 2.9.0

Page 22 of 128 results (0.009 seconds)

CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 1

CVE-2022-29216 – Code injection in `saved_model_cli` in TensorFlow

https://notcve.org/view.php?id=CVE-2022-29216

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, TensorFlow's `saved_model_cli` tool is vulnerable to a code injection. This can be used to open a reverse shell. This code path was maintained for compatibility reasons as the maintainers had several test cases where numpy expressions were used as arguments. However, given that the tool is always run manually, the impact of this is still not severe. • https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/python/tools/saved_model_cli.py#L566-L574 https://github.com/tensorflow/tensorflow/commit/8b202f08d52e8206af2bdb2112a62fafbc546ec7 https://github.com/tensorflow/tensorflow/commit/c5da7af048611aa29e9382371f0aed5018516cac https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4 https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2 https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1 https://github.com/tensorflow/tensorflow • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 2

CVE-2022-29213 – Incomplete validation in signal ops leads to crashes in TensorFlow

https://notcve.org/view.php?id=CVE-2022-29213

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the `tf.compat.v1.signal.rfft2d` and `tf.compat.v1.signal.rfft3d` lack input validation and under certain condition can result in crashes (due to `CHECK`-failures). Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. TensorFlow es una plataforma de código abierto para el aprendizaje automático. En versiones anteriores a 2.9.0, 2.8.1, 2.7.2 y 2.6.4, "tf.compat.v1.signal.rfft2d" y "tf.compat.v1.signal.rfft3d" carecen de comprobación de entrada y, bajo determinadas condiciones, pueden provocar bloqueos (debido a fallos de "CHECK"). • https://github.com/tensorflow/tensorflow/commit/0a8a781e597b18ead006d19b7d23d0a369e9ad73 https://github.com/tensorflow/tensorflow/issues/55263 https://github.com/tensorflow/tensorflow/pull/55274 https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4 https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2 https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1 https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-58 • CWE-20: Improper Input Validation CWE-617: Reachable Assertion •

CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 3

CVE-2022-29209 – Type confusion leading to `CHECK`-failure based denial of service in TensorFlow

https://notcve.org/view.php?id=CVE-2022-29209

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the macros that TensorFlow uses for writing assertions (e.g., `CHECK_LT`, `CHECK_GT`, etc.) have an incorrect logic when comparing `size_t` and `int` values. Due to type conversion rules, several of the macros would trigger incorrectly. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. TensorFlow es una plataforma de código abierto para el aprendizaje automático. • https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/platform/default/logging.h https://github.com/tensorflow/tensorflow/commit/b917181c29b50cb83399ba41f4d938dc369109a1 https://github.com/tensorflow/tensorflow/issues/55530 https://github.com/tensorflow/tensorflow/pull/55730 https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4 https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2 https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1 https://github&# • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 2

CVE-2022-29211 – Segfault in TensorFlow if `tf.histogram_fixed_width` is called with NaN values

https://notcve.org/view.php?id=CVE-2022-29211

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.histogram_fixed_width` is vulnerable to a crash when the values array contain `Not a Number` (`NaN`) elements. The implementation assumes that all floating point operations are defined and then converts a floating point result to an integer index. If `values` contains `NaN` then the result of the division is still `NaN` and the cast to `int32` would result in a crash. This only occurs on the CPU implementation. • https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/histogram_op.cc https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/histogram_op.cc#L35-L74 https://github.com/tensorflow/tensorflow/commit/e57fd691c7b0fd00ea3bfe43444f30c1969748b5 https://github.com/tensorflow/tensorflow/issues/45770 https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4 https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2 https://github • CWE-20: Improper Input Validation •

CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 2

CVE-2022-29212 – Core dump when loading TFLite models with quantization in TensorFlow

https://notcve.org/view.php?id=CVE-2022-29212

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, certain TFLite models that were created using TFLite model converter would crash when loaded in the TFLite interpreter. The culprit is that during quantization the scale of values could be greater than 1 but code was always assuming sub-unit scaling. Thus, since code was calling `QuantizeMultiplierSmallerThanOneExp`, the `TFLITE_CHECK_LT` assertion would trigger and abort the process. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. • https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/lite/kernels/internal/quantization_util.cc#L114-L123 https://github.com/tensorflow/tensorflow/commit/a989426ee1346693cc015792f11d715f6944f2b8 https://github.com/tensorflow/tensorflow/issues/43661 https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4 https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2 https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1 https://github.com/tensorflow/tensorflow/releases/tag • CWE-20: Improper Input Validation •

1...20 21 22 23 24