Vulnerabilities > Google > Tensorflow
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-09-25 | CVE-2020-15203 | Use of Externally-Controlled Format String vulnerability in multiple products In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the `fill` argument of tf.strings.as_string, a malicious attacker is able to trigger a format string vulnerability due to the way the internal format use in a `printf` call is constructed. | 7.5 |
2020-09-25 | CVE-2020-15202 | In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `Shard` API in TensorFlow expects the last argument to be a function taking two `int64` (i.e., `long long`) arguments. | 9.0 |
2020-09-25 | CVE-2020-15201 | Out-of-bounds Write vulnerability in Google Tensorflow 2.3.0 In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` implementation does not validate that the input arguments form a valid ragged tensor. | 4.8 |
2020-09-25 | CVE-2020-15200 | Out-of-bounds Write vulnerability in Google Tensorflow 2.3.0 In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` implementation does not validate that the input arguments form a valid ragged tensor. | 5.9 |
2020-09-25 | CVE-2020-15199 | Improper Input Validation vulnerability in Google Tensorflow 2.3.0 In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` does not validate that the input arguments form a valid ragged tensor. | 5.9 |
2020-09-25 | CVE-2020-15198 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Tensorflow 2.3.0 In Tensorflow before version 2.3.1, the `SparseCountSparseOutput` implementation does not validate that the input arguments form a valid sparse tensor. | 5.4 |
2020-09-25 | CVE-2020-15197 | Unspecified vulnerability in Google Tensorflow 2.3.0 In Tensorflow before version 2.3.1, the `SparseCountSparseOutput` implementation does not validate that the input arguments form a valid sparse tensor. | 6.3 |
2020-09-25 | CVE-2020-15196 | Out-of-bounds Read vulnerability in Google Tensorflow 2.3.0 In Tensorflow version 2.3.0, the `SparseCountSparseOutput` and `RaggedCountSparseOutput` implementations don't validate that the `weights` tensor has the same shape as the data. | 9.9 |
2020-09-25 | CVE-2020-15195 | Out-of-bounds Write vulnerability in multiple products In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the implementation of `SparseFillEmptyRowsGrad` uses a double indexing pattern. | 8.8 |
2020-09-25 | CVE-2020-15194 | In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `SparseFillEmptyRowsGrad` implementation has incomplete validation of the shapes of its arguments. | 5.3 |