Vulnerabilities > Google > Tensorflow > High

DATE CVE VULNERABILITY TITLE RISK
2020-09-25 CVE-2020-15214 Unspecified vulnerability in Google Tensorflow 2.2.0/2.3.0
In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a write out bounds / segmentation fault if the segment ids are not sorted.
network
high complexity
google
8.1
2020-09-25 CVE-2020-15212 Out-of-bounds Write vulnerability in Google Tensorflow 2.2.0/2.3.0
In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor.
network
low complexity
google CWE-787
8.6
2020-09-25 CVE-2020-15206 In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, changing the TensorFlow's `SavedModel` protocol buffer and altering the name of required keys results in segfaults and data corruption while loading the model.
network
low complexity
google opensuse
7.5
2020-09-25 CVE-2020-15203 Use of Externally-Controlled Format String vulnerability in multiple products
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the `fill` argument of tf.strings.as_string, a malicious attacker is able to trigger a format string vulnerability due to the way the internal format use in a `printf` call is constructed.
network
low complexity
google opensuse CWE-134
7.5
2020-09-25 CVE-2020-15195 Out-of-bounds Write vulnerability in multiple products
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the implementation of `SparseFillEmptyRowsGrad` uses a double indexing pattern.
network
low complexity
google opensuse CWE-787
8.8
2020-09-25 CVE-2020-15193 Use of Uninitialized Resource vulnerability in multiple products
In Tensorflow before versions 2.2.1 and 2.3.1, the implementation of `dlpack.to_dlpack` can be made to use uninitialized memory resulting in further memory corruption.
network
low complexity
google opensuse CWE-908
7.1
2020-01-28 CVE-2020-5215 Improper Input Validation vulnerability in Google Tensorflow
In TensorFlow before 1.15.2 and 2.0.1, converting a string (from Python) to a tf.float16 value results in a segmentation fault in eager mode as the format checks for this use case are only in the graph mode.
network
low complexity
google CWE-20
7.5
2019-04-24 CVE-2018-7577 Improper Input Validation vulnerability in Google Tensorflow
Memcpy parameter overlap in Google Snappy library 1.1.4, as used in Google TensorFlow before 1.7.1, could result in a crash or read from other parts of process memory.
network
low complexity
google CWE-20
8.1
2019-04-24 CVE-2018-10055 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Tensorflow
Invalid memory access and/or a heap buffer overflow in the TensorFlow XLA compiler in Google TensorFlow before 1.7.1 could cause a crash or read from other parts of process memory via a crafted configuration file.
network
low complexity
google CWE-119
8.1
2019-04-23 CVE-2018-8825 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Tensorflow
Google TensorFlow 1.7 and below is affected by: Buffer Overflow.
network
low complexity
google CWE-119
8.8