Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in TensorFlow

Vulnerability Details

CVEID:   CVE-2022-21741
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a divide-by-zero condition in the implementation of depthwise convolutions in TFLite. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218738 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-21738
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by an integer overflow condition in the implementation of SparseCountSparseOutput. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218743 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-21734
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by an assertion failure in MapStage if the key tensor is not scalar. A remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218755 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-21730
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by an out-of-bounds read in FractionalAvgPoolGrad. A remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 8.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218766 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H)

CVEID:   CVE-2022-21729
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a divide by zero error in UnravelIndex. A remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218767 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-21727
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by an integer overflow in Dequantize. A remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 7.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218769 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H)

CVEID:   CVE-2022-23567
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a flaw in Sparse*Cwise when building new TensorShape objects. A remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218739 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-21737
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by an assertion failure in the implementation of *Bincount operations. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218744 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-21733
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by missing validation in pad_witdh. A remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218756 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2022-21732
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by excessive memory allocation in ThreadPoolHandle. A remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218757 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2022-23569
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by an assertion failure. A remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218736 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-21728
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by an out-of-bounds read in ReverseSequence. A remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 8.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218768 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H)

CVEID:   CVE-2022-21726
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by an out-of-bounds read in Dequantize. A remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 8.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218770 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H)

CVEID:   CVE-2022-21740
DESCRIPTION:   TensorFlow is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the implementation of SparseCountSparseOutput. By sending a specially-crafted HTTP request, a remote authenticated attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base score: 7.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218741 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H)

CVEID:   CVE-2022-21736
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a NULL pointer dereference in SparseTensorSliceDataset. A remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 7.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218753 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H)

CVEID:   CVE-2022-21735
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a divide-by-zero error in FractionalMaxPool. A remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218754 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-21731
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a flaw in the shape inference for ConcatV2. A remote authenticated attacker could exploit this vulnerability to cause a segmentation fault.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218765 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-23568
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by an assertion failure in AddManySparseToTensorsMap when building new TensorShape objects. A remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218737 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-21725
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a divide-by-zero error in the estimator for the cost of some convolution operations. A remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218771 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-21739
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a reference binding to a null pointer in the implementation of QuantizedMaxPool. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218742 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-23581
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a'CHECK' failure. By sending a specially-crafted request with an altered SavedModel (IsSimplifiableReshape), a remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218966 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-23595
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a NULL pointer dereference when building an XLA compilation cache using default settings. A remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218893 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-23577
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a NULL pointer dereference in the implementation of GetInitOp. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218970 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-23587
DESCRIPTION:   TensorFlow could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow during cost estimation for crop and resize operations. By sending a specially-crafted request using the cropping parameters, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218897 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:   CVE-2022-23572
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a failure to specialize a type during shape inference. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/219144 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-23592
DESCRIPTION:   TensorFlow could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a heap out-of-bounds read in the index.php script. An attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 8.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218901 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H)

CVEID:   CVE-2022-23571
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a CHECK-fail when decoding invalid tensors from proto. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/219145 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-23591
DESCRIPTION:   TensorFlow vulnerable to a denial of service, caused by a stack-based buffer overflow by the GraphDef format. A remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218902 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-23580
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by allocating a vector that is too large. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218967 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-23594
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a flaw in the TFG dialect when making assumptions about the incoming GraphDef before converting it to the MLIR-based dialect. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218894 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)

CVEID:   CVE-2022-23575
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by an integer overflow in the implementation of OpLevelCostEstimator::CalculateTensorSize. By creating an operation which would use a large enough number of elements, a remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/219132 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-23586
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by an assertion failure in function.cc. By altering a SavedModel, a remote authenticated attacker could exploit this vulnerability to crash the Python interpreter.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218898 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-23570
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a NULL pointer dereference when specializing tensor type. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/219146 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-23585
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a memory leak when decoding PNG files by the png::CommonInitDecode(..., &decode) component. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218899 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2022-23590
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by altering a GraphDef from a TensorFlow SavedModel. A remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218903 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-23579
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a 'CHECK' failure. By sending a specially-crafted request with an altered SavedModel (SafeToRemoveIdentity), a remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218968 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-23593
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a flaw in the simplifyBroadcast function when called with scalar shaped. A remote attacker could exploit this vulnerability to cause a segmentation fault.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218895 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-23574
DESCRIPTION:   TensorFlow is vulnerable to a heap-based buffer overflow, caused by a typo in SpecializeType. By sending a specially-crafted request, a remote authenticated attacker could read and write to outside of bounds data.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/219142 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:   CVE-2022-23566
DESCRIPTION:   TensorFlow is vulnerable to a heap-based buffer overflow, caused by a heap out-of-bounds write in Grappler. By sending a specially-crafted request, a remote authenticated attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/219147 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:   CVE-2022-23588
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a check failure in the Grappler optimizer. By altering a SavedModel using a reference dtype, a remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218896 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-23573
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by an uninitialized variable in the implementation of AssignOp. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 7.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/219143 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H)

CVEID:   CVE-2022-23584
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a use-after-free flaw when decoding PNG images by the png::CommonFreeDecode(&decode) component. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 7.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218900 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H)

CVEID:   CVE-2022-23583
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a type confusion. By sending a specially-crafted request with an altered SavedModel, a remote authenticated attacker could exploit this vulnerability to cause a 'CHECK' failure, leading to a denial of service.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218964 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-23589
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a NULL pointer dereference in the Grappler component. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218892 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-23578
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a memory leak in the implementation of ImmutableExecutorState::Initialize. By sending a specially-crafted request with an invalid graph node, a remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218969 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-23563
DESCRIPTION:   Tensorflow could allow a local authenticated attacker to bypass security restrictions, caused by an insecure temporary file flaw in the mktemp function. By sending a specially-crafted request, an attacker could exploit this vulnerability to create files between the check for the filename.
CVSS Base score: 7.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/219212 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)

CVEID:   CVE-2022-23565
DESCRIPTION:   Tensorflow is vulnerable to a denial of service, caused by a division by an assertion failure. By altering a SavedModel on disk with repeated AttrDef, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/219214 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-23582
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by an overflow of the size of an 'int'. By sending a specially-crafted request with an altered SavedModel (TensorByteSize), a remote attacker could exploit this vulnerability to cause a 'CHECK' failure, leading to a denial of service.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218965 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-23559
DESCRIPTION:   Tensorflow could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an integer overflow during embedding lookup operations. By using a specially-crafted TFLite model, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/219208 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:   CVE-2022-23576
DESCRIPTION:   TensorFlow could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an integer overflow in the implementation of OpLevelCostEstimator::CalculateOutputSize. An attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218971 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-23560
DESCRIPTION:   Tensorflow could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an out-of-bounds read/write flaw in arrays of TFLite. By using a specially-crafted TFLite model, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/219209 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:   CVE-2022-23564
DESCRIPTION:   Tensorflow is vulnerable to a denial of service, caused by a division by flaw when decoding a resource handle tensor from protobuf. By sending specially-crafted arguments, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition in processes.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/219213 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-23557
DESCRIPTION:   Tensorflow is vulnerable to a denial of service, caused by a division by zero in the BiasAndClamp implementation. By using a specially-crafted TFLite model, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/219206 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-23561
DESCRIPTION:   Tensorflow could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an out-of-bounds write flaw in arrays of TFLite. By using a specially-crafted TFLite model, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/219210 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:   CVE-2022-23558
DESCRIPTION:   Tensorflow could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an integer overflow during TFLite array creation. By using a specially-crafted TFLite model, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 7.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/219207 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H)

CVEID:   CVE-2022-23562
DESCRIPTION:   Tensorflow could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in the implementation of Range. By using a specially-crafted TFLite model, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 7.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/219211 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H)