Vulnerabilities > Google > Tensorflow > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-09-25 CVE-2020-15213 Allocation of Resources Without Limits or Throttling vulnerability in Google Tensorflow 2.2.0/2.3.0
In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a denial of service by causing an out of memory allocation in the implementation of segment sum.
network
high complexity
google CWE-770
4.0
4.0
2020-09-25 CVE-2020-15211 Out-of-bounds Write vulnerability in multiple products
In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors.
network
high complexity
google opensuse CWE-787
4.8
4.8
2020-09-25 CVE-2020-15210 Out-of-bounds Write vulnerability in multiple products
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption.
network
high complexity
google opensuse CWE-787
6.5
6.5
2020-09-25 CVE-2020-15209 NULL Pointer Dereference vulnerability in multiple products
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a `nullptr` buffer.
network
high complexity
google opensuse CWE-476
5.9
5.9
2020-09-25 CVE-2020-15204 NULL Pointer Dereference vulnerability in multiple products
In eager mode, TensorFlow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 does not set the session state.
network
low complexity
google opensuse CWE-476
5.3
5.3
2020-09-25 CVE-2020-15201 Out-of-bounds Write vulnerability in Google Tensorflow 2.3.0
In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` implementation does not validate that the input arguments form a valid ragged tensor.
network
high complexity
google CWE-787
4.8
4.8
2020-09-25 CVE-2020-15200 Out-of-bounds Write vulnerability in Google Tensorflow 2.3.0
In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` implementation does not validate that the input arguments form a valid ragged tensor.
network
high complexity
google CWE-787
5.9
5.9
2020-09-25 CVE-2020-15199 Improper Input Validation vulnerability in Google Tensorflow 2.3.0
In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` does not validate that the input arguments form a valid ragged tensor.
network
high complexity
google CWE-20
5.9
5.9
2020-09-25 CVE-2020-15198 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Tensorflow 2.3.0
In Tensorflow before version 2.3.1, the `SparseCountSparseOutput` implementation does not validate that the input arguments form a valid sparse tensor.
network
high complexity
google CWE-119
5.4
5.4
2020-09-25 CVE-2020-15197 Reachable Assertion vulnerability in Google Tensorflow 2.3.0
In Tensorflow before version 2.3.1, the `SparseCountSparseOutput` implementation does not validate that the input arguments form a valid sparse tensor.
network
high complexity
google CWE-617
6.3
6.3