Vulnerabilities > Google > Tensorflow > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-05-14 CVE-2021-29617 Unspecified vulnerability in Google Tensorflow
TensorFlow is an end-to-end open source platform for machine learning.
local
low complexity
google
5.5
2021-05-14 CVE-2021-29618 Unspecified vulnerability in Google Tensorflow
TensorFlow is an end-to-end open source platform for machine learning.
local
low complexity
google
5.5
2021-05-14 CVE-2021-29619 Unspecified vulnerability in Google Tensorflow
TensorFlow is an end-to-end open source platform for machine learning.
local
low complexity
google
5.5
2021-05-14 CVE-2021-29554 Unspecified vulnerability in Google Tensorflow
TensorFlow is an end-to-end open source platform for machine learning.
local
low complexity
google
5.5
2020-12-10 CVE-2020-26268 Unspecified vulnerability in Google Tensorflow
In affected versions of TensorFlow the tf.raw_ops.ImmutableConst operation returns a constant tensor created from a memory mapped file which is assumed immutable.
local
low complexity
google
4.4
2020-12-10 CVE-2020-26266 Use of Uninitialized Resource vulnerability in Google Tensorflow
In affected versions of TensorFlow under certain cases a saved model can trigger use of uninitialized values during code execution.
local
low complexity
google CWE-908
5.3
2020-09-25 CVE-2020-15213 Allocation of Resources Without Limits or Throttling vulnerability in Google Tensorflow 2.2.0/2.3.0
In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a denial of service by causing an out of memory allocation in the implementation of segment sum.
network
high complexity
google CWE-770
4.0
2020-09-25 CVE-2020-15211 In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors.
network
high complexity
google opensuse
4.8
2020-09-25 CVE-2020-15210 Out-of-bounds Write vulnerability in multiple products
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption.
network
high complexity
google opensuse CWE-787
6.5
2020-09-25 CVE-2020-15209 In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a `nullptr` buffer.
network
high complexity
google opensuse
5.9