Home/Product/google tensorflow
Product

google tensorflow

431 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-55559
all versions
An issue was discovered TensorFlow v2.18.0. A Denial of Service (DoS) occurs when padding is set to 'valid' in tf.keras.layers.Con
7.5HIGH
 CVE-2025-55556
all versions
TensorFlow v2.18.0 was discovered to output random results when compiling Embedding, leading to unexpected behavior in the applica
6.5MEDIUM
 CVE-2023-33976
< 2.13.0
TensorFlow is an end-to-end open source platform for machine learning. array_ops.upper_bound causes a segfault when not given a
7.5HIGH
 CVE-2023-25661
< 2.11.1
TensorFlow is an Open Source Machine Learning Framework. In versions prior to 2.11.1 a malicious invalid input crashes a tensorflo
6.5MEDIUM
 CVE-2023-27579
< 2.12.0
TensorFlow is an end-to-end open source platform for machine learning. Constructing a tflite model with a paramater `filter_input_
7.5HIGH
 CVE-2023-25801
< 2.12.0
TensorFlow is an open source machine learning platform. Prior to versions 2.12.0 and 2.11.1, nn_ops.fractional_avg_pool_v2 and `
8.0HIGH
 CVE-2023-25676
< 2.12.0
TensorFlow is an open source machine learning platform. When running versions prior to 2.12.0 and 2.11.1 with XLA, `tf.raw_ops.Par
7.5HIGH
 CVE-2023-25675
< 2.12.0
TensorFlow is an open source machine learning platform. When running versions prior to 2.12.0 and 2.11.1 with XLA, `tf.raw_ops.Bin
7.5HIGH
 CVE-2023-25674
< 2.12.0
TensorFlow is an open source machine learning platform. Versions prior to 2.12.0 and 2.11.1 have a null pointer error in RandomShu
7.5HIGH
 CVE-2023-25673
< 2.12.0
TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 have a Floating Point Exception in
7.5HIGH
 CVE-2023-25672
< 2.12.0
TensorFlow is an open source platform for machine learning. The function tf.raw_ops.LookupTableImportV2 cannot handle scalars in
7.5HIGH
 CVE-2023-25671
< 2.12.0
TensorFlow is an open source platform for machine learning. There is out-of-bounds access due to mismatched integer type sizes. A
7.5HIGH
 CVE-2023-25670
< 2.12.0
TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 have a null point error in Quantiz
7.5HIGH
 CVE-2023-25669
< 2.12.0
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, if the stride and window size are
7.5HIGH
 CVE-2023-25668
< 2.12.0
TensorFlow is an open source platform for machine learning. Attackers using Tensorflow prior to 2.12.0 or 2.11.1 can access heap m
9.8CRITICAL
 CVE-2023-25667
< 2.12.0
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, integer overflow occurs when `2^3
6.5MEDIUM
 CVE-2023-25666
< 2.12.0
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, there is a floating point excepti
7.5HIGH
 CVE-2023-25665
< 2.12.0
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when SparseSparseMaximum is giv
7.5HIGH
 CVE-2023-25664
< 2.12.0
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, there is a heap buffer overflow i
7.5HIGH
 CVE-2023-25663
< 2.12.0
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when ctx-step_containter() is a
7.5HIGH
 CVE-2023-25662
< 2.12.0
TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 are vulnerable to integer overflow
7.5HIGH
 CVE-2023-25660
< 2.12.0
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when the parameter summarize of
7.5HIGH
 CVE-2023-25659
< 2.12.0
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, if the parameter indices for `D
7.5HIGH
 CVE-2023-25658
< 2.12.0
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, an out of bounds read is in GRUBl
7.5HIGH
 CVE-2022-41910
< 2.8.4
TensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem takes arguments that determine t
4.8MEDIUM
 CVE-2022-41902
< 2.8.4
TensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem takes arguments that determine t
7.1HIGH
 CVE-2022-41911
< 2.8.4
TensorFlow is an open source platform for machine learning. When printing a tensor, we get it's data as a const char* array (sin
4.8MEDIUM
 CVE-2022-41909
< 2.8.4
TensorFlow is an open source platform for machine learning. An input encoded that is not a valid CompositeTensorVariant tensor
4.8MEDIUM
 CVE-2022-41908
< 2.8.4
TensorFlow is an open source platform for machine learning. An input token that is not a UTF-8 bytestring will trigger a CHECK
4.8MEDIUM
 CVE-2022-41907
< 2.8.4
TensorFlow is an open source platform for machine learning. When tf.raw_ops.ResizeNearestNeighborGrad is given a large size in
4.8MEDIUM
 CVE-2022-41901
< 2.8.4
TensorFlow is an open source platform for machine learning. An input sparse_matrix that is not a matrix with a shape with rank 0
4.8MEDIUM
 CVE-2022-41900
< 2.8.4
TensorFlow is an open source platform for machine learning. The security vulnerability results in FractionalMax(AVG)Pool with ille
7.1HIGH
 CVE-2022-41899
< 2.8.4
TensorFlow is an open source platform for machine learning. Inputs dense_features or example_state_data not of rank 2 will tri
4.8MEDIUM
 CVE-2022-41898
< 2.8.4
TensorFlow is an open source platform for machine learning. If SparseFillEmptyRowsGrad is given empty inputs, TensorFlow will cr
4.8MEDIUM
 CVE-2022-41897
< 2.8.4
TensorFlow is an open source platform for machine learning. If FractionMaxPoolGrad is given outsize inputs `row_pooling_sequence
4.8MEDIUM
 CVE-2022-41896
< 2.8.4
TensorFlow is an open source platform for machine learning. If ThreadUnsafeUnigramCandidateSampler is given input `filterbank_ch
4.8MEDIUM
 CVE-2022-41895
< 2.8.4
TensorFlow is an open source platform for machine learning. If MirrorPadGrad is given outsize input paddings, TensorFlow will
4.8MEDIUM
 CVE-2022-41894
< 2.8.4
TensorFlow is an open source platform for machine learning. The reference kernel of the CONV_3D_TRANSPOSE TensorFlow Lite operat
7.1HIGH
 CVE-2022-41893
< 2.8.4
TensorFlow is an open source platform for machine learning. If tf.raw_ops.TensorListResize is given a nonscalar value for input
4.8MEDIUM
 CVE-2022-41891
< 2.8.4
TensorFlow is an open source platform for machine learning. If tf.raw_ops.TensorListConcat is given element_shape=[], it resul
4.8MEDIUM
 CVE-2022-41890
< 2.8.4
TensorFlow is an open source platform for machine learning. If BCast::ToShape is given input larger than an int32, it will cra
4.8MEDIUM
 CVE-2022-41889
< 2.8.4
TensorFlow is an open source platform for machine learning. If a list of quantized tensors is assigned to an attribute, the pywrap
5.5MEDIUM
 CVE-2022-41888
< 2.8.4
TensorFlow is an open source platform for machine learning. When running on GPU, tf.image.generate_bounding_box_proposals receiv
4.8MEDIUM
 CVE-2022-41887
>= 2.9.0 and < 2.9.3
TensorFlow is an open source platform for machine learning. tf.keras.losses.poisson receives a y_pred and y_true that are pa
4.8MEDIUM
 CVE-2022-41886
< 2.8.4
TensorFlow is an open source platform for machine learning. When tf.raw_ops.ImageProjectiveTransformV2 is given a large output s
4.8MEDIUM
 CVE-2022-41885
< 2.7.4
TensorFlow is an open source platform for machine learning. When tf.raw_ops.FusedResizeAndPadConv2D is given a large tensor shap
4.8MEDIUM
 CVE-2022-41884
< 2.8.4
TensorFlow is an open source platform for machine learning. If a numpy array is created with a shape such that one element is zero
4.8MEDIUM
 CVE-2022-41880
< 2.8.4
TensorFlow is an open source platform for machine learning. When the BaseCandidateSamplerOp function receives a value in `true_c
6.8MEDIUM
 CVE-2022-41883
all versions
TensorFlow is an open source platform for machine learning. When ops that have specified input sizes receive a differing number of
6.8MEDIUM
 CVE-2022-36027
< 2.7.2
TensorFlow is an open source platform for machine learning. When converting transposed convolutions using per-channel weight quant
5.9MEDIUM
 CVE-2022-36017
< 2.7.2
TensorFlow is an open source platform for machine learning. If Requantize is given input_min, input_max, `requested_output_m
5.9MEDIUM
 CVE-2022-36016
< 2.7.2
TensorFlow is an open source platform for machine learning. When tensorflow::full_type::SubstituteFromAttrs receives a `FullType
5.9MEDIUM
 CVE-2022-36015
< 2.7.2
TensorFlow is an open source platform for machine learning. When RangeSize receives values that do not fit into an int64_t, it
5.9MEDIUM
 CVE-2022-36014
< 2.7.2
TensorFlow is an open source platform for machine learning. When mlir::tfg::TFOp::nameAttr receives null type list attributes, i
5.9MEDIUM
 CVE-2022-36013
< 2.7.2
TensorFlow is an open source platform for machine learning. When mlir::tfg::GraphDefImporter::ConvertNodeDef tries to convert No
5.9MEDIUM
 CVE-2022-36012
< 2.7.2
TensorFlow is an open source platform for machine learning. When mlir::tfg::ConvertGenericFunctionToFunctionDef is given empty f
5.9MEDIUM
 CVE-2022-36011
< 2.7.2
TensorFlow is an open source platform for machine learning. When mlir::tfg::ConvertGenericFunctionToFunctionDef is given empty f
5.9MEDIUM
 CVE-2022-36005
< 2.7.2
TensorFlow is an open source platform for machine learning. When tf.quantization.fake_quant_with_min_max_vars_gradient receives
5.9MEDIUM
 CVE-2022-36004
< 2.7.2
TensorFlow is an open source platform for machine learning. When tf.random.gamma receives large input shape and rates, it gives
5.9MEDIUM
 CVE-2022-36003
< 2.7.2
TensorFlow is an open source platform for machine learning. When RandomPoissonV2 receives large input shape and rates, it gives
5.9MEDIUM
 CVE-2022-36002
< 2.7.2
TensorFlow is an open source platform for machine learning. When Unbatch receives a nonscalar input id, it gives a CHECK fai
5.9MEDIUM
 CVE-2022-36001
< 2.7.2
TensorFlow is an open source platform for machine learning. When DrawBoundingBoxes receives an input boxes that is not of dtyp
5.9MEDIUM
 CVE-2022-36000
< 2.7.2
TensorFlow is an open source platform for machine learning. When mlir::tfg::ConvertGenericFunctionToFunctionDef is given empty f
5.9MEDIUM
 CVE-2022-35999
< 2.7.2
TensorFlow is an open source platform for machine learning. When Conv2DBackpropInput receives empty out_backprop inputs (e.g.
5.9MEDIUM
 CVE-2022-35998
< 2.7.2
TensorFlow is an open source platform for machine learning. If EmptyTensorList receives an input element_shape with more than
5.9MEDIUM
 CVE-2022-35997
< 2.7.2
TensorFlow is an open source platform for machine learning. If tf.sparse.cross receives an input separator that is not a scala
5.9MEDIUM
 CVE-2022-35996
< 2.7.2
TensorFlow is an open source platform for machine learning. If Conv2D is given empty input and the filter and padding size
5.9MEDIUM
 CVE-2022-35995
< 2.7.2
TensorFlow is an open source platform for machine learning. When AudioSummaryV2 receives an input sample_rate with more than o
5.9MEDIUM
 CVE-2022-35994
< 2.7.2
TensorFlow is an open source platform for machine learning. When CollectiveGather receives an scalar input input, it gives a `
5.9MEDIUM
 CVE-2022-35993
< 2.7.2
TensorFlow is an open source platform for machine learning. When SetSize receives an input set_shape that is not a 1D tensor,
5.9MEDIUM
 CVE-2022-35992
< 2.7.2
TensorFlow is an open source platform for machine learning. When TensorListFromTensor receives an element_shape of a rank grea
5.9MEDIUM
 CVE-2022-35991
< 2.7.2
TensorFlow is an open source platform for machine learning. When TensorListScatter and TensorListScatterV2 receive an `element
5.9MEDIUM
 CVE-2022-36026
< 2.7.2
TensorFlow is an open source platform for machine learning. If QuantizeAndDequantizeV3 is given a nonscalar num_bits input ten
5.9MEDIUM
 CVE-2022-36019
< 2.7.2
TensorFlow is an open source platform for machine learning. If FakeQuantWithMinMaxVarsPerChannel is given min or max tensors
5.9MEDIUM
 CVE-2022-36018
< 2.7.2
TensorFlow is an open source platform for machine learning. If RaggedTensorToVariant is given a rt_nested_splits list that con
5.9MEDIUM
 CVE-2022-35990
< 2.7.2
TensorFlow is an open source platform for machine learning. When `tf.quantization.fake_quant_with_min_max_vars_per_channel_gradien
5.9MEDIUM
 CVE-2022-35989
< 2.7.2
TensorFlow is an open source platform for machine learning. When MaxPool receives a window size input array ksize with dimensi
5.9MEDIUM
 CVE-2022-35988
< 2.7.2
TensorFlow is an open source platform for machine learning. When tf.linalg.matrix_rank receives an empty input a, the GPU kern
5.9MEDIUM
 CVE-2022-35987
< 2.7.2
TensorFlow is an open source platform for machine learning. DenseBincount assumes its input tensor weights to either have the
5.9MEDIUM
 CVE-2022-35986
< 2.7.2
TensorFlow is an open source platform for machine learning. If RaggedBincount is given an empty input tensor splits, it result
5.9MEDIUM
 CVE-2022-35985
< 2.7.2
TensorFlow is an open source platform for machine learning. If LRNGrad is given an output_image input tensor that is not 4-D,
5.9MEDIUM
 CVE-2022-35984
< 2.7.2
TensorFlow is an open source platform for machine learning. ParameterizedTruncatedNormal assumes shape is of type int32. A v
5.9MEDIUM
 CVE-2022-35983
< 2.7.2
TensorFlow is an open source platform for machine learning. If Save or SaveSlices is run over tensors of an unsupported `dtype
5.9MEDIUM
 CVE-2022-35982
< 2.7.2
TensorFlow is an open source platform for machine learning. If SparseBincount is given inputs for indices, values, and `dens
5.9MEDIUM
 CVE-2022-35981
< 2.7.2
TensorFlow is an open source platform for machine learning. FractionalMaxPoolGrad validates its inputs with CHECK failures ins
5.9MEDIUM
 CVE-2022-35979
< 2.7.2
TensorFlow is an open source platform for machine learning. If QuantizedRelu or QuantizedRelu6 are given nonscalar inputs for
5.9MEDIUM
 CVE-2022-35974
>= 2.7.0 and < 2.7.2
TensorFlow is an open source platform for machine learning. If QuantizeDownAndShrinkRange is given nonscalar inputs for `input_m
5.9MEDIUM
 CVE-2022-35973
>= 2.7.0 and < 2.7.2
TensorFlow is an open source platform for machine learning. If QuantizedMatMul is given nonscalar input for: min_a, max_a, `
5.9MEDIUM
 CVE-2022-35972
>= 2.7.0 and < 2.7.2
TensorFlow is an open source platform for machine learning. If QuantizedBiasAdd is given min_input, max_input, min_bias, `
5.9MEDIUM
 CVE-2022-35971
>= 2.7.0 and < 2.7.2
TensorFlow is an open source platform for machine learning. If FakeQuantWithMinMaxVars is given min or max tensors of a nonz
5.9MEDIUM
 CVE-2022-35970
>= 2.7.0 and < 2.7.2
TensorFlow is an open source platform for machine learning. If QuantizedInstanceNorm is given x_min or x_max tensors of a no
5.9MEDIUM
 CVE-2022-35969
>= 2.7.0 and < 2.7.2
TensorFlow is an open source platform for machine learning. The implementation of Conv2DBackpropInput requires input_sizes to
5.9MEDIUM
 CVE-2022-35968
>= 2.7.0 and < 2.7.2
TensorFlow is an open source platform for machine learning. The implementation of AvgPoolGrad does not fully validate the input
5.9MEDIUM
 CVE-2022-35967
>= 2.7.0 and < 2.7.2
TensorFlow is an open source platform for machine learning. If QuantizedAdd is given min_input or max_input tensors of a non
5.9MEDIUM
 CVE-2022-35966
>= 2.7.0 and < 2.7.2
TensorFlow is an open source platform for machine learning. If QuantizedAvgPool is given min_input or max_input tensors of a
5.9MEDIUM
 CVE-2022-35965
>= 2.7.0 and < 2.7.2
TensorFlow is an open source platform for machine learning. If LowerBound or UpperBound is given an emptysorted_inputs input
5.9MEDIUM
 CVE-2022-35964
>= 2.7.0 and < 2.7.2
TensorFlow is an open source platform for machine learning. The implementation of BlockLSTMGradV2 does not fully validate its in
5.9MEDIUM
 CVE-2022-35963
>= 2.7.0 and < 2.7.2
TensorFlow is an open source platform for machine learning. The implementation of FractionalAvgPoolGrad does not fully validate
5.9MEDIUM
 CVE-2022-35960
>= 2.7.0 and < 2.7.2
TensorFlow is an open source platform for machine learning. In core/kernels/list_kernels.cc's TensorListReserve, num_elements
5.9MEDIUM
 CVE-2022-35959
>= 2.7.0 and < 2.7.2
TensorFlow is an open source platform for machine learning. The implementation of AvgPool3DGradOp does not fully validate the in
5.9MEDIUM
 CVE-2022-35952
>= 2.7.0 and < 2.7.2
TensorFlow is an open source platform for machine learning. The UnbatchGradOp function takes an argument id that is assumed to
5.9MEDIUM
 CVE-2022-35941
>= 2.7.0 and < 2.7.2
TensorFlow is an open source platform for machine learning. The AvgPoolOp function takes an argument ksize that must be positi
5.9MEDIUM
 CVE-2022-35940
>= 2.7.0 and < 2.7.2
TensorFlow is an open source platform for machine learning. The RaggedRangOp function takes an argument limits that is eventua
5.9MEDIUM
 CVE-2022-35939
>= 2.7.0 and < 2.7.2
TensorFlow is an open source platform for machine learning. The ScatterNd function takes an input argument that determines the i
7.0HIGH
 CVE-2022-35938
>= 2.7.0 and < 2.7.2
TensorFlow is an open source platform for machine learning. The GatherNd function takes arguments that determine the sizes of in
7.0HIGH
 CVE-2022-35937
>= 2.7.0 and < 2.7.2
TensorFlow is an open source platform for machine learning. The GatherNd function takes arguments that determine the sizes of in
7.0HIGH
 CVE-2022-35935
>= 2.7.0 and < 2.7.2
TensorFlow is an open source platform for machine learning. The implementation of SobolSampleOp is vulnerable to a denial of servi
5.9MEDIUM
 CVE-2022-35934
>= 2.7.0 and < 2.7.2
TensorFlow is an open source platform for machine learning. The implementation of tf.reshape op in TensorFlow is vulnerable to a d
5.9MEDIUM
 CVE-2022-29216
< 2.6.4
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, TensorFlow's `saved_
7.8HIGH
 CVE-2022-29213
< 2.6.4
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the `tf.compat.v1.si
5.5MEDIUM
 CVE-2022-29212
< 2.6.4
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, certain TFLite model
5.5MEDIUM
 CVE-2022-29211
< 2.6.4
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation o
5.5MEDIUM
 CVE-2022-29210
all versions
TensorFlow is an open source platform for machine learning. In version 2.8.0, the TensorKey hash function used total estimated `
5.5MEDIUM
 CVE-2022-29209
< 2.6.4
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the macros that Tens
5.5MEDIUM
 CVE-2022-29208
< 2.6.4
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation o
7.1HIGH
 CVE-2022-29206
< 2.6.4
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation o
5.5MEDIUM
 CVE-2022-29205
< 2.6.4
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, there is a potential
5.5MEDIUM
 CVE-2022-29204
>= 1.15.0 and < 2.6.4
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation o
5.5MEDIUM
 CVE-2022-29203
< 2.6.4
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation o
5.5MEDIUM
 CVE-2022-29202
< 2.6.4
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation o
5.5MEDIUM
 CVE-2022-29201
< 2.6.4
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation o
5.5MEDIUM
 CVE-2022-29207
< 2.6.4
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, multiple TensorFlow
5.5MEDIUM
 CVE-2022-29200
< 2.6.4
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation o
5.5MEDIUM
 CVE-2022-29199
< 2.6.4
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation o
5.5MEDIUM
 CVE-2022-29198
< 2.6.4
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation o
5.5MEDIUM
 CVE-2022-29197
< 2.6.4
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation o
5.5MEDIUM
 CVE-2022-29196
< 2.6.4
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation o
5.5MEDIUM
 CVE-2022-29195
< 2.6.4
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation o
5.5MEDIUM
 CVE-2022-29193
< 2.6.4
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation o
5.5MEDIUM
 CVE-2022-29194
< 2.6.4
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation o
5.5MEDIUM
 CVE-2022-29192
< 2.6.4
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation o
5.5MEDIUM
 CVE-2022-29191
< 2.6.4
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation o
5.5MEDIUM
 CVE-2022-23595
<= 2.5.2
Tensorflow is an Open Source Machine Learning Framework. When building an XLA compilation cache, if default settings are used, Ten
5.3MEDIUM
 CVE-2022-23594
all versions
Tensorflow is an Open Source Machine Learning Framework. The TFG dialect of TensorFlow (MLIR) makes several assumptions about the
8.8HIGH
 CVE-2022-23593
>= 2.7.0 and < 2.8.0
Tensorflow is an Open Source Machine Learning Framework. The simplifyBroadcast function in the MLIR-TFRT infrastructure in Tenso
5.9MEDIUM
 CVE-2022-23592
>= 2.7.0 and < 2.8.0
Tensorflow is an Open Source Machine Learning Framework. TensorFlow's type inference can cause a heap out of bounds read as the bo
8.1HIGH
 CVE-2022-23591
<= 2.5.2
Tensorflow is an Open Source Machine Learning Framework. The GraphDef format in TensorFlow does not allow self recursive functio
7.5HIGH
 CVE-2022-23590
< 2.7.1
Tensorflow is an Open Source Machine Learning Framework. A GraphDef from a TensorFlow SavedModel can be maliciously altered to
5.9MEDIUM
 CVE-2022-23589
<= 2.5.2
Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow can trigger a n
6.5MEDIUM
 CVE-2022-23588
<= 2.5.2
Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a SavedModel
6.5MEDIUM
 CVE-2022-23587
<= 2.5.2
Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow is vulnerable t
8.8HIGH
 CVE-2022-23586
<= 2.5.2
Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a SavedModel
6.5MEDIUM
 CVE-2022-23585
<= 2.5.2
Tensorflow is an Open Source Machine Learning Framework. When decoding PNG images TensorFlow can produce a memory leak if the imag
4.3MEDIUM
 CVE-2022-23584
<= 2.5.2
Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a use after free behavior when decoding PNG im
7.6HIGH
 CVE-2022-23583
<= 2.5.2
Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a SavedModel
6.5MEDIUM
 CVE-2022-23582
<= 2.5.2
Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a SavedModel
6.5MEDIUM
 CVE-2022-23581
<= 2.5.2
Tensorflow is an Open Source Machine Learning Framework. The Grappler optimizer in TensorFlow can be used to cause a denial of ser
6.5MEDIUM
 CVE-2022-23580
<= 2.5.2
Tensorflow is an Open Source Machine Learning Framework. During shape inference, TensorFlow can allocate a large vector based on a
6.5MEDIUM
 CVE-2022-23579
<= 2.5.2
Tensorflow is an Open Source Machine Learning Framework. The Grappler optimizer in TensorFlow can be used to cause a denial of ser
6.5MEDIUM
 CVE-2022-23578
<= 2.5.2
Tensorflow is an Open Source Machine Learning Framework. If a graph node is invalid, TensorFlow can leak memory in the implementat
4.3MEDIUM
 CVE-2022-23577
<= 2.5.2
Tensorflow is an Open Source Machine Learning Framework. The implementation of GetInitOp is vulnerable to a crash caused by dere
6.5MEDIUM
 CVE-2022-23576
<= 2.5.2
Tensorflow is an Open Source Machine Learning Framework. The implementation of OpLevelCostEstimator::CalculateOutputSize is vuln
6.5MEDIUM
 CVE-2022-23575
<= 2.5.2
Tensorflow is an Open Source Machine Learning Framework. The implementation of OpLevelCostEstimator::CalculateTensorSize is vuln
6.5MEDIUM
 CVE-2022-23574
<= 2.5.2
Tensorflow is an Open Source Machine Learning Framework. There is a typo in TensorFlow's SpecializeType which results in heap OO
8.8HIGH
 CVE-2022-23573
<= 2.5.2
Tensorflow is an Open Source Machine Learning Framework. The implementation of AssignOp can result in copying uninitialized data
7.6HIGH
 CVE-2022-23572
<= 2.5.2
Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, TensorFlow can fail to specialize a type during
6.5MEDIUM
 CVE-2022-23571
<= 2.5.2
Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, a TensorFlow process can encounter
6.5MEDIUM
 CVE-2022-23570
<= 2.5.2
Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, TensorFlow might do a null-derefere
6.5MEDIUM
 CVE-2022-23566
<= 2.5.2
Tensorflow is an Open Source Machine Learning Framework. TensorFlow is vulnerable to a heap OOB write in Grappler. The `set_outp
8.8HIGH
 CVE-2022-23565
<= 2.5.2
Tensorflow is an Open Source Machine Learning Framework. An attacker can trigger denial of service via assertion failure by alteri
6.5MEDIUM
 CVE-2022-23564
<= 2.5.2
Tensorflow is an Open Source Machine Learning Framework. When decoding a resource handle tensor from protobuf, a TensorFlow proces
6.5MEDIUM
 CVE-2022-23563
<= 2.5.2
Tensorflow is an Open Source Machine Learning Framework. In multiple places, TensorFlow uses tempfile.mktemp to create temporary
7.1HIGH
 CVE-2022-23562
<= 2.5.2
Tensorflow is an Open Source Machine Learning Framework. The implementation of Range suffers from integer overflows. These can t
7.6HIGH
 CVE-2022-23561
<= 2.5.2
Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause a write outside of
8.8HIGH
 CVE-2022-23560
<= 2.5.2
Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would allow limited reads and w
8.8HIGH
 CVE-2022-23559
<= 2.5.2
Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow
8.8HIGH
 CVE-2022-23558
<= 2.5.2
Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow
7.6HIGH
 CVE-2022-23557
<= 2.5.2
Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would trigger a division by zer
6.5MEDIUM
 CVE-2022-21741
<= 2.5.2
Tensorflow is an Open Source Machine Learning Framework. ### Impact An attacker can craft a TFLite model that would trigger a divi
6.5MEDIUM
 CVE-2022-21740
<= 2.5.2
Tensorflow is an Open Source Machine Learning Framework. The implementation of SparseCountSparseOutput is vulnerable to a heap o
7.6HIGH
 CVE-2022-21739
<= 2.5.2
Tensorflow is an Open Source Machine Learning Framework. The implementation of QuantizedMaxPool has an undefined behavior where
6.5MEDIUM
 CVE-2022-21738
<= 2.5.2
Tensorflow is an Open Source Machine Learning Framework. The implementation of SparseCountSparseOutput can be made to crash a Te
6.5MEDIUM
 CVE-2022-21737
<= 2.5.2
Tensorflow is an Open Source Machine Learning Framework. The implementation of *Bincount operations allows malicious users to ca
6.5MEDIUM
 CVE-2022-23569
<= 2.5.2
Tensorflow is an Open Source Machine Learning Framework. Multiple operations in TensorFlow can be used to trigger a denial of serv
6.5MEDIUM
 CVE-2022-21735
<= 2.5.2
Tensorflow is an Open Source Machine Learning Framework. The implementation of FractionalMaxPool can be made to crash a TensorFl
6.5MEDIUM
 CVE-2022-21734
<= 2.5.2
Tensorflow is an Open Source Machine Learning Framework. The implementation of MapStage is vulnerable a CHECK-fail if the key
6.5MEDIUM
 CVE-2022-21729
<= 2.5.2
Tensorflow is an Open Source Machine Learning Framework. The implementation of UnravelIndex is vulnerable to a division by zero
6.5MEDIUM
 CVE-2022-21725
<= 2.5.2
Tensorflow is an Open Source Machine Learning Framework. The estimator for the cost of some convolution operations can be made to
6.5MEDIUM
 CVE-2022-23568
<= 2.5.2
Tensorflow is an Open Source Machine Learning Framework. The implementation of AddManySparseToTensorsMap is vulnerable to an int
6.5MEDIUM
 CVE-2022-23567
<= 2.5.2
Tensorflow is an Open Source Machine Learning Framework. The implementations of SparseCwise ops are vulnerable to integer over
6.5MEDIUM
 CVE-2022-21736
<= 2.5.2
Tensorflow is an Open Source Machine Learning Framework. The implementation of SparseTensorSliceDataset has an undefined behavio
7.6HIGH
 CVE-2022-21733
<= 2.5.2
Tensorflow is an Open Source Machine Learning Framework. The implementation of StringNGrams can be used to trigger a denial of s
4.3MEDIUM
 CVE-2022-21732
<= 2.5.2
Tensorflow is an Open Source Machine Learning Framework. The implementation of ThreadPoolHandle can be used to trigger a denial
4.3MEDIUM
 CVE-2022-21731
<= 2.5.2
Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for ConcatV2 can be used to trigg
6.5MEDIUM
 CVE-2022-21730
<= 2.5.2
Tensorflow is an Open Source Machine Learning Framework. The implementation of FractionalAvgPoolGrad does not consider cases whe
8.1HIGH
 CVE-2022-21728
<= 2.5.2
Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for ReverseSequence does not full
8.1HIGH
 CVE-2022-21727
<= 2.5.2
Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for Dequantize is vulnerable to a
7.6HIGH
 CVE-2022-21726
<= 2.5.2
Tensorflow is an Open Source Machine Learning Framework. The implementation of Dequantize does not fully validate the value of `
8.1HIGH
 CVE-2021-41228
>= 2.4.0 and < 2.4.4
TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's saved_model_cli tool is vulnerable
7.5HIGH
 CVE-2021-41227
>= 2.4.0 and < 2.4.4
TensorFlow is an open source platform for machine learning. In affected versions the ImmutableConst operation in TensorFlow can
6.6MEDIUM
 CVE-2021-41225
>= 2.4.0 and < 2.4.4
TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's Grappler optimizer has a use of unit
5.5MEDIUM
 CVE-2021-41222
>= 2.4.0 and < 2.4.4
TensorFlow is an open source platform for machine learning. In affected versions the implementation of SplitV can trigger a segf
5.5MEDIUM
 CVE-2021-41221
>= 2.4.0 and < 2.4.4
TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for the Cudnn* operati
7.8HIGH
 CVE-2021-41220
>= 2.6.0 and < 2.6.1
TensorFlow is an open source platform for machine learning. In affected versions the async implementation of CollectiveReduceV2
7.8HIGH
 CVE-2021-41216
>= 2.4.0 and < 2.4.4
TensorFlow is an open source platform for machine learning. In affected versions the shape inference function for Transpose is v
5.5MEDIUM
 CVE-2021-41213
>= 2.4.0 and < 2.4.4
TensorFlow is an open source platform for machine learning. In affected versions the code behind tf.function API can be made to
5.5MEDIUM
 CVE-2021-41218
>= 2.4.0 and < 2.4.4
TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for AllToAll can be ma
5.5MEDIUM
 CVE-2021-41209
>= 2.4.0 and < 2.4.4
TensorFlow is an open source platform for machine learning. In affected versions the implementations for convolution operators tri
5.5MEDIUM
 CVE-2021-41208
>= 2.4.0 and < 2.4.4
TensorFlow is an open source platform for machine learning. In affected versions the code for boosted trees in TensorFlow is still
8.8HIGH
 CVE-2021-41207
>= 2.4.0 and < 2.4.4
TensorFlow is an open source platform for machine learning. In affected versions the implementation of ParallelConcat misses som
5.5MEDIUM
 CVE-2021-41206
>= 2.4.0 and < 2.4.4
TensorFlow is an open source platform for machine learning. In affected versions several TensorFlow operations are missing validat
7.0HIGH
 CVE-2021-41202
>= 2.4.0 and < 2.4.4
TensorFlow is an open source platform for machine learning. In affected versions while calculating the size of the output within t
5.5MEDIUM
 CVE-2021-41226
< 2.4.4
TensorFlow is an open source platform for machine learning. In affected versions the implementation of SparseBinCount is vulnera
7.1HIGH
 CVE-2021-41224
< 2.4.4
TensorFlow is an open source platform for machine learning. In affected versions the implementation of SparseFillEmptyRows can b
7.1HIGH
 CVE-2021-41223
< 2.4.4
TensorFlow is an open source platform for machine learning. In affected versions the implementation of FusedBatchNorm kernels is
7.1HIGH
 CVE-2021-41219
< 2.4.4
TensorFlow is an open source platform for machine learning. In affected versions the code for sparse matrix multiplication is vuln
7.8HIGH
 CVE-2021-41217
< 2.4.4
TensorFlow is an open source platform for machine learning. In affected versions the process of building the control flow graph fo
5.5MEDIUM
 CVE-2021-41215
< 2.4.4
TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for DeserializeSparse
5.5MEDIUM
 CVE-2021-41214
< 2.4.4
TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for tf.ragged.cross ha
7.8HIGH
 CVE-2021-41212
< 2.4.4
TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for tf.ragged.cross ca
7.1HIGH
 CVE-2021-41211
all versions
TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for QuantizeV2 can tri
7.1HIGH
 CVE-2021-41205
< 2.4.4
TensorFlow is an open source platform for machine learning. In affected versions the shape inference functions for the `QuantizeAn
7.1HIGH
 CVE-2021-41204
< 2.4.4
TensorFlow is an open source platform for machine learning. In affected versions during TensorFlow's Grappler optimizer phase, con
5.5MEDIUM
 CVE-2021-41203
< 2.4.4
TensorFlow is an open source platform for machine learning. In affected versions an attacker can trigger undefined behavior, integ
7.8HIGH
 CVE-2021-41210
< 2.4.4
TensorFlow is an open source platform for machine learning. In affected versions the shape inference functions for `SparseCountSpa
7.1HIGH
 CVE-2021-41201
< 2.4.4
TensorFlow is an open source platform for machine learning. In affeced versions during execution, EinsumHelper::ParseEquation()
7.8HIGH
 CVE-2021-41200
< 2.4.4
TensorFlow is an open source platform for machine learning. In affected versions if tf.summary.create_file_writer is called with
5.5MEDIUM
 CVE-2021-41199
< 2.4.4
TensorFlow is an open source platform for machine learning. In affected versions if tf.image.resize is called with a large input
5.5MEDIUM
 CVE-2021-41198
< 2.4.4
TensorFlow is an open source platform for machine learning. In affected versions if tf.tile is called with a large input argumen
5.5MEDIUM
 CVE-2021-41197
< 2.4.4
TensorFlow is an open source platform for machine learning. In affected versions TensorFlow allows tensor to have a large number o
5.5MEDIUM
 CVE-2021-41196
< 2.4.4
TensorFlow is an open source platform for machine learning. In affected versions the Keras pooling layers can trigger a segfault i
5.5MEDIUM
 CVE-2021-41195
< 2.4.4
TensorFlow is an open source platform for machine learning. In affected versions the implementation of tf.math.segment_* operati
5.5MEDIUM
 CVE-2021-37690
>= 2.3.0 and < 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions when running shape functions, some fun
6.6MEDIUM
 CVE-2021-37692
>= 2.5.0 and < 2.6.0
TensorFlow is an end-to-end open source platform for machine learning. In affected versions under certain conditions, Go code can
5.5MEDIUM
 CVE-2021-37691
>= 2.3.0 and < 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model t
5.5MEDIUM
 CVE-2021-37687
>= 2.3.0 and < 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions TFLite's GatherNd implementation doe
5.5MEDIUM
 CVE-2021-37685
>= 2.3.0 and < 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions TFLite's expand_dims.cc contains a v
5.5MEDIUM
 CVE-2021-37684
>= 2.3.0 and < 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementations of pooling in TFLi
5.5MEDIUM
 CVE-2021-37683
>= 2.3.0 and < 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of division in TFLi
5.5MEDIUM
 CVE-2021-37682
>= 2.3.0 and < 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions all TFLite operations that use quantiz
4.4MEDIUM
 CVE-2021-37679
>= 2.3.0 and < 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions it is possible to nest a tf.map_fn w
7.1HIGH
 CVE-2021-37678
>= 2.3.0 and < 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions TensorFlow and Keras can be tricked to
9.3CRITICAL
 CVE-2021-37677
>= 2.3.0 and < 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the shape inference code for `tf.raw_o
5.5MEDIUM
 CVE-2021-37674
>= 2.3.0 and < 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a denial of se
5.5MEDIUM
 CVE-2021-37673
>= 2.3.0 and < 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a denial of se
5.5MEDIUM
 CVE-2021-37672
>= 2.3.0 and < 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of b
5.5MEDIUM
 CVE-2021-37670
>= 2.3.0 and < 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of b
5.5MEDIUM
 CVE-2021-37669
>= 2.3.0 and < 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause denial of servic
5.5MEDIUM
 CVE-2021-37668
>= 2.3.0 and < 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause denial of servic
5.5MEDIUM
 CVE-2021-37665
>= 2.3.0 and < 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in MKL im
7.8HIGH
 CVE-2021-37663
>= 2.3.0 and < 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in `tf.ra
7.8HIGH
 CVE-2021-37689
>= 2.3.0 and < 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model t
7.8HIGH
 CVE-2021-37688
>= 2.3.0 and < 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model t
7.8HIGH
 CVE-2021-37686
>= 2.3.0 and < 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the strided slice implementation in TF
5.5MEDIUM
 CVE-2021-37681
>= 2.3.0 and < 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of SVDF in TFLite i
7.8HIGH
 CVE-2021-37680
>= 2.3.0 and < 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of fully connected
5.5MEDIUM
 CVE-2021-37676
>= 2.3.0 and < 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavi
7.8HIGH
 CVE-2021-37675
>= 2.3.0 and < 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions most implementations of convolution op
5.5MEDIUM
 CVE-2021-37671
>= 2.3.0 and < 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavi
7.8HIGH
 CVE-2021-37667
>= 2.3.0 and < 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavi
7.8HIGH
 CVE-2021-37666
>= 2.3.0 and < 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavi
7.8HIGH
 CVE-2021-37652
>= 2.3.0 and < 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for `tf.raw_ops.Boo
7.8HIGH
 CVE-2021-37648
>= 2.3.0 and < 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the code for tf.raw_ops.SaveV2 does
7.8HIGH
 CVE-2021-37664
>= 2.3.0 and < 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of b
7.3HIGH
 CVE-2021-37662
>= 2.3.0 and < 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can generate undefined beh
7.1HIGH
 CVE-2021-37661
>= 2.3.0 and < 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause a denial of serv
5.5MEDIUM
 CVE-2021-37659
>= 2.3.0 and < 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavi
7.3HIGH
 CVE-2021-37658
>= 2.3.0 and < 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavi
7.1HIGH
 CVE-2021-37657
>= 2.3.0 and < 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavi
7.1HIGH
 CVE-2021-37656
>= 2.3.0 and < 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavi
7.1HIGH
 CVE-2021-37655
>= 2.3.0 and < 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a read from ou
7.3HIGH
 CVE-2021-37654
>= 2.3.0 and < 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a crash via a
7.3HIGH
 CVE-2021-37651
>= 2.3.0 and < 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for `tf.raw_ops.Fra
7.1HIGH
 CVE-2021-37650
>= 2.3.0 and < 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for `tf.raw_ops.Exp
7.8HIGH
 CVE-2021-37646
>= 2.3.0 and < 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.raw_ops.Stri
5.5MEDIUM
 CVE-2021-37645
>= 2.3.0 and < 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.raw_ops.Quan
5.5MEDIUM
 CVE-2021-37644
>= 2.3.0 and < 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions providing a negative element to `num_e
5.5MEDIUM
 CVE-2021-37641
>= 2.3.0 and < 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions if the arguments to `tf.raw_ops.Ragged
7.3HIGH
 CVE-2021-37635
>= 2.3.0 and < 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of sparse reduction
7.3HIGH
 CVE-2021-37649
>= 2.3.0 and < 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. The code for tf.raw_ops.UncompressElement can be made to
7.7HIGH
 CVE-2021-37647
>= 2.3.0 and < 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. When a user does not supply arguments that determine a vali
7.7HIGH
 CVE-2021-37643
>= 2.3.0 and < 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. If a user does not provide a valid padding value to `tf.raw
7.7HIGH
 CVE-2021-37639
>= 2.3.0 and < 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. When restoring tensors via raw APIs, if the tensor name is
8.4HIGH
 CVE-2021-37638
>= 2.3.0 and < 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. Sending invalid argument for row_partition_types of `tf.r
7.7HIGH
 CVE-2021-37637
>= 2.3.0 and < 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. It is possible to trigger a null pointer dereference in Ten
7.7HIGH
 CVE-2021-37660
>= 2.3.0 and < 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause a floating point
5.5MEDIUM
 CVE-2021-37653
>= 2.3.0 and < 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a crash via a
5.5MEDIUM
 CVE-2021-37642
>= 2.3.0 and < 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.raw_ops.Reso
5.5MEDIUM
 CVE-2021-37640
>= 2.3.0 and < 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.raw_ops.Spar
5.5MEDIUM
 CVE-2021-37636
>= 2.3.0 and < 2.3.4
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.raw_ops.Spar
5.5MEDIUM
 CVE-2021-35958
<= 2.5.0
TensorFlow through 2.5.0 allows attackers to overwrite arbitrary files via a crafted archive when tf.keras.utils.get_file is used
9.1CRITICAL
 CVE-2021-29619
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. Passing invalid arguments (e.g., discovered via fuzzing) to
2.5LOW
 CVE-2021-29618
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. Passing a complex argument to tf.transpose at the same ti
2.5LOW
 CVE-2021-29617
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via CHECK-fail
2.5LOW
 CVE-2021-29616
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. The implementation of TrySimplify(https://github.com/tensor
2.5LOW
 CVE-2021-29615
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. The implementation of ParseAttrValue(https://github.com/t
2.5LOW
 CVE-2021-29614
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.io.decode_raw produces incorrect
7.1HIGH
 CVE-2021-29613
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in tf.raw_ops.CTCLoss allows an att
6.3MEDIUM
 CVE-2021-29612
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a heap buffer overflow in Eigen imp
3.6LOW
 CVE-2021-29611
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in SparseReshape results in a denia
3.6LOW
 CVE-2021-29610
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. The validation in tf.raw_ops.QuantizeAndDequantizeV2 allo
3.6LOW
 CVE-2021-29609
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in SparseAdd results in allowing at
5.3MEDIUM
 CVE-2021-29608
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in `tf.raw_ops.RaggedTensorToTens
5.3MEDIUM
 CVE-2021-29607
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in SparseAdd results in allowing at
5.3MEDIUM
 CVE-2021-29606
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. A specially crafted TFLite model could trigger an OOB read
7.1HIGH
 CVE-2021-29605
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. The TFLite code for allocating TFLiteIntArrays is vulnera
7.1HIGH
 CVE-2021-29604
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. The TFLite implementation of hashtable lookup is vulnerable
2.5LOW
 CVE-2021-29603
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. A specially crafted TFLite model could trigger an OOB write
2.5LOW
 CVE-2021-29602
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. The implementation of the DepthwiseConv TFLite operator i
2.5LOW
 CVE-2021-29601
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. The TFLite implementation of concatenation is vulnerable to
6.3MEDIUM
 CVE-2021-29600
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. The implementation of the OneHot TFLite operator is vulne
2.5LOW
 CVE-2021-29599
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. The implementation of the Split TFLite operator is vulner
2.5LOW
 CVE-2021-29598
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. The implementation of the SVDF TFLite operator is vulnera
2.5LOW
 CVE-2021-29597
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. The implementation of the SpaceToBatchNd TFLite operator
2.5LOW
 CVE-2021-29596
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. The implementation of the EmbeddingLookup TFLite operator
2.5LOW
 CVE-2021-29595
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. The implementation of the DepthToSpace TFLite operator is
2.5LOW
 CVE-2021-29594
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. TFLite's convolution code(https://github.com/tensorflow/ten
2.5LOW
 CVE-2021-29593
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. The implementation of the BatchToSpaceNd TFLite operator
2.5LOW
 CVE-2021-29592
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. The fix for CVE-2020-15209(https://cve.mitre.org/cgi-bin/cv
4.4MEDIUM
 CVE-2021-29591
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. TFlite graphs must not have loops between nodes. However, t
7.3HIGH
 CVE-2021-29590
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. The implementations of the Minimum and Maximum TFLite o
2.5LOW
 CVE-2021-29589
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. The reference implementation of the GatherNd TFLite opera
2.5LOW
 CVE-2021-29588
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. The optimized implementation of the TransposeConv TFLite
2.5LOW
 CVE-2021-29587
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. The Prepare step of the SpaceToDepth TFLite operator do
2.5LOW
 CVE-2021-29586
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. Optimized pooling implementations in TFLite fail to check t
2.5LOW
 CVE-2021-29585
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. The TFLite computation for size of output after padding, `C
2.5LOW
 CVE-2021-29584
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-f
2.5LOW
 CVE-2021-29583
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.raw_ops.FusedBatchNorm is vulner
2.5LOW
 CVE-2021-29582
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in tf.raw_ops.Dequantize, an at
2.5LOW
 CVE-2021-29581
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in `tf.raw_ops.CTCBeamSearchDecod
2.5LOW
 CVE-2021-29580
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.raw_ops.FractionalMaxPoolGrad tr
2.5LOW
 CVE-2021-29579
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.raw_ops.MaxPoolGrad is vulnerabl
2.5LOW
 CVE-2021-29578
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.raw_ops.FractionalAvgPoolGrad is
2.5LOW
 CVE-2021-29577
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.raw_ops.AvgPool3DGrad is vulnera
2.5LOW
 CVE-2021-29576
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.raw_ops.MaxPool3DGradGrad is vul
2.5LOW
 CVE-2021-29575
<= 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.raw_ops.ReverseSequence allows f
2.5LOW
 CVE-2021-29574
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.raw_ops.MaxPool3DGradGrad exhibi
2.5LOW
 CVE-2021-29573
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.raw_ops.MaxPoolGradWithArgmax is
2.5LOW
 CVE-2021-29572
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.raw_ops.SdcaOptimizer triggers u
2.5LOW
 CVE-2021-29571
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.raw_ops.MaxPoolGradWithArgmax ca
4.5MEDIUM
 CVE-2021-29570
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.raw_ops.MaxPoolGradWithArgmax ca
2.5LOW
 CVE-2021-29569
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.raw_ops.MaxPoolGradWithArgmax ca
2.5LOW
 CVE-2021-29568
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger undefined behavior by binding to nu
2.5LOW
 CVE-2021-29567
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in `tf.raw_ops.SparseDenseCwiseMu
2.5LOW
 CVE-2021-29566
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. An attacker can write outside the bounds of heap allocated
2.5LOW
 CVE-2021-29565
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a null pointer dereference in the i
2.5LOW
 CVE-2021-29564
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a null pointer dereference in the i
2.5LOW
 CVE-2021-29563
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service by exploiting a `
2.5LOW
 CVE-2021-29562
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service by exploiting a `
2.5LOW
 CVE-2021-29561
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service by exploiting a `
2.5LOW
 CVE-2021-29560
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in `tf.raw_ops
2.5LOW
 CVE-2021-29559
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. An attacker can access data outside of bounds of heap alloc
2.5LOW
 CVE-2021-29558
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in `tf.raw_ops
2.5LOW
 CVE-2021-29557
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via a FPE runtime
2.5LOW
 CVE-2021-29556
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via a FPE runtime
2.5LOW
 CVE-2021-29555
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via a FPE runtime
2.5LOW
 CVE-2021-29553
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. An attacker can read data outside of bounds of heap allocat
2.5LOW
 CVE-2021-29552
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service by controlling th
2.5LOW
 CVE-2021-29551
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. The implementation of MatrixTriangularSolve(https://githu
2.5LOW
 CVE-2021-29550
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a runtime division by zero error and
2.5LOW
 CVE-2021-29549
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a runtime division by zero error and
2.5LOW
 CVE-2021-29548
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a runtime division by zero error and
2.5LOW
 CVE-2021-29547
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a segfault and denial of service via
2.5LOW
 CVE-2021-29546
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger an integer division by zero undefin
2.5LOW
 CVE-2021-29545
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-f
2.5LOW
 CVE-2021-29544
>= 2.4.0 and < 2.4.2
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-f
2.5LOW
 CVE-2021-29543
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-f
2.5LOW
 CVE-2021-29542
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow by passing cra
2.5LOW
 CVE-2021-29541
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a dereference of a null pointer in
2.5LOW
 CVE-2021-29540
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow to occur in `C
2.5LOW
 CVE-2021-29539
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. Calling tf.raw_ops.ImmutableConst(https://www.tensorflow.
2.5LOW
 CVE-2021-29538
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a division by zero to occur in `Conv2
2.5LOW
 CVE-2021-29537
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in `QuantizedR
2.5LOW
 CVE-2021-29536
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in `QuantizedR
2.5LOW
 CVE-2021-29535
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in `QuantizedM
2.5LOW
 CVE-2021-29534
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-f
2.5LOW
 CVE-2021-29533
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK f
2.5LOW
 CVE-2021-29532
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. An attacker can force accesses outside the bounds of heap a
2.5LOW
 CVE-2021-29531
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a CHECK fail in PNG encoding by p
2.5LOW
 CVE-2021-29530
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a null pointer dereference by provi
2.5LOW
 CVE-2021-29529
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a heap buffer overflow in `tf.raw_o
2.5LOW
 CVE-2021-29528
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in `tf.raw_ops.Quan
2.5LOW
 CVE-2021-29527
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in `tf.raw_ops.Quan
2.5LOW
 CVE-2021-29526
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in `tf.raw_ops.Conv
2.5LOW
 CVE-2021-29525
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in `tf.raw_ops.Conv
2.5LOW
 CVE-2021-29524
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in `tf.raw_ops.Conv
2.5LOW
 CVE-2021-29523
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-f
2.5LOW
 CVE-2021-29522
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. The tf.raw_ops.Conv3DBackprop* operations fail to validat
2.5LOW
 CVE-2021-29521
>= 2.3.0 and < 2.3.3
TensorFlow is an end-to-end open source platform for machine learning. Specifying a negative dense shape in `tf.raw_ops.SparseCoun
2.5LOW
 CVE-2021-29520
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. Missing validation between arguments to `tf.raw_ops.Conv3DB
2.5LOW
 CVE-2021-29519
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. The API of tf.raw_ops.SparseCross allows combinations whi
2.5LOW
 CVE-2021-29518
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. In eager mode (default in TF 2.0 and later), session operat
2.5LOW
 CVE-2021-29517
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. A malicious user could trigger a division by 0 in Conv3D
2.5LOW
 CVE-2021-29516
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. Calling tf.raw_ops.RaggedTensorToVariant with arguments s
2.5LOW
 CVE-2021-29515
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. The implementation of MatrixDiag* operations(https://gith
2.5LOW
 CVE-2021-29514
>= 2.3.0 and < 2.3.3
TensorFlow is an end-to-end open source platform for machine learning. If the splits argument of RaggedBincount does not speci
2.5LOW
 CVE-2021-29513
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. Calling TF operations with tensors of non-numeric types whe
2.5LOW
 CVE-2021-29554
< 2.1.4
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via a FPE runtime
2.5LOW
 CVE-2021-29512
>= 2.3.0 and < 2.3.3
TensorFlow is an end-to-end open source platform for machine learning. If the splits argument of RaggedBincount does not speci
2.5LOW
 CVE-2020-26270
< 1.15.5
In affected versions of TensorFlow running an LSTM/GRU model where the LSTM/GRU layer receives an input with zero-length results i
4.4MEDIUM
 CVE-2020-26269
all versions
In TensorFlow release candidate versions 2.4.0rc*, the general implementation for matching filesystem paths to globbing pattern is
7.5HIGH
 CVE-2020-26268
< 1.15.5
In affected versions of TensorFlow the tf.raw_ops.ImmutableConst operation returns a constant tensor created from a memory mapped
4.4MEDIUM
 CVE-2020-26267
< 1.15.5
In affected versions of TensorFlow the tf.raw_ops.DataFormatVecPermute API does not validate the src_format and dst_format attribu
4.4MEDIUM
 CVE-2020-26266
< 1.15.5
In affected versions of TensorFlow under certain cases a saved model can trigger use of uninitialized values during code execution
4.4MEDIUM
 CVE-2020-26271
< 1.15.5
In affected versions of TensorFlow under certain cases, loading a saved model can result in accessing uninitialized memory while b
4.4MEDIUM
 CVE-2020-15266
< 2.4.0
In Tensorflow before version 2.4.0, when the boxes argument of tf.image.crop_and_resize has a very large value, the CPU kernel
3.7LOW
 CVE-2020-15265
< 2.4.0
In Tensorflow before version 2.4.0, an attacker can pass an invalid axis value to tf.quantization.quantize_and_dequantize. Thi
5.9MEDIUM
 CVE-2020-15214
>= 2.2.0 and < 2.2.1
In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a write out bounds / segmentation fault i
8.1HIGH
 CVE-2020-15213
>= 2.2.0 and < 2.2.1
In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a denial of service by causing an out of
4.0MEDIUM
 CVE-2020-15212
>= 2.2.0 and < 2.2.1
In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocate
8.1HIGH
 CVE-2020-15211
< 1.15.4
In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double index
4.8MEDIUM
 CVE-2020-15210
< 1.15.4
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both inp
6.5MEDIUM
 CVE-2020-15209
< 1.15.4
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input
5.9MEDIUM
 CVE-2020-15208
< 1.15.4
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensor
7.4HIGH
 CVE-2020-15207
< 1.15.4
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, to mimic Python's indexing with negative values, TFLite
8.7HIGH
 CVE-2020-15206
< 1.15.4
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, changing the TensorFlow's SavedModel protocol buffer and al
9.0CRITICAL
 CVE-2020-15205
< 1.15.4
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the data_splits argument of tf.raw_ops.StringNGrams lacks
9.0CRITICAL
 CVE-2020-15204
< 1.15.4
In eager mode, TensorFlow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 does not set the session state. Hence, calling `tf
5.3MEDIUM
 CVE-2020-15203
< 1.15.4
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the fill argument of tf.strings.as_string, a
7.5HIGH
 CVE-2020-15202
< 1.15.4
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the Shard API in TensorFlow expects the last argument to be
9.0CRITICAL
 CVE-2020-15201
all versions
In Tensorflow before version 2.3.1, the RaggedCountSparseOutput implementation does not validate that the input arguments form a
4.8MEDIUM
 CVE-2020-15200
all versions
In Tensorflow before version 2.3.1, the RaggedCountSparseOutput implementation does not validate that the input arguments form a
5.9MEDIUM
 CVE-2020-15199
all versions
In Tensorflow before version 2.3.1, the RaggedCountSparseOutput does not validate that the input arguments form a valid ragged t
5.9MEDIUM
 CVE-2020-15198
>= 2.3.0 and < 2.3.1
In Tensorflow before version 2.3.1, the SparseCountSparseOutput implementation does not validate that the input arguments form a
5.4MEDIUM
 CVE-2020-15197
all versions
In Tensorflow before version 2.3.1, the SparseCountSparseOutput implementation does not validate that the input arguments form a
6.3MEDIUM
 CVE-2020-15196
all versions
In Tensorflow version 2.3.0, the SparseCountSparseOutput and RaggedCountSparseOutput implementations don't validate that the `
8.5HIGH
 CVE-2020-15195
< 1.15.4
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the implementation of SparseFillEmptyRowsGrad uses a double
8.5HIGH
 CVE-2020-15194
< 1.15.4
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the SparseFillEmptyRowsGrad implementation has incomplete v
5.3MEDIUM
 CVE-2020-15193
all versions
In Tensorflow before versions 2.2.1 and 2.3.1, the implementation of dlpack.to_dlpack can be made to use uninitialized memory re
7.1HIGH
 CVE-2020-15192
all versions
In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes a list of strings to dlpack.to_dlpack there is a memory leak fol
4.3MEDIUM
 CVE-2020-15191
all versions
In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an invalid argument to dlpack.to_dlpack the expected validations
5.3MEDIUM
 CVE-2020-15190
< 1.15.4
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the tf.raw_ops.Switch operation takes as input a tensor and
5.3MEDIUM
 CVE-2018-21233
< 1.7.0
TensorFlow before 1.7.0 has an integer overflow that causes an out-of-bounds read, possibly causing disclosure of the contents of
6.5MEDIUM
 CVE-2020-5215
< 1.15.2
In TensorFlow before 1.15.2 and 2.0.1, converting a string (from Python) to a tf.float16 value results in a segmentation fault in
5.0MEDIUM
 CVE-2019-16778
>= 1.0.0 and < 1.15.0
In TensorFlow before 1.15, a heap buffer overflow in UnsortedSegmentSum can be produced when the Index template argument is int32.
2.6LOW
 CVE-2018-7575
<= 1.7.0
Google TensorFlow 1.7.x and earlier is affected by a Buffer Overflow vulnerability. The type of exploitation is context-dependent.
9.8CRITICAL
 CVE-2019-9635
< 1.12.2
NULL pointer dereference in Google TensorFlow before 1.12.2 could cause a denial of service via an invalid GIF file.
6.5MEDIUM
 CVE-2018-7577
< 1.7.1
Memcpy parameter overlap in Google Snappy library 1.1.4, as used in Google TensorFlow before 1.7.1, could result in a crash or rea
8.1HIGH
 CVE-2018-10055
< 1.7.1
Invalid memory access and/or a heap buffer overflow in the TensorFlow XLA compiler in Google TensorFlow before 1.7.1 could cause a
8.1HIGH
 CVE-2018-8825
<= 1.7.0
Google TensorFlow 1.7 and below is affected by: Buffer Overflow. The impact is: execute arbitrary code (local).
8.8HIGH
 CVE-2018-7576
<= 1.6.0
Google TensorFlow 1.6.x and earlier is affected by: Null Pointer Dereference. The type of exploitation is: context-dependent.
6.5MEDIUM
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin