Bitnami package
tensorflow
pkg:bitnami/tensorflow
Vulnerabilities (423)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-37657 | — | >= 2.3.0, < 2.3.4 | 2.3.4 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type `tf.raw_ops.MatrixDiagV*`. The [implementation](https://github.com/tensorflow/ten | ||
| CVE-2021-37658 | — | >= 2.3.0, < 2.3.4 | 2.3.4 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type `tf.raw_ops.MatrixSetDiagV*`. The [implementation](https://github.com/tensorflow/ | ||
| CVE-2021-37644 | — | >= 2.3.0, < 2.3.4 | 2.3.4 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions providing a negative element to `num_elements` list argument of `tf.raw_ops.TensorListReserve` causes the runtime to abort the process due to reallocating a `std::vector` to have a negativ | ||
| CVE-2021-37654 | — | >= 2.3.0, < 2.3.4 | 2.3.4 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a crash via a `CHECK`-fail in debug builds of TensorFlow using `tf.raw_ops.ResourceGather` or a read from outside the bounds of heap allocated data in the same API | ||
| CVE-2021-37641 | — | >= 2.3.0, < 2.3.4 | 2.3.4 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions if the arguments to `tf.raw_ops.RaggedGather` don't determine a valid ragged tensor code can trigger a read from outside of bounds of heap allocated buffers. The [implementation](https://g | ||
| CVE-2021-37635 | — | >= 2.3.0, < 2.3.4 | 2.3.4 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of sparse reduction operations in TensorFlow can trigger accesses outside of bounds of heap allocated data. The [implementation](https://github.com/tensorflow/tensorflow | ||
| CVE-2021-37664 | — | >= 2.3.0, < 2.3.4 | 2.3.4 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to `BoostedTreesSparseCalculateBestFeatureSplit`. The [implementation](htt | ||
| CVE-2021-37659 | — | >= 2.3.0, < 2.3.4 | 2.3.4 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all binary cwise operations that don't require broadcasting (e.g., gradients of binary cwise operations) | ||
| CVE-2021-37655 | — | >= 2.3.0, < 2.3.4 | 2.3.4 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a read from outside of bounds of heap allocated data by sending invalid arguments to `tf.raw_ops.ResourceScatterUpdate`. The [implementation](https://github.com/ten | ||
| CVE-2021-37637 | — | >= 2.3.0, < 2.3.4 | 2.3.4 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. It is possible to trigger a null pointer dereference in TensorFlow by passing an invalid input to `tf.raw_ops.CompressElement`. The [implementation](https://github.com/tensorflow/tensorflow/blob/47a06f40411a69 | ||
| CVE-2021-37649 | — | >= 2.3.0, < 2.3.4 | 2.3.4 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. The code for `tf.raw_ops.UncompressElement` can be made to trigger a null pointer dereference. The [implementation](https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensor | ||
| CVE-2021-37647 | — | >= 2.3.0, < 2.3.4 | 2.3.4 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. When a user does not supply arguments that determine a valid sparse tensor, `tf.raw_ops.SparseTensorSliceDataset` implementation can be made to dereference a null pointer. The [implementation](https://github.c | ||
| CVE-2021-37643 | — | >= 2.3.0, < 2.3.4 | 2.3.4 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. If a user does not provide a valid padding value to `tf.raw_ops.MatrixDiagPartOp`, then the code triggers a null pointer dereference (if input is empty) or produces invalid behavior, ignoring all values after | ||
| CVE-2021-37639 | — | >= 2.3.0, < 2.3.4 | 2.3.4 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. When restoring tensors via raw APIs, if the tensor name is not provided, TensorFlow can be tricked into dereferencing a null pointer. Alternatively, attackers can read memory outside the bounds of heap allocat | ||
| CVE-2021-37638 | — | >= 2.3.0, < 2.3.4 | 2.3.4 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. Sending invalid argument for `row_partition_types` of `tf.raw_ops.RaggedTensorToTensor` API results in a null pointer dereference and undefined behavior. The [implementation](https://github.com/tensorflow/tens | ||
| CVE-2021-37660 | — | >= 2.3.0, < 2.3.4 | 2.3.4 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause a floating point exception by calling inplace operations with crafted arguments that would result in a division by 0. The [implementation](https://github.com/tensorfl | ||
| CVE-2021-37653 | — | >= 2.3.0, < 2.3.4 | 2.3.4 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a crash via a floating point exception in `tf.raw_ops.ResourceGather`. The [implementation](https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181 | ||
| CVE-2021-37642 | — | >= 2.3.0, < 2.3.4 | 2.3.4 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.raw_ops.ResourceScatterDiv` is vulnerable to a division by 0 error. The [implementation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e | ||
| CVE-2021-37640 | — | >= 2.3.0, < 2.3.4 | 2.3.4 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.raw_ops.SparseReshape` can be made to trigger an integral division by 0 exception. The [implementation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf | ||
| CVE-2021-37636 | — | >= 2.3.0, < 2.3.4 | 2.3.4 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.raw_ops.SparseDenseCwiseDiv` is vulnerable to a division by 0 error. The [implementation](https://github.com/tensorflow/tensorflow/blob/a1bc56203f21a5a4995311825f |
- CVE-2021-37657Aug 12, 2021affected >= 2.3.0, < 2.3.4fixed 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type `tf.raw_ops.MatrixDiagV*`. The [implementation](https://github.com/tensorflow/ten
- CVE-2021-37658Aug 12, 2021affected >= 2.3.0, < 2.3.4fixed 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type `tf.raw_ops.MatrixSetDiagV*`. The [implementation](https://github.com/tensorflow/
- CVE-2021-37644Aug 12, 2021affected >= 2.3.0, < 2.3.4fixed 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions providing a negative element to `num_elements` list argument of `tf.raw_ops.TensorListReserve` causes the runtime to abort the process due to reallocating a `std::vector` to have a negativ
- CVE-2021-37654Aug 12, 2021affected >= 2.3.0, < 2.3.4fixed 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a crash via a `CHECK`-fail in debug builds of TensorFlow using `tf.raw_ops.ResourceGather` or a read from outside the bounds of heap allocated data in the same API
- CVE-2021-37641Aug 12, 2021affected >= 2.3.0, < 2.3.4fixed 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions if the arguments to `tf.raw_ops.RaggedGather` don't determine a valid ragged tensor code can trigger a read from outside of bounds of heap allocated buffers. The [implementation](https://g
- CVE-2021-37635Aug 12, 2021affected >= 2.3.0, < 2.3.4fixed 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of sparse reduction operations in TensorFlow can trigger accesses outside of bounds of heap allocated data. The [implementation](https://github.com/tensorflow/tensorflow
- CVE-2021-37664Aug 12, 2021affected >= 2.3.0, < 2.3.4fixed 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to `BoostedTreesSparseCalculateBestFeatureSplit`. The [implementation](htt
- CVE-2021-37659Aug 12, 2021affected >= 2.3.0, < 2.3.4fixed 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all binary cwise operations that don't require broadcasting (e.g., gradients of binary cwise operations)
- CVE-2021-37655Aug 12, 2021affected >= 2.3.0, < 2.3.4fixed 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a read from outside of bounds of heap allocated data by sending invalid arguments to `tf.raw_ops.ResourceScatterUpdate`. The [implementation](https://github.com/ten
- CVE-2021-37637Aug 12, 2021affected >= 2.3.0, < 2.3.4fixed 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. It is possible to trigger a null pointer dereference in TensorFlow by passing an invalid input to `tf.raw_ops.CompressElement`. The [implementation](https://github.com/tensorflow/tensorflow/blob/47a06f40411a69
- CVE-2021-37649Aug 12, 2021affected >= 2.3.0, < 2.3.4fixed 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. The code for `tf.raw_ops.UncompressElement` can be made to trigger a null pointer dereference. The [implementation](https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensor
- CVE-2021-37647Aug 12, 2021affected >= 2.3.0, < 2.3.4fixed 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. When a user does not supply arguments that determine a valid sparse tensor, `tf.raw_ops.SparseTensorSliceDataset` implementation can be made to dereference a null pointer. The [implementation](https://github.c
- CVE-2021-37643Aug 12, 2021affected >= 2.3.0, < 2.3.4fixed 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. If a user does not provide a valid padding value to `tf.raw_ops.MatrixDiagPartOp`, then the code triggers a null pointer dereference (if input is empty) or produces invalid behavior, ignoring all values after
- CVE-2021-37639Aug 12, 2021affected >= 2.3.0, < 2.3.4fixed 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. When restoring tensors via raw APIs, if the tensor name is not provided, TensorFlow can be tricked into dereferencing a null pointer. Alternatively, attackers can read memory outside the bounds of heap allocat
- CVE-2021-37638Aug 12, 2021affected >= 2.3.0, < 2.3.4fixed 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. Sending invalid argument for `row_partition_types` of `tf.raw_ops.RaggedTensorToTensor` API results in a null pointer dereference and undefined behavior. The [implementation](https://github.com/tensorflow/tens
- CVE-2021-37660Aug 12, 2021affected >= 2.3.0, < 2.3.4fixed 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause a floating point exception by calling inplace operations with crafted arguments that would result in a division by 0. The [implementation](https://github.com/tensorfl
- CVE-2021-37653Aug 12, 2021affected >= 2.3.0, < 2.3.4fixed 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a crash via a floating point exception in `tf.raw_ops.ResourceGather`. The [implementation](https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181
- CVE-2021-37642Aug 12, 2021affected >= 2.3.0, < 2.3.4fixed 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.raw_ops.ResourceScatterDiv` is vulnerable to a division by 0 error. The [implementation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e
- CVE-2021-37640Aug 12, 2021affected >= 2.3.0, < 2.3.4fixed 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.raw_ops.SparseReshape` can be made to trigger an integral division by 0 exception. The [implementation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf
- CVE-2021-37636Aug 12, 2021affected >= 2.3.0, < 2.3.4fixed 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.raw_ops.SparseDenseCwiseDiv` is vulnerable to a division by 0 error. The [implementation](https://github.com/tensorflow/tensorflow/blob/a1bc56203f21a5a4995311825f
Page 14 of 22