VYPR

PyPI package

tensorflow-cpu

pkg:pypi/tensorflow-cpu

Vulnerabilities (417)

  • CVE-2021-37675Aug 12, 2021
    affected < 2.3.4fixed 2.3.4

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions most implementations of convolution operators in TensorFlow are affected by a division by 0 vulnerability where an attacker can trigger a denial of service via a crash. The shape inference

  • CVE-2021-37676Aug 12, 2021
    affected < 2.3.4fixed 2.3.4

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.SparseFillEmptyRows`. The shape inference [implementation](https://github.com/tensorflow/ten

  • CVE-2021-37671Aug 12, 2021
    affected < 2.3.4fixed 2.3.4

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.Map*` and `tf.raw_ops.OrderedMap*` operations. The [implementation](https://github.com/tenso

  • CVE-2021-37666Aug 12, 2021
    affected < 2.3.4fixed 2.3.4

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.RaggedTensorToVariant`. The [implementation](https://github.com/tensorflow/tensorflow/blob/4

  • CVE-2021-37667Aug 12, 2021
    affected < 2.3.4fixed 2.3.4

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.UnicodeEncode`. The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de

  • CVE-2021-37648Aug 12, 2021
    affected < 2.3.4fixed 2.3.4

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions the code for `tf.raw_ops.SaveV2` does not properly validate the inputs and an attacker can trigger a null pointer dereference. The [implementation](https://github.com/tensorflow/tensorflow

  • CVE-2021-37652Aug 12, 2021
    affected < 2.3.4fixed 2.3.4

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for `tf.raw_ops.BoostedTreesCreateEnsemble` can result in a use after free error if an attacker supplies specially crafted arguments. The [implementation](https://github

  • CVE-2021-37646Aug 12, 2021
    affected < 2.3.4fixed 2.3.4

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.raw_ops.StringNGrams` is vulnerable to an integer overflow issue caused by converting a signed integer value to an unsigned one and then allocating memory based o

  • CVE-2021-37661Aug 12, 2021
    affected < 2.3.4fixed 2.3.4

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause a denial of service in `boosted_trees_create_quantile_stream_resource` by using negative arguments. The [implementation](https://github.com/tensorflow/tensorflow/blob

  • CVE-2021-37645Aug 12, 2021
    affected < 2.4.3fixed 2.4.3

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.raw_ops.QuantizeAndDequantizeV4Grad` is vulnerable to an integer overflow issue caused by converting a signed integer value to an unsigned one and then allocating

  • CVE-2021-37651Aug 12, 2021
    affected < 2.3.4fixed 2.3.4

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for `tf.raw_ops.FractionalAvgPoolGrad` can be tricked into accessing data outside of bounds of heap allocated buffers. The [implementation](https://github.com/tensorflow

  • CVE-2021-37650Aug 12, 2021
    affected < 2.3.4fixed 2.3.4

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for `tf.raw_ops.ExperimentalDatasetToTFRecord` and `tf.raw_ops.DatasetToTFRecord` can trigger heap buffer overflow and segmentation fault. The [implementation](https://g

  • CVE-2021-37662Aug 12, 2021
    affected < 2.3.4fixed 2.3.4

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can generate undefined behavior via a reference binding to nullptr in `BoostedTreesCalculateBestGainsPerFeature` and similar attack can occur in `BoostedTreesCalculateBestFeatu

  • CVE-2021-37656Aug 12, 2021
    affected < 2.3.4fixed 2.3.4

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.RaggedTensorToSparse`. The [implementation](https://github.com/tensorflow/tensorflow/blob/f2

  • CVE-2021-37657Aug 12, 2021
    affected < 2.3.4fixed 2.3.4

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type `tf.raw_ops.MatrixDiagV*`. The [implementation](https://github.com/tensorflow/ten

  • CVE-2021-37658Aug 12, 2021
    affected < 2.3.4fixed 2.3.4

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type `tf.raw_ops.MatrixSetDiagV*`. The [implementation](https://github.com/tensorflow/

  • CVE-2021-37644Aug 12, 2021
    affected < 2.3.4fixed 2.3.4

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions providing a negative element to `num_elements` list argument of `tf.raw_ops.TensorListReserve` causes the runtime to abort the process due to reallocating a `std::vector` to have a negativ

  • CVE-2021-37654Aug 12, 2021
    affected < 2.3.4fixed 2.3.4

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a crash via a `CHECK`-fail in debug builds of TensorFlow using `tf.raw_ops.ResourceGather` or a read from outside the bounds of heap allocated data in the same API

  • CVE-2021-37641Aug 12, 2021
    affected < 2.3.4fixed 2.3.4

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions if the arguments to `tf.raw_ops.RaggedGather` don't determine a valid ragged tensor code can trigger a read from outside of bounds of heap allocated buffers. The [implementation](https://g

  • CVE-2021-37635Aug 12, 2021
    affected < 2.3.4fixed 2.3.4

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of sparse reduction operations in TensorFlow can trigger accesses outside of bounds of heap allocated data. The [implementation](https://github.com/tensorflow/tensorflow

Page 13 of 21