Vulnerabilities > Google > Tensorflow

DATE CVE VULNERABILITY TITLE RISK
2020-09-25 CVE-2020-15209 NULL Pointer Dereference vulnerability in multiple products
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a `nullptr` buffer.
network
high complexity
google opensuse CWE-476
5.9
5.9
2020-09-25 CVE-2020-15208 Out-of-bounds Write vulnerability in multiple products
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a `DCHECK` which is no-op outside of debug compilation modes.
network
low complexity
google opensuse CWE-787
critical
 9.8
9.8
2020-09-25 CVE-2020-15207 Out-of-bounds Write vulnerability in multiple products
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, to mimic Python's indexing with negative values, TFLite uses `ResolveAxis` to convert negative values to positive indices.
network
high complexity
google opensuse CWE-787
critical
 9.0
9.0
2020-09-25 CVE-2020-15206 Improper Input Validation vulnerability in multiple products
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, changing the TensorFlow's `SavedModel` protocol buffer and altering the name of required keys results in segfaults and data corruption while loading the model.
network
low complexity
google opensuse CWE-20
7.5
7.5
2020-09-25 CVE-2020-15205 Out-of-bounds Write vulnerability in multiple products
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `data_splits` argument of `tf.raw_ops.StringNGrams` lacks validation.
network
low complexity
google opensuse CWE-787
critical
 9.8
9.8
2020-09-25 CVE-2020-15204 NULL Pointer Dereference vulnerability in multiple products
In eager mode, TensorFlow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 does not set the session state.
network
low complexity
google opensuse CWE-476
5.3
5.3
2020-09-25 CVE-2020-15203 Use of Externally-Controlled Format String vulnerability in multiple products
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the `fill` argument of tf.strings.as_string, a malicious attacker is able to trigger a format string vulnerability due to the way the internal format use in a `printf` call is constructed.
network
low complexity
google opensuse CWE-134
7.5
7.5
2020-09-25 CVE-2020-15202 In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `Shard` API in TensorFlow expects the last argument to be a function taking two `int64` (i.e., `long long`) arguments.
network
high complexity
google opensuse
critical
 9.0
9.0
2020-09-25 CVE-2020-15201 Out-of-bounds Write vulnerability in Google Tensorflow 2.3.0
In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` implementation does not validate that the input arguments form a valid ragged tensor.
network
high complexity
google CWE-787
4.8
4.8
2020-09-25 CVE-2020-15200 Out-of-bounds Write vulnerability in Google Tensorflow 2.3.0
In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` implementation does not validate that the input arguments form a valid ragged tensor.
network
high complexity
google CWE-787
5.9
5.9