Bitnami package
tensorflow
pkg:bitnami/tensorflow
Vulnerabilities (423)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-41202 | — | >= 2.4.0, < 2.4.4 | 2.4.4 | Nov 5, 2021 | TensorFlow is an open source platform for machine learning. In affected versions while calculating the size of the output within the `tf.range` kernel, there is a conditional statement of type `int64 = condition ? int64 : double`. Due to C++ implicit conversion rules, both branch | ||
| CVE-2021-41209 | — | >= 2.4.0, < 2.4.4 | 2.4.4 | Nov 5, 2021 | TensorFlow is an open source platform for machine learning. In affected versions the implementations for convolution operators trigger a division by 0 if passed empty filter tensor arguments. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on Ten | ||
| CVE-2021-41203 | — | < 2.4.4 | 2.4.4 | Nov 5, 2021 | TensorFlow is an open source platform for machine learning. In affected versions an attacker can trigger undefined behavior, integer overflows, segfaults and `CHECK`-fail crashes if they can change saved checkpoints from outside of TensorFlow. This is because the checkpoints load | ||
| CVE-2021-41215 | — | < 2.4.4 | 2.4.4 | Nov 5, 2021 | TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `DeserializeSparse` can trigger a null pointer dereference. This is because the shape inference function assumes that the `serialize_sparse` tensor is a tensor with posit | ||
| CVE-2021-41217 | — | < 2.4.4 | 2.4.4 | Nov 5, 2021 | TensorFlow is an open source platform for machine learning. In affected versions the process of building the control flow graph for a TensorFlow model is vulnerable to a null pointer exception when nodes that should be paired are not. This occurs because the code assumes that the | ||
| CVE-2021-41219 | — | < 2.4.4 | 2.4.4 | Nov 5, 2021 | TensorFlow is an open source platform for machine learning. In affected versions the code for sparse matrix multiplication is vulnerable to undefined behavior via binding a reference to `nullptr`. This occurs whenever the dimensions of `a` or `b` are 0 or less. In the case on one | ||
| CVE-2021-41214 | — | < 2.4.4 | 2.4.4 | Nov 5, 2021 | TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `tf.ragged.cross` has an undefined behavior due to binding a reference to `nullptr`. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on | ||
| CVE-2021-41204 | — | < 2.4.4 | 2.4.4 | Nov 5, 2021 | TensorFlow is an open source platform for machine learning. In affected versions during TensorFlow's Grappler optimizer phase, constant folding might attempt to deep copy a resource tensor. This results in a segfault, as these tensors are supposed to not change. The fix will be i | ||
| CVE-2021-41226 | — | < 2.4.4 | 2.4.4 | Nov 5, 2021 | TensorFlow is an open source platform for machine learning. In affected versions the implementation of `SparseBinCount` is vulnerable to a heap OOB access. This is because of missing validation between the elements of the `values` argument and the shape of the sparse output. The | ||
| CVE-2021-41223 | — | < 2.4.4 | 2.4.4 | Nov 5, 2021 | TensorFlow is an open source platform for machine learning. In affected versions the implementation of `FusedBatchNorm` kernels is vulnerable to a heap OOB access. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2. | ||
| CVE-2021-41224 | — | < 2.4.4 | 2.4.4 | Nov 5, 2021 | TensorFlow is an open source platform for machine learning. In affected versions the implementation of `SparseFillEmptyRows` can be made to trigger a heap OOB access. This occurs whenever the size of `indices` does not match the size of `values`. The fix will be included in Tenso | ||
| CVE-2021-41212 | — | < 2.4.4 | 2.4.4 | Nov 5, 2021 | TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `tf.ragged.cross` can trigger a read outside of bounds of heap allocated array. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on Tenso | ||
| CVE-2021-41211 | — | >= 2.6.0, < 2.6.1 | 2.6.1 | Nov 5, 2021 | TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `QuantizeV2` can trigger a read outside of bounds of heap allocated array. This occurs whenever `axis` is a negative value less than `-1`. In this case, we are accessing | ||
| CVE-2021-41205 | — | < 2.4.4 | 2.4.4 | Nov 5, 2021 | TensorFlow is an open source platform for machine learning. In affected versions the shape inference functions for the `QuantizeAndDequantizeV*` operations can trigger a read outside of bounds of heap allocated array. The fix will be included in TensorFlow 2.7.0. We will also che | ||
| CVE-2021-41210 | — | < 2.4.4 | 2.4.4 | Nov 5, 2021 | TensorFlow is an open source platform for machine learning. In affected versions the shape inference functions for `SparseCountSparseOutput` can trigger a read outside of bounds of heap allocated array. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this co | ||
| CVE-2021-41201 | — | < 2.4.4 | 2.4.4 | Nov 5, 2021 | TensorFlow is an open source platform for machine learning. In affeced versions during execution, `EinsumHelper::ParseEquation()` is supposed to set the flags in `input_has_ellipsis` vector and `*output_has_ellipsis` boolean to indicate whether there is ellipsis in the correspond | ||
| CVE-2021-41200 | — | < 2.4.4 | 2.4.4 | Nov 5, 2021 | TensorFlow is an open source platform for machine learning. In affected versions if `tf.summary.create_file_writer` is called with non-scalar arguments code crashes due to a `CHECK`-fail. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorF | ||
| CVE-2021-41197 | — | < 2.4.4 | 2.4.4 | Nov 5, 2021 | TensorFlow is an open source platform for machine learning. In affected versions TensorFlow allows tensor to have a large number of dimensions and each dimension can be as large as desired. However, the total number of elements in a tensor must fit within an `int64_t`. If an over | ||
| CVE-2021-41198 | — | < 2.4.4 | 2.4.4 | Nov 5, 2021 | TensorFlow is an open source platform for machine learning. In affected versions if `tf.tile` is called with a large input argument then the TensorFlow process will crash due to a `CHECK`-failure caused by an overflow. The number of elements in the output tensor is too much for t | ||
| CVE-2021-41199 | — | < 2.4.4 | 2.4.4 | Nov 5, 2021 | TensorFlow is an open source platform for machine learning. In affected versions if `tf.image.resize` is called with a large input argument then the TensorFlow process will crash due to a `CHECK`-failure caused by an overflow. The number of elements in the output tensor is too mu |
- CVE-2021-41202Nov 5, 2021affected >= 2.4.0, < 2.4.4fixed 2.4.4
TensorFlow is an open source platform for machine learning. In affected versions while calculating the size of the output within the `tf.range` kernel, there is a conditional statement of type `int64 = condition ? int64 : double`. Due to C++ implicit conversion rules, both branch
- CVE-2021-41209Nov 5, 2021affected >= 2.4.0, < 2.4.4fixed 2.4.4
TensorFlow is an open source platform for machine learning. In affected versions the implementations for convolution operators trigger a division by 0 if passed empty filter tensor arguments. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on Ten
- CVE-2021-41203Nov 5, 2021affected < 2.4.4fixed 2.4.4
TensorFlow is an open source platform for machine learning. In affected versions an attacker can trigger undefined behavior, integer overflows, segfaults and `CHECK`-fail crashes if they can change saved checkpoints from outside of TensorFlow. This is because the checkpoints load
- CVE-2021-41215Nov 5, 2021affected < 2.4.4fixed 2.4.4
TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `DeserializeSparse` can trigger a null pointer dereference. This is because the shape inference function assumes that the `serialize_sparse` tensor is a tensor with posit
- CVE-2021-41217Nov 5, 2021affected < 2.4.4fixed 2.4.4
TensorFlow is an open source platform for machine learning. In affected versions the process of building the control flow graph for a TensorFlow model is vulnerable to a null pointer exception when nodes that should be paired are not. This occurs because the code assumes that the
- CVE-2021-41219Nov 5, 2021affected < 2.4.4fixed 2.4.4
TensorFlow is an open source platform for machine learning. In affected versions the code for sparse matrix multiplication is vulnerable to undefined behavior via binding a reference to `nullptr`. This occurs whenever the dimensions of `a` or `b` are 0 or less. In the case on one
- CVE-2021-41214Nov 5, 2021affected < 2.4.4fixed 2.4.4
TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `tf.ragged.cross` has an undefined behavior due to binding a reference to `nullptr`. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on
- CVE-2021-41204Nov 5, 2021affected < 2.4.4fixed 2.4.4
TensorFlow is an open source platform for machine learning. In affected versions during TensorFlow's Grappler optimizer phase, constant folding might attempt to deep copy a resource tensor. This results in a segfault, as these tensors are supposed to not change. The fix will be i
- CVE-2021-41226Nov 5, 2021affected < 2.4.4fixed 2.4.4
TensorFlow is an open source platform for machine learning. In affected versions the implementation of `SparseBinCount` is vulnerable to a heap OOB access. This is because of missing validation between the elements of the `values` argument and the shape of the sparse output. The
- CVE-2021-41223Nov 5, 2021affected < 2.4.4fixed 2.4.4
TensorFlow is an open source platform for machine learning. In affected versions the implementation of `FusedBatchNorm` kernels is vulnerable to a heap OOB access. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.
- CVE-2021-41224Nov 5, 2021affected < 2.4.4fixed 2.4.4
TensorFlow is an open source platform for machine learning. In affected versions the implementation of `SparseFillEmptyRows` can be made to trigger a heap OOB access. This occurs whenever the size of `indices` does not match the size of `values`. The fix will be included in Tenso
- CVE-2021-41212Nov 5, 2021affected < 2.4.4fixed 2.4.4
TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `tf.ragged.cross` can trigger a read outside of bounds of heap allocated array. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on Tenso
- CVE-2021-41211Nov 5, 2021affected >= 2.6.0, < 2.6.1fixed 2.6.1
TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `QuantizeV2` can trigger a read outside of bounds of heap allocated array. This occurs whenever `axis` is a negative value less than `-1`. In this case, we are accessing
- CVE-2021-41205Nov 5, 2021affected < 2.4.4fixed 2.4.4
TensorFlow is an open source platform for machine learning. In affected versions the shape inference functions for the `QuantizeAndDequantizeV*` operations can trigger a read outside of bounds of heap allocated array. The fix will be included in TensorFlow 2.7.0. We will also che
- CVE-2021-41210Nov 5, 2021affected < 2.4.4fixed 2.4.4
TensorFlow is an open source platform for machine learning. In affected versions the shape inference functions for `SparseCountSparseOutput` can trigger a read outside of bounds of heap allocated array. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this co
- CVE-2021-41201Nov 5, 2021affected < 2.4.4fixed 2.4.4
TensorFlow is an open source platform for machine learning. In affeced versions during execution, `EinsumHelper::ParseEquation()` is supposed to set the flags in `input_has_ellipsis` vector and `*output_has_ellipsis` boolean to indicate whether there is ellipsis in the correspond
- CVE-2021-41200Nov 5, 2021affected < 2.4.4fixed 2.4.4
TensorFlow is an open source platform for machine learning. In affected versions if `tf.summary.create_file_writer` is called with non-scalar arguments code crashes due to a `CHECK`-fail. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorF
- CVE-2021-41197Nov 5, 2021affected < 2.4.4fixed 2.4.4
TensorFlow is an open source platform for machine learning. In affected versions TensorFlow allows tensor to have a large number of dimensions and each dimension can be as large as desired. However, the total number of elements in a tensor must fit within an `int64_t`. If an over
- CVE-2021-41198Nov 5, 2021affected < 2.4.4fixed 2.4.4
TensorFlow is an open source platform for machine learning. In affected versions if `tf.tile` is called with a large input argument then the TensorFlow process will crash due to a `CHECK`-failure caused by an overflow. The number of elements in the output tensor is too much for t
- CVE-2021-41199Nov 5, 2021affected < 2.4.4fixed 2.4.4
TensorFlow is an open source platform for machine learning. In affected versions if `tf.image.resize` is called with a large input argument then the TensorFlow process will crash due to a `CHECK`-failure caused by an overflow. The number of elements in the output tensor is too mu
Page 11 of 22