tensorflow-cpu

PyPI424 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting tensorflow-cpupage 7 of 9

CVE-2022-29193MEDIUMCVSS 5.5EG 5.5✓ Fixed in 2.8.1
2022-05-20
vulnerable: 2.8.0
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.TensorSummaryV2` does not fully validate the input arguments. This results in a `CHECK`-failure…
CVE-2022-29194MEDIUMCVSS 5.5EG 5.5✓ Fixed in 2.8.1
2022-05-20
vulnerable: 2.8.0
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.DeleteSessionTensor` does not fully validate the input arguments. This results in a `CHECK`-fai…
CVE-2022-29195MEDIUMCVSS 5.5EG 5.5✓ Fixed in 2.8.1
2022-05-20
vulnerable: 2.8.0
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.StagePeek` does not fully validate the input arguments. This results in a `CHECK`-failure which…
CVE-2022-29196MEDIUMCVSS 5.5EG 5.5✓ Fixed in 2.8.1
2022-05-20
vulnerable: 2.8.0
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.Conv3DBackpropFilterV2` does not fully validate the input arguments. This results in a `CHECK`-…
CVE-2022-29197MEDIUMCVSS 5.5EG 5.5✓ Fixed in 2.8.1
2022-05-20
vulnerable: 2.8.0
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.UnsortedSegmentJoin` does not fully validate the input arguments. This results in a `CHECK`-fai…
CVE-2022-29198MEDIUMCVSS 5.5EG 5.5✓ Fixed in 2.8.1
2022-05-20
vulnerable: 2.8.0
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.SparseTensorToCSRSparseMatrix` does not fully validate the input arguments. This results in a `…
CVE-2022-29199MEDIUMCVSS 5.5EG 5.5✓ Fixed in 2.8.1
2022-05-20
vulnerable: 2.8.0
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.LoadAndRemapMatrix does not fully validate the input arguments. This results in a `CHECK`-failu…
CVE-2022-29200MEDIUMCVSS 5.5EG 5.5✓ Fixed in 2.8.1
2022-05-20
vulnerable: 2.8.0
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.LSTMBlockCell` does not fully validate the input arguments. This results in a `CHECK`-failure w…
CVE-2022-29201MEDIUMCVSS 5.5EG 5.5✓ Fixed in 2.8.1
2022-05-20
vulnerable: 2.8.0
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.QuantizedConv2D` does not fully validate the input arguments. In this case, references get boun…
CVE-2022-29202MEDIUMCVSS 5.5EG 5.5✓ Fixed in 2.8.1
2022-05-20
vulnerable: 2.8.0
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.ragged.constant` does not fully validate the input arguments. This results in a denial of service by co…
CVE-2022-29203MEDIUMCVSS 5.5EG 5.5✓ Fixed in 2.8.1
2022-05-20
vulnerable: 2.8.0
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.SpaceToBatchND` (in all backends such as XLA and handwritten kernels) is vulnerable to an integ…
CVE-2022-29204MEDIUMCVSS 5.5EG 5.5✓ Fixed in 2.8.1
2022-05-20
vulnerable: 2.8.0
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.UnsortedSegmentJoin` does not fully validate the input arguments. This results in a `CHECK`-fai…
CVE-2022-29205MEDIUMCVSS 5.5EG 5.5✓ Fixed in 2.8.1
2022-05-20
vulnerable: 2.8.0
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, there is a potential for segfault / denial of service in TensorFlow by calling `tf.compat.v1.*` ops which don't yet have support …
CVE-2022-29206MEDIUMCVSS 5.5EG 5.5✓ Fixed in 2.8.1
2022-05-20
vulnerable: 2.8.0
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.SparseTensorDenseAdd` does not fully validate the input arguments. In this case, a reference ge…
CVE-2022-29207MEDIUMCVSS 5.5EG 5.5✓ Fixed in 2.8.1
2022-05-20
vulnerable: 2.8.0
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, multiple TensorFlow operations misbehave in eager mode when the resource handle provided to them is invalid. In graph mode, it wo…
CVE-2022-29208HIGHCVSS 7.1EG 7.1✓ Fixed in 2.8.1
2022-05-20
vulnerable: 2.8.0
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.EditDistance` has incomplete validation. Users can pass negative values to cause a segmentation…
CVE-2022-29209MEDIUMCVSS 5.5EG 5.5✓ Fixed in 2.8.1
2022-05-21
vulnerable: 2.8.0
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the macros that TensorFlow uses for writing assertions (e.g., `CHECK_LT`, `CHECK_GT`, etc.) have an incorrect logic when comparin…
CVE-2022-29210MEDIUMCVSS 5.5EG 5.5✓ Fixed in 2.8.1
2022-05-21
vulnerable: 2.8.0
TensorFlow is an open source platform for machine learning. In version 2.8.0, the `TensorKey` hash function used total estimated `AllocatedBytes()`, which (a) is an estimate per tensor, and (b) is a very poor hash function for constants (e…
CVE-2022-29211MEDIUMCVSS 5.5EG 5.5✓ Fixed in 2.8.1
2022-05-21
vulnerable: 2.8.0
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.histogram_fixed_width` is vulnerable to a crash when the values array contain `Not a Number` (`NaN`) el…
CVE-2022-29212MEDIUMCVSS 5.5EG 5.5✓ Fixed in 2.8.1
2022-05-21
vulnerable: 2.8.0
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, certain TFLite models that were created using TFLite model converter would crash when loaded in the TFLite interpreter. The culpr…
CVE-2022-29213MEDIUMCVSS 5.5EG 5.5✓ Fixed in 2.8.1
2022-05-21
vulnerable: 2.8.0
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the `tf.compat.v1.signal.rfft2d` and `tf.compat.v1.signal.rfft3d` lack input validation and under certain condition can result in…
CVE-2022-29216HIGHCVSS 7.8EG 7.8✓ Fixed in 2.8.1
2022-05-21
vulnerable: 2.8.0
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, TensorFlow's `saved_model_cli` tool is vulnerable to a code injection. This can be used to open a reverse shell. This code path w…
CVE-2022-35934MEDIUMCVSS 5.9EG 5.9✓ Fixed in 2.9.1
2022-09-16
vulnerable: 2.9.0
TensorFlow is an open source platform for machine learning. The implementation of tf.reshape op in TensorFlow is vulnerable to a denial of service via CHECK-failure (assertion failure) caused by overflowing the number of elements in a tens…
CVE-2022-35935MEDIUMCVSS 5.9EG 5.9✓ Fixed in 2.9.1
2022-09-16
vulnerable: 2.9.0
TensorFlow is an open source platform for machine learning. The implementation of SobolSampleOp is vulnerable to a denial of service via CHECK-failure (assertion failure) caused by assuming `input(0)`, `input(1)`, and `input(2)` to be scal…
CVE-2022-35937HIGHCVSS 7.0EG 7.0✓ Fixed in 2.9.1
2022-09-16
vulnerable: 2.9.0
TensorFlow is an open source platform for machine learning. The `GatherNd` function takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds…
CVE-2022-35939HIGHCVSS 7.0EG 7.0✓ Fixed in 2.9.1
2022-09-16
vulnerable: 2.9.0
TensorFlow is an open source platform for machine learning. The `ScatterNd` function takes an input argument that determines the indices of of the output tensor. An input index greater than the output tensor or less than zero will either w…
CVE-2022-35940MEDIUMCVSS 5.9EG 5.9✓ Fixed in 2.9.1
2022-09-16
vulnerable: 2.9.0
TensorFlow is an open source platform for machine learning. The `RaggedRangOp` function takes an argument `limits` that is eventually used to construct a `TensorShape` as an `int64`. If `limits` is a very large float, it can overflow when …
CVE-2022-35941MEDIUMCVSS 5.9EG 5.9✓ Fixed in 2.9.2
2022-09-16
vulnerable: 2.9.0, 2.9.1
TensorFlow is an open source platform for machine learning. The `AvgPoolOp` function takes an argument `ksize` that must be positive but is not checked. A negative `ksize` can trigger a `CHECK` failure and crash the program. We have patche…
CVE-2022-35952MEDIUMCVSS 5.9EG 5.9✓ Fixed in 2.9.1
2022-09-16
vulnerable: 2.9.0
TensorFlow is an open source platform for machine learning. The `UnbatchGradOp` function takes an argument `id` that is assumed to be a scalar. A nonscalar `id` can trigger a `CHECK` failure and crash the program. It also requires its argu…
CVE-2022-35959MEDIUMCVSS 5.9EG 5.9✓ Fixed in 2.9.1
2022-09-16
vulnerable: 2.9.0
TensorFlow is an open source platform for machine learning. The implementation of `AvgPool3DGradOp` does not fully validate the input `orig_input_shape`. This results in an overflow that results in a `CHECK` failure which can be used to tr…
CVE-2022-35960MEDIUMCVSS 5.9EG 5.9✓ Fixed in 2.9.1
2022-09-16
vulnerable: 2.9.0
TensorFlow is an open source platform for machine learning. In `core/kernels/list_kernels.cc's TensorListReserve`, `num_elements` is assumed to be a tensor of size 1. When a `num_elements` of more than 1 element is provided, then `tf.raw_o…
CVE-2022-35963MEDIUMCVSS 5.9EG 5.9✓ Fixed in 2.9.1
2022-09-16
vulnerable: 2.9.0
TensorFlow is an open source platform for machine learning. The implementation of `FractionalAvgPoolGrad` does not fully validate the input `orig_input_tensor_shape`. This results in an overflow that results in a `CHECK` failure which can …
CVE-2022-35964MEDIUMCVSS 5.9EG 5.9✓ Fixed in 2.9.1
2022-09-16
vulnerable: 2.9.0
TensorFlow is an open source platform for machine learning. The implementation of `BlockLSTMGradV2` does not fully validate its inputs. This results in a a segfault that can be used to trigger a denial of service attack. We have patched th…
CVE-2022-35965MEDIUMCVSS 5.9EG 5.9✓ Fixed in 2.9.1
2022-09-16
vulnerable: 2.9.0
TensorFlow is an open source platform for machine learning. If `LowerBound` or `UpperBound` is given an empty`sorted_inputs` input, it results in a `nullptr` dereference, leading to a segfault that can be used to trigger a denial of servic…
CVE-2022-35966MEDIUMCVSS 5.9EG 5.9✓ Fixed in 2.9.1
2022-09-16
vulnerable: 2.9.0
TensorFlow is an open source platform for machine learning. If `QuantizedAvgPool` is given `min_input` or `max_input` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patch…
CVE-2022-35967MEDIUMCVSS 5.9EG 5.9✓ Fixed in 2.9.1
2022-09-16
vulnerable: 2.9.0
TensorFlow is an open source platform for machine learning. If `QuantizedAdd` is given `min_input` or `max_input` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched t…
CVE-2022-35968MEDIUMCVSS 5.9EG 5.9✓ Fixed in 2.9.1
2022-09-16
vulnerable: 2.9.0
TensorFlow is an open source platform for machine learning. The implementation of `AvgPoolGrad` does not fully validate the input `orig_input_shape`. This results in a `CHECK` failure which can be used to trigger a denial of service attack…
CVE-2022-35969MEDIUMCVSS 5.9EG 5.9✓ Fixed in 2.9.1
2022-09-16
vulnerable: 2.9.0
TensorFlow is an open source platform for machine learning. The implementation of `Conv2DBackpropInput` requires `input_sizes` to be 4-dimensional. Otherwise, it gives a `CHECK` failure which can be used to trigger a denial of service atta…
CVE-2022-35970MEDIUMCVSS 5.9EG 5.9✓ Fixed in 2.9.1
2022-09-16
vulnerable: 2.9.0
TensorFlow is an open source platform for machine learning. If `QuantizedInstanceNorm` is given `x_min` or `x_max` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched …
CVE-2022-35971MEDIUMCVSS 5.9EG 5.9✓ Fixed in 2.9.1
2022-09-16
vulnerable: 2.9.0
TensorFlow is an open source platform for machine learning. If `FakeQuantWithMinMaxVars` is given `min` or `max` tensors of a nonzero rank, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patche…
CVE-2022-35972MEDIUMCVSS 5.9EG 5.9✓ Fixed in 2.9.1
2022-09-16
vulnerable: 2.9.0
TensorFlow is an open source platform for machine learning. If `QuantizedBiasAdd` is given `min_input`, `max_input`, `min_bias`, `max_bias` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service…
CVE-2022-35973MEDIUMCVSS 5.9EG 5.9✓ Fixed in 2.9.1
2022-09-16
vulnerable: 2.9.0
TensorFlow is an open source platform for machine learning. If `QuantizedMatMul` is given nonscalar input for: `min_a`, `max_a`, `min_b`, or `max_b` It gives a segfault that can be used to trigger a denial of service attack. We have patche…
CVE-2022-35974MEDIUMCVSS 5.9EG 5.9✓ Fixed in 2.9.1
2022-09-16
vulnerable: 2.9.0
TensorFlow is an open source platform for machine learning. If `QuantizeDownAndShrinkRange` is given nonscalar inputs for `input_min` or `input_max`, it results in a segfault that can be used to trigger a denial of service attack. We have …
CVE-2022-35979MEDIUMCVSS 5.9EG 5.9✓ Fixed in 2.9.1
2022-09-16
vulnerable: 2.9.0
TensorFlow is an open source platform for machine learning. If `QuantizedRelu` or `QuantizedRelu6` are given nonscalar inputs for `min_features` or `max_features`, it results in a segfault that can be used to trigger a denial of service at…
CVE-2022-35981MEDIUMCVSS 5.9EG 5.9✓ Fixed in 2.9.1
2022-09-16
vulnerable: 2.9.0
TensorFlow is an open source platform for machine learning. `FractionalMaxPoolGrad` validates its inputs with `CHECK` failures instead of with returning errors. If it gets incorrectly sized inputs, the `CHECK` failure can be used to trigge…
CVE-2022-35982MEDIUMCVSS 5.9EG 5.9✓ Fixed in 2.9.1
2022-09-16
vulnerable: 2.9.0
TensorFlow is an open source platform for machine learning. If `SparseBincount` is given inputs for `indices`, `values`, and `dense_shape` that do not make a valid sparse tensor, it results in a segfault that can be used to trigger a denia…
CVE-2022-35983MEDIUMCVSS 5.9EG 5.9✓ Fixed in 2.9.1
2022-09-16
vulnerable: 2.9.0
TensorFlow is an open source platform for machine learning. If `Save` or `SaveSlices` is run over tensors of an unsupported `dtype`, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the i…
CVE-2022-35984MEDIUMCVSS 5.9EG 5.9✓ Fixed in 2.9.1
2022-09-16
vulnerable: 2.9.0
TensorFlow is an open source platform for machine learning. `ParameterizedTruncatedNormal` assumes `shape` is of type `int32`. A valid `shape` of type `int64` results in a mismatched type `CHECK` fail that can be used to trigger a denial o…
CVE-2022-35985MEDIUMCVSS 5.9EG 5.9✓ Fixed in 2.9.1
2022-09-16
vulnerable: 2.9.0
TensorFlow is an open source platform for machine learning. If `LRNGrad` is given an `output_image` input tensor that is not 4-D, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issu…
CVE-2022-35987MEDIUMCVSS 5.9EG 5.9✓ Fixed in 2.9.1
2022-09-16
vulnerable: 2.9.0
TensorFlow is an open source platform for machine learning. `DenseBincount` assumes its input tensor `weights` to either have the same shape as its input tensor `input` or to be length-0. A different `weights` shape will trigger a `CHECK` …

Check whether tensorflow-cpu is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for tensorflow-cpu CVEs against the assets you own.

Start Free Scan →