Vulnerabilities > Tensorflow

DATE CVE VULNERABILITY TITLE RISK
2020-12-10 CVE-2020-26269 Out-Of-Bounds Read vulnerability in Tensorflow 2.4.0
In TensorFlow release candidate versions 2.4.0rc*, the general implementation for matching filesystem paths to globbing pattern is vulnerable to an access out of bounds of the array holding the directories.
network
low complexity
tensorflow CWE-125
5.0
2020-12-10 CVE-2020-26267 Out-Of-Bounds Read vulnerability in Tensorflow
In affected versions of TensorFlow the tf.raw_ops.DataFormatVecPermute API does not validate the src_format and dst_format attributes.
local
low complexity
tensorflow CWE-125
4.3
2020-10-21 CVE-2020-15266 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tensorflow
In Tensorflow before version 2.4.0, when the `boxes` argument of `tf.image.crop_and_resize` has a very large value, the CPU kernel implementation receives it as a C++ `nan` floating point value.
network
low complexity
tensorflow CWE-119
5.0
2020-10-21 CVE-2020-15265 Out-Of-Bounds Read vulnerability in Tensorflow
In Tensorflow before version 2.4.0, an attacker can pass an invalid `axis` value to `tf.quantization.quantize_and_dequantize`.
network
low complexity
tensorflow CWE-125
5.0
2020-09-25 CVE-2020-15214 Out-Of-Bounds Write vulnerability in Tensorflow
In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a write out bounds / segmentation fault if the segment ids are not sorted.
6.8
2020-09-25 CVE-2020-15213 Allocation of Resources Without Limits OR Throttling vulnerability in Tensorflow
In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a denial of service by causing an out of memory allocation in the implementation of segment sum.
4.3
2020-09-25 CVE-2020-15212 Out-Of-Bounds Write vulnerability in Tensorflow
In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor.
network
low complexity
tensorflow CWE-787
7.5
2020-09-25 CVE-2020-15211 Out-Of-Bounds Read vulnerability in Tensorflow
In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors.
5.8
2020-09-25 CVE-2020-15210 Improper Input Validation vulnerability in Tensorflow
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption.
network
tensorflow CWE-20
5.8
2020-09-25 CVE-2020-15209 Null Pointer Dereference vulnerability in Tensorflow
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a `nullptr` buffer.
4.3