Vulnerabilities > Google > Tensorflow > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-14 | CVE-2021-29614 | Out-of-bounds Write vulnerability in Google Tensorflow TensorFlow is an end-to-end open source platform for machine learning. | 4.6 |
| 2021-05-14 | CVE-2021-29616 | NULL Pointer Dereference vulnerability in Google Tensorflow TensorFlow is an end-to-end open source platform for machine learning. | 4.6 |
| 2021-05-14 | CVE-2021-29512 | Out-of-bounds Write vulnerability in Google Tensorflow TensorFlow is an end-to-end open source platform for machine learning. | 4.6 |
| 2020-12-10 | CVE-2020-26269 | Out-of-bounds Read vulnerability in Google Tensorflow 2.4.0 In TensorFlow release candidate versions 2.4.0rc*, the general implementation for matching filesystem paths to globbing pattern is vulnerable to an access out of bounds of the array holding the directories. | 5.0 |
| 2020-12-10 | CVE-2020-26267 | Out-of-bounds Read vulnerability in Google Tensorflow In affected versions of TensorFlow the tf.raw_ops.DataFormatVecPermute API does not validate the src_format and dst_format attributes. | 4.3 |
| 2020-12-10 | CVE-2020-26266 | Use of Uninitialized Resource vulnerability in Google Tensorflow In affected versions of TensorFlow under certain cases a saved model can trigger use of uninitialized values during code execution. | 4.6 |
| 2020-10-21 | CVE-2020-15266 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Tensorflow In Tensorflow before version 2.4.0, when the `boxes` argument of `tf.image.crop_and_resize` has a very large value, the CPU kernel implementation receives it as a C++ `nan` floating point value. | 5.0 |
| 2020-10-21 | CVE-2020-15265 | Out-of-bounds Read vulnerability in Google Tensorflow In Tensorflow before version 2.4.0, an attacker can pass an invalid `axis` value to `tf.quantization.quantize_and_dequantize`. | 5.0 |
| 2020-09-25 | CVE-2020-15214 | Out-of-bounds Write vulnerability in Google Tensorflow 2.2.0/2.3.0 In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a write out bounds / segmentation fault if the segment ids are not sorted. | 6.8 |
| 2020-09-25 | CVE-2020-15213 | Allocation of Resources Without Limits or Throttling vulnerability in Google Tensorflow 2.2.0/2.3.0 In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a denial of service by causing an out of memory allocation in the implementation of segment sum. | 4.3 |