aisecwatch.com
DashboardVulnerabilitiesNewsResearchArchiveStatsDatasetFor devs
Subscribe
aisecwatch.com

Real-time AI security monitoring. Tracking AI-related vulnerabilities, safety and security incidents, privacy risks, research developments, and policy changes.

Navigation

VulnerabilitiesNewsResearchDigest ArchiveNewsletter ArchiveSubscribeData SourcesStatisticsDatasetAPIIntegrationsWidgetRSS Feed

Maintained by

Truong (Jack) Luu

Information Systems Researcher

Browse All

All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.

to
Export CSV
6605 items

CVE-2022-35997: TensorFlow is an open source platform for machine learning. If `tf.sparse.cross` receives an input `separator` that is n

mediumvulnerability
security
Sep 16, 2022
CVE-2022-35997

TensorFlow, an open source machine learning platform, has a vulnerability in its `tf.sparse.cross` function where passing a non-scalar `separator` input (a parameter that isn't a single value) causes a CHECK fail, which can crash the program in a denial of service attack (making a system unavailable by overwhelming it). The flaw affects multiple versions of TensorFlow.

Fix: The issue has been patched in GitHub commit 83dcb4dbfa094e33db084e97c4d0531a559e0ebf. The fix will be included in TensorFlow 2.10.0 and will be backported to TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2.

NVD/CVE Database

CVE-2022-35996: TensorFlow is an open source platform for machine learning. If `Conv2D` is given empty `input` and the `filter` and `pad

mediumvulnerability
security
Sep 16, 2022
CVE-2022-35996

TensorFlow, an open source machine learning platform, has a bug in its `Conv2D` function (a tool for processing image data) where empty input combined with certain filter and padding settings causes division-by-zero errors. This vulnerability allows attackers to crash the system in a denial of service attack (temporarily making a service unavailable by overwhelming or breaking it).

CVE-2022-35995: TensorFlow is an open source platform for machine learning. When `AudioSummaryV2` receives an input `sample_rate` with m

mediumvulnerability
security
Sep 16, 2022
CVE-2022-35995

TensorFlow (an open source machine learning platform) has a vulnerability in its `AudioSummaryV2` function where passing a `sample_rate` input with multiple elements causes a CHECK failure, which can be exploited to trigger a denial of service attack (making the system unavailable by overloading it).

CVE-2022-35994: TensorFlow is an open source platform for machine learning. When `CollectiveGather` receives an scalar input `input`, it

mediumvulnerability
security
Sep 16, 2022
CVE-2022-35994

TensorFlow (an open source platform for machine learning) has a vulnerability where a function called `CollectiveGather` crashes when it receives a scalar input (a single number rather than a list of numbers), allowing attackers to cause a denial of service attack (making the system unavailable). The issue has been fixed and will be released in upcoming versions of TensorFlow.

CVE-2022-35993: TensorFlow is an open source platform for machine learning. When `SetSize` receives an input `set_shape` that is not a 1

mediumvulnerability
security
Sep 16, 2022
CVE-2022-35993

TensorFlow has a vulnerability where the `SetSize` function crashes when it receives an input called `set_shape` that is not a 1D tensor (a one-dimensional array of data). An attacker can exploit this crash to launch a denial of service attack (making the system unavailable to legitimate users).

CVE-2022-35992: TensorFlow is an open source platform for machine learning. When `TensorListFromTensor` receives an `element_shape` of a

mediumvulnerability
security
Sep 16, 2022
CVE-2022-35992

TensorFlow (an open source machine learning platform) has a bug in the `TensorListFromTensor` function where certain inputs cause a CHECK failure that can be exploited to crash the system. This vulnerability affects multiple versions of TensorFlow and has no known workarounds.

CVE-2022-35991: TensorFlow is an open source platform for machine learning. When `TensorListScatter` and `TensorListScatterV2` receive a

mediumvulnerability
security
Sep 16, 2022
CVE-2022-35991

TensorFlow, an open-source machine learning platform, has a vulnerability where two functions (`TensorListScatter` and `TensorListScatterV2`) crash when given certain types of input, allowing attackers to cause a denial of service attack (making the system unavailable). The issue has been fixed and will be released in upcoming versions.

CVE-2022-36026: TensorFlow is an open source platform for machine learning. If `QuantizeAndDequantizeV3` is given a nonscalar `num_bits`

mediumvulnerability
security
Sep 16, 2022
CVE-2022-36026

TensorFlow, an open source platform for machine learning, has a vulnerability in its `QuantizeAndDequantizeV3` function where passing a nonscalar `num_bits` input tensor (a multi-dimensional array instead of a single value) causes the program to crash, which can be exploited for a denial of service attack (making a service unavailable by overwhelming or crashing it). The issue affects multiple TensorFlow versions.

CVE-2022-36019: TensorFlow is an open source platform for machine learning. If `FakeQuantWithMinMaxVarsPerChannel` is given `min` or `ma

mediumvulnerability
security
Sep 16, 2022
CVE-2022-36019

TensorFlow (an open source machine learning platform) has a vulnerability where a specific function called `FakeQuantWithMinMaxVarsPerChannel` crashes when given certain types of input data, allowing attackers to cause a denial of service attack (making the system stop working). The developers have fixed the bug in their code.

CVE-2022-36018: TensorFlow is an open source platform for machine learning. If `RaggedTensorToVariant` is given a `rt_nested_splits` lis

mediumvulnerability
security
Sep 16, 2022
CVE-2022-36018

TensorFlow, an open source platform for machine learning, has a vulnerability where a function called `RaggedTensorToVariant` can crash if it receives incorrectly formatted input (tensors with ranks other than one). An attacker could use this crash to launch a denial of service attack (making the system unavailable).

CVE-2022-35990: TensorFlow is an open source platform for machine learning. When `tf.quantization.fake_quant_with_min_max_vars_per_chann

mediumvulnerability
security
Sep 16, 2022
CVE-2022-35990

A vulnerability in TensorFlow (an open source platform for machine learning) allows attackers to crash the system by sending specially formatted inputs to a specific function called `tf.quantization.fake_quant_with_min_max_vars_per_channel_gradient`, causing a denial of service attack (where a system becomes unavailable). The issue occurs when the function receives input parameters with the wrong structure (rank other than 1).

CVE-2022-35989: TensorFlow is an open source platform for machine learning. When `MaxPool` receives a window size input array `ksize` wi

mediumvulnerability
security
Sep 16, 2022
CVE-2022-35989

TensorFlow (an open source platform for machine learning) has a vulnerability in its MaxPool function, which crashes when given a window size array with dimensions larger than the input data, allowing attackers to cause a denial of service attack (making the system unavailable). The issue has been patched and will be fixed in upcoming versions.

CVE-2022-35988: TensorFlow is an open source platform for machine learning. When `tf.linalg.matrix_rank` receives an empty input `a`, th

mediumvulnerability
security
Sep 16, 2022
CVE-2022-35988

TensorFlow (an open source platform for machine learning) has a vulnerability in its `tf.linalg.matrix_rank` function, which crashes when given an empty input. An attacker could exploit this crash to cause a denial of service attack (making the system unavailable by overwhelming it with requests or triggering failures).

CVE-2022-35987: TensorFlow is an open source platform for machine learning. `DenseBincount` assumes its input tensor `weights` to either

mediumvulnerability
security
Sep 16, 2022
CVE-2022-35987

TensorFlow, an open source platform for machine learning, has a vulnerability in its `DenseBincount` function where it doesn't properly check if the `weights` input tensor (a data structure holding numbers) has the correct shape, allowing attackers to crash the program through a denial of service attack (making a system unavailable by overwhelming it).

CVE-2022-35986: TensorFlow is an open source platform for machine learning. If `RaggedBincount` is given an empty input tensor `splits`,

mediumvulnerability
security
Sep 16, 2022
CVE-2022-35986

TensorFlow (an open source machine learning platform) has a bug where the `RaggedBincount` function crashes when given an empty input tensor called `splits`, which can be exploited to launch a denial of service attack (making a service unavailable by overwhelming it). The vulnerability affects multiple versions of the software.

CVE-2022-35985: TensorFlow is an open source platform for machine learning. If `LRNGrad` is given an `output_image` input tensor that is

mediumvulnerability
security
Sep 16, 2022
CVE-2022-35985

TensorFlow (an open source platform for machine learning) has a vulnerability in its `LRNGrad` function where passing an incorrectly formatted input tensor (one that is not 4-dimensional) causes the program to crash, allowing attackers to trigger a denial of service attack (making the system unavailable).

CVE-2022-35984: TensorFlow is an open source platform for machine learning. `ParameterizedTruncatedNormal` assumes `shape` is of type `i

mediumvulnerability
security
Sep 16, 2022
CVE-2022-35984

TensorFlow (an open source machine learning platform) has a bug in the `ParameterizedTruncatedNormal` function where it only accepts one data type (`int32`) for the `shape` parameter, but crashes when given the correct type (`int64`), which could allow an attacker to cause a denial of service (making the software unavailable).

CVE-2022-35983: TensorFlow is an open source platform for machine learning. If `Save` or `SaveSlices` is run over tensors of an unsuppor

mediumvulnerability
security
Sep 16, 2022
CVE-2022-35983

TensorFlow (an open source machine learning platform) has a vulnerability where running certain save operations on data types (formats for storing numbers) that aren't supported causes the program to crash, which could be used for a denial of service attack (making a service unavailable by overwhelming it). The vulnerability affects multiple versions of TensorFlow.

CVE-2022-35982: TensorFlow is an open source platform for machine learning. If `SparseBincount` is given inputs for `indices`, `values`,

mediumvulnerability
security
Sep 16, 2022
CVE-2022-35982

TensorFlow, an open source machine learning platform, has a vulnerability in the `SparseBincount` function where invalid sparse tensor (a compressed way of storing data with mostly empty values) inputs can crash the program, potentially allowing attackers to cause a denial of service attack (making the system unavailable). The issue has been patched and will be fixed in upcoming versions of TensorFlow.

CVE-2022-35981: TensorFlow is an open source platform for machine learning. `FractionalMaxPoolGrad` validates its inputs with `CHECK` fa

mediumvulnerability
security
Sep 16, 2022
CVE-2022-35981

TensorFlow, an open source machine learning platform, has a vulnerability in its `FractionalMaxPoolGrad` function (a component that processes pooling operations) where it uses CHECK failures instead of returning errors to validate inputs. If someone sends incorrectly sized inputs to this function, they can trigger a denial of service attack (making the system crash or become unresponsive).

Previous296 / 331Next

Fix: The issue has been patched in GitHub commit 611d80db29dd7b0cfb755772c69d60ae5bca05f9. The fix will be included in TensorFlow 2.10.0, and will also be backported (added to older versions still being supported) to TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2. No workarounds are available.

NVD/CVE Database

Fix: Update to TensorFlow 2.10.0 or the patched versions 2.9.1, 2.8.1, or 2.7.2. The fix is included in GitHub commit bf6b45244992e2ee543c258e519489659c99fb7f. No workarounds are available, so updating is required.

NVD/CVE Database

Fix: The fix is included in TensorFlow 2.10.0. It will also be backported (added to older versions still being supported) to TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2. Users should update to one of these patched versions. There are no known workarounds for this issue.

NVD/CVE Database

Fix: Update TensorFlow to version 2.10.0 or apply patches to supported versions 2.9.1, 2.8.1, and 2.7.2. The fix is available in GitHub commit cf70b79d2662c0d3c6af74583641e345fc939467.

NVD/CVE Database

Fix: Update to TensorFlow 2.10.0, or apply the patch from GitHub commit 3db59a042a38f4338aa207922fa2f476e000a6ee. For users on older supported versions, updates are also available for TensorFlow 2.9.1, 2.8.1, and 2.7.2.

NVD/CVE Database

Fix: The issue has been patched in GitHub commit bb03fdf4aae944ab2e4b35c7daa051068a8b7f61. The fix will be included in TensorFlow 2.10.0, and will also be backported to TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2.

NVD/CVE Database

Fix: The issue has been patched in GitHub commit f3f9cb38ecfe5a8a703f2c4a8fead434ef291713. The fix will be included in TensorFlow 2.10.0 and will be backported to TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2. No workarounds are available; users should update to these patched versions.

NVD/CVE Database

Fix: The fix is included in TensorFlow 2.10.0, and will also be patched in earlier versions 2.9.1, 2.8.1, and 2.7.2. Users should update to one of these versions or later.

NVD/CVE Database

Fix: The issue has been patched in GitHub commit 88f93dfe691563baa4ae1e80ccde2d5c7a143821. The fix is included in TensorFlow 2.10.0 and will also be backported to (applied to earlier versions of) TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2.

NVD/CVE Database

Fix: The vulnerability was patched in GitHub commit f3cf67ac5705f4f04721d15e485e192bb319feed. The fix is included in TensorFlow 2.10.0 and will also be backported (applied to older versions still receiving updates) to TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2. There are no known workarounds for this issue.

NVD/CVE Database

Fix: The fix is included in TensorFlow 2.10.0 and will be cherrypicked into TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2. Users should update to one of these patched versions. No workarounds are available.

NVD/CVE Database

Fix: The issue has been patched in GitHub commit c55b476aa0e0bd4ee99d0f3ad18d9d706cd1260a. The fix will be included in TensorFlow 2.10.0 and will be backported to TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2.

NVD/CVE Database

Fix: The issue has been patched in GitHub commit bf4c14353c2328636a18bfad1e151052c81d5f43 and will be included in TensorFlow 2.10.0. The fix will also be included in earlier versions: TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2.

NVD/CVE Database

Fix: Update to TensorFlow 2.10.0, or apply the patch from GitHub commit 7a4591fd4f065f4fa903593bc39b2f79530a74b8. If you cannot update to 2.10.0 yet, cherrypicked fixes are also available in TensorFlow 2.9.1, 2.8.1, and 2.7.2. There are no known workarounds for this issue.

NVD/CVE Database

Fix: The issue was patched in GitHub commit bd90b3efab4ec958b228cd7cfe9125be1c0cf255. The fix is included in TensorFlow 2.10.0 and will be backported (applied to older supported versions) in TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2.

NVD/CVE Database

Fix: The issue was patched in GitHub commit 72180be03447a10810edca700cbc9af690dfeb51. The fix will be included in TensorFlow 2.10.0 and will also be backported (added to older versions still receiving updates) to TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2. There are no known workarounds for this issue.

NVD/CVE Database

Fix: The fix is included in TensorFlow 2.10.0 and will be backported (added to older versions) in TensorFlow 2.9.1, 2.8.1, and 2.7.2. Users should update to one of these patched versions.

NVD/CVE Database

Fix: The fix is included in TensorFlow 2.10.0 and has been cherrypicked (backported) to TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2. Users should update to one of these patched versions.

NVD/CVE Database

Fix: Update TensorFlow to version 2.10.0 or apply the patch from GitHub commit 8741e57d163a079db05a7107a7609af70931def4. The fix is also being included in TensorFlow 2.9.1, 2.8.1, and 2.7.2.

NVD/CVE Database