Vulnerabilities > Google > Tensorflow > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-25 | CVE-2020-15194 | Reachable Assertion vulnerability in multiple products In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `SparseFillEmptyRowsGrad` implementation has incomplete validation of the shapes of its arguments. | 5.3 |
| 2020-09-25 | CVE-2020-15192 | Improper Input Validation vulnerability in multiple products In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes a list of strings to `dlpack.to_dlpack` there is a memory leak following an expected validation failure. | 4.3 |
| 2020-09-25 | CVE-2020-15191 | Unchecked Return Value vulnerability in multiple products In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an invalid argument to `dlpack.to_dlpack` the expected validations will cause variables to bind to `nullptr` while setting a `status` variable to the error condition. | 5.3 |
| 2020-09-25 | CVE-2020-15190 | NULL Pointer Dereference vulnerability in multiple products In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `tf.raw_ops.Switch` operation takes as input a tensor and a boolean and outputs two tensors. | 5.3 |
| 2020-05-04 | CVE-2018-21233 | Out-of-bounds Read vulnerability in Google Tensorflow TensorFlow before 1.7.0 has an integer overflow that causes an out-of-bounds read, possibly causing disclosure of the contents of process memory. | 6.5 |
| 2019-04-24 | CVE-2019-9635 | NULL Pointer Dereference vulnerability in Google Tensorflow NULL pointer dereference in Google TensorFlow before 1.12.2 could cause a denial of service via an invalid GIF file. | 6.5 |
| 2019-04-23 | CVE-2018-7576 | NULL Pointer Dereference vulnerability in Google Tensorflow Google TensorFlow 1.6.x and earlier is affected by: Null Pointer Dereference. | 6.5 |