Vulnerabilities > Tensorflow
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-30 | CVE-2021-35958 | Exposure of Resource TO Wrong Sphere vulnerability in Tensorflow ** DISPUTED ** TensorFlow through 2.5.0 allows attackers to overwrite arbitrary files via a crafted archive when tf.keras.utils.get_file is used with extract=True. | 6.4 |
| 2020-12-10 | CVE-2020-26269 | Out-Of-Bounds Read vulnerability in Tensorflow 2.4.0 In TensorFlow release candidate versions 2.4.0rc*, the general implementation for matching filesystem paths to globbing pattern is vulnerable to an access out of bounds of the array holding the directories. | 5.0 |
| 2020-12-10 | CVE-2020-26267 | Out-Of-Bounds Read vulnerability in Tensorflow In affected versions of TensorFlow the tf.raw_ops.DataFormatVecPermute API does not validate the src_format and dst_format attributes. | 4.3 |
| 2020-10-21 | CVE-2020-15266 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tensorflow In Tensorflow before version 2.4.0, when the `boxes` argument of `tf.image.crop_and_resize` has a very large value, the CPU kernel implementation receives it as a C++ `nan` floating point value. | 5.0 |
| 2020-10-21 | CVE-2020-15265 | Out-Of-Bounds Read vulnerability in Tensorflow In Tensorflow before version 2.4.0, an attacker can pass an invalid `axis` value to `tf.quantization.quantize_and_dequantize`. | 5.0 |
| 2020-09-25 | CVE-2020-15214 | Out-Of-Bounds Write vulnerability in Tensorflow In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a write out bounds / segmentation fault if the segment ids are not sorted. | 6.8 |
| 2020-09-25 | CVE-2020-15213 | Allocation of Resources Without Limits OR Throttling vulnerability in Tensorflow In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a denial of service by causing an out of memory allocation in the implementation of segment sum. | 4.3 |
| 2020-09-25 | CVE-2020-15212 | Out-Of-Bounds Write vulnerability in Tensorflow In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor. | 7.5 |
| 2020-09-25 | CVE-2020-15211 | Out-Of-Bounds Read vulnerability in Tensorflow In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. | 5.8 |
| 2020-09-25 | CVE-2020-15210 | Improper Input Validation vulnerability in Tensorflow In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. | 5.8 |