Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
google tensorflow vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2022-21726
Tensorflow is an Open Source Machine Learning Framework. The implementation of `Dequantize` does not fully validate the value of `axis` and can result in heap OOB accesses. The `axis` argument can be `-1` (the default value for the optional argument) or any other positive value a...
Google Tensorflow
Google Tensorflow 2.7.0
6.5
CVSSv2
CVE-2022-21727
Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulnerable to an integer overflow weakness. The `axis` argument can be `-1` (the default value for the optional argument) or any other positive value at most the num...
Google Tensorflow
Google Tensorflow 2.7.0
6.5
CVSSv2
CVE-2020-15196
In Tensorflow version 2.3.0, the `SparseCountSparseOutput` and `RaggedCountSparseOutput` implementations don't validate that the `weights` tensor has the same shape as the data. The check exists for `DenseCountSparseOutput`, where both tensors are fully specified. In the spa...
Google Tensorflow 2.3.0
6.5
CVSSv2
CVE-2020-15195
In Tensorflow prior to 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the implementation of `SparseFillEmptyRowsGrad` uses a double indexing pattern. It is possible for `reverse_index_map(i)` to be an index outside of bounds of `grad_values`, thus resulting in a heap buffer overflow. The...
Google Tensorflow
Opensuse Leap 15.2
6.4
CVSSv2
CVE-2021-35958
TensorFlow up to and including 2.5.0 allows malicious users to overwrite arbitrary files via a crafted archive when tf.keras.utils.get_file is used with extract=True. NOTE: the vendor's position is that tf.keras.utils.get_file is not intended for untrusted archives
Google Tensorflow
2 Github repositories
5.8
CVSSv2
CVE-2020-15198
In Tensorflow before version 2.3.1, the `SparseCountSparseOutput` implementation does not validate that the input arguments form a valid sparse tensor. In particular, there is no validation that the `indices` tensor has the same shape as the `values` one. The values in these tens...
Google Tensorflow
5.8
CVSSv2
CVE-2020-15211
In TensorFlow Lite prior to 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format u...
Google Tensorflow
Opensuse Leap 15.2
5.8
CVSSv2
CVE-2020-15210
In tensorflow-lite prior to 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d5...
Google Tensorflow
Opensuse Leap 15.2
5.8
CVSSv2
CVE-2018-10055
Invalid memory access and/or a heap buffer overflow in the TensorFlow XLA compiler in Google TensorFlow prior to 1.7.1 could cause a crash or read from other parts of process memory via a crafted configuration file.
Google Tensorflow
1 Github repository
5.8
CVSSv2
CVE-2018-7577
Memcpy parameter overlap in Google Snappy library 1.1.4, as used in Google TensorFlow prior to 1.7.1, could result in a crash or read from other parts of process memory.
Google Tensorflow
Google Snappy 1.1.4
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »