aisecwatch.com
DashboardVulnerabilitiesNewsResearchArchiveStatsDatasetFor devs
Subscribe
aisecwatch.com

Real-time AI security monitoring. Tracking AI-related vulnerabilities, safety and security incidents, privacy risks, research developments, and policy changes.

Navigation

VulnerabilitiesNewsResearchDigest ArchiveNewsletter ArchiveSubscribeData SourcesStatisticsDatasetAPIIntegrationsWidgetRSS Feed

Maintained by

Truong (Jack) Luu

Information Systems Researcher

AI & LLM Vulnerabilities

Security vulnerabilities, privacy incidents, safety concerns, and policy updates affecting LLMs and AI agents.

to
Export CSV
2170 items

CVE-2022-41889: TensorFlow is an open source platform for machine learning. If a list of quantized tensors is assigned to an attribute,

mediumvulnerability
security
Nov 18, 2022
CVE-2022-41889

TensorFlow, an open source machine learning platform, had a bug where passing quantized tensors (specially compressed numeric data) to certain functions caused the parsing code to fail silently and return a null pointer (empty reference) instead of the expected data. This could cause crashes or unexpected behavior in machine learning programs using affected TensorFlow functions.

Fix: The issue was patched in GitHub commit e9e95553e5411834d215e6770c81a83a3d0866ce and will be included in TensorFlow 2.11. The fix will also be backported (applied to earlier versions) in TensorFlow 2.10.1, 2.9.3, and 2.8.4.

NVD/CVE Database

CVE-2022-41888: TensorFlow is an open source platform for machine learning. When running on GPU, `tf.image.generate_bounding_box_proposa

mediumvulnerability
security
Nov 18, 2022
CVE-2022-41888

TensorFlow, an open source machine learning platform, has a vulnerability in its `tf.image.generate_bounding_box_proposals` function when running on GPU. The function fails to validate that the `scores` input has the correct rank (dimension structure), which could cause problems. This is classified as improper input validation (CWE-20, where a program doesn't properly check if data meets required specifications).

CVE-2022-41887: TensorFlow is an open source platform for machine learning. `tf.keras.losses.poisson` receives a `y_pred` and `y_true` t

mediumvulnerability
security
Nov 18, 2022
CVE-2022-41887

TensorFlow's poisson loss function (a tool for measuring prediction errors in machine learning) crashes when certain input dimensions multiply together and exceed the limit of a 32-bit integer, causing a size mismatch during broadcast assignment (aligning data for computation). The vulnerability affects multiple versions of TensorFlow.

CVE-2022-41886: TensorFlow is an open source platform for machine learning. When `tf.raw_ops.ImageProjectiveTransformV2` is given a larg

mediumvulnerability
security
Nov 18, 2022
CVE-2022-41886

TensorFlow (an open source platform for machine learning) has a bug in the `tf.raw_ops.ImageProjectiveTransformV2` function where it overflows (uses more memory than available) when given a large output shape. This vulnerability was caused by an incorrect calculation of buffer size (the amount of memory needed to store data).

CVE-2022-41885: TensorFlow is an open source platform for machine learning. When `tf.raw_ops.FusedResizeAndPadConv2D` is given a large t

mediumvulnerability
security
Nov 18, 2022
CVE-2022-41885

TensorFlow (an open source machine learning platform) has a vulnerability in the `tf.raw_ops.FusedResizeAndPadConv2D` function where a buffer overflow (a memory error where data exceeds available space) occurs when given very large tensor shapes. The bug stems from an incorrect buffer size calculation.

CVE-2022-41884: TensorFlow is an open source platform for machine learning. If a numpy array is created with a shape such that one eleme

mediumvulnerability
security
Nov 18, 2022
CVE-2022-41884

TensorFlow, an open source machine learning platform, has a bug where creating a numpy array (a data structure for storing numbers) with a specific shape (one dimension with zero elements and others summing to a large number) causes an error. The developers have created a fix and will release it in upcoming versions of TensorFlow.

CVE-2022-41880: TensorFlow is an open source platform for machine learning. When the `BaseCandidateSamplerOp` function receives a value

mediumvulnerability
security
Nov 18, 2022
CVE-2022-41880

TensorFlow, an open source machine learning platform, has a vulnerability in the `BaseCandidateSamplerOp` function that causes a heap OOB read (out-of-bounds read, where a program accesses memory it shouldn't) when it receives certain invalid input values. This is a memory safety bug that could allow attackers to read sensitive data from the program's memory.

CVE-2022-41883: TensorFlow is an open source platform for machine learning. When ops that have specified input sizes receive a differing

mediumvulnerability
security
Nov 18, 2022
CVE-2022-41883

TensorFlow (an open source platform for machine learning) has a bug where certain operations crash when they receive a different number of inputs than expected, which could cause the program to stop working. This vulnerability is classified as an out-of-bounds read (accessing memory outside the intended range).

CVE-2022-36022: Deeplearning4J is a suite of tools for deploying and training deep learning models using the JVM. Packages org.deeplearn

mediumvulnerability
security
Nov 10, 2022
CVE-2022-36022

Deeplearning4J (a tool for building machine learning models on Java systems) versions up to 1.0.0-M2.1 have a vulnerability where some test code references unclaimed S3 buckets (cloud storage spaces that no longer belong to the original owner), which could potentially be exploited by attackers who claim those buckets. This mainly affects older natural language processing examples in the software.

CVE-2022-36027: TensorFlow is an open source platform for machine learning. When converting transposed convolutions using per-channel we

mediumvulnerability
security
Sep 16, 2022
CVE-2022-36027

TensorFlow (an open source platform for machine learning) crashes when converting transposed convolutions (a type of neural network layer operation) with per-channel weight quantization (a compression technique that reduces precision individually for different channels). The crash causes a segfault (a memory access error that terminates the program), crashing the Python process.

CVE-2022-36017: TensorFlow is an open source platform for machine learning. If `Requantize` is given `input_min`, `input_max`, `requeste

mediumvulnerability
security
Sep 16, 2022
CVE-2022-36017

TensorFlow, an open source platform for machine learning, has a vulnerability where a function called `Requantize` crashes when given certain types of input data (tensors of nonzero rank), allowing attackers to trigger a denial of service attack (making the system unavailable). The issue has been fixed and will be released in updated versions of the software.

CVE-2022-36016: TensorFlow is an open source platform for machine learning. When `tensorflow::full_type::SubstituteFromAttrs` receives a

mediumvulnerability
security
Sep 16, 2022
CVE-2022-36016

TensorFlow, an open source platform for machine learning, has a bug where a specific function (`tensorflow::full_type::SubstituteFromAttrs`) crashes the program instead of properly reporting an error when it receives incorrect input (a `FullTypeDef` that doesn't have exactly three arguments). This crash could potentially be exploited to make TensorFlow applications stop working.

CVE-2022-36015: TensorFlow is an open source platform for machine learning. When `RangeSize` receives values that do not fit into an `in

mediumvulnerability
security
Sep 16, 2022
CVE-2022-36015

TensorFlow (an open source platform for machine learning) has a bug where the `RangeSize` function crashes when it receives numbers too large to fit into an `int64_t` (a 64-bit integer data type). This is caused by an integer overflow (when a number becomes too large for its data type to handle).

CVE-2022-36014: TensorFlow is an open source platform for machine learning. When `mlir::tfg::TFOp::nameAttr` receives null type list att

mediumvulnerability
security
Sep 16, 2022
CVE-2022-36014

TensorFlow (an open source machine learning platform) crashes when a specific internal function receives null type list attributes (empty or missing type information). The developers have fixed the bug and will release the patch in upcoming versions of the software.

CVE-2022-36013: TensorFlow is an open source platform for machine learning. When `mlir::tfg::GraphDefImporter::ConvertNodeDef` tries to

mediumvulnerability
security
Sep 16, 2022
CVE-2022-36013

TensorFlow (an open source platform for machine learning) crashes when a component called mlir::tfg::GraphDefImporter::ConvertNodeDef tries to convert NodeDefs (data structures that define operations) without an operation name. This is a crash vulnerability that could cause the software to stop working unexpectedly.

CVE-2022-36012: TensorFlow is an open source platform for machine learning. When `mlir::tfg::ConvertGenericFunctionToFunctionDef` is giv

mediumvulnerability
security
Sep 16, 2022
CVE-2022-36012

TensorFlow (an open source platform for machine learning) crashes when a specific internal function called `mlir::tfg::ConvertGenericFunctionToFunctionDef` receives empty function attributes (data describing how a function should behave). This is a reachable assertion vulnerability, meaning the program encounters an unexpected condition it cannot handle.

CVE-2022-36011: TensorFlow is an open source platform for machine learning. When `mlir::tfg::ConvertGenericFunctionToFunctionDef` is giv

mediumvulnerability
security
Sep 16, 2022
CVE-2022-36011

TensorFlow, an open source machine learning platform, has a bug where a specific function crashes with a null dereference (trying to use a memory address that doesn't exist) when given empty function attributes. The issue affects multiple versions of TensorFlow and has no known workarounds.

CVE-2022-36005: TensorFlow is an open source platform for machine learning. When `tf.quantization.fake_quant_with_min_max_vars_gradient`

mediumvulnerability
security
Sep 16, 2022
CVE-2022-36005

TensorFlow, an open source platform for machine learning, has a vulnerability in its `tf.quantization.fake_quant_with_min_max_vars_gradient` function where nonscalar (multi-dimensional) input values for `min` or `max` parameters cause a CHECK fail, which is a crash that could enable a denial of service attack (disrupting service availability). The vulnerability affects multiple supported versions of TensorFlow.

CVE-2022-36004: TensorFlow is an open source platform for machine learning. When `tf.random.gamma` receives large input shape and rates,

mediumvulnerability
security
Sep 16, 2022
CVE-2022-36004

TensorFlow (an open source machine learning platform) has a bug in its `tf.random.gamma` function where large input values can cause a denial of service attack (making the system crash or stop responding). The developers have fixed the issue and will release it in TensorFlow 2.10.0, along with updates to older supported versions.

CVE-2022-36003: TensorFlow is an open source platform for machine learning. When `RandomPoissonV2` receives large input shape and rates,

mediumvulnerability
security
Sep 16, 2022
CVE-2022-36003

TensorFlow (an open source machine learning platform) has a vulnerability in its `RandomPoissonV2` function where large input values can cause a CHECK fail (a safety check that stops execution), allowing attackers to trigger a denial of service attack (making the system unavailable). The vulnerability affects multiple versions of TensorFlow.

Previous88 / 109Next

Fix: The fix is included in TensorFlow 2.11 and has been backported to versions 2.10.1, 2.9.3, and 2.8.4. Users should update to one of these patched versions. The patch details are available in GitHub commit cf35502463a88ca7185a99daa7031df60b3c1c98.

NVD/CVE Database

Fix: The issue has been patched in GitHub commit c5b30379ba87cbe774b08ac50c1f6d36df4ebb7c. The fix will be included in TensorFlow 2.11, and will also be patched in TensorFlow 2.10.1 and 2.9.3. TensorFlow 2.8.x will not receive this patch due to dependency changes in the underlying Eigen library between versions.

NVD/CVE Database

Fix: The fix is available in TensorFlow 2.11. For users on earlier versions still receiving support, the patch will be included in TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4. Users can also apply the fix directly via GitHub commit 8faa6ea692985dbe6ce10e1a3168e0bd60a723ba.

NVD/CVE Database

Fix: The fix is available in TensorFlow 2.11. For users on earlier versions, the patch has been applied to TensorFlow 2.10.1, 2.9.3, and 2.8.4. Users should update to one of these versions.

NVD/CVE Database

Fix: The fix is included in TensorFlow 2.11. For users on earlier versions still receiving support, the patch will also be available in TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4. The fix is available in GitHub commit 2b56169c16e375c521a3bc8ea658811cc0793784.

NVD/CVE Database

Fix: The issue has been patched in GitHub commit b389f5c944cadfdfe599b3f1e4026e036f30d2d4. Users should update to TensorFlow 2.11, or if using earlier versions, update to TensorFlow 2.10.1, 2.9.3, or 2.8.4, which will also receive the fix through a cherry-pick (backporting the patch to older supported versions).

NVD/CVE Database

Fix: The fix is included in TensorFlow 2.11. Users on earlier versions should update to TensorFlow 2.10.1, 2.9.3, or 2.8.4, which have the patch applied through GitHub commit f5381e0e10b5a61344109c1b7c174c68110f7629.

NVD/CVE Database

Fix: Users should upgrade to snapshots (development versions) of Deeplearning4J. A full release with the fix is planned for a later date. As a workaround, download a word2vec Google News vector (a pre-trained language model) from a new source using git lfs (a system for managing large files in code repositories).

NVD/CVE Database

Fix: The issue has been patched in GitHub commit aa0b852a4588cea4d36b74feb05d93055540b450. The fix will be included in TensorFlow 2.10.0, and will also be backported to TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2.

NVD/CVE Database

Fix: The fix is included in TensorFlow 2.10.0. The patch will also be applied to TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2. Users should upgrade to one of these patched versions. There are no known workarounds for this issue.

NVD/CVE Database

Fix: The issue is patched in GitHub commit 6104f0d4091c260ce9352f9155f7e9b725eab012. The fix will be included in TensorFlow 2.10.0 and will also be applied to TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2.

NVD/CVE Database

Fix: Update to TensorFlow 2.10.0, or apply the patch from GitHub commit 37e64539cd29fcfb814c4451152a60f5d107b0f0. Users of TensorFlow 2.9.1, 2.8.1, or 2.7.2 should also update to patched versions of those releases. The source states: 'There are no known workarounds for this issue.'

NVD/CVE Database

Fix: The fix will be included in TensorFlow 2.10.0. Patches will also be applied to TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2. Users should update to one of these patched versions when available.

NVD/CVE Database

Fix: The fix is included in TensorFlow 2.10.0 and will be cherrypicked (a process of applying specific fixes to older versions) into TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2. Users should update to one of these patched versions. The source notes there are no known workarounds for this issue.

NVD/CVE Database

Fix: Update to TensorFlow 2.10.0, or apply the patch from GitHub commit ad069af92392efee1418c48ff561fd3070a03d7b. Users of earlier versions should also update to TensorFlow 2.9.1, 2.8.1, or 2.7.2, which will also include this fix.

NVD/CVE Database

Fix: The issue was patched in GitHub commit 1cf45b831eeb0cab8655c9c7c5d06ec6f45fc41b. The fix will be included in TensorFlow 2.10.0 and will be backported to TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2.

NVD/CVE Database

Fix: The issue has been patched in GitHub commit f3cf67ac5705f4f04721d15e485e192bb319feed. The fix will be included in TensorFlow 2.10.0, and will also be backported to TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2. There are no known workarounds.

NVD/CVE Database

Fix: Update to TensorFlow 2.10.0, or if you need an earlier version, update to TensorFlow 2.9.1, TensorFlow 2.8.1, or TensorFlow 2.7.2, as these versions include the patch from GitHub commit 552bfced6ce4809db5f3ca305f60ff80dd40c5a3. The source notes there are no known workarounds for this issue.

NVD/CVE Database

Fix: The issue has been patched in GitHub commit 552bfced6ce4809db5f3ca305f60ff80dd40c5a3. The fix is included in TensorFlow 2.10.0 and will be backported (applied to older versions) in TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2. There are no known workarounds for this issue.

NVD/CVE Database