aisecwatch.com
DashboardVulnerabilitiesNewsResearchArchiveStatsDatasetFor devs
Subscribe
aisecwatch.com

Real-time AI security monitoring. Tracking AI-related vulnerabilities, safety and security incidents, privacy risks, research developments, and policy changes.

Navigation

VulnerabilitiesNewsResearchDigest ArchiveNewsletter ArchiveSubscribeData SourcesStatisticsDatasetAPIIntegrationsWidgetRSS Feed

Maintained by

Truong (Jack) Luu

Information Systems Researcher

AI & LLM Vulnerabilities

Security vulnerabilities, privacy incidents, safety concerns, and policy updates affecting LLMs and AI agents.

to
Export CSV
2170 items

CVE-2022-29203: TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implem

mediumvulnerability
security
May 20, 2022
CVE-2022-29203

CVE-2022-29203 is a vulnerability in TensorFlow (an open source platform for machine learning) where a function called `tf.raw_ops.SpaceToBatchND` has an integer overflow bug (a situation where a calculation produces a number too large for the system to handle). This overflow causes a denial of service (making the system crash or become unavailable) when the buggy code tries to allocate memory for output data.

Fix: Update TensorFlow to version 2.9.0, 2.8.1, 2.7.2, or 2.6.4, which contain patches for this issue.

NVD/CVE Database

CVE-2022-29202: TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implem

mediumvulnerability
security
May 20, 2022
CVE-2022-29202

A vulnerability in TensorFlow (an open source platform for machine learning) versions prior to 2.9.0, 2.8.1, 2.7.2, and 2.6.4 allows attackers to cause a denial of service (making a system unavailable by consuming all available memory) by exploiting the `tf.ragged.constant` function, which does not properly check its input arguments. The vulnerability exists because of improper input validation (checking that data meets expected requirements before using it).

CVE-2022-29201: TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implem

mediumvulnerability
security
May 20, 2022
CVE-2022-29201

TensorFlow, an open source machine learning platform, had a vulnerability in its `tf.raw_ops.QuantizedConv2D` function (a tool for processing images with reduced precision) before versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 where it did not properly check input arguments, causing references to point to nullptr (an invalid memory location). This flaw was fixed in the mentioned versions.

CVE-2022-29207: TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, multiple T

mediumvulnerability
security
May 20, 2022
CVE-2022-29207

TensorFlow (an open source platform for machine learning) has a vulnerability in versions before 2.9.0, 2.8.1, 2.7.2, and 2.6.4 where certain operations fail when given an invalid resource handle (a reference to data or tools the program needs). In eager mode (where TensorFlow executes code immediately rather than preparing a plan first), this can cause a reference to point to a null pointer (a memory location that doesn't exist), leading to undefined behavior and potential crashes or errors. Graph mode had safeguards that prevented this issue.

CVE-2022-29200: TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implem

mediumvulnerability
security
May 20, 2022
CVE-2022-29200

TensorFlow (an open-source machine learning platform) has a bug in the `tf.raw_ops.LSTMBlockCell` function where it doesn't properly check that input arguments have the correct structure. An attacker can exploit this to cause a denial of service attack (crashing the program), because the code fails when trying to access elements inside incorrectly-shaped inputs.

CVE-2022-29199: TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implem

mediumvulnerability
security
May 20, 2022
CVE-2022-29199

TensorFlow (an open source machine learning platform) had a bug in the `tf.raw_ops.LoadAndRemapMatrix` function that didn't properly check its input arguments, specifically whether the `initializing_values` parameter was valid. This missing validation could cause the program to crash (denial of service, a type of attack that makes a service unavailable), even though the attacker doesn't gain control of the system.

CVE-2022-29198: TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implem

mediumvulnerability
security
May 20, 2022
CVE-2022-29198

TensorFlow, an open source machine learning platform, has a vulnerability in a function called `tf.raw_ops.SparseTensorToCSRSparseMatrix` that doesn't properly check its inputs before processing them. This missing validation allows attackers to cause a denial of service attack (making the system crash or become unavailable) by sending specially crafted data that violates the expected format for sparse tensors (data structures that store mostly empty values efficiently).

CVE-2022-29197: TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implem

mediumvulnerability
security
May 20, 2022
CVE-2022-29197

A bug in TensorFlow (an open source machine learning platform) versions before 2.9.0, 2.8.1, 2.7.2, and 2.6.4 fails to validate input arguments to the `tf.raw_ops.UnsortedSegmentJoin` function, allowing attackers to trigger a denial of service attack (making the system crash or become unavailable). The vulnerability stems from the code assuming `num_segments` is a scalar (a single value) without checking this assumption first.

CVE-2022-29196: TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implem

mediumvulnerability
security
May 20, 2022
CVE-2022-29196

TensorFlow, an open source machine learning platform, has a vulnerability in its `tf.raw_ops.Conv3DBackpropFilterV2` function (a tool for training neural networks) that fails to properly check its input arguments before processing them. This missing validation allows attackers to crash the program with a denial of service attack (making it unavailable to legitimate users).

CVE-2022-29195: TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implem

mediumvulnerability
security
May 20, 2022
CVE-2022-29195

TensorFlow (an open source platform for machine learning) versions before 2.9.0, 2.8.1, 2.7.2, and 2.6.4 have a bug in the `tf.raw_ops.StagePeek` function that fails to check whether the `index` input is a scalar (a single number), allowing attackers to crash the system. This is a denial of service attack (making a service unavailable by overwhelming or breaking it).

CVE-2022-29193: TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implem

mediumvulnerability
security
May 20, 2022
CVE-2022-29193

TensorFlow, an open source platform for machine learning, had a vulnerability in the `tf.raw_ops.TensorSummaryV2` function that failed to properly validate (check the correctness of) input arguments before using them. This flaw could be exploited to cause a denial of service attack (making the system crash or become unavailable) by triggering a CHECK-failure (a forced program halt when an expected condition is not met).

CVE-2022-29194: TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implem

mediumvulnerability
security
May 20, 2022
CVE-2022-29194

TensorFlow, an open source machine learning platform, had a vulnerability in its `tf.raw_ops.DeleteSessionTensor` function (a specific operation within TensorFlow) that failed to properly check its input arguments before using them. This flaw could be exploited to cause a denial of service attack (making a system crash or become unavailable by sending specially crafted requests).

CVE-2022-29192: TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implem

mediumvulnerability
security
May 20, 2022
CVE-2022-29192

TensorFlow, an open source machine learning platform, had a vulnerability in the `tf.raw_ops.QuantizeAndDequantizeV4Grad` function where it did not fully validate input arguments before processing them. This bug could crash the system (a denial of service attack, where an attacker makes a service unavailable) in versions before 2.9.0, 2.8.1, 2.7.2, and 2.6.4.

CVE-2022-29191: TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implem

mediumvulnerability
security
May 20, 2022
CVE-2022-29191

TensorFlow, an open source machine learning platform, had a vulnerability in its `tf.raw_ops.GetSessionTensor` function (a command for retrieving tensor data from a session) where it did not properly validate input arguments, allowing attackers to crash the system through a denial of service attack (making software unavailable by overwhelming or breaking it). The vulnerability was fixed in TensorFlow versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4.

CVE-2022-21426: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supp

mediumvulnerability
security
Apr 19, 2022
CVE-2022-21426

A vulnerability in Oracle Java SE and Oracle GraalVM Enterprise Edition (a high-performance Java runtime) in the JAXP component (Java API for XML Processing, which handles XML data) allows an unauthenticated attacker to partially disable these systems over a network. The vulnerability affects specific versions of Java and can be exploited through untrusted code in web applications or through web services that supply data to the vulnerable APIs, with a severity rating of 5.3 out of 10.

CVE-2022-24770: `gradio` is an open source framework for building interactive machine learning models and demos. Prior to version 2.8.11

highvulnerability
security
Mar 17, 2022
CVE-2022-24770

Gradio, a framework for building interactive machine learning demos, has a vulnerability in versions before 2.8.11 where its flagging feature (which saves data to CSV files) can be tricked into storing harmful commands in the file. If someone opens this CSV file in Excel or similar programs, those commands run automatically on their computer.

CVE-2022-0845: Code Injection in GitHub repository pytorchlightning/pytorch-lightning prior to 1.6.0.

criticalvulnerability
security
Mar 5, 2022
CVE-2022-0845

CVE-2022-0845 is a code injection vulnerability (a flaw where an attacker can insert and execute malicious code) in PyTorch Lightning, a machine learning framework, affecting versions before 1.6.0. The vulnerability stems from improper control over code generation, allowing attackers to run arbitrary code through the affected software.

CVE-2022-0736: Insecure Temporary File in GitHub repository mlflow/mlflow prior to 1.23.1.

highvulnerability
security
Feb 23, 2022
CVE-2022-0736

MLflow, a machine learning platform, had an insecure temporary file vulnerability (CWE-377, a weakness where temporary files are created without proper security protections) in versions before 1.23.1. This vulnerability could potentially allow attackers to access or modify sensitive data stored in temporary files.

CVE-2022-23595: Tensorflow is an Open Source Machine Learning Framework. When building an XLA compilation cache, if default settings are

mediumvulnerability
security
Feb 4, 2022
CVE-2022-23595

TensorFlow (an open source machine learning framework) has a vulnerability where building an XLA compilation cache (a storage system that speeds up machine learning model compilation) with default settings causes a null pointer dereference (a crash that happens when code tries to use a memory location that doesn't exist). This occurs because the default configuration allows all devices, leaving a critical variable empty.

CVE-2022-23594: Tensorflow is an Open Source Machine Learning Framework. The TFG dialect of TensorFlow (MLIR) makes several assumptions

highvulnerability
security
Feb 4, 2022
CVE-2022-23594

TensorFlow (an open-source machine learning framework) has a vulnerability in its TFG dialect, which is part of MLIR (a compiler framework for optimizing code). An attacker can modify the SavedModel format (the way trained models are saved to disk) to break assumptions the system makes, which can crash the Python interpreter or cause heap OOB (out-of-bounds memory access, where code reads or writes memory it shouldn't).

Previous92 / 109Next

Fix: Update TensorFlow to version 2.9.0, 2.8.1, 2.7.2, or 2.6.4 or later. The source states: 'Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.'

NVD/CVE Database

Fix: Update TensorFlow to version 2.9.0, 2.8.1, 2.7.2, or 2.6.4 or later, as these versions contain a patch for this issue.

NVD/CVE Database

Fix: Update TensorFlow to versions 2.9.0, 2.8.1, 2.7.2, or 2.6.4 or later, which contain a patch for this issue.

NVD/CVE Database

Fix: Update TensorFlow to version 2.9.0, 2.8.1, 2.7.2, or 2.6.4 or later, which contain a patch for this issue.

NVD/CVE Database

Fix: Update TensorFlow to version 2.9.0, 2.8.1, 2.7.2, or 2.6.4 or later, which contain patches for this issue.

NVD/CVE Database

Fix: Update TensorFlow to version 2.9.0, 2.8.1, 2.7.2, or 2.6.4 or later, as these versions contain a patch for this issue.

NVD/CVE Database

Fix: Update TensorFlow to version 2.9.0, 2.8.1, 2.7.2, or 2.6.4 or later, as these versions contain a patch for this issue.

NVD/CVE Database

Fix: Update to TensorFlow versions 2.9.0, 2.8.1, 2.7.2, or 2.6.4, which contain patches that fix this input validation issue.

NVD/CVE Database

Fix: Update TensorFlow to version 2.9.0, 2.8.1, 2.7.2, or 2.6.4 or later, as these versions contain a patch for this issue.

NVD/CVE Database

Fix: Update TensorFlow to version 2.9.0, 2.8.1, 2.7.2, or 2.6.4 or later. The source states: 'Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.'

NVD/CVE Database

Fix: Update TensorFlow to version 2.9.0, 2.8.1, 2.7.2, or 2.6.4, which contain patches for this issue.

NVD/CVE Database

Fix: Update TensorFlow to one of the patched versions: 2.9.0, 2.8.1, 2.7.2, or 2.6.4. A patch is available at https://github.com/tensorflow/tensorflow/commit/098e7762d909bac47ce1dbabe6dfd06294cb9d58.

NVD/CVE Database

Fix: Update TensorFlow to one of the patched versions: 2.9.0, 2.8.1, 2.7.2, or 2.6.4.

NVD/CVE Database
NVD/CVE Database

Fix: Update gradio to version 2.8.11 or later, which escapes saved CSV data with single quotes to prevent command execution. As a workaround, avoid opening CSV files generated by gradio with Excel or similar spreadsheet programs.

NVD/CVE Database

Fix: Update PyTorch Lightning to version 1.6.0 or later. A patch is available at https://github.com/pytorchlightning/pytorch-lightning/commit/8b7a12c52e52a06408e9231647839ddb4665e8ae

NVD/CVE Database

Fix: Update MLflow to version 1.23.1 or later. A patch is available at https://github.com/mlflow/mlflow/commit/61984e6843d2e59235d82a580c529920cd8f3711.

NVD/CVE Database

Fix: The fix will be included in TensorFlow 2.8.0. Patches will also be released in TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3.

NVD/CVE Database
NVD/CVE Database