Vulnerabilities > Google > Tensorflow > 2.1.0

DATE CVE VULNERABILITY TITLE RISK
2020-09-25 CVE-2020-15203 Use of Externally-Controlled Format String vulnerability in multiple products
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the `fill` argument of tf.strings.as_string, a malicious attacker is able to trigger a format string vulnerability due to the way the internal format use in a `printf` call is constructed.
network
low complexity
google opensuse CWE-134
5.0
5.0
2020-09-25 CVE-2020-15202 In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `Shard` API in TensorFlow expects the last argument to be a function taking two `int64` (i.e., `long long`) arguments.
network
google opensuse
6.8
6.8
2020-09-25 CVE-2020-15195 Out-of-bounds Write vulnerability in multiple products
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the implementation of `SparseFillEmptyRowsGrad` uses a double indexing pattern.
network
low complexity
google opensuse CWE-787
6.5
6.5
2020-09-25 CVE-2020-15194 Reachable Assertion vulnerability in multiple products
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `SparseFillEmptyRowsGrad` implementation has incomplete validation of the shapes of its arguments.
network
low complexity
google opensuse CWE-617
5.0
5.0
2020-09-25 CVE-2020-15190 NULL Pointer Dereference vulnerability in multiple products
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `tf.raw_ops.Switch` operation takes as input a tensor and a boolean and outputs two tensors.
network
low complexity
google opensuse CWE-476
5.0
5.0