| CVE-2021-41208 |
high |
— |
8.0 |
|
|
|
5y ago |
TensorFlow is an open source platform for machine learning. In affected versions the code for boosted trees in TensorFlow is still missing validation. As a result, attackers can trigger denial of ser… |
| CVE-2021-41195 |
high |
— |
8.0 |
|
|
|
5y ago |
TensorFlow is an open source platform for machine learning. In affected versions the implementation of `tf.math.segment_*` operations results in a `CHECK`-fail related abort (and denial of service) i… |
| CVE-2021-41196 |
high |
— |
8.0 |
|
|
|
5y ago |
TensorFlow is an open source platform for machine learning. In affected versions the Keras pooling layers can trigger a segfault if the size of the pool is 0 or if a dimension is negative. This is du… |
| CVE-2021-41197 |
high |
— |
8.0 |
|
|
|
5y ago |
TensorFlow is an open source platform for machine learning. In affected versions TensorFlow allows tensor to have a large number of dimensions and each dimension can be as large as desired. However, … |
| CVE-2021-41198 |
high |
— |
8.0 |
|
|
|
5y ago |
TensorFlow is an open source platform for machine learning. In affected versions if `tf.tile` is called with a large input argument then the TensorFlow process will crash due to a `CHECK`-failure cau… |
| CVE-2021-41199 |
high |
— |
8.0 |
|
|
|
5y ago |
TensorFlow is an open source platform for machine learning. In affected versions if `tf.image.resize` is called with a large input argument then the TensorFlow process will crash due to a `CHECK`-fai… |
| CVE-2021-41200 |
high |
— |
8.0 |
|
|
|
5y ago |
TensorFlow is an open source platform for machine learning. In affected versions if `tf.summary.create_file_writer` is called with non-scalar arguments code crashes due to a `CHECK`-fail. The fix wil… |
| CVE-2021-41201 |
high |
— |
8.0 |
|
|
|
5y ago |
TensorFlow is an open source platform for machine learning. In affeced versions during execution, `EinsumHelper::ParseEquation()` is supposed to set the flags in `input_has_ellipsis` vector and `*out… |
| CVE-2021-41202 |
high |
— |
8.0 |
|
|
|
5y ago |
TensorFlow is an open source platform for machine learning. In affected versions while calculating the size of the output within the `tf.range` kernel, there is a conditional statement of type `int64… |
| CVE-2021-41203 |
high |
— |
8.0 |
|
|
|
5y ago |
TensorFlow is an open source platform for machine learning. In affected versions an attacker can trigger undefined behavior, integer overflows, segfaults and `CHECK`-fail crashes if they can change s… |
| CVE-2021-41204 |
high |
— |
8.0 |
|
|
|
5y ago |
TensorFlow is an open source platform for machine learning. In affected versions during TensorFlow's Grappler optimizer phase, constant folding might attempt to deep copy a resource tensor. This resu… |
| CVE-2021-41205 |
high |
— |
8.0 |
|
|
|
5y ago |
TensorFlow is an open source platform for machine learning. In affected versions the shape inference functions for the `QuantizeAndDequantizeV*` operations can trigger a read outside of bounds of hea… |
| CVE-2021-41206 |
high |
— |
8.0 |
|
|
|
5y ago |
TensorFlow is an open source platform for machine learning. In affected versions several TensorFlow operations are missing validation for the shapes of the tensor arguments involved in the call. Depe… |
| CVE-2021-41207 |
high |
— |
8.0 |
|
|
|
5y ago |
TensorFlow is an open source platform for machine learning. In affected versions the implementation of `ParallelConcat` misses some input validation and can produce a division by 0. The fix will be i… |
| CVE-2021-41209 |
high |
— |
8.0 |
|
|
|
5y ago |
TensorFlow is an open source platform for machine learning. In affected versions the implementations for convolution operators trigger a division by 0 if passed empty filter tensor arguments. The fix… |
| CVE-2021-41210 |
high |
— |
8.0 |
|
|
|
5y ago |
TensorFlow is an open source platform for machine learning. In affected versions the shape inference functions for `SparseCountSparseOutput` can trigger a read outside of bounds of heap allocated arr… |
| CVE-2021-41211 |
high |
— |
8.0 |
|
|
|
5y ago |
TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `QuantizeV2` can trigger a read outside of bounds of heap allocated array. This occurs wh… |
| CVE-2021-41212 |
high |
— |
8.0 |
|
|
|
5y ago |
TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `tf.ragged.cross` can trigger a read outside of bounds of heap allocated array. The fix w… |
| CVE-2021-41213 |
high |
— |
8.0 |
|
|
|
5y ago |
TensorFlow is an open source platform for machine learning. In affected versions the code behind `tf.function` API can be made to deadlock when two `tf.function` decorated Python functions are mutual… |
| CVE-2021-41214 |
high |
— |
8.0 |
|
|
|
5y ago |
TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `tf.ragged.cross` has an undefined behavior due to binding a reference to `nullptr`. The … |
| CVE-2021-41215 |
high |
— |
8.0 |
|
|
|
5y ago |
TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `DeserializeSparse` can trigger a null pointer dereference. This is because the shape inf… |
| CVE-2021-41216 |
high |
— |
8.0 |
|
|
|
5y ago |
TensorFlow is an open source platform for machine learning. In affected versions the shape inference function for `Transpose` is vulnerable to a heap buffer overflow. This occurs whenever `perm` cont… |
| CVE-2021-41217 |
high |
— |
8.0 |
|
|
|
5y ago |
TensorFlow is an open source platform for machine learning. In affected versions the process of building the control flow graph for a TensorFlow model is vulnerable to a null pointer exception when n… |
| CVE-2021-41218 |
high |
— |
8.0 |
|
|
|
5y ago |
TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for `AllToAll` can be made to execute a division by 0. This occurs whenever the `split_count`… |
| CVE-2021-41219 |
high |
— |
8.0 |
|
|
|
5y ago |
TensorFlow is an open source platform for machine learning. In affected versions the code for sparse matrix multiplication is vulnerable to undefined behavior via binding a reference to `nullptr`. Th… |
| CVE-2021-41220 |
high |
— |
8.0 |
|
|
|
5y ago |
TensorFlow is an open source platform for machine learning. In affected versions the async implementation of `CollectiveReduceV2` suffers from a memory leak and a use after free. This occurs due to t… |
| CVE-2021-41221 |
high |
— |
8.0 |
|
|
|
5y ago |
TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for the `Cudnn*` operations in TensorFlow can be tricked into accessing invalid memory, via a… |
| CVE-2021-41222 |
high |
— |
8.0 |
|
|
|
5y ago |
TensorFlow is an open source platform for machine learning. In affected versions the implementation of `SplitV` can trigger a segfault is an attacker supplies negative arguments. This occurs whenever… |
| CVE-2021-41223 |
high |
— |
8.0 |
|
|
|
5y ago |
TensorFlow is an open source platform for machine learning. In affected versions the implementation of `FusedBatchNorm` kernels is vulnerable to a heap OOB access. The fix will be included in TensorF… |
| CVE-2021-41224 |
high |
— |
8.0 |
|
|
|
5y ago |
TensorFlow is an open source platform for machine learning. In affected versions the implementation of `SparseFillEmptyRows` can be made to trigger a heap OOB access. This occurs whenever the size of… |
| CVE-2021-41225 |
high |
— |
8.0 |
|
|
|
5y ago |
TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's Grappler optimizer has a use of unitialized variable. If the `train_nodes` vector (obtained from the save… |
| CVE-2021-41226 |
high |
— |
8.0 |
|
|
|
5y ago |
TensorFlow is an open source platform for machine learning. In affected versions the implementation of `SparseBinCount` is vulnerable to a heap OOB access. This is because of missing validation betwe… |
| CVE-2021-41227 |
high |
— |
8.0 |
|
|
|
5y ago |
TensorFlow is an open source platform for machine learning. In affected versions the `ImmutableConst` operation in TensorFlow can be tricked into reading arbitrary memory contents. This is because th… |
| CVE-2021-41228 |
high |
— |
8.0 |
|
|
|
5y ago |
TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's `saved_model_cli` tool is vulnerable to a code injection as it calls `eval` on user supplied strings. Thi… |
| CVE-2020-15266 |
medium |
— |
5.5 |
|
|
|
6y ago |
In Tensorflow before version 2.4.0, when the `boxes` argument of `tf.image.crop_and_resize` has a very large value, the CPU kernel implementation receives it as a C++ `nan` floating point value. Atte… |
| CVE-2020-15265 |
medium |
— |
5.5 |
|
|
|
6y ago |
In Tensorflow before version 2.4.0, an attacker can pass an invalid `axis` value to `tf.quantization.quantize_and_dequantize`. This results in accessing a dimension outside the rank of the input tens… |
