| CVE-2021-37692 |
Medium |
No |
Denial of service |
In TensorFlow before version 2.6.0 under certain conditions, Go code can trigger a segfault in string deallocation. For string tensors, C.TF_TString_Dealloc... |
| CVE-2021-37691 |
Low |
No |
Denial of service |
In TensorFlow before version 2.6.0 an attacker can craft a TFLite model that would trigger a division by zero error in LSH implementation. |
| CVE-2021-37690 |
Critical |
No |
Denial of service |
In TensorFlow before version 2.6.0 when running shape functions, some functions (such as MutableHashTableShape) produce extra output information in the form... |
| CVE-2021-37689 |
Medium |
No |
Denial of service |
In TensorFlow before version 2.6.0 an attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a crash and... |
| CVE-2021-37688 |
Medium |
No |
Denial of service |
In TensorFlow before version 2.6.0 an attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a crash and... |
| CVE-2021-37687 |
Medium |
No |
Denial of service |
In TensorFlow before version 2.6.0 TFLite's GatherNd implementation does not support negative indices but there are no checks for this situation. Hence, an... |
| CVE-2021-37686 |
High |
No |
Denial of service |
In TensorFlow before version 2.6.0 the strided slice implementation in TFLite has a logic bug which can allow an attacker to trigger an infinite loop. This... |
| CVE-2021-37685 |
Medium |
No |
Information disclosure |
In TensorFlow before version 2.6.0 TFLite's expand_dims.cc contains a vulnerability which allows reading one element outside of bounds of heap allocated... |
| CVE-2021-37684 |
Low |
No |
Denial of service |
In TensorFlow before version 2.6.0 the implementations of pooling in TFLite are vulnerable to division by 0 errors as there are no checks for divisors not... |
| CVE-2021-37683 |
Low |
No |
Denial of service |
In TensorFlow before version 2.6.0 the implementation of division in TFLite is vulnerable to a division by 0 error. There is no check that the divisor... |
| CVE-2021-37682 |
Medium |
No |
Denial of service |
In TensorFlow before version 2.6.0 all TFLite operations that use quantization can be made to use unitialized values. For example. The issue stems from the... |
| CVE-2021-37681 |
High |
No |
Denial of service |
In TensorFlow before version 2.6.0 the implementation of SVDF in TFLite is vulnerable to a null pointer error. The GetVariableInput function can return a... |
| CVE-2021-37680 |
Low |
No |
Denial of service |
In TensorFlow before version 2.6.0 the implementation of fully connected layers in TFLite is vulnerable to a division by zero error. |
| CVE-2021-37679 |
High |
No |
Arbitrary code execution |
In TensorFlow before version 2.6.0 it is possible to nest a tf.map_fn within another tf.map_fn call. However, if the input tensor is a RaggedTensor and... |
| CVE-2021-37678 |
Critical |
No |
Arbitrary code execution |
In TensorFlow before version 2.6.0 TensorFlow and Keras can be tricked to perform arbitrary code execution when deserializing a Keras model from YAML... |
| CVE-2021-37677 |
Medium |
No |
Denial of service |
In TensorFlow before version 2.6.0 the shape inference code for tf.raw_ops.Dequantize has a vulnerability that could trigger a denial of service via a... |
| CVE-2021-37676 |
Low |
No |
Insufficient validation |
In TensorFlow before version 2.6.0 an attacker can cause undefined behavior via binding a reference to null pointer in tf.raw_ops.SparseFillEmptyRows. The... |
| CVE-2021-37675 |
Medium |
No |
Denial of service |
In TensorFlow before version 2.6.0 most implementations of convolution operators in TensorFlow are affected by a division by 0 vulnerability where an... |
| CVE-2021-37674 |
Medium |
No |
Denial of service |
In TensorFlow before version 2.6.0 an attacker can trigger a denial of service via a segmentation fault in tf.raw_ops.MaxPoolGrad caused by missing... |
| CVE-2021-37673 |
Medium |
No |
Denial of service |
In TensorFlow before version 2.6.0 an attacker can trigger a denial of service via a CHECK-fail in tf.raw_ops.MapStage. The implementation does not check... |
| CVE-2021-37672 |
Medium |
No |
Information disclosure |
In TensorFlow before version 2.6.0 an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to... |
| CVE-2021-37671 |
Low |
No |
Insufficient validation |
In TensorFlow before version 2.6.0 an attacker can cause undefined behavior via binding a reference to null pointer in tf.raw_ops.Map* and... |
| CVE-2021-37670 |
Medium |
No |
Information disclosure |
In TensorFlow before version 2.6.0 an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to... |
| CVE-2021-37669 |
High |
No |
Denial of service |
In TensorFlow before version 2.6.0 an attacker can cause denial of service in applications serving models using tf.raw_ops.NonMaxSuppressionV5 by triggering... |
| CVE-2021-37668 |
Low |
No |
Denial of service |
In TensorFlow before version 2.6.0 an attacker can cause denial of service in applications serving models using tf.raw_ops.UnravelIndex by triggering a... |
| CVE-2021-37667 |
Low |
No |
Insufficient validation |
In TensorFlow before version 2.6.0 an attacker can cause undefined behavior via binding a reference to null pointer in tf.raw_ops.UnicodeEncode. The... |
| CVE-2021-37666 |
Low |
No |
Insufficient validation |
In TensorFlow before version 2.6.0 an attacker can cause undefined behavior via binding a reference to null pointer in tf.raw_ops.RaggedTensorToVariant. The... |
| CVE-2021-37665 |
Medium |
No |
Insufficient validation |
In TensorFlow before version 2.6.0 due to incomplete validation in MKL implementation of requantization, an attacker can trigger undefined behavior via... |
| CVE-2021-37664 |
Medium |
No |
Information disclosure |
In TensorFlow before version 2.6.0 an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to... |
| CVE-2021-37663 |
Medium |
No |
Information disclosure |
In TensorFlow before version 2.6.0 due to incomplete validation in tf.raw_ops.QuantizeV2, an attacker can trigger undefined behavior via binding a reference... |
| CVE-2021-37662 |
Low |
No |
Insufficient validation |
In TensorFlow before version 2.6.0 an attacker can generate undefined behavior via a reference binding to nullptr in... |
| CVE-2021-37661 |
High |
No |
Denial of service |
In TensorFlow before version 2.6.0 an attacker can cause a denial of service in boosted_trees_create_quantile_stream_resource by using negative arguments.... |
| CVE-2021-37660 |
Low |
No |
Denial of service |
In TensorFlow before version 2.6.0 an attacker can cause a floating point exception by calling inplace operations with crafted arguments that would result... |
| CVE-2021-37659 |
Low |
No |
Information disclosure |
In TensorFlow before version 2.6.0 an attacker can cause undefined behavior via binding a reference to null pointer in all binary cwise operations that... |
| CVE-2021-37658 |
Low |
No |
Information disclosure |
In TensorFlow before version 2.6.0 an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type... |
| CVE-2021-37657 |
Low |
No |
Insufficient validation |
In TensorFlow before version 2.6.0 an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type... |
| CVE-2021-37656 |
Low |
No |
Insufficient validation |
In TensorFlow before version 2.6.0 an attacker can cause undefined behavior via binding a reference to null pointer in tf.raw_ops.RaggedTensorToSparse. The... |
| CVE-2021-37655 |
High |
No |
Information disclosure |
In TensorFlow before version 2.6.0 an attacker can trigger a read from outside of bounds of heap allocated data by sending invalid arguments to... |
| CVE-2021-37654 |
High |
No |
Information disclosure |
In TensorFlow before version 2.6.0 an attacker can trigger a crash via a CHECK-fail in debug builds of TensorFlow using tf.raw_ops.ResourceGather or a read... |
| CVE-2021-37653 |
Low |
No |
Denial of service |
In TensorFlow before version 2.6.0 an attacker can trigger a crash via a floating point exception in tf.raw_ops.ResourceGather. The implementation computes... |
| CVE-2021-37652 |
High |
No |
Arbitrary code execution |
In TensorFlow before version 2.6.0 the implementation for tf.raw_ops.BoostedTreesCreateEnsemble can result in a use after free error if an attacker supplies... |
| CVE-2021-37651 |
High |
No |
Information disclosure |
In TensorFlow before version 2.6.0 the implementation for tf.raw_ops.FractionalAvgPoolGrad can be tricked into accessing data outside of bounds of heap... |
| CVE-2021-37650 |
High |
No |
Denial of service |
In TensorFlow before version 2.6.0 the implementation for tf.raw_ops.ExperimentalDatasetToTFRecord and tf.raw_ops.DatasetToTFRecord can trigger heap buffer... |
| CVE-2021-37649 |
Low |
No |
Denial of service |
In TensorFlow before version 2.6.0, the code for tf.raw_ops.UncompressElement can be made to trigger a null pointer dereference. The implementation obtains... |
| CVE-2021-37648 |
Medium |
No |
Denial of service |
In TensorFlow before version 2.6.0 the code for tf.raw_ops.SaveV2 does not properly validate the inputs and an attacker can trigger a null pointer... |
| CVE-2021-37647 |
Low |
No |
Denial of service |
In TensorFlow before version 2.6.0, when a user does not supply arguments that determine a valid sparse tensor, tf.raw_ops.SparseTensorSliceDataset... |
| CVE-2021-37646 |
Medium |
No |
Incorrect calculation |
In TensorFlow before version 2.6.0 the implementation of tf.raw_ops.StringNGrams is vulnerable to an integer overflow issue caused by converting a signed... |
| CVE-2021-37645 |
Medium |
No |
Incorrect calculation |
In TensorFlow before version 2.6.0 the implementation of tf.raw_ops.QuantizeAndDequantizeV4Grad is vulnerable to an integer overflow issue caused by... |
| CVE-2021-37644 |
Medium |
No |
Denial of service |
In TensorFlow before version 2.6.0 providing a negative element to num_elements list argument of tf.raw_ops.TensorListReserve causes the runtime to abort... |
| CVE-2021-37643 |
Low |
No |
Denial of service |
In TensorFlow before version 2.6.0, If a user does not provide a valid padding value to tf.raw_ops.MatrixDiagPartOp, then the code triggers a null pointer... |
| CVE-2021-37642 |
Low |
No |
Denial of service |
In TensorFlow before version 2.6.0 the implementation of tf.raw_ops.ResourceScatterDiv is vulnerable to a division by 0 error. The implementation uses a... |
| CVE-2021-37641 |
Low |
No |
Information disclosure |
In TensorFlow before version 2.6.0 if the arguments to tf.raw_ops.RaggedGather don't determine a valid ragged tensor code can trigger a read from outside of... |
| CVE-2021-37640 |
Low |
No |
Denial of service |
In TensorFlow before version 2.6.0 the implementation of tf.raw_ops.SparseReshape can be made to trigger an integral division by 0 exception. The... |
| CVE-2021-37639 |
Low |
No |
Information disclosure |
In TensorFlow before version 2.6.0, when restoring tensors via raw APIs, if the tensor name is not provided, TensorFlow can be tricked into dereferencing a... |
| CVE-2021-37638 |
Low |
No |
Denial of service |
In TensorFlow before version 2.6.0, sending invalid argument for row_partition_types of tf.raw_ops.RaggedTensorToTensor API results in a null pointer... |
| CVE-2021-37637 |
Low |
No |
Denial of service |
In TensorFlow before version 2.6.0 it is possible to trigger a null pointer dereference in TensorFlow by passing an invalid input to... |
| CVE-2021-37636 |
Low |
No |
Denial of service |
In TensorFlow before version 2.6.0 the implementation of tf.raw_ops.SparseDenseCwiseDiv is vulnerable to a division by 0 error. The implementation uses a... |
| CVE-2021-37635 |
Medium |
No |
Information disclosure |
In TensorFlow before version 2.6.0 the implementation of sparse reduction operations in TensorFlow can trigger accesses outside of bounds of heap allocated... |