Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
google tensorflow vulnerabilities and exploits
(subscribe to this query)
8.1
CVSSv3
CVE-2018-10055
Invalid memory access and/or a heap buffer overflow in the TensorFlow XLA compiler in Google TensorFlow prior to 1.7.1 could cause a crash or read from other parts of process memory via a crafted configuration file.
Google Tensorflow
7.8
CVSSv3
CVE-2023-25801
TensorFlow is an open source machine learning platform. Prior to versions 2.12.0 and 2.11.1, `nn_ops.fractional_avg_pool_v2` and `nn_ops.fractional_max_pool_v2` require the first and fourth elements of their parameter `pooling_ratio` to be equal to 1.0, as pooling on batch and ch...
Google Tensorflow
7.8
CVSSv3
CVE-2022-29216
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, TensorFlow's `saved_model_cli` tool is vulnerable to a code injection. This can be used to open a reverse shell. This code path was maintained for compatibility reas...
Google Tensorflow 2.7.0
Google Tensorflow
Google Tensorflow 2.8.0
Google Tensorflow 2.9.0
7.8
CVSSv3
CVE-2021-41221
TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for the `Cudnn*` operations in TensorFlow can be tricked into accessing invalid memory, via a heap buffer overflow. This occurs because the ranks of the `input`, `input_h` an...
Google Tensorflow
Google Tensorflow 2.7.0
7.8
CVSSv3
CVE-2021-41220
TensorFlow is an open source platform for machine learning. In affected versions the async implementation of `CollectiveReduceV2` suffers from a memory leak and a use after free. This occurs due to the asynchronous computation and the fact that objects that have been `std::move()...
Google Tensorflow
Google Tensorflow 2.7.0
7.8
CVSSv3
CVE-2021-41225
TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's Grappler optimizer has a use of unitialized variable. If the `train_nodes` vector (obtained from the saved model that gets optimized) does not contain a `Dequeue` node, then `dequeu...
Google Tensorflow
Google Tensorflow 2.7.0
7.8
CVSSv3
CVE-2021-41228
TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's `saved_model_cli` tool is vulnerable to a code injection as it calls `eval` on user supplied strings. This can be used by malicious users to run arbitrary code on the plaform where ...
Google Tensorflow
Google Tensorflow 2.7.0
7.8
CVSSv3
CVE-2021-41216
TensorFlow is an open source platform for machine learning. In affected versions the shape inference function for `Transpose` is vulnerable to a heap buffer overflow. This occurs whenever `perm` contains negative elements. The shape inference function does not validate that the i...
Google Tensorflow
Google Tensorflow 2.7.0
7.8
CVSSv3
CVE-2021-41206
TensorFlow is an open source platform for machine learning. In affected versions several TensorFlow operations are missing validation for the shapes of the tensor arguments involved in the call. Depending on the API, this can result in undefined behavior and segfault or `CHECK`-f...
Google Tensorflow
Google Tensorflow 2.7.0
7.8
CVSSv3
CVE-2021-41208
TensorFlow is an open source platform for machine learning. In affected versions the code for boosted trees in TensorFlow is still missing validation. As a result, attackers can trigger denial of service (via dereferencing `nullptr`s or via `CHECK`-failures) as well as abuse unde...
Google Tensorflow
Google Tensorflow 2.7.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middle
CVE-2024-34558
CVE-2024-32674
CVE-2024-34351
XPath injection
CVE-2023-45866
CVE-2024-25528
CVE-2024-25517
path traversal
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »