Tensorflow
by Nbsdx
Source repositories
CVEs (430)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-15199 | 0.00 | — | 0.01 | Sep 25, 2020 | In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the `splits` tensor has the minimum required number of elements. Code uses this quantity to… | |||
| CVE-2020-15200 | 0.00 | — | 0.01 | Sep 25, 2020 | In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` implementation does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the values in the `splits` tensor generate a valid partitioning of the `values`… | |||
| CVE-2020-15190 | 0.00 | — | 0.01 | Sep 25, 2020 | In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `tf.raw_ops.Switch` operation takes as input a tensor and a boolean and outputs two tensors. Depending on the boolean value, one of the tensors is exactly the input tensor whereas the other one should be an… | |||
| CVE-2020-5215 | 0.00 | — | 0.01 | Jan 28, 2020 | In TensorFlow before 1.15.2 and 2.0.1, converting a string (from Python) to a tf.float16 value results in a segmentation fault in eager mode as the format checks for this use case are only in the graph mode. This issue can lead to denial of service in inference/training where a… | |||
| CVE-2019-16778 | 0.00 | — | 0.01 | Dec 16, 2019 | In TensorFlow before 1.15, a heap buffer overflow in UnsortedSegmentSum can be produced when the Index template argument is int32. In this case data_size and num_segments fields are truncated from int64 to int32 and can produce negative numbers, resulting in accessing out of… | |||
| CVE-2018-7575 | 0.00 | — | 0.00 | Apr 24, 2019 | Google TensorFlow 1.7.x and earlier is affected by a Buffer Overflow vulnerability. The type of exploitation is context-dependent. | |||
| CVE-2019-9635 | 0.00 | — | 0.00 | Apr 24, 2019 | NULL pointer dereference in Google TensorFlow before 1.12.2 could cause a denial of service via an invalid GIF file. | |||
| CVE-2018-10055 | 0.00 | — | 0.00 | Apr 24, 2019 | Invalid memory access and/or a heap buffer overflow in the TensorFlow XLA compiler in Google TensorFlow before 1.7.1 could cause a crash or read from other parts of process memory via a crafted configuration file. | |||
| CVE-2018-8825 | 0.00 | — | 0.01 | Apr 23, 2019 | Google TensorFlow 1.7 and below is affected by: Buffer Overflow. The impact is: execute arbitrary code (local). | |||
| CVE-2018-7576 | 0.00 | — | 0.00 | Apr 23, 2019 | Google TensorFlow 1.6.x and earlier is affected by: Null Pointer Dereference. The type of exploitation is: context-dependent. |
- CVE-2020-15199Sep 25, 2020risk 0.00cvss —epss 0.01
In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the `splits` tensor has the minimum required number of elements. Code uses this quantity to…
- CVE-2020-15200Sep 25, 2020risk 0.00cvss —epss 0.01
In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` implementation does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the values in the `splits` tensor generate a valid partitioning of the `values`…
- CVE-2020-15190Sep 25, 2020risk 0.00cvss —epss 0.01
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `tf.raw_ops.Switch` operation takes as input a tensor and a boolean and outputs two tensors. Depending on the boolean value, one of the tensors is exactly the input tensor whereas the other one should be an…
- CVE-2020-5215Jan 28, 2020risk 0.00cvss —epss 0.01
In TensorFlow before 1.15.2 and 2.0.1, converting a string (from Python) to a tf.float16 value results in a segmentation fault in eager mode as the format checks for this use case are only in the graph mode. This issue can lead to denial of service in inference/training where a…
- CVE-2019-16778Dec 16, 2019risk 0.00cvss —epss 0.01
In TensorFlow before 1.15, a heap buffer overflow in UnsortedSegmentSum can be produced when the Index template argument is int32. In this case data_size and num_segments fields are truncated from int64 to int32 and can produce negative numbers, resulting in accessing out of…
- CVE-2018-7575Apr 24, 2019risk 0.00cvss —epss 0.00
Google TensorFlow 1.7.x and earlier is affected by a Buffer Overflow vulnerability. The type of exploitation is context-dependent.
- CVE-2019-9635Apr 24, 2019risk 0.00cvss —epss 0.00
NULL pointer dereference in Google TensorFlow before 1.12.2 could cause a denial of service via an invalid GIF file.
- CVE-2018-10055Apr 24, 2019risk 0.00cvss —epss 0.00
Invalid memory access and/or a heap buffer overflow in the TensorFlow XLA compiler in Google TensorFlow before 1.7.1 could cause a crash or read from other parts of process memory via a crafted configuration file.
- CVE-2018-8825Apr 23, 2019risk 0.00cvss —epss 0.01
Google TensorFlow 1.7 and below is affected by: Buffer Overflow. The impact is: execute arbitrary code (local).
- CVE-2018-7576Apr 23, 2019risk 0.00cvss —epss 0.00
Google TensorFlow 1.6.x and earlier is affected by: Null Pointer Dereference. The type of exploitation is: context-dependent.
Page 22 of 22