[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

tensorflow

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Library for computation using data flow graphs for scalable machine learning
Version 2.18.0-4 [extra]

Open

Group Affected Fixed Severity Status Ticket
AVG-2114 2.7.0-4 Medium Vulnerable
Issue Group Severity Remote Type Description
CVE-2021-35958 AVG-2114 Medium Yes Arbitrary file overwrite
** DISPUTED ** TensorFlow through 2.5.0 allows attackers to overwrite arbitrary files via a crafted archive when tf.keras.utils.get_file is used with...

Resolved

Group Affected Fixed Severity Status Ticket
AVG-2529 2.6.0-6 2.6.1-1 High Fixed
AVG-2292 2.5.0-6 2.5.1-1 Critical Fixed
AVG-1962 2.4.1-10 2.5.0-1 Critical Fixed
AVG-1350 2.3.1-7 2.4.0rc4-1 Medium Fixed
AVG-1348 2.4.0rc4-2 2.4.0-1 Critical Fixed
Issue Group Severity Remote Type Description
CVE-2021-41228 AVG-2529 High No Arbitrary code execution
In TensorFlow before version 2.6.1, TensorFlow's saved_model_cli tool is vulnerable to a code injection as it calls eval on user supplied strings. This can...
CVE-2021-41227 AVG-2529 Medium No Information disclosure
In TensorFlow before version 2.6.1, the ImmutableConst operation in TensorFlow can be tricked into reading arbitrary memory contents. This is because the...
CVE-2021-41226 AVG-2529 High No Arbitrary code execution
In TensorFlow before version 2.6.1, the implementation of SparseBinCount is vulnerable to a heap OOB access. This is because of missing validation between...
CVE-2021-41225 AVG-2529 Medium No Information disclosure
In TensorFlow before version 2.6.1, TensorFlow's Grappler optimizer has a use of unitialized variable. If the train_nodes vector (obtained from the saved...
CVE-2021-41224 AVG-2529 High No Arbitrary code execution
In TensorFlow before version 2.6.1, the implementation of SparseFillEmptyRows can be made to trigger a heap OOB access. This occurs whenever the size of...
CVE-2021-41223 AVG-2529 Medium No Arbitrary code execution
In TensorFlow before version 2.6.1, the implementation of FusedBatchNorm kernels is vulnerable to a heap OOB access.
CVE-2021-41222 AVG-2529 Medium No Denial of service
In TensorFlow before version 2.6.1, the implementation of SplitV can trigger a segfault is an attacker supplies negative arguments. This occurs whenever...
CVE-2021-41221 AVG-2529 High No Arbitrary code execution
In TensorFlow before version 2.6.1, the shape inference code for the Cudnn* operations in TensorFlow can be tricked into accessing invalid memory, via a...
CVE-2021-41220 AVG-2529 High No Arbitrary code execution
In TensorFlow before version 2.6.1, the async implementation of CollectiveReduceV2 suffers from a memory leak and a use after free. This occurs due to the...
CVE-2021-41219 AVG-2529 High No Arbitrary code execution
In TensorFlow before version 2.6.1, the code for sparse matrix multiplication is vulnerable to undefined behavior via binding a reference to nullptr. This...
CVE-2021-41218 AVG-2529 Low No Insufficient validation
In TensorFlow before version 2.6.1, the shape inference code for AllToAll can be made to execute a division by 0. This occurs whenever the split_count argument is 0.
CVE-2021-41217 AVG-2529 Medium No Denial of service
In TensorFlow before version 2.6.1, the process of building the control flow graph for a TensorFlow model is vulnerable to a null pointer exception when...
CVE-2021-41216 AVG-2529 Medium No Arbitrary code execution
In TensorFlow before version 2.6.1, the shape inference function for Transpose is vulnerable to a heap buffer overflow. This occurs whenever perm contains...
CVE-2021-41215 AVG-2529 Medium No Incorrect calculation
In TensorFlow before version 2.6.1, the shape inference code for DeserializeSparse can trigger a null pointer dereference. This is because the shape...
CVE-2021-41214 AVG-2529 High No Arbitrary code execution
In TensorFlow before version 2.6.1, the shape inference code for tf.ragged.cross has an undefined behavior due to binding a reference to nullptr.
CVE-2021-41213 AVG-2529 Medium No Denial of service
In TensorFlow before version 2.6.1, the code behind tf.function API can be made to deadlock when two tf.function decorated Python functions are mutually...
CVE-2021-41212 AVG-2529 High No Information disclosure
In TensorFlow before version 2.6.1, the shape inference code for tf.ragged.cross can trigger a read outside of bounds of heap allocated array.
CVE-2021-41211 AVG-2529 High No Information disclosure
In TensorFlow before version 2.6.1, the shape inference code for QuantizeV2 can trigger a read outside of bounds of heap allocated array. This occurs...
CVE-2021-41210 AVG-2529 High No Information disclosure
In TensorFlow before version 2.6.1, the shape inference functions for SparseCountSparseOutput can trigger a read outside of bounds of heap allocated array.
CVE-2021-41209 AVG-2529 Medium No Insufficient validation
In TensorFlow before version 2.6.1, the implementations for convolution operators trigger a division by 0 if passed empty filter tensor arguments.
CVE-2021-41208 AVG-2529 High No Arbitrary code execution
In TensorFlow before version 2.6.1, the code for boosted trees in TensorFlow is still missing validation. As a result, attackers can trigger denial of...
CVE-2021-41207 AVG-2529 Medium No Insufficient validation
In TensorFlow before version 2.6.1, the implementation of ParallelConcat misses some input validation and can produce a division by 0.
CVE-2021-41206 AVG-2529 High No Arbitrary code execution
In TensorFlow before version 2.6.1, several TensorFlow operations are missing validation for the shapes of the tensor arguments involved in the call....
CVE-2021-41205 AVG-2529 High No Information disclosure
In TensorFlow before version 2.6.1, the shape inference functions for the QuantizeAndDequantizeV* operations can trigger a read outside of bounds of heap...
CVE-2021-41204 AVG-2529 Medium No Denial of service
In TensorFlow before version 2.6.1, during TensorFlow's Grappler optimizer phase, constant folding might attempt to deep copy a resource tensor. This...
CVE-2021-41203 AVG-2529 High No Arbitrary code execution
In TensorFlow before version 2.6.1, an attacker can trigger undefined behavior, integer overflows, segfaults and CHECK-fail crashes if they can change saved...
CVE-2021-41202 AVG-2529 Medium No Incorrect calculation
In TensorFlow before version 2.6.1, while calculating the size of the output within the tf.range kernel, there is a conditional statement of type int64 =...
CVE-2021-41201 AVG-2529 High No Arbitrary code execution
In TensorFlow before version 2.6.1 during execution, EinsumHelper::ParseEquation() is supposed to set the flags in input_has_ellipsis vector and...
CVE-2021-41200 AVG-2529 Medium No Denial of service
In TensorFlow before version 2.6.1, if tf.summary.create_file_writer is called with non-scalar arguments code crashes due to a CHECK-fail.
CVE-2021-41199 AVG-2529 Medium No Denial of service
In TensorFlow before version 2.6.1, if tf.image.resize is called with a large input argument then the TensorFlow process will crash due to a CHECK-failure...
CVE-2021-41198 AVG-2529 Medium No Denial of service
In TensorFlow before version 2.6.1, if tf.tile is called with a large input argument then the TensorFlow process will crash due to a CHECK- failure caused...
CVE-2021-41197 AVG-2529 Medium No Incorrect calculation
A security issue has been found in TensorFlow before version 2.6.1. TensorFlow allows tensor to have a large number of dimensions and each dimension can be...
CVE-2021-41196 AVG-2529 Medium No Denial of service
In TensorFlow before version 2.6.1, the Keras pooling layers can trigger a segfault if the size of the pool is 0 or if a dimension is negative. This is due...
CVE-2021-41195 AVG-2529 Medium No Denial of service
In TensorFlow before version 2.6.1, the implementation of tf.math.segment_* operations results in a CHECK-fail related abort (and denial of service) if a...
CVE-2021-37692 AVG-2292 Medium No Denial of service
In TensorFlow before version 2.6.0 under certain conditions, Go code can trigger a segfault in string deallocation. For string tensors, C.TF_TString_Dealloc...
CVE-2021-37691 AVG-2292 Low No Denial of service
In TensorFlow before version 2.6.0 an attacker can craft a TFLite model that would trigger a division by zero error in LSH implementation.
CVE-2021-37690 AVG-2292 Critical No Denial of service
In TensorFlow before version 2.6.0 when running shape functions, some functions (such as MutableHashTableShape) produce extra output information in the form...
CVE-2021-37689 AVG-2292 Medium No Denial of service
In TensorFlow before version 2.6.0 an attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a crash and...
CVE-2021-37688 AVG-2292 Medium No Denial of service
In TensorFlow before version 2.6.0 an attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a crash and...
CVE-2021-37687 AVG-2292 Medium No Denial of service
In TensorFlow before version 2.6.0 TFLite's GatherNd implementation does not support negative indices but there are no checks for this situation. Hence, an...
CVE-2021-37686 AVG-2292 High No Denial of service
In TensorFlow before version 2.6.0 the strided slice implementation in TFLite has a logic bug which can allow an attacker to trigger an infinite loop. This...
CVE-2021-37685 AVG-2292 Medium No Information disclosure
In TensorFlow before version 2.6.0 TFLite's expand_dims.cc contains a vulnerability which allows reading one element outside of bounds of heap allocated...
CVE-2021-37684 AVG-2292 Low No Denial of service
In TensorFlow before version 2.6.0 the implementations of pooling in TFLite are vulnerable to division by 0 errors as there are no checks for divisors not...
CVE-2021-37683 AVG-2292 Low No Denial of service
In TensorFlow before version 2.6.0 the implementation of division in TFLite is vulnerable to a division by 0 error. There is no check that the divisor...
CVE-2021-37682 AVG-2292 Medium No Denial of service
In TensorFlow before version 2.6.0 all TFLite operations that use quantization can be made to use unitialized values. For example. The issue stems from the...
CVE-2021-37681 AVG-2292 High No Denial of service
In TensorFlow before version 2.6.0 the implementation of SVDF in TFLite is vulnerable to a null pointer error. The GetVariableInput function can return a...
CVE-2021-37680 AVG-2292 Low No Denial of service
In TensorFlow before version 2.6.0 the implementation of fully connected layers in TFLite is vulnerable to a division by zero error.
CVE-2021-37679 AVG-2292 High No Arbitrary code execution
In TensorFlow before version 2.6.0 it is possible to nest a tf.map_fn within another tf.map_fn call. However, if the input tensor is a RaggedTensor and...
CVE-2021-37678 AVG-2292 Critical No Arbitrary code execution
In TensorFlow before version 2.6.0 TensorFlow and Keras can be tricked to perform arbitrary code execution when deserializing a Keras model from YAML...
CVE-2021-37677 AVG-2292 Medium No Denial of service
In TensorFlow before version 2.6.0 the shape inference code for tf.raw_ops.Dequantize has a vulnerability that could trigger a denial of service via a...
CVE-2021-37676 AVG-2292 Low No Insufficient validation
In TensorFlow before version 2.6.0 an attacker can cause undefined behavior via binding a reference to null pointer in tf.raw_ops.SparseFillEmptyRows. The...
CVE-2021-37675 AVG-2292 Medium No Denial of service
In TensorFlow before version 2.6.0 most implementations of convolution operators in TensorFlow are affected by a division by 0 vulnerability where an...
CVE-2021-37674 AVG-2292 Medium No Denial of service
In TensorFlow before version 2.6.0 an attacker can trigger a denial of service via a segmentation fault in tf.raw_ops.MaxPoolGrad caused by missing...
CVE-2021-37673 AVG-2292 Medium No Denial of service
In TensorFlow before version 2.6.0 an attacker can trigger a denial of service via a CHECK-fail in tf.raw_ops.MapStage. The implementation does not check...
CVE-2021-37672 AVG-2292 Medium No Information disclosure
In TensorFlow before version 2.6.0 an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to...
CVE-2021-37671 AVG-2292 Low No Insufficient validation
In TensorFlow before version 2.6.0 an attacker can cause undefined behavior via binding a reference to null pointer in tf.raw_ops.Map* and...
CVE-2021-37670 AVG-2292 Medium No Information disclosure
In TensorFlow before version 2.6.0 an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to...
CVE-2021-37669 AVG-2292 High No Denial of service
In TensorFlow before version 2.6.0 an attacker can cause denial of service in applications serving models using tf.raw_ops.NonMaxSuppressionV5 by triggering...
CVE-2021-37668 AVG-2292 Low No Denial of service
In TensorFlow before version 2.6.0 an attacker can cause denial of service in applications serving models using tf.raw_ops.UnravelIndex by triggering a...
CVE-2021-37667 AVG-2292 Low No Insufficient validation
In TensorFlow before version 2.6.0 an attacker can cause undefined behavior via binding a reference to null pointer in tf.raw_ops.UnicodeEncode. The...
CVE-2021-37666 AVG-2292 Low No Insufficient validation
In TensorFlow before version 2.6.0 an attacker can cause undefined behavior via binding a reference to null pointer in tf.raw_ops.RaggedTensorToVariant. The...
CVE-2021-37665 AVG-2292 Medium No Insufficient validation
In TensorFlow before version 2.6.0 due to incomplete validation in MKL implementation of requantization, an attacker can trigger undefined behavior via...
CVE-2021-37664 AVG-2292 Medium No Information disclosure
In TensorFlow before version 2.6.0 an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to...
CVE-2021-37663 AVG-2292 Medium No Information disclosure
In TensorFlow before version 2.6.0 due to incomplete validation in tf.raw_ops.QuantizeV2, an attacker can trigger undefined behavior via binding a reference...
CVE-2021-37662 AVG-2292 Low No Insufficient validation
In TensorFlow before version 2.6.0 an attacker can generate undefined behavior via a reference binding to nullptr in...
CVE-2021-37661 AVG-2292 High No Denial of service
In TensorFlow before version 2.6.0 an attacker can cause a denial of service in boosted_trees_create_quantile_stream_resource by using negative arguments....
CVE-2021-37660 AVG-2292 Low No Denial of service
In TensorFlow before version 2.6.0 an attacker can cause a floating point exception by calling inplace operations with crafted arguments that would result...
CVE-2021-37659 AVG-2292 Low No Information disclosure
In TensorFlow before version 2.6.0 an attacker can cause undefined behavior via binding a reference to null pointer in all binary cwise operations that...
CVE-2021-37658 AVG-2292 Low No Information disclosure
In TensorFlow before version 2.6.0 an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type...
CVE-2021-37657 AVG-2292 Low No Insufficient validation
In TensorFlow before version 2.6.0 an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type...
CVE-2021-37656 AVG-2292 Low No Insufficient validation
In TensorFlow before version 2.6.0 an attacker can cause undefined behavior via binding a reference to null pointer in tf.raw_ops.RaggedTensorToSparse. The...
CVE-2021-37655 AVG-2292 High No Information disclosure
In TensorFlow before version 2.6.0 an attacker can trigger a read from outside of bounds of heap allocated data by sending invalid arguments to...
CVE-2021-37654 AVG-2292 High No Information disclosure
In TensorFlow before version 2.6.0 an attacker can trigger a crash via a CHECK-fail in debug builds of TensorFlow using tf.raw_ops.ResourceGather or a read...
CVE-2021-37653 AVG-2292 Low No Denial of service
In TensorFlow before version 2.6.0 an attacker can trigger a crash via a floating point exception in tf.raw_ops.ResourceGather. The implementation computes...
CVE-2021-37652 AVG-2292 High No Arbitrary code execution
In TensorFlow before version 2.6.0 the implementation for tf.raw_ops.BoostedTreesCreateEnsemble can result in a use after free error if an attacker supplies...
CVE-2021-37651 AVG-2292 High No Information disclosure
In TensorFlow before version 2.6.0 the implementation for tf.raw_ops.FractionalAvgPoolGrad can be tricked into accessing data outside of bounds of heap...
CVE-2021-37650 AVG-2292 High No Denial of service
In TensorFlow before version 2.6.0 the implementation for tf.raw_ops.ExperimentalDatasetToTFRecord and tf.raw_ops.DatasetToTFRecord can trigger heap buffer...
CVE-2021-37649 AVG-2292 Low No Denial of service
In TensorFlow before version 2.6.0, the code for tf.raw_ops.UncompressElement can be made to trigger a null pointer dereference. The implementation obtains...
CVE-2021-37648 AVG-2292 Medium No Denial of service
In TensorFlow before version 2.6.0 the code for tf.raw_ops.SaveV2 does not properly validate the inputs and an attacker can trigger a null pointer...
CVE-2021-37647 AVG-2292 Low No Denial of service
In TensorFlow before version 2.6.0, when a user does not supply arguments that determine a valid sparse tensor, tf.raw_ops.SparseTensorSliceDataset...
CVE-2021-37646 AVG-2292 Medium No Incorrect calculation
In TensorFlow before version 2.6.0 the implementation of tf.raw_ops.StringNGrams is vulnerable to an integer overflow issue caused by converting a signed...
CVE-2021-37645 AVG-2292 Medium No Incorrect calculation
In TensorFlow before version 2.6.0 the implementation of tf.raw_ops.QuantizeAndDequantizeV4Grad is vulnerable to an integer overflow issue caused by...
CVE-2021-37644 AVG-2292 Medium No Denial of service
In TensorFlow before version 2.6.0 providing a negative element to num_elements list argument of tf.raw_ops.TensorListReserve causes the runtime to abort...
CVE-2021-37643 AVG-2292 Low No Denial of service
In TensorFlow before version 2.6.0, If a user does not provide a valid padding value to tf.raw_ops.MatrixDiagPartOp, then the code triggers a null pointer...
CVE-2021-37642 AVG-2292 Low No Denial of service
In TensorFlow before version 2.6.0 the implementation of tf.raw_ops.ResourceScatterDiv is vulnerable to a division by 0 error. The implementation uses a...
CVE-2021-37641 AVG-2292 Low No Information disclosure
In TensorFlow before version 2.6.0 if the arguments to tf.raw_ops.RaggedGather don't determine a valid ragged tensor code can trigger a read from outside of...
CVE-2021-37640 AVG-2292 Low No Denial of service
In TensorFlow before version 2.6.0 the implementation of tf.raw_ops.SparseReshape can be made to trigger an integral division by 0 exception. The...
CVE-2021-37639 AVG-2292 Low No Information disclosure
In TensorFlow before version 2.6.0, when restoring tensors via raw APIs, if the tensor name is not provided, TensorFlow can be tricked into dereferencing a...
CVE-2021-37638 AVG-2292 Low No Denial of service
In TensorFlow before version 2.6.0, sending invalid argument for row_partition_types of tf.raw_ops.RaggedTensorToTensor API results in a null pointer...
CVE-2021-37637 AVG-2292 Low No Denial of service
In TensorFlow before version 2.6.0 it is possible to trigger a null pointer dereference in TensorFlow by passing an invalid input to...
CVE-2021-37636 AVG-2292 Low No Denial of service
In TensorFlow before version 2.6.0 the implementation of tf.raw_ops.SparseDenseCwiseDiv is vulnerable to a division by 0 error. The implementation uses a...
CVE-2021-37635 AVG-2292 Medium No Information disclosure
In TensorFlow before version 2.6.0 the implementation of sparse reduction operations in TensorFlow can trigger accesses outside of bounds of heap allocated...
CVE-2021-29619 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. Passing invalid arguments (e.g., discovered via fuzzing) to...
CVE-2021-29618 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. Passing a complex argument to `tf.transpose` at the same time as passing...
CVE-2021-29617 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. An attacker can cause a denial of service via `CHECK`-fail in `tf.strings.substr` with...
CVE-2021-29616 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. The implementation of TrySimplify(https://github.com/tensorflow/tensor...
CVE-2021-29615 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. The implementation of `ParseAttrValue`(https://github.com/tensorflow/t...
CVE-2021-29614 AVG-1962 Critical No Arbitrary code execution
A security issue has been found in TensorFlow before version 2.4.2. The implementation of `tf.io.decode_raw` produces incorrect results and crashes the...
CVE-2021-29613 AVG-1962 High No Information disclosure
A security issue has been found in TensorFlow before version 2.4.2. Incomplete validation in `tf.raw_ops.CTCLoss` allows an attacker to trigger an OOB read...
CVE-2021-29612 AVG-1962 Low No Arbitrary code execution
A security issue has been found in TensorFlow before version 2.4.2. An attacker can trigger a heap buffer overflow in Eigen implementation of...
CVE-2021-29611 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. Incomplete validation in `SparseReshape` results in a denial of service based on a...
CVE-2021-29610 AVG-1962 Low No Arbitrary code execution
A security issue has been found in TensorFlow before version 2.4.2. The validation in `tf.raw_ops.QuantizeAndDequantizeV2` allows invalid values for `axis`...
CVE-2021-29609 AVG-1962 Critical No Arbitrary code execution
A security issue has been found in TensorFlow before version 2.4.2. Incomplete validation in `SparseAdd` results in allowing attackers to exploit undefined...
CVE-2021-29608 AVG-1962 Medium No Arbitrary code execution
A security issue has been found in TensorFlow before version 2.4.2. Due to lack of validation in `tf.raw_ops.RaggedTensorToTensor`, an attacker can exploit...
CVE-2021-29607 AVG-1962 Medium No Arbitrary code execution
A security issue has been found in TensorFlow before version 2.4.2. Incomplete validation in `SparseAdd` results in allowing attackers to exploit undefined...
CVE-2021-29606 AVG-1962 High No Information disclosure
A security issue has been found in TensorFlow before version 2.4.2. A specially crafted TFLite model could trigger an OOB read on heap in the TFLite...
CVE-2021-29605 AVG-1962 Critical No Arbitrary code execution
A security issue has been found in TensorFlow before version 2.4.2. The TFLite code for allocating `TFLiteIntArray`s is vulnerable to an integer overflow...
CVE-2021-29604 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. The TFLite implementation of hashtable lookup is vulnerable to a division by zero...
CVE-2021-29603 AVG-1962 Medium No Arbitrary code execution
A security issue has been found in TensorFlow before version 2.4.2. A specially crafted TFLite model could trigger an OOB write on heap in the TFLite...
CVE-2021-29602 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. The implementation of the `DepthwiseConv` TFLite operator is vulnerable to a division by...
CVE-2021-29601 AVG-1962 High No Insufficient validation
A security issue has been found in TensorFlow before version 2.4.2. The TFLite implementation of concatenation is vulnerable to an integer overflow...
CVE-2021-29600 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. The implementation of the `OneHot` TFLite operator is vulnerable to a division by zero...
CVE-2021-29599 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. The implementation of the `Split` TFLite operator is vulnerable to a division by zero...
CVE-2021-29598 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. The implementation of the `SVDF` TFLite operator is vulnerable to a division by zero...
CVE-2021-29597 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. The implementation of the `SpaceToBatchNd` TFLite operator is [vulnerable to a division...
CVE-2021-29596 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. The implementation of the `EmbeddingLookup` TFLite operator is vulnerable to a division...
CVE-2021-29595 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. The implementation of the `DepthToSpace` TFLite operator is vulnerable to a division by...
CVE-2021-29594 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. TFLite's convolution code(https://github.com/tensorflow/tensorflow/blo...
CVE-2021-29593 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. The implementation of the `BatchToSpaceNd` TFLite operator is vulnerable to a division...
CVE-2021-29592 AVG-1962 Medium No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. The fix for CVE-2020-15209(https://cve.mitre.org/cgi-...
CVE-2021-29591 AVG-1962 High No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. TFlite graphs must not have loops between nodes. However, this condition was not checked...
CVE-2021-29590 AVG-1962 Low No Information disclosure
A security issue has been found in TensorFlow before version 2.4.2. The implementations of the `Minimum` and `Maximum` TFLite operators can be used to read...
CVE-2021-29589 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. The reference implementation of the `GatherNd` TFLite operator is vulnerable to a...
CVE-2021-29588 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. The optimized implementation of the `TransposeConv` TFLite operator is [vulnerable to a...
CVE-2021-29587 AVG-1962 Low No Insufficient validation
A security issue has been found in TensorFlow before version 2.4.2. The `Prepare` step of the `SpaceToDepth` TFLite operator does not check for 0 before...
CVE-2021-29586 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. Optimized pooling implementations in TFLite fail to check that the stride arguments are...
CVE-2021-29585 AVG-1962 Low No Insufficient validation
A security issue has been found in TensorFlow before version 2.4.2. The TFLite computation for size of output after padding, `ComputeOutSi...
CVE-2021-29584 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. An attacker can trigger a denial of service via a `CHECK`-fail in caused by an integer...
CVE-2021-29583 AVG-1962 Low No Arbitrary code execution
A security issue has been found in TensorFlow before version 2.4.2. The implementation of `tf.raw_ops.FusedBatchNorm` is vulnerable to a heap buffer...
CVE-2021-29582 AVG-1962 Low No Information disclosure
A security issue has been found in TensorFlow before version 2.4.2. Due to lack of validation in `tf.raw_ops.Dequantize`, an attacker can trigger a read...
CVE-2021-29581 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. Due to lack of validation in `tf.raw_ops.CTCBeamSearchDecoder`, an attacker can trigger...
CVE-2021-29580 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. The implementation of `tf.raw_ops.FractionalMaxPoolGrad` triggers an undefined behavior...
CVE-2021-29579 AVG-1962 Low No Arbitrary code execution
A security issue has been found in TensorFlow before version 2.4.2. The implementation of `tf.raw_ops.MaxPoolGrad` is vulnerable to a heap buffer overflow....
CVE-2021-29578 AVG-1962 Low No Arbitrary code execution
A security issue has been found in TensorFlow before version 2.4.2. The implementation of `tf.raw_ops.FractionalAvgPoolGrad` is vulnerable to a heap buffer...
CVE-2021-29577 AVG-1962 Low No Arbitrary code execution
A security issue has been found in TensorFlow before version 2.4.2. The implementation of `tf.raw_ops.AvgPool3DGrad` is vulnerable to a heap buffer...
CVE-2021-29576 AVG-1962 Low No Arbitrary code execution
A security issue has been found in TensorFlow before version 2.4.2. The implementation of `tf.raw_ops.MaxPool3DGradGrad` is vulnerable to a heap buffer...
CVE-2021-29575 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. The implementation of `tf.raw_ops.ReverseSequence` allows for stack overflow and/or...
CVE-2021-29574 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. The implementation of `tf.raw_ops.MaxPool3DGradGrad` exhibits undefined behavior by...
CVE-2021-29573 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. The implementation of `tf.raw_ops.MaxPoolGradWithArgmax` is vulnerable to a division by...
CVE-2021-29572 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. The implementation of `tf.raw_ops.SdcaOptimizer` triggers undefined behavior due to...
CVE-2021-29571 AVG-1962 Medium No Information disclosure
A security issue has been found in TensorFlow before version 2.4.2. The implementation of `tf.raw_ops.MaxPoolGradWithArgmax` can cause reads outside of...
CVE-2021-29570 AVG-1962 Low No Information disclosure
A security issue has been found in TensorFlow before version 2.4.2. The implementation of `tf.raw_ops.MaxPoolGradWithArgmax` can cause reads outside of...
CVE-2021-29569 AVG-1962 Low No Information disclosure
A security issue has been found in TensorFlow before version 2.4.2. The implementation of `tf.raw_ops.MaxPoolGradWithArgmax` can cause reads outside of...
CVE-2021-29568 AVG-1962 Low No Insufficient validation
A security issue has been found in TensorFlow before version 2.4.2. An attacker can trigger undefined behavior by binding to null pointer in...
CVE-2021-29567 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. Due to lack of validation in `tf.raw_ops.SparseDenseCwiseMul`, an attacker can trigger...
CVE-2021-29566 AVG-1962 Low No Arbitrary code execution
A security issue has been found in TensorFlow before version 2.4.2. An attacker can write outside the bounds of heap allocated arrays by passing invalid...
CVE-2021-29565 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. An attacker can trigger a null pointer dereference in the implementation of...
CVE-2021-29564 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. An attacker can trigger a null pointer dereference in the implementation of...
CVE-2021-29563 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. An attacker can cause a denial of service by exploiting a `CHECK`-failure coming from...
CVE-2021-29562 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. An attacker can cause a denial of service by exploiting a `CHECK`-failure coming from...
CVE-2021-29561 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. An attacker can cause a denial of service by exploiting a `CHECK`-failure coming from...
CVE-2021-29560 AVG-1962 Low No Arbitrary code execution
A security issue has been found in TensorFlow before version 2.4.2. An attacker can cause a heap buffer overflow in `tf.raw_ops.RaggedTensorToTensor`. This...
CVE-2021-29559 AVG-1962 Low No Information disclosure
A security issue has been found in TensorFlow before version 2.4.2. An attacker can access data outside of bounds of heap allocated array in...
CVE-2021-29558 AVG-1962 Low No Arbitrary code execution
A security issue has been found in TensorFlow before version 2.4.2. An attacker can cause a heap buffer overflow in `tf.raw_ops.SparseSplit`. This is...
CVE-2021-29557 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. An attacker can cause a denial of service via a FPE runtime error in...
CVE-2021-29556 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. An attacker can cause a denial of service via a FPE runtime error in...
CVE-2021-29555 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. An attacker can cause a denial of service via a FPE runtime error in...
CVE-2021-29554 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. An attacker can cause a denial of service via a FPE runtime error in...
CVE-2021-29553 AVG-1962 Low No Information disclosure
A security issue has been found in TensorFlow before version 2.4.2. An attacker can read data outside of bounds of heap allocated buffer in...
CVE-2021-29552 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. An attacker can cause a denial of service by controlling the values of `num_segments`...
CVE-2021-29551 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. The implementation of `MatrixTriangularSolve`(https://github.com/tenso...
CVE-2021-29550 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. An attacker can cause a runtime division by zero error and denial of service in...
CVE-2021-29549 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. An attacker can cause a runtime division by zero error and denial of service in...
CVE-2021-29548 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. An attacker can cause a runtime division by zero error and denial of service in...
CVE-2021-29547 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. An attacker can cause a segfault and denial of service via accessing data outside of...
CVE-2021-29546 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. An attacker can trigger an integer division by zero undefined behavior in...
CVE-2021-29545 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. An attacker can trigger a denial of service via a `CHECK`-fail in converting sparse...
CVE-2021-29544 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. An attacker can trigger a denial of service via a `CHECK`-fail in...
CVE-2021-29543 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. An attacker can trigger a denial of service via a `CHECK`-fail in...
CVE-2021-29542 AVG-1962 Low No Arbitrary code execution
A security issue has been found in TensorFlow before version 2.4.2. An attacker can cause a heap buffer overflow by passing crafted inputs to...
CVE-2021-29541 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. An attacker can trigger a dereference of a null pointer in `tf.raw_ops.StringNGrams`....
CVE-2021-29540 AVG-1962 Low No Insufficient validation
A security issue has been found in TensorFlow before version 2.4.2. An attacker can cause a heap buffer overflow to occur in `Conv2DBackpropFilter`. This is...
CVE-2021-29539 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. Calling `tf.raw_ops.ImmutableConst`(https://www.tensorflow.org/api_doc...
CVE-2021-29538 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. An attacker can cause a division by zero to occur in `Conv2DBackpropFilter`. This is...
CVE-2021-29537 AVG-1962 Low No Arbitrary code execution
A security issue has been found in TensorFlow before version 2.4.2. An attacker can cause a heap buffer overflow in `QuantizedResizeBilinear` by passing in...
CVE-2021-29536 AVG-1962 Low No Arbitrary code execution
A security issue has been found in TensorFlow before version 2.4.2. An attacker can cause a heap buffer overflow in `QuantizedReshape` by passing in invalid...
CVE-2021-29535 AVG-1962 Low No Arbitrary code execution
A security issue has been found in TensorFlow before version 2.4.2. An attacker can cause a heap buffer overflow in `QuantizedMul` by passing in invalid...
CVE-2021-29534 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. An attacker can trigger a denial of service via a `CHECK`-fail in...
CVE-2021-29533 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. An attacker can trigger a denial of service via a `CHECK` failure by passing an empty...
CVE-2021-29532 AVG-1962 Low No Information disclosure
A security issue has been found in TensorFlow before version 2.4.2. An attacker can force accesses outside the bounds of heap allocated arrays by passing in...
CVE-2021-29531 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. An attacker can trigger a `CHECK` fail in PNG encoding by providing an empty input...
CVE-2021-29530 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. An attacker can trigger a null pointer dereference by providing an invalid `permutation`...
CVE-2021-29529 AVG-1962 Low No Arbitrary code execution
A security issue has been found in TensorFlow before version 2.4.2. An attacker can trigger a heap buffer overflow in `tf.raw_ops.QuantizedResizeBilinear`...
CVE-2021-29528 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. An attacker can trigger a division by 0 in `tf.raw_ops.QuantizedMul`. This is because...
CVE-2021-29527 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. An attacker can trigger a division by 0 in `tf.raw_ops.QuantizedConv2D`. This is because...
CVE-2021-29526 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. An attacker can trigger a division by 0 in `tf.raw_ops.Conv2D`. This is because the...
CVE-2021-29525 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. An attacker can trigger a division by 0 in `tf.raw_ops.Conv2DBackpropInput`. This is...
CVE-2021-29524 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. An attacker can trigger a division by 0 in `tf.raw_ops.Conv2DBackpropFilter`. This is...
CVE-2021-29523 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. An attacker can trigger a denial of service via a `CHECK`-fail in...
CVE-2021-29522 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. The `tf.raw_ops.Conv3DBackprop*` operations fail to validate that the input tensors are...
CVE-2021-29521 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. Specifying a negative dense shape in `tf.raw_ops.SparseCountSparseOutput` results in a...
CVE-2021-29520 AVG-1962 Low No Arbitrary code execution
A security issue has been found in TensorFlow before version 2.4.2. Missing validation between arguments to `tf.raw_ops.Conv3DBackprop*` operations can...
CVE-2021-29519 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. The API of `tf.raw_ops.SparseCross` allows combinations which would result in a...
CVE-2021-29518 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. In eager mode (default in TF 2.0 and later), session operations are invalid. However,...
CVE-2021-29517 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. A malicious user could trigger a division by 0 in `Conv3D` implementation. The...
CVE-2021-29516 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. Calling `tf.raw_ops.RaggedTensorToVariant` with arguments specifying an invalid ragged...
CVE-2021-29515 AVG-1962 Low No Insufficient validation
A security issue has been found in TensorFlow before version 2.4.2. The implementation of `MatrixDiag*` operations(https://github.com/tens...
CVE-2021-29514 AVG-1962 Low No Information disclosure
A security issue has been found in TensorFlow before version 2.4.2. If the `splits` argument of `RaggedBincount` does not specify a valid `Sp...
CVE-2021-29513 AVG-1962 Low No Denial of service
A security issue has been found in TensorFlow before version 2.4.2. Calling TF operations with tensors of non-numeric types when the operations expect...
CVE-2021-29512 AVG-1962 Low No Information disclosure
A security issue has been found in TensorFlow before version 2.4.2. If the "splits" argument of RaggedBincount does not specify a valid SparseTensor, then...
CVE-2020-26271 AVG-1348 High No Information disclosure
In affected versions of TensorFlow under certain cases, loading a saved model can result in accessing uninitialized memory while building the computation...
CVE-2020-26270 AVG-1348 Low No Denial of service
In affected versions of TensorFlow running an LSTM/GRU model where the LSTM/GRU layer receives an input with zero-length results in a CHECK failure when...
CVE-2020-26269 AVG-1348 Critical No Information disclosure
In TensorFlow release candidate versions 2.4.0rc*, the general implementation for matching filesystem paths to globbing pattern is vulnerable to an access...
CVE-2020-26268 AVG-1348 Low No Denial of service
In affected versions of TensorFlow the tf.raw_ops.ImmutableConst operation returns a constant tensor created from a memory mapped file which is assumed...
CVE-2020-26267 AVG-1348 Low No Information disclosure
In affected versions of TensorFlow the tf.raw_ops.DataFormatVecPermute API does not validate the src_format and dst_format attributes. The code assumes that...
CVE-2020-26266 AVG-1348 Low No Information disclosure
In affected versions of TensorFlow under certain cases a saved model can trigger use of uninitialized values during code execution. This is caused by having...
CVE-2020-15266 AVG-1350 Low No Denial of service
In Tensorflow before version 2.4.0, when the boxes argument of tf.image.crop_and_resize has a very large value, the CPU kernel implementation receives it as...
CVE-2020-15265 AVG-1350 Medium No Denial of service
In Tensorflow before version 2.4.0, an attacker can pass an invalid axis value to tf.quantization.quantize_and_dequantize. This results in accessing a...

Advisories

Date Advisory Group Severity Type
16 Dec 2020 ASA-202012-22 AVG-1348 Critical multiple issues