Vulnerabilities > Google > Tensorflow

DATE CVE VULNERABILITY TITLE RISK
2020-09-25 CVE-2020-15193 Use of Uninitialized Resource vulnerability in multiple products
In Tensorflow before versions 2.2.1 and 2.3.1, the implementation of `dlpack.to_dlpack` can be made to use uninitialized memory resulting in further memory corruption.
network
low complexity
google opensuse CWE-908
7.1
2020-09-25 CVE-2020-15192 Improper Input Validation vulnerability in multiple products
In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes a list of strings to `dlpack.to_dlpack` there is a memory leak following an expected validation failure.
network
low complexity
google opensuse CWE-20
4.3
2020-09-25 CVE-2020-15191 Unchecked Return Value vulnerability in multiple products
In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an invalid argument to `dlpack.to_dlpack` the expected validations will cause variables to bind to `nullptr` while setting a `status` variable to the error condition.
network
low complexity
google opensuse CWE-252
5.3
2020-09-25 CVE-2020-15190 In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `tf.raw_ops.Switch` operation takes as input a tensor and a boolean and outputs two tensors.
network
low complexity
google opensuse
5.3
2020-05-04 CVE-2018-21233 Out-of-bounds Read vulnerability in Google Tensorflow
TensorFlow before 1.7.0 has an integer overflow that causes an out-of-bounds read, possibly causing disclosure of the contents of process memory.
network
low complexity
google CWE-125
6.5
2020-01-28 CVE-2020-5215 Improper Input Validation vulnerability in Google Tensorflow
In TensorFlow before 1.15.2 and 2.0.1, converting a string (from Python) to a tf.float16 value results in a segmentation fault in eager mode as the format checks for this use case are only in the graph mode.
network
low complexity
google CWE-20
7.5
2019-12-16 CVE-2019-16778 Incorrect Conversion between Numeric Types vulnerability in Google Tensorflow
In TensorFlow before 1.15, a heap buffer overflow in UnsortedSegmentSum can be produced when the Index template argument is int32.
network
low complexity
google CWE-681
critical
9.8
2019-04-24 CVE-2018-7575 Integer Overflow or Wraparound vulnerability in Google Tensorflow
Google TensorFlow 1.7.x and earlier is affected by a Buffer Overflow vulnerability.
network
low complexity
google CWE-190
critical
9.8
2019-04-24 CVE-2019-9635 NULL Pointer Dereference vulnerability in Google Tensorflow
NULL pointer dereference in Google TensorFlow before 1.12.2 could cause a denial of service via an invalid GIF file.
network
low complexity
google CWE-476
6.5
2019-04-24 CVE-2018-7577 Improper Input Validation vulnerability in Google Tensorflow
Memcpy parameter overlap in Google Snappy library 1.1.4, as used in Google TensorFlow before 1.7.1, could result in a crash or read from other parts of process memory.
network
low complexity
google CWE-20
8.1