Bitnami package
tensorflow
pkg:bitnami/tensorflow
Vulnerabilities (423)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-41196 | — | < 2.4.4 | 2.4.4 | Nov 5, 2021 | TensorFlow is an open source platform for machine learning. In affected versions the Keras pooling layers can trigger a segfault if the size of the pool is 0 or if a dimension is negative. This is due to the TensorFlow's implementation of pooling operations where the values in th | ||
| CVE-2021-41195 | — | < 2.4.4 | 2.4.4 | Nov 5, 2021 | TensorFlow is an open source platform for machine learning. In affected versions the implementation of `tf.math.segment_*` operations results in a `CHECK`-fail related abort (and denial of service) if a segment id in `segment_ids` is large. This is similar to CVE-2021-29584 (and | ||
| CVE-2021-37690 | — | >= 2.3.0, < 2.3.4 | 2.3.4 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions when running shape functions, some functions (such as `MutableHashTableShape`) produce extra output information in the form of a `ShapeAndType` struct. The shapes embedded in this struct a | ||
| CVE-2021-37678 | — | >= 2.3.0, < 2.3.4 | 2.3.4 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions TensorFlow and Keras can be tricked to perform arbitrary code execution when deserializing a Keras model from YAML format. The [implementation](https://github.com/tensorflow/tensorflow/blo | ||
| CVE-2021-37692 | — | >= 2.5.0, < 2.6.0 | 2.6.0 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions under certain conditions, Go code can trigger a segfault in string deallocation. For string tensors, `C.TF_TString_Dealloc` is called during garbage collection within a finalizer function. | ||
| CVE-2021-37669 | — | >= 2.3.0, < 2.3.4 | 2.3.4 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause denial of service in applications serving models using `tf.raw_ops.NonMaxSuppressionV5` by triggering a division by 0. The [implementation](https://github.com/tensorf | ||
| CVE-2021-37673 | — | >= 2.3.0, < 2.3.4 | 2.3.4 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a denial of service via a `CHECK`-fail in `tf.raw_ops.MapStage`. The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1 | ||
| CVE-2021-37663 | — | >= 2.3.0, < 2.3.4 | 2.3.4 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in `tf.raw_ops.QuantizeV2`, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap | ||
| CVE-2021-37682 | — | >= 2.3.0, < 2.3.4 | 2.3.4 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions all TFLite operations that use quantization can be made to use unitialized values. [For example](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tens | ||
| CVE-2021-37674 | — | >= 2.3.0, < 2.3.4 | 2.3.4 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a denial of service via a segmentation fault in `tf.raw_ops.MaxPoolGrad` caused by missing validation. The [implementation](https://github.com/tensorflow/tensorflow | ||
| CVE-2021-37665 | — | >= 2.3.0, < 2.3.4 | 2.3.4 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in MKL implementation of requantization, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bo | ||
| CVE-2021-37677 | — | >= 2.3.0, < 2.3.4 | 2.3.4 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions the shape inference code for `tf.raw_ops.Dequantize` has a vulnerability that could trigger a denial of service via a segfault if an attacker provides invalid arguments. The shape inferenc | ||
| CVE-2021-37683 | — | >= 2.3.0, < 2.3.4 | 2.3.4 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of division in TFLite is [vulnerable to a division by 0 error](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/lite/ker | ||
| CVE-2021-37684 | — | >= 2.3.0, < 2.3.4 | 2.3.4 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementations of pooling in TFLite are vulnerable to division by 0 errors as there are no checks for divisors not being 0. We have patched the issue in GitHub commit [dfa22b348b70bb8 | ||
| CVE-2021-37668 | — | >= 2.3.0, < 2.3.4 | 2.3.4 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause denial of service in applications serving models using `tf.raw_ops.UnravelIndex` by triggering a division by 0. The [implementation](https://github.com/tensorflow/ten | ||
| CVE-2021-37670 | — | >= 2.3.0, < 2.3.4 | 2.3.4 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to `tf.raw_ops.UpperBound`. The [implementation](https://github.com/tensor | ||
| CVE-2021-37691 | — | >= 2.3.0, < 2.3.4 | 2.3.4 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a division by zero error in LSH [implementation](https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b810 | ||
| CVE-2021-37679 | — | >= 2.3.0, < 2.3.4 | 2.3.4 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions it is possible to nest a `tf.map_fn` within another `tf.map_fn` call. However, if the input tensor is a `RaggedTensor` and there is no function signature provided, code assumes the output | ||
| CVE-2021-37672 | — | >= 2.3.0, < 2.3.4 | 2.3.4 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to `tf.raw_ops.SdcaOptimizerV2`. The [implementation](https://github.com/t | ||
| CVE-2021-37687 | — | >= 2.3.0, < 2.3.4 | 2.3.4 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions TFLite's [`GatherNd` implementation](https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels/gather_nd.cc#L124) does not support nega |
- CVE-2021-41196Nov 5, 2021affected < 2.4.4fixed 2.4.4
TensorFlow is an open source platform for machine learning. In affected versions the Keras pooling layers can trigger a segfault if the size of the pool is 0 or if a dimension is negative. This is due to the TensorFlow's implementation of pooling operations where the values in th
- CVE-2021-41195Nov 5, 2021affected < 2.4.4fixed 2.4.4
TensorFlow is an open source platform for machine learning. In affected versions the implementation of `tf.math.segment_*` operations results in a `CHECK`-fail related abort (and denial of service) if a segment id in `segment_ids` is large. This is similar to CVE-2021-29584 (and
- CVE-2021-37690Aug 12, 2021affected >= 2.3.0, < 2.3.4fixed 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions when running shape functions, some functions (such as `MutableHashTableShape`) produce extra output information in the form of a `ShapeAndType` struct. The shapes embedded in this struct a
- CVE-2021-37678Aug 12, 2021affected >= 2.3.0, < 2.3.4fixed 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions TensorFlow and Keras can be tricked to perform arbitrary code execution when deserializing a Keras model from YAML format. The [implementation](https://github.com/tensorflow/tensorflow/blo
- CVE-2021-37692Aug 12, 2021affected >= 2.5.0, < 2.6.0fixed 2.6.0
TensorFlow is an end-to-end open source platform for machine learning. In affected versions under certain conditions, Go code can trigger a segfault in string deallocation. For string tensors, `C.TF_TString_Dealloc` is called during garbage collection within a finalizer function.
- CVE-2021-37669Aug 12, 2021affected >= 2.3.0, < 2.3.4fixed 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause denial of service in applications serving models using `tf.raw_ops.NonMaxSuppressionV5` by triggering a division by 0. The [implementation](https://github.com/tensorf
- CVE-2021-37673Aug 12, 2021affected >= 2.3.0, < 2.3.4fixed 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a denial of service via a `CHECK`-fail in `tf.raw_ops.MapStage`. The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1
- CVE-2021-37663Aug 12, 2021affected >= 2.3.0, < 2.3.4fixed 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in `tf.raw_ops.QuantizeV2`, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap
- CVE-2021-37682Aug 12, 2021affected >= 2.3.0, < 2.3.4fixed 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions all TFLite operations that use quantization can be made to use unitialized values. [For example](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tens
- CVE-2021-37674Aug 12, 2021affected >= 2.3.0, < 2.3.4fixed 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a denial of service via a segmentation fault in `tf.raw_ops.MaxPoolGrad` caused by missing validation. The [implementation](https://github.com/tensorflow/tensorflow
- CVE-2021-37665Aug 12, 2021affected >= 2.3.0, < 2.3.4fixed 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in MKL implementation of requantization, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bo
- CVE-2021-37677Aug 12, 2021affected >= 2.3.0, < 2.3.4fixed 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the shape inference code for `tf.raw_ops.Dequantize` has a vulnerability that could trigger a denial of service via a segfault if an attacker provides invalid arguments. The shape inferenc
- CVE-2021-37683Aug 12, 2021affected >= 2.3.0, < 2.3.4fixed 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of division in TFLite is [vulnerable to a division by 0 error](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/lite/ker
- CVE-2021-37684Aug 12, 2021affected >= 2.3.0, < 2.3.4fixed 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementations of pooling in TFLite are vulnerable to division by 0 errors as there are no checks for divisors not being 0. We have patched the issue in GitHub commit [dfa22b348b70bb8
- CVE-2021-37668Aug 12, 2021affected >= 2.3.0, < 2.3.4fixed 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause denial of service in applications serving models using `tf.raw_ops.UnravelIndex` by triggering a division by 0. The [implementation](https://github.com/tensorflow/ten
- CVE-2021-37670Aug 12, 2021affected >= 2.3.0, < 2.3.4fixed 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to `tf.raw_ops.UpperBound`. The [implementation](https://github.com/tensor
- CVE-2021-37691Aug 12, 2021affected >= 2.3.0, < 2.3.4fixed 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a division by zero error in LSH [implementation](https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b810
- CVE-2021-37679Aug 12, 2021affected >= 2.3.0, < 2.3.4fixed 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions it is possible to nest a `tf.map_fn` within another `tf.map_fn` call. However, if the input tensor is a `RaggedTensor` and there is no function signature provided, code assumes the output
- CVE-2021-37672Aug 12, 2021affected >= 2.3.0, < 2.3.4fixed 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to `tf.raw_ops.SdcaOptimizerV2`. The [implementation](https://github.com/t
- CVE-2021-37687Aug 12, 2021affected >= 2.3.0, < 2.3.4fixed 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions TFLite's [`GatherNd` implementation](https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels/gather_nd.cc#L124) does not support nega
Page 12 of 22