Vulnerabilities > Google > Tensorflow > 2.1.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-09-25 | CVE-2020-15203 | Use of Externally-Controlled Format String vulnerability in multiple products In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the `fill` argument of tf.strings.as_string, a malicious attacker is able to trigger a format string vulnerability due to the way the internal format use in a `printf` call is constructed. | 5.0 |
2020-09-25 | CVE-2020-15202 | In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `Shard` API in TensorFlow expects the last argument to be a function taking two `int64` (i.e., `long long`) arguments. | 6.8 |
2020-09-25 | CVE-2020-15195 | Out-of-bounds Write vulnerability in multiple products In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the implementation of `SparseFillEmptyRowsGrad` uses a double indexing pattern. | 6.5 |
2020-09-25 | CVE-2020-15194 | Reachable Assertion vulnerability in multiple products In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `SparseFillEmptyRowsGrad` implementation has incomplete validation of the shapes of its arguments. | 5.0 |
2020-09-25 | CVE-2020-15190 | NULL Pointer Dereference vulnerability in multiple products In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `tf.raw_ops.Switch` operation takes as input a tensor and a boolean and outputs two tensors. | 5.0 |