Vulnerabilities > Google > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-10-06 CVE-2020-26599 Missing Authentication for Critical Function vulnerability in Google Android 10.0
An issue was discovered on Samsung mobile devices with Q(10.0) software.
network
low complexity
google CWE-306
5.3
5.3
2020-09-30 CVE-2020-24721 An issue was discovered in the GAEN (aka Google/Apple Exposure Notifications) protocol through 2020-09-29, as used in COVID-19 applications on Android and iOS.
low complexity
apple google
5.7
5.7
2020-09-25 CVE-2020-15213 Allocation of Resources Without Limits or Throttling vulnerability in Google Tensorflow 2.2.0/2.3.0
In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a denial of service by causing an out of memory allocation in the implementation of segment sum.
network
high complexity
google CWE-770
4.0
4.0
2020-09-25 CVE-2020-15211 In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors.
network
high complexity
google opensuse
4.8
4.8
2020-09-25 CVE-2020-15210 Out-of-bounds Write vulnerability in multiple products
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption.
network
high complexity
google opensuse CWE-787
6.5
6.5
2020-09-25 CVE-2020-15209 In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a `nullptr` buffer.
network
high complexity
google opensuse
5.9
5.9
2020-09-25 CVE-2020-15204 In eager mode, TensorFlow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 does not set the session state.
network
low complexity
google opensuse
5.3
5.3
2020-09-25 CVE-2020-15201 Out-of-bounds Write vulnerability in Google Tensorflow 2.3.0
In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` implementation does not validate that the input arguments form a valid ragged tensor.
network
high complexity
google CWE-787
4.8
4.8
2020-09-25 CVE-2020-15200 Out-of-bounds Write vulnerability in Google Tensorflow 2.3.0
In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` implementation does not validate that the input arguments form a valid ragged tensor.
network
high complexity
google CWE-787
5.9
5.9
2020-09-25 CVE-2020-15199 Improper Input Validation vulnerability in Google Tensorflow 2.3.0
In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` does not validate that the input arguments form a valid ragged tensor.
network
high complexity
google CWE-20
5.9
5.9