aisecwatch.com
DashboardVulnerabilitiesNewsResearchArchiveStatsDatasetFor devs
Subscribe
aisecwatch.com

Real-time AI security monitoring. Tracking AI-related vulnerabilities, safety and security incidents, privacy risks, research developments, and policy changes.

Navigation

VulnerabilitiesNewsResearchDigest ArchiveNewsletter ArchiveSubscribeData SourcesStatisticsDatasetAPIIntegrationsWidgetRSS Feed

Maintained by

Truong (Jack) Luu

Information Systems Researcher

AI & LLM Vulnerabilities

Security vulnerabilities, privacy incidents, safety concerns, and policy updates affecting LLMs and AI agents.

to
Export CSV
2170 items

CVE-2022-36002: TensorFlow is an open source platform for machine learning. When `Unbatch` receives a nonscalar input `id`, it gives a `

mediumvulnerability
security
Sep 16, 2022
CVE-2022-36002

TensorFlow (an open source machine learning platform) has a vulnerability where the `Unbatch` operation crashes when it receives a nonscalar input `id` (a variable with multiple dimensions rather than a single value), which can be exploited to cause a denial of service attack (making a system unavailable by overwhelming it).

Fix: The issue has been patched in GitHub commit 4419d10d576adefa36b0e0a9425d2569f7c0189f. Users should upgrade to TensorFlow 2.10.0 or apply the patch to supported versions 2.9.1, 2.8.1, and 2.7.2. No workarounds are available.

NVD/CVE Database

CVE-2022-36001: TensorFlow is an open source platform for machine learning. When `DrawBoundingBoxes` receives an input `boxes` that is n

mediumvulnerability
security
Sep 16, 2022
CVE-2022-36001

TensorFlow (an open-source machine learning platform) has a vulnerability in its `DrawBoundingBoxes` function where receiving input boxes that aren't float data types causes a CHECK fail, which can be exploited to disable the system through a denial of service attack (overwhelming it with requests). The vulnerability affects multiple versions of TensorFlow.

CVE-2022-36000: TensorFlow is an open source platform for machine learning. When `mlir::tfg::ConvertGenericFunctionToFunctionDef` is giv

mediumvulnerability
security
Sep 16, 2022
CVE-2022-36000

TensorFlow, an open-source machine learning platform, has a vulnerability where a specific internal function crashes when it receives empty function attributes, causing a null dereference (an error where the software tries to use a memory location that doesn't exist). This bug affects multiple versions of TensorFlow and has no known workarounds.

CVE-2022-35999: TensorFlow is an open source platform for machine learning. When `Conv2DBackpropInput` receives empty `out_backprop` inp

mediumvulnerability
security
Sep 16, 2022
CVE-2022-35999

TensorFlow (an open source platform for machine learning) has a vulnerability where a function called `Conv2DBackpropInput` crashes when it receives empty input arrays, allowing attackers to cause a denial of service attack (making the system unavailable). The issue affects both CPU and GPU processing and has been patched in the codebase.

CVE-2022-35998: TensorFlow is an open source platform for machine learning. If `EmptyTensorList` receives an input `element_shape` with

mediumvulnerability
security
Sep 16, 2022
CVE-2022-35998

TensorFlow, an open source platform for machine learning, has a vulnerability in its `EmptyTensorList` function that crashes when given certain inputs, allowing attackers to trigger a denial of service attack (making a service unavailable by overwhelming it). The bug occurs when the function receives an `element_shape` input with more than one dimension.

CVE-2022-35997: TensorFlow is an open source platform for machine learning. If `tf.sparse.cross` receives an input `separator` that is n

mediumvulnerability
security
Sep 16, 2022
CVE-2022-35997

TensorFlow, an open source machine learning platform, has a vulnerability in its `tf.sparse.cross` function where passing a non-scalar `separator` input (a parameter that isn't a single value) causes a CHECK fail, which can crash the program in a denial of service attack (making a system unavailable by overwhelming it). The flaw affects multiple versions of TensorFlow.

CVE-2022-35996: TensorFlow is an open source platform for machine learning. If `Conv2D` is given empty `input` and the `filter` and `pad

mediumvulnerability
security
Sep 16, 2022
CVE-2022-35996

TensorFlow, an open source machine learning platform, has a bug in its `Conv2D` function (a tool for processing image data) where empty input combined with certain filter and padding settings causes division-by-zero errors. This vulnerability allows attackers to crash the system in a denial of service attack (temporarily making a service unavailable by overwhelming or breaking it).

CVE-2022-35995: TensorFlow is an open source platform for machine learning. When `AudioSummaryV2` receives an input `sample_rate` with m

mediumvulnerability
security
Sep 16, 2022
CVE-2022-35995

TensorFlow (an open source machine learning platform) has a vulnerability in its `AudioSummaryV2` function where passing a `sample_rate` input with multiple elements causes a CHECK failure, which can be exploited to trigger a denial of service attack (making the system unavailable by overloading it).

CVE-2022-35994: TensorFlow is an open source platform for machine learning. When `CollectiveGather` receives an scalar input `input`, it

mediumvulnerability
security
Sep 16, 2022
CVE-2022-35994

TensorFlow (an open source platform for machine learning) has a vulnerability where a function called `CollectiveGather` crashes when it receives a scalar input (a single number rather than a list of numbers), allowing attackers to cause a denial of service attack (making the system unavailable). The issue has been fixed and will be released in upcoming versions of TensorFlow.

CVE-2022-35993: TensorFlow is an open source platform for machine learning. When `SetSize` receives an input `set_shape` that is not a 1

mediumvulnerability
security
Sep 16, 2022
CVE-2022-35993

TensorFlow has a vulnerability where the `SetSize` function crashes when it receives an input called `set_shape` that is not a 1D tensor (a one-dimensional array of data). An attacker can exploit this crash to launch a denial of service attack (making the system unavailable to legitimate users).

CVE-2022-35992: TensorFlow is an open source platform for machine learning. When `TensorListFromTensor` receives an `element_shape` of a

mediumvulnerability
security
Sep 16, 2022
CVE-2022-35992

TensorFlow (an open source machine learning platform) has a bug in the `TensorListFromTensor` function where certain inputs cause a CHECK failure that can be exploited to crash the system. This vulnerability affects multiple versions of TensorFlow and has no known workarounds.

CVE-2022-35991: TensorFlow is an open source platform for machine learning. When `TensorListScatter` and `TensorListScatterV2` receive a

mediumvulnerability
security
Sep 16, 2022
CVE-2022-35991

TensorFlow, an open-source machine learning platform, has a vulnerability where two functions (`TensorListScatter` and `TensorListScatterV2`) crash when given certain types of input, allowing attackers to cause a denial of service attack (making the system unavailable). The issue has been fixed and will be released in upcoming versions.

CVE-2022-36026: TensorFlow is an open source platform for machine learning. If `QuantizeAndDequantizeV3` is given a nonscalar `num_bits`

mediumvulnerability
security
Sep 16, 2022
CVE-2022-36026

TensorFlow, an open source platform for machine learning, has a vulnerability in its `QuantizeAndDequantizeV3` function where passing a nonscalar `num_bits` input tensor (a multi-dimensional array instead of a single value) causes the program to crash, which can be exploited for a denial of service attack (making a service unavailable by overwhelming or crashing it). The issue affects multiple TensorFlow versions.

CVE-2022-36019: TensorFlow is an open source platform for machine learning. If `FakeQuantWithMinMaxVarsPerChannel` is given `min` or `ma

mediumvulnerability
security
Sep 16, 2022
CVE-2022-36019

TensorFlow (an open source machine learning platform) has a vulnerability where a specific function called `FakeQuantWithMinMaxVarsPerChannel` crashes when given certain types of input data, allowing attackers to cause a denial of service attack (making the system stop working). The developers have fixed the bug in their code.

CVE-2022-36018: TensorFlow is an open source platform for machine learning. If `RaggedTensorToVariant` is given a `rt_nested_splits` lis

mediumvulnerability
security
Sep 16, 2022
CVE-2022-36018

TensorFlow, an open source platform for machine learning, has a vulnerability where a function called `RaggedTensorToVariant` can crash if it receives incorrectly formatted input (tensors with ranks other than one). An attacker could use this crash to launch a denial of service attack (making the system unavailable).

CVE-2022-35990: TensorFlow is an open source platform for machine learning. When `tf.quantization.fake_quant_with_min_max_vars_per_chann

mediumvulnerability
security
Sep 16, 2022
CVE-2022-35990

A vulnerability in TensorFlow (an open source platform for machine learning) allows attackers to crash the system by sending specially formatted inputs to a specific function called `tf.quantization.fake_quant_with_min_max_vars_per_channel_gradient`, causing a denial of service attack (where a system becomes unavailable). The issue occurs when the function receives input parameters with the wrong structure (rank other than 1).

CVE-2022-35989: TensorFlow is an open source platform for machine learning. When `MaxPool` receives a window size input array `ksize` wi

mediumvulnerability
security
Sep 16, 2022
CVE-2022-35989

TensorFlow (an open source platform for machine learning) has a vulnerability in its MaxPool function, which crashes when given a window size array with dimensions larger than the input data, allowing attackers to cause a denial of service attack (making the system unavailable). The issue has been patched and will be fixed in upcoming versions.

CVE-2022-35988: TensorFlow is an open source platform for machine learning. When `tf.linalg.matrix_rank` receives an empty input `a`, th

mediumvulnerability
security
Sep 16, 2022
CVE-2022-35988

TensorFlow (an open source platform for machine learning) has a vulnerability in its `tf.linalg.matrix_rank` function, which crashes when given an empty input. An attacker could exploit this crash to cause a denial of service attack (making the system unavailable by overwhelming it with requests or triggering failures).

CVE-2022-35987: TensorFlow is an open source platform for machine learning. `DenseBincount` assumes its input tensor `weights` to either

mediumvulnerability
security
Sep 16, 2022
CVE-2022-35987

TensorFlow, an open source platform for machine learning, has a vulnerability in its `DenseBincount` function where it doesn't properly check if the `weights` input tensor (a data structure holding numbers) has the correct shape, allowing attackers to crash the program through a denial of service attack (making a system unavailable by overwhelming it).

CVE-2022-35986: TensorFlow is an open source platform for machine learning. If `RaggedBincount` is given an empty input tensor `splits`,

mediumvulnerability
security
Sep 16, 2022
CVE-2022-35986

TensorFlow (an open source machine learning platform) has a bug where the `RaggedBincount` function crashes when given an empty input tensor called `splits`, which can be exploited to launch a denial of service attack (making a service unavailable by overwhelming it). The vulnerability affects multiple versions of the software.

Previous89 / 109Next

Fix: The issue has been patched in GitHub commit da0d65cdc1270038e72157ba35bf74b85d9bda11. Users should update to TensorFlow 2.10.0, or for earlier versions, update to TensorFlow 2.9.1, 2.8.1, or 2.7.2, as these patched versions are available for affected and still-supported releases. No workarounds exist.

NVD/CVE Database

Fix: The issue is patched in GitHub commit aed36912609fc07229b4d0a7b44f3f48efc00fd0. The fix will be included in TensorFlow 2.10.0, and has been backported (adapted for older versions) to TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2.

NVD/CVE Database

Fix: The fix is included in TensorFlow 2.10.0 and will be backported to TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2. Users should update to one of these patched versions. There are no known workarounds for this issue.

NVD/CVE Database

Fix: The issue is patched in GitHub commit c8ba76d48567aed347508e0552a257641931024d. Users should update to TensorFlow 2.10.0, or for those on earlier versions, update to TensorFlow 2.9.1, 2.8.1, or 2.7.2 (which will include a cherrypicked fix). No workarounds exist for this vulnerability.

NVD/CVE Database

Fix: The issue has been patched in GitHub commit 83dcb4dbfa094e33db084e97c4d0531a559e0ebf. The fix will be included in TensorFlow 2.10.0 and will be backported to TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2.

NVD/CVE Database

Fix: The issue has been patched in GitHub commit 611d80db29dd7b0cfb755772c69d60ae5bca05f9. The fix will be included in TensorFlow 2.10.0, and will also be backported (added to older versions still being supported) to TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2. No workarounds are available.

NVD/CVE Database

Fix: Update to TensorFlow 2.10.0 or the patched versions 2.9.1, 2.8.1, or 2.7.2. The fix is included in GitHub commit bf6b45244992e2ee543c258e519489659c99fb7f. No workarounds are available, so updating is required.

NVD/CVE Database

Fix: The fix is included in TensorFlow 2.10.0. It will also be backported (added to older versions still being supported) to TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2. Users should update to one of these patched versions. There are no known workarounds for this issue.

NVD/CVE Database

Fix: Update TensorFlow to version 2.10.0 or apply patches to supported versions 2.9.1, 2.8.1, and 2.7.2. The fix is available in GitHub commit cf70b79d2662c0d3c6af74583641e345fc939467.

NVD/CVE Database

Fix: Update to TensorFlow 2.10.0, or apply the patch from GitHub commit 3db59a042a38f4338aa207922fa2f476e000a6ee. For users on older supported versions, updates are also available for TensorFlow 2.9.1, 2.8.1, and 2.7.2.

NVD/CVE Database

Fix: The issue has been patched in GitHub commit bb03fdf4aae944ab2e4b35c7daa051068a8b7f61. The fix will be included in TensorFlow 2.10.0, and will also be backported to TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2.

NVD/CVE Database

Fix: The issue has been patched in GitHub commit f3f9cb38ecfe5a8a703f2c4a8fead434ef291713. The fix will be included in TensorFlow 2.10.0 and will be backported to TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2. No workarounds are available; users should update to these patched versions.

NVD/CVE Database

Fix: The fix is included in TensorFlow 2.10.0, and will also be patched in earlier versions 2.9.1, 2.8.1, and 2.7.2. Users should update to one of these versions or later.

NVD/CVE Database

Fix: The issue has been patched in GitHub commit 88f93dfe691563baa4ae1e80ccde2d5c7a143821. The fix is included in TensorFlow 2.10.0 and will also be backported to (applied to earlier versions of) TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2.

NVD/CVE Database

Fix: The vulnerability was patched in GitHub commit f3cf67ac5705f4f04721d15e485e192bb319feed. The fix is included in TensorFlow 2.10.0 and will also be backported (applied to older versions still receiving updates) to TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2. There are no known workarounds for this issue.

NVD/CVE Database

Fix: The fix is included in TensorFlow 2.10.0 and will be cherrypicked into TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2. Users should update to one of these patched versions. No workarounds are available.

NVD/CVE Database

Fix: The issue has been patched in GitHub commit c55b476aa0e0bd4ee99d0f3ad18d9d706cd1260a. The fix will be included in TensorFlow 2.10.0 and will be backported to TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2.

NVD/CVE Database

Fix: The issue has been patched in GitHub commit bf4c14353c2328636a18bfad1e151052c81d5f43 and will be included in TensorFlow 2.10.0. The fix will also be included in earlier versions: TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2.

NVD/CVE Database

Fix: Update to TensorFlow 2.10.0, or apply the patch from GitHub commit 7a4591fd4f065f4fa903593bc39b2f79530a74b8. If you cannot update to 2.10.0 yet, cherrypicked fixes are also available in TensorFlow 2.9.1, 2.8.1, and 2.7.2. There are no known workarounds for this issue.

NVD/CVE Database