[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

AVG-2529 log

Package tensorflow
Status Fixed
Severity High
Type multiple issues
Affected 2.6.0-6
Fixed 2.6.1-1
Current 2.18.0-4 [extra]
Ticket None
Created Sat Nov 6 00:18:32 2021
Issue Severity Remote Type Description
CVE-2021-41228 High No Arbitrary code execution
In TensorFlow before version 2.6.1, TensorFlow's saved_model_cli tool is vulnerable to a code injection as it calls eval on user supplied strings. This can...
CVE-2021-41227 Medium No Information disclosure
In TensorFlow before version 2.6.1, the ImmutableConst operation in TensorFlow can be tricked into reading arbitrary memory contents. This is because the...
CVE-2021-41226 High No Arbitrary code execution
In TensorFlow before version 2.6.1, the implementation of SparseBinCount is vulnerable to a heap OOB access. This is because of missing validation between...
CVE-2021-41225 Medium No Information disclosure
In TensorFlow before version 2.6.1, TensorFlow's Grappler optimizer has a use of unitialized variable. If the train_nodes vector (obtained from the saved...
CVE-2021-41224 High No Arbitrary code execution
In TensorFlow before version 2.6.1, the implementation of SparseFillEmptyRows can be made to trigger a heap OOB access. This occurs whenever the size of...
CVE-2021-41223 Medium No Arbitrary code execution
In TensorFlow before version 2.6.1, the implementation of FusedBatchNorm kernels is vulnerable to a heap OOB access.
CVE-2021-41222 Medium No Denial of service
In TensorFlow before version 2.6.1, the implementation of SplitV can trigger a segfault is an attacker supplies negative arguments. This occurs whenever...
CVE-2021-41221 High No Arbitrary code execution
In TensorFlow before version 2.6.1, the shape inference code for the Cudnn* operations in TensorFlow can be tricked into accessing invalid memory, via a...
CVE-2021-41220 High No Arbitrary code execution
In TensorFlow before version 2.6.1, the async implementation of CollectiveReduceV2 suffers from a memory leak and a use after free. This occurs due to the...
CVE-2021-41219 High No Arbitrary code execution
In TensorFlow before version 2.6.1, the code for sparse matrix multiplication is vulnerable to undefined behavior via binding a reference to nullptr. This...
CVE-2021-41218 Low No Insufficient validation
In TensorFlow before version 2.6.1, the shape inference code for AllToAll can be made to execute a division by 0. This occurs whenever the split_count argument is 0.
CVE-2021-41217 Medium No Denial of service
In TensorFlow before version 2.6.1, the process of building the control flow graph for a TensorFlow model is vulnerable to a null pointer exception when...
CVE-2021-41216 Medium No Arbitrary code execution
In TensorFlow before version 2.6.1, the shape inference function for Transpose is vulnerable to a heap buffer overflow. This occurs whenever perm contains...
CVE-2021-41215 Medium No Incorrect calculation
In TensorFlow before version 2.6.1, the shape inference code for DeserializeSparse can trigger a null pointer dereference. This is because the shape...
CVE-2021-41214 High No Arbitrary code execution
In TensorFlow before version 2.6.1, the shape inference code for tf.ragged.cross has an undefined behavior due to binding a reference to nullptr.
CVE-2021-41213 Medium No Denial of service
In TensorFlow before version 2.6.1, the code behind tf.function API can be made to deadlock when two tf.function decorated Python functions are mutually...
CVE-2021-41212 High No Information disclosure
In TensorFlow before version 2.6.1, the shape inference code for tf.ragged.cross can trigger a read outside of bounds of heap allocated array.
CVE-2021-41211 High No Information disclosure
In TensorFlow before version 2.6.1, the shape inference code for QuantizeV2 can trigger a read outside of bounds of heap allocated array. This occurs...
CVE-2021-41210 High No Information disclosure
In TensorFlow before version 2.6.1, the shape inference functions for SparseCountSparseOutput can trigger a read outside of bounds of heap allocated array.
CVE-2021-41209 Medium No Insufficient validation
In TensorFlow before version 2.6.1, the implementations for convolution operators trigger a division by 0 if passed empty filter tensor arguments.
CVE-2021-41208 High No Arbitrary code execution
In TensorFlow before version 2.6.1, the code for boosted trees in TensorFlow is still missing validation. As a result, attackers can trigger denial of...
CVE-2021-41207 Medium No Insufficient validation
In TensorFlow before version 2.6.1, the implementation of ParallelConcat misses some input validation and can produce a division by 0.
CVE-2021-41206 High No Arbitrary code execution
In TensorFlow before version 2.6.1, several TensorFlow operations are missing validation for the shapes of the tensor arguments involved in the call....
CVE-2021-41205 High No Information disclosure
In TensorFlow before version 2.6.1, the shape inference functions for the QuantizeAndDequantizeV* operations can trigger a read outside of bounds of heap...
CVE-2021-41204 Medium No Denial of service
In TensorFlow before version 2.6.1, during TensorFlow's Grappler optimizer phase, constant folding might attempt to deep copy a resource tensor. This...
CVE-2021-41203 High No Arbitrary code execution
In TensorFlow before version 2.6.1, an attacker can trigger undefined behavior, integer overflows, segfaults and CHECK-fail crashes if they can change saved...
CVE-2021-41202 Medium No Incorrect calculation
In TensorFlow before version 2.6.1, while calculating the size of the output within the tf.range kernel, there is a conditional statement of type int64 =...
CVE-2021-41201 High No Arbitrary code execution
In TensorFlow before version 2.6.1 during execution, EinsumHelper::ParseEquation() is supposed to set the flags in input_has_ellipsis vector and...
CVE-2021-41200 Medium No Denial of service
In TensorFlow before version 2.6.1, if tf.summary.create_file_writer is called with non-scalar arguments code crashes due to a CHECK-fail.
CVE-2021-41199 Medium No Denial of service
In TensorFlow before version 2.6.1, if tf.image.resize is called with a large input argument then the TensorFlow process will crash due to a CHECK-failure...
CVE-2021-41198 Medium No Denial of service
In TensorFlow before version 2.6.1, if tf.tile is called with a large input argument then the TensorFlow process will crash due to a CHECK- failure caused...
CVE-2021-41197 Medium No Incorrect calculation
A security issue has been found in TensorFlow before version 2.6.1. TensorFlow allows tensor to have a large number of dimensions and each dimension can be...
CVE-2021-41196 Medium No Denial of service
In TensorFlow before version 2.6.1, the Keras pooling layers can trigger a segfault if the size of the pool is 0 or if a dimension is negative. This is due...
CVE-2021-41195 Medium No Denial of service
In TensorFlow before version 2.6.1, the implementation of tf.math.segment_* operations results in a CHECK-fail related abort (and denial of service) if a...