Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tensorflow vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-3660
A arbitrary code injection vulnerability in TensorFlow's Keras framework (<2.13) allows malicious users to execute arbitrary code with the same permissions as the application using a model that allow arbitrary code irrespective of the application.
NA
CVE-2023-30767
Improper buffer restrictions in Intel(R) Optimization for TensorFlow before version 2.13.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
9.8
CVSSv3
CVE-2023-5245
FileUtil.extract() enumerates all zip file entries and extracts each file without validating whether file paths in the archive are outside the intended directory. When creating an instance of TensorflowModel using the saved_model format and an exported tensorflow model, the apply...
Combust Mleap 0.23.0
Combust Mleap 0.18.0
7.8
CVSSv3
CVE-2023-27506
Improper buffer restrictions in the Intel(R) Optimization for Tensorflow software before version 2.12 may allow an authenticated user to potentially enable escalation of privilege via local access.
Intel Optimization For Tensorflow
6.5
CVSSv3
CVE-2023-25661
TensorFlow is an Open Source Machine Learning Framework. In versions before 2.11.1 a malicious invalid input crashes a tensorflow model (Check Failed) and can be used to trigger a denial of service attack. A proof of concept can be constructed with the `Convolution3DTranspose` fu...
Google Tensorflow
7.5
CVSSv3
CVE-2023-27579
TensorFlow is an end-to-end open source platform for machine learning. Constructing a tflite model with a paramater `filter_input_channel` of less than 1 gives a FPE. This issue has been patched in version 2.12. TensorFlow will also cherrypick the fix commit on TensorFlow 2.11.1....
Google Tensorflow
7.5
CVSSv3
CVE-2023-25676
TensorFlow is an open source machine learning platform. When running versions before 2.12.0 and 2.11.1 with XLA, `tf.raw_ops.ParallelConcat` segfaults with a nullptr dereference when given a parameter `shape` with rank that is not greater than zero. A fix is available in TensorFl...
Google Tensorflow
7.8
CVSSv3
CVE-2023-25801
TensorFlow is an open source machine learning platform. Prior to versions 2.12.0 and 2.11.1, `nn_ops.fractional_avg_pool_v2` and `nn_ops.fractional_max_pool_v2` require the first and fourth elements of their parameter `pooling_ratio` to be equal to 1.0, as pooling on batch and ch...
Google Tensorflow
7.5
CVSSv3
CVE-2023-25658
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, an out of bounds read is in GRUBlockCellGrad. A fix is included in TensorFlow 2.12.0 and 2.11.1.
Google Tensorflow
7.5
CVSSv3
CVE-2023-25659
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, if the parameter `indices` for `DynamicStitch` does not match the shape of the parameter `data`, it can trigger an stack OOB read. A fix is included in TensorFlow version 2.12.0 and v...
Google Tensorflow
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761
command injection
CVE-2024-3676
IDOR
CVE-2024-30039
CVE-2024-32113
CVE-2024-30049
CVE-2024-4776
SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »