Vulnerabilities > Google > Tensorflow > 1.13.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-09-25 | CVE-2020-15203 | Use of Externally-Controlled Format String vulnerability in multiple products In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the `fill` argument of tf.strings.as_string, a malicious attacker is able to trigger a format string vulnerability due to the way the internal format use in a `printf` call is constructed. | 5.0 |
2020-09-25 | CVE-2020-15202 | In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `Shard` API in TensorFlow expects the last argument to be a function taking two `int64` (i.e., `long long`) arguments. | 6.8 |
2020-09-25 | CVE-2020-15195 | Out-of-bounds Write vulnerability in multiple products In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the implementation of `SparseFillEmptyRowsGrad` uses a double indexing pattern. | 6.5 |
2020-09-25 | CVE-2020-15194 | Reachable Assertion vulnerability in multiple products In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `SparseFillEmptyRowsGrad` implementation has incomplete validation of the shapes of its arguments. | 5.0 |
2020-09-25 | CVE-2020-15190 | NULL Pointer Dereference vulnerability in multiple products In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `tf.raw_ops.Switch` operation takes as input a tensor and a boolean and outputs two tensors. | 5.0 |
2020-01-28 | CVE-2020-5215 | Improper Input Validation vulnerability in Google Tensorflow In TensorFlow before 1.15.2 and 2.0.1, converting a string (from Python) to a tf.float16 value results in a segmentation fault in eager mode as the format checks for this use case are only in the graph mode. | 4.3 |
2019-12-16 | CVE-2019-16778 | Incorrect Conversion between Numeric Types vulnerability in Google Tensorflow In TensorFlow before 1.15, a heap buffer overflow in UnsortedSegmentSum can be produced when the Index template argument is int32. | 7.5 |