Vulnerabilities > Google > Tensorflow > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-09-25 CVE-2020-15204 In eager mode, TensorFlow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 does not set the session state.
network
low complexity
google opensuse
5.3
2020-09-25 CVE-2020-15201 Out-of-bounds Write vulnerability in Google Tensorflow 2.3.0
In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` implementation does not validate that the input arguments form a valid ragged tensor.
network
high complexity
google CWE-787
4.8
2020-09-25 CVE-2020-15200 Out-of-bounds Write vulnerability in Google Tensorflow 2.3.0
In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` implementation does not validate that the input arguments form a valid ragged tensor.
network
high complexity
google CWE-787
5.9
2020-09-25 CVE-2020-15199 Improper Input Validation vulnerability in Google Tensorflow 2.3.0
In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` does not validate that the input arguments form a valid ragged tensor.
network
high complexity
google CWE-20
5.9
2020-09-25 CVE-2020-15198 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Tensorflow 2.3.0
In Tensorflow before version 2.3.1, the `SparseCountSparseOutput` implementation does not validate that the input arguments form a valid sparse tensor.
network
high complexity
google CWE-119
5.4
2020-09-25 CVE-2020-15197 Unspecified vulnerability in Google Tensorflow 2.3.0
In Tensorflow before version 2.3.1, the `SparseCountSparseOutput` implementation does not validate that the input arguments form a valid sparse tensor.
network
high complexity
google
6.3
2020-09-25 CVE-2020-15194 In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `SparseFillEmptyRowsGrad` implementation has incomplete validation of the shapes of its arguments.
network
low complexity
google opensuse
5.3
2020-09-25 CVE-2020-15192 Improper Input Validation vulnerability in multiple products
In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes a list of strings to `dlpack.to_dlpack` there is a memory leak following an expected validation failure.
network
low complexity
google opensuse CWE-20
4.3
2020-09-25 CVE-2020-15191 Unchecked Return Value vulnerability in multiple products
In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an invalid argument to `dlpack.to_dlpack` the expected validations will cause variables to bind to `nullptr` while setting a `status` variable to the error condition.
network
low complexity
google opensuse CWE-252
5.3
2020-09-25 CVE-2020-15190 In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `tf.raw_ops.Switch` operation takes as input a tensor and a boolean and outputs two tensors.
network
low complexity
google opensuse
5.3