Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
google tensorflow 2.5.0 vulnerabilities and exploits
(subscribe to this query)
6.4
CVSSv2
CVE-2021-35958
TensorFlow up to and including 2.5.0 allows malicious users to overwrite arbitrary files via a crafted archive when tf.keras.utils.get_file is used with extract=True. NOTE: the vendor's position is that tf.keras.utils.get_file is not intended for untrusted archives
Google Tensorflow
2 Github repositories
4.6
CVSSv2
CVE-2021-37690
TensorFlow is an end-to-end open source platform for machine learning. In affected versions when running shape functions, some functions (such as `MutableHashTableShape`) produce extra output information in the form of a `ShapeAndType` struct. The shapes embedded in this struct a...
Google Tensorflow
Google Tensorflow 2.6.0
Google Tensorflow 2.5.0
4.6
CVSSv2
CVE-2021-37663
TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in `tf.raw_ops.QuantizeV2`, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap ...
Google Tensorflow
Google Tensorflow 2.6.0
Google Tensorflow 2.5.0
4.6
CVSSv2
CVE-2021-37665
TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in MKL implementation of requantization, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bo...
Google Tensorflow
Google Tensorflow 2.6.0
Google Tensorflow 2.5.0
4.6
CVSSv2
CVE-2021-37679
TensorFlow is an end-to-end open source platform for machine learning. In affected versions it is possible to nest a `tf.map_fn` within another `tf.map_fn` call. However, if the input tensor is a `RaggedTensor` and there is no function signature provided, code assumes the output ...
Google Tensorflow
Google Tensorflow 2.6.0
Google Tensorflow 2.5.0
4.6
CVSSv2
CVE-2021-37678
TensorFlow is an end-to-end open source platform for machine learning. In affected versions TensorFlow and Keras can be tricked to perform arbitrary code execution when deserializing a Keras model from YAML format. The [implementation](https://github.com/tensorflow/tensorflow/blo...
Google Tensorflow
Google Tensorflow 2.6.0
Google Tensorflow 2.5.0
1 Github repository
4.6
CVSSv2
CVE-2021-37648
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the code for `tf.raw_ops.SaveV2` does not properly validate the inputs and an attacker can trigger a null pointer dereference. The [implementation](https://github.com/tensorflow/tensorflow...
Google Tensorflow
Google Tensorflow 2.6.0
Google Tensorflow 2.5.0
4.6
CVSSv2
CVE-2021-37666
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.RaggedTensorToVariant`. The [implementation](https://github.com/tensorflow/tensorflow/blob/4...
Google Tensorflow
Google Tensorflow 2.6.0
Google Tensorflow 2.5.0
4.6
CVSSv2
CVE-2021-37667
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.UnicodeEncode`. The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de...
Google Tensorflow
Google Tensorflow 2.6.0
Google Tensorflow 2.5.0
4.6
CVSSv2
CVE-2021-37676
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.SparseFillEmptyRows`. The shape inference [implementation](https://github.com/tensorflow/ten...
Google Tensorflow
Google Tensorflow 2.6.0
Google Tensorflow 2.5.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-6267
XML injection
CVE-2024-37673
CVE-2024-6266
CVE-2024-30078
arbitrary
CVE-2024-36886
CVE-2024-5346
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »