aisecwatch.com
DashboardVulnerabilitiesNewsResearchArchiveStatsDatasetFor devs
Subscribe
aisecwatch.com

Real-time AI security monitoring. Tracking AI-related vulnerabilities, safety and security incidents, privacy risks, research developments, and policy changes.

Navigation

VulnerabilitiesNewsResearchDigest ArchiveNewsletter ArchiveSubscribeData SourcesStatisticsDatasetAPIIntegrationsWidgetRSS Feed

Maintained by

Truong (Jack) Luu

Information Systems Researcher

AI & LLM Vulnerabilities

Security vulnerabilities, privacy incidents, safety concerns, and policy updates affecting LLMs and AI agents.

to
Export CSV
2170 items

CVE-2022-35985: TensorFlow is an open source platform for machine learning. If `LRNGrad` is given an `output_image` input tensor that is

mediumvulnerability
security
Sep 16, 2022
CVE-2022-35985

TensorFlow (an open source platform for machine learning) has a vulnerability in its `LRNGrad` function where passing an incorrectly formatted input tensor (one that is not 4-dimensional) causes the program to crash, allowing attackers to trigger a denial of service attack (making the system unavailable).

Fix: The issue was patched in GitHub commit bd90b3efab4ec958b228cd7cfe9125be1c0cf255. The fix is included in TensorFlow 2.10.0 and will be backported (applied to older supported versions) in TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2.

NVD/CVE Database

CVE-2022-35984: TensorFlow is an open source platform for machine learning. `ParameterizedTruncatedNormal` assumes `shape` is of type `i

mediumvulnerability
security
Sep 16, 2022
CVE-2022-35984

TensorFlow (an open source machine learning platform) has a bug in the `ParameterizedTruncatedNormal` function where it only accepts one data type (`int32`) for the `shape` parameter, but crashes when given the correct type (`int64`), which could allow an attacker to cause a denial of service (making the software unavailable).

CVE-2022-35983: TensorFlow is an open source platform for machine learning. If `Save` or `SaveSlices` is run over tensors of an unsuppor

mediumvulnerability
security
Sep 16, 2022
CVE-2022-35983

TensorFlow (an open source machine learning platform) has a vulnerability where running certain save operations on data types (formats for storing numbers) that aren't supported causes the program to crash, which could be used for a denial of service attack (making a service unavailable by overwhelming it). The vulnerability affects multiple versions of TensorFlow.

CVE-2022-35982: TensorFlow is an open source platform for machine learning. If `SparseBincount` is given inputs for `indices`, `values`,

mediumvulnerability
security
Sep 16, 2022
CVE-2022-35982

TensorFlow, an open source machine learning platform, has a vulnerability in the `SparseBincount` function where invalid sparse tensor (a compressed way of storing data with mostly empty values) inputs can crash the program, potentially allowing attackers to cause a denial of service attack (making the system unavailable). The issue has been patched and will be fixed in upcoming versions of TensorFlow.

CVE-2022-35981: TensorFlow is an open source platform for machine learning. `FractionalMaxPoolGrad` validates its inputs with `CHECK` fa

mediumvulnerability
security
Sep 16, 2022
CVE-2022-35981

TensorFlow, an open source machine learning platform, has a vulnerability in its `FractionalMaxPoolGrad` function (a component that processes pooling operations) where it uses CHECK failures instead of returning errors to validate inputs. If someone sends incorrectly sized inputs to this function, they can trigger a denial of service attack (making the system crash or become unresponsive).

CVE-2022-35979: TensorFlow is an open source platform for machine learning. If `QuantizedRelu` or `QuantizedRelu6` are given nonscalar i

mediumvulnerability
security
Sep 16, 2022
CVE-2022-35979

TensorFlow (an open-source machine learning platform) has a vulnerability where two functions called `QuantizedRelu` and `QuantizedRelu6` crash when given certain types of incorrect inputs for their `min_features` or `max_features` parameters, which attackers could exploit to cause a denial of service attack (making the system unavailable).

CVE-2022-35974: TensorFlow is an open source platform for machine learning. If `QuantizeDownAndShrinkRange` is given nonscalar inputs fo

mediumvulnerability
security
Sep 16, 2022
CVE-2022-35974

TensorFlow (an open source machine learning platform) has a bug where a function called `QuantizeDownAndShrinkRange` crashes if it receives nonscalar inputs (arrays or objects with multiple values instead of single values) for certain parameters, allowing attackers to cause a denial of service attack (making the system unavailable).

CVE-2022-35973: TensorFlow is an open source platform for machine learning. If `QuantizedMatMul` is given nonscalar input for: `min_a`,

mediumvulnerability
security
Sep 16, 2022
CVE-2022-35973

TensorFlow, an open source machine learning platform, has a vulnerability in its `QuantizedMatMul` function that crashes when given certain types of improper input (nonscalar values for min/max parameters), allowing attackers to trigger a denial of service attack (making the system unavailable). The issue has been fixed and will be released in updated versions of TensorFlow.

CVE-2022-35972: TensorFlow is an open source platform for machine learning. If `QuantizedBiasAdd` is given `min_input`, `max_input`, `mi

mediumvulnerability
security
Sep 16, 2022
CVE-2022-35972

TensorFlow, an open source machine learning platform, has a vulnerability in its `QuantizedBiasAdd` function that crashes when given certain tensor inputs of nonzero rank (multi-dimensional arrays), allowing attackers to launch a denial of service attack (making the system unavailable). The developers have identified and patched the issue.

CVE-2022-35971: TensorFlow is an open source platform for machine learning. If `FakeQuantWithMinMaxVars` is given `min` or `max` tensors

mediumvulnerability
security
Sep 16, 2022
CVE-2022-35971

TensorFlow, an open source machine learning platform, has a vulnerability in the `FakeQuantWithMinMaxVars` function where providing certain types of input tensors (multidimensional arrays of numbers) causes the program to crash, enabling a denial of service attack (making a system unavailable to users). The vulnerability has been identified and fixed in the codebase.

CVE-2022-35970: TensorFlow is an open source platform for machine learning. If `QuantizedInstanceNorm` is given `x_min` or `x_max` tenso

mediumvulnerability
security
Sep 16, 2022
CVE-2022-35970

TensorFlow (an open source platform for machine learning) has a bug in the `QuantizedInstanceNorm` function where passing certain tensor inputs (`x_min` or `x_max` with nonzero rank, which are multi-dimensional arrays of numerical data) causes a segfault (a crash from accessing invalid memory), allowing attackers to trigger a denial of service attack (making the system unavailable). The vulnerability was fixed and will be released in TensorFlow 2.10.0, with backported patches for earlier versions.

CVE-2022-35969: TensorFlow is an open source platform for machine learning. The implementation of `Conv2DBackpropInput` requires `input_

mediumvulnerability
security
Sep 16, 2022
CVE-2022-35969

TensorFlow (an open-source machine learning platform) has a bug in the `Conv2DBackpropInput` function where it crashes if the `input_sizes` parameter is not 4-dimensional, allowing attackers to cause a denial of service (making the system unavailable). The issue has been fixed and will be released in upcoming versions.

CVE-2022-35968: TensorFlow is an open source platform for machine learning. The implementation of `AvgPoolGrad` does not fully validate

mediumvulnerability
security
Sep 16, 2022
CVE-2022-35968

TensorFlow, an open source machine learning platform, has a bug in the `AvgPoolGrad` function where it doesn't properly check the input parameter `orig_input_shape`. This incomplete validation causes a CHECK failure (a crash that stops the program), which attackers can exploit to perform a denial of service attack (making the system unavailable to legitimate users).

CVE-2022-35967: TensorFlow is an open source platform for machine learning. If `QuantizedAdd` is given `min_input` or `max_input` tensor

mediumvulnerability
security
Sep 16, 2022
CVE-2022-35967

TensorFlow, an open source machine learning platform, has a vulnerability in its `QuantizedAdd` function (a tool for adding quantized numbers, which are rounded values used to save memory). If this function receives certain tensor inputs of nonzero rank (multi-dimensional arrays), it crashes the program, which can be exploited to cause a denial of service attack (making the system unavailable to legitimate users).

CVE-2022-35966: TensorFlow is an open source platform for machine learning. If `QuantizedAvgPool` is given `min_input` or `max_input` te

mediumvulnerability
security
Sep 16, 2022
CVE-2022-35966

A bug in TensorFlow (an open source platform for machine learning) called `QuantizedAvgPool` can crash when given certain types of inputs, allowing attackers to launch a denial of service attack (making a system unavailable). The issue has been fixed and will be released in upcoming versions of the software.

CVE-2022-35965: TensorFlow is an open source platform for machine learning. If `LowerBound` or `UpperBound` is given an empty`sorted_inp

mediumvulnerability
security
Sep 16, 2022
CVE-2022-35965

TensorFlow (an open source platform for machine learning) has a bug where the `LowerBound` or `UpperBound` functions crash if given an empty input list, causing a nullptr dereference (trying to access memory that doesn't exist). This crash can be exploited to launch a denial of service attack (making the system unavailable to legitimate users).

CVE-2022-35964: TensorFlow is an open source platform for machine learning. The implementation of `BlockLSTMGradV2` does not fully valid

mediumvulnerability
security
Sep 16, 2022
CVE-2022-35964

TensorFlow (an open source platform for machine learning) has a bug in the `BlockLSTMGradV2` function that doesn't properly check its inputs, allowing attackers to crash the system with a denial of service attack (causing the program to stop working). The vulnerability affects multiple versions of TensorFlow.

CVE-2022-35963: TensorFlow is an open source platform for machine learning. The implementation of `FractionalAvgPoolGrad` does not fully

mediumvulnerability
security
Sep 16, 2022
CVE-2022-35963

A bug in TensorFlow (an open source machine learning platform) within a function called `FractionalAvgPoolGrad` doesn't properly check its input data, causing an overflow (when a number becomes too large for the program to handle) that crashes the program and can be exploited to launch a denial of service attack (making a service unavailable to users).

CVE-2022-35960: TensorFlow is an open source platform for machine learning. In `core/kernels/list_kernels.cc's TensorListReserve`, `num_

mediumvulnerability
security
Sep 16, 2022
CVE-2022-35960

TensorFlow (an open source machine learning platform) has a bug in its TensorListReserve function where it assumes `num_elements` is a tensor with only one value, but crashes if given multiple values. This causes the function to fail when users try to use `tf.raw_ops.TensorListReserve` with improperly sized input.

CVE-2022-35959: TensorFlow is an open source platform for machine learning. The implementation of `AvgPool3DGradOp` does not fully valid

mediumvulnerability
security
Sep 16, 2022
CVE-2022-35959

TensorFlow (an open source machine learning platform) has a bug in `AvgPool3DGradOp` (a function that calculates gradients for 3D average pooling operations) where it doesn't properly check the `orig_input_shape` input value. This causes an overflow (when a number gets too large for its container) that crashes the system with a CHECK failure, allowing attackers to perform a denial of service attack (making the system unavailable).

Previous90 / 109Next

Fix: The issue was patched in GitHub commit 72180be03447a10810edca700cbc9af690dfeb51. The fix will be included in TensorFlow 2.10.0 and will also be backported (added to older versions still receiving updates) to TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2. There are no known workarounds for this issue.

NVD/CVE Database

Fix: The fix is included in TensorFlow 2.10.0 and will be backported (added to older versions) in TensorFlow 2.9.1, 2.8.1, and 2.7.2. Users should update to one of these patched versions.

NVD/CVE Database

Fix: The fix is included in TensorFlow 2.10.0 and has been cherrypicked (backported) to TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2. Users should update to one of these patched versions.

NVD/CVE Database

Fix: Update TensorFlow to version 2.10.0 or apply the patch from GitHub commit 8741e57d163a079db05a7107a7609af70931def4. The fix is also being included in TensorFlow 2.9.1, 2.8.1, and 2.7.2.

NVD/CVE Database

Fix: The issue has been patched in GitHub commit 49b3824d83af706df0ad07e4e677d88659756d89. The fix is included in TensorFlow 2.10.0 and will be backported (applied to older versions still being supported) to TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2. No workarounds are available, so users must update to a patched version.

NVD/CVE Database

Fix: The issue has been patched in GitHub commit 73ad1815ebcfeb7c051f9c2f7ab5024380ca8613. The fix will be included in TensorFlow 2.10.0, and will also be backported to TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2.

NVD/CVE Database

Fix: The fix is available in GitHub commit aca766ac7693bf29ed0df55ad6bfcc78f35e7f48 and will be included in TensorFlow 2.10.0. Users of TensorFlow 2.9.1, 2.8.1, and 2.7.2 should update to the patched versions of those releases (2.9.1, 2.8.1, and 2.7.2 respectively), as the fix will be cherry-picked into these supported versions.

NVD/CVE Database

Fix: The fix is included in TensorFlow 2.10.0 and will also be backported to TensorFlow 2.9.1, 2.8.1, and 2.7.2. Users should update to one of these patched versions.

NVD/CVE Database

Fix: The fix is included in TensorFlow 2.10.0. Users of earlier versions should update to TensorFlow 2.9.1, TensorFlow 2.8.1, or TensorFlow 2.7.2, which will receive the patch through a cherry-pick (backporting the fix to older versions). No workarounds are available.

NVD/CVE Database

Fix: Update to TensorFlow 2.10.0 or apply the cherrypick commits to TensorFlow 2.9.1, 2.8.1, or 2.7.2. The fix is available in GitHub commit 785d67a78a1d533759fcd2f5e8d6ef778de849e0. No workarounds exist for this issue.

NVD/CVE Database

Fix: The fix is included in TensorFlow 2.10.0. For users on older versions, the patch will be available in TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2. Update to one of these versions or later.

NVD/CVE Database

Fix: The issue has been patched in GitHub commit 3a6ac52664c6c095aa2b114e742b0aa17fdce78f. The fix will be included in TensorFlow 2.10.0, and will be backported (added to older versions still being supported) in TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2.

NVD/CVE Database

Fix: The issue is patched in GitHub commit 49b3824d83af706df0ad07e4e677d88659756d89. The fix will be included in TensorFlow 2.10.0 and will be backported (applied to older supported versions) as TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2.

NVD/CVE Database

Fix: The fix is available in GitHub commit 7cdf9d4d2083b739ec81cfdace546b0c99f50622. The patch will be included in TensorFlow 2.10.0 and will also be applied to TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2.

NVD/CVE Database

Fix: The issue was patched in GitHub commit bce3717eaef4f769019fd18e990464ca4a2efeea. The fix will be included in TensorFlow 2.10.0 and will also be back-ported (applied retroactively) to TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2.

NVD/CVE Database

Fix: The issue has been patched in GitHub commit 2a458fc4866505be27c62f81474ecb2b870498fa. The fix will be included in TensorFlow 2.10.0 and will be back-ported to TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2. There are no known workarounds.

NVD/CVE Database

Fix: The issue has been patched in GitHub commit 03a659d7be9a1154fdf5eeac221e5950fec07dad. The fix will be included in TensorFlow 2.10.0 and will also be applied to TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2.

NVD/CVE Database

Fix: The issue has been patched in GitHub commit b5f6fbfba76576202b72119897561e3bd4f179c7. The fix is included in TensorFlow 2.10.0, and will also be released in TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2.

NVD/CVE Database

Fix: The issue was patched in GitHub commit 9178ac9d6389bdc54638ab913ea0e419234d14eb. The fix is included in TensorFlow 2.10.0 and will be backported (adapted for older versions) to TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2.

NVD/CVE Database