| CVE-2020-15205 |
unknown |
— |
— |
|
|
|
6y ago |
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `data_splits` argument of `tf.raw_ops.StringNGrams` lacks validation. This allows a user to pass values that can cause heap ov… |
| CVE-2020-15203 |
unknown |
— |
— |
|
|
|
6y ago |
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the `fill` argument of tf.strings.as_string, a malicious attacker is able to trigger a format string vulnerability … |
| CVE-2020-15202 |
unknown |
— |
— |
|
|
|
6y ago |
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `Shard` API in TensorFlow expects the last argument to be a function taking two `int64` (i.e., `long long`) arguments. However… |
| CVE-2020-15201 |
unknown |
— |
— |
|
|
|
6y ago |
In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` implementation does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the … |
| CVE-2020-15200 |
unknown |
— |
— |
|
|
|
6y ago |
In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` implementation does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the … |
| CVE-2020-15197 |
unknown |
— |
— |
|
|
|
6y ago |
In Tensorflow before version 2.3.1, the `SparseCountSparseOutput` implementation does not validate that the input arguments form a valid sparse tensor. In particular, there is no validation that the … |
| CVE-2020-15195 |
unknown |
— |
— |
|
|
|
6y ago |
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the implementation of `SparseFillEmptyRowsGrad` uses a double indexing pattern. It is possible for `reverse_index_map(i)` to be an… |
| CVE-2020-15193 |
unknown |
— |
— |
|
|
|
6y ago |
In Tensorflow before versions 2.2.1 and 2.3.1, the implementation of `dlpack.to_dlpack` can be made to use uninitialized memory resulting in further memory corruption. This is because the pybind11 gl… |
| CVE-2020-15191 |
unknown |
— |
— |
|
|
|
6y ago |
In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an invalid argument to `dlpack.to_dlpack` the expected validations will cause variables to bind to `nullptr` while setting a `status` v… |
| CVE-2020-15199 |
unknown |
— |
— |
|
|
|
6y ago |
In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the `splits` tensor… |
| CVE-2020-15198 |
unknown |
— |
— |
|
|
|
6y ago |
In Tensorflow before version 2.3.1, the `SparseCountSparseOutput` implementation does not validate that the input arguments form a valid sparse tensor. In particular, there is no validation that the … |
| CVE-2020-15196 |
unknown |
— |
— |
|
|
|
6y ago |
In Tensorflow version 2.3.0, the `SparseCountSparseOutput` and `RaggedCountSparseOutput` implementations don't validate that the `weights` tensor has the same shape as the data. The check exists for … |
| CVE-2020-15194 |
unknown |
— |
— |
|
|
|
6y ago |
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `SparseFillEmptyRowsGrad` implementation has incomplete validation of the shapes of its arguments. Although `reverse_index_map… |
| CVE-2020-15192 |
unknown |
— |
— |
|
|
|
6y ago |
In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes a list of strings to `dlpack.to_dlpack` there is a memory leak following an expected validation failure. The issue occurs because the `… |
| CVE-2020-15190 |
unknown |
— |
— |
|
|
|
6y ago |
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `tf.raw_ops.Switch` operation takes as input a tensor and a boolean and outputs two tensors. Depending on the boolean value, o… |
| CVE-2018-21233 |
unknown |
— |
— |
|
|
|
6y ago |
TensorFlow before 1.7.0 has an integer overflow that causes an out-of-bounds read, possibly causing disclosure of the contents of process memory. This occurs in the DecodeBmp feature of the BMP decod… |
| CVE-2020-5215 |
unknown |
— |
— |
|
|
|
6y ago |
In TensorFlow before 1.15.2 and 2.0.1, converting a string (from Python) to a tf.float16 value results in a segmentation fault in eager mode as the format checks for this use case are only in the gra… |
| CVE-2019-16778 |
unknown |
— |
— |
|
|
|
7y ago |
In TensorFlow before 1.15, a heap buffer overflow in UnsortedSegmentSum can be produced when the Index template argument is int32. In this case data_size and num_segments fields are truncated from in… |
| CVE-2018-7577 |
unknown |
— |
— |
|
|
|
7y ago |
Memcpy parameter overlap in Google Snappy library 1.1.4, as used in Google TensorFlow before 1.7.1, could result in a crash or read from other parts of process memory. |
| CVE-2018-10055 |
unknown |
— |
— |
|
|
|
7y ago |
Invalid memory access and/or a heap buffer overflow in the TensorFlow XLA compiler in Google TensorFlow before 1.7.1 could cause a crash or read from other parts of process memory via a crafted confi… |
| CVE-2019-9635 |
unknown |
— |
— |
|
|
|
7y ago |
NULL pointer dereference in Google TensorFlow before 1.12.2 could cause a denial of service via an invalid GIF file. |
| CVE-2018-7575 |
unknown |
— |
— |
|
|
|
7y ago |
Google TensorFlow 1.7.x and earlier is affected by a Buffer Overflow vulnerability. The type of exploitation is context-dependent. |
| CVE-2018-8825 |
unknown |
— |
— |
|
|
|
7y ago |
Google TensorFlow 1.7 and below is affected by: Buffer Overflow. The impact is: execute arbitrary code (local). |
| CVE-2018-7576 |
unknown |
— |
— |
|
|
|
7y ago |
Google TensorFlow 1.6.x and earlier is affected by: Null Pointer Dereference. The type of exploitation is: context-dependent. |
