| CVE-2021-41228 |
AVG-2529 |
High |
No |
Arbitrary code execution |
In TensorFlow before version 2.6.1, TensorFlow's saved_model_cli tool is vulnerable to a code injection as it calls eval on user supplied strings. This can... |
| CVE-2021-41227 |
AVG-2529 |
Medium |
No |
Information disclosure |
In TensorFlow before version 2.6.1, the ImmutableConst operation in TensorFlow can be tricked into reading arbitrary memory contents. This is because the... |
| CVE-2021-41226 |
AVG-2529 |
High |
No |
Arbitrary code execution |
In TensorFlow before version 2.6.1, the implementation of SparseBinCount is vulnerable to a heap OOB access. This is because of missing validation between... |
| CVE-2021-41225 |
AVG-2529 |
Medium |
No |
Information disclosure |
In TensorFlow before version 2.6.1, TensorFlow's Grappler optimizer has a use of unitialized variable. If the train_nodes vector (obtained from the saved... |
| CVE-2021-41224 |
AVG-2529 |
High |
No |
Arbitrary code execution |
In TensorFlow before version 2.6.1, the implementation of SparseFillEmptyRows can be made to trigger a heap OOB access. This occurs whenever the size of... |
| CVE-2021-41223 |
AVG-2529 |
Medium |
No |
Arbitrary code execution |
In TensorFlow before version 2.6.1, the implementation of FusedBatchNorm kernels is vulnerable to a heap OOB access. |
| CVE-2021-41222 |
AVG-2529 |
Medium |
No |
Denial of service |
In TensorFlow before version 2.6.1, the implementation of SplitV can trigger a segfault is an attacker supplies negative arguments. This occurs whenever... |
| CVE-2021-41221 |
AVG-2529 |
High |
No |
Arbitrary code execution |
In TensorFlow before version 2.6.1, the shape inference code for the Cudnn* operations in TensorFlow can be tricked into accessing invalid memory, via a... |
| CVE-2021-41220 |
AVG-2529 |
High |
No |
Arbitrary code execution |
In TensorFlow before version 2.6.1, the async implementation of CollectiveReduceV2 suffers from a memory leak and a use after free. This occurs due to the... |
| CVE-2021-41219 |
AVG-2529 |
High |
No |
Arbitrary code execution |
In TensorFlow before version 2.6.1, the code for sparse matrix multiplication is vulnerable to undefined behavior via binding a reference to nullptr. This... |
| CVE-2021-41218 |
AVG-2529 |
Low |
No |
Insufficient validation |
In TensorFlow before version 2.6.1, the shape inference code for AllToAll can be made to execute a division by 0. This occurs whenever the split_count argument is 0. |
| CVE-2021-41217 |
AVG-2529 |
Medium |
No |
Denial of service |
In TensorFlow before version 2.6.1, the process of building the control flow graph for a TensorFlow model is vulnerable to a null pointer exception when... |
| CVE-2021-41216 |
AVG-2529 |
Medium |
No |
Arbitrary code execution |
In TensorFlow before version 2.6.1, the shape inference function for Transpose is vulnerable to a heap buffer overflow. This occurs whenever perm contains... |
| CVE-2021-41215 |
AVG-2529 |
Medium |
No |
Incorrect calculation |
In TensorFlow before version 2.6.1, the shape inference code for DeserializeSparse can trigger a null pointer dereference. This is because the shape... |
| CVE-2021-41214 |
AVG-2529 |
High |
No |
Arbitrary code execution |
In TensorFlow before version 2.6.1, the shape inference code for tf.ragged.cross has an undefined behavior due to binding a reference to nullptr. |
| CVE-2021-41213 |
AVG-2529 |
Medium |
No |
Denial of service |
In TensorFlow before version 2.6.1, the code behind tf.function API can be made to deadlock when two tf.function decorated Python functions are mutually... |
| CVE-2021-41212 |
AVG-2529 |
High |
No |
Information disclosure |
In TensorFlow before version 2.6.1, the shape inference code for tf.ragged.cross can trigger a read outside of bounds of heap allocated array. |
| CVE-2021-41211 |
AVG-2529 |
High |
No |
Information disclosure |
In TensorFlow before version 2.6.1, the shape inference code for QuantizeV2 can trigger a read outside of bounds of heap allocated array. This occurs... |
| CVE-2021-41210 |
AVG-2529 |
High |
No |
Information disclosure |
In TensorFlow before version 2.6.1, the shape inference functions for SparseCountSparseOutput can trigger a read outside of bounds of heap allocated array. |
| CVE-2021-41209 |
AVG-2529 |
Medium |
No |
Insufficient validation |
In TensorFlow before version 2.6.1, the implementations for convolution operators trigger a division by 0 if passed empty filter tensor arguments. |
| CVE-2021-41208 |
AVG-2529 |
High |
No |
Arbitrary code execution |
In TensorFlow before version 2.6.1, the code for boosted trees in TensorFlow is still missing validation. As a result, attackers can trigger denial of... |
| CVE-2021-41207 |
AVG-2529 |
Medium |
No |
Insufficient validation |
In TensorFlow before version 2.6.1, the implementation of ParallelConcat misses some input validation and can produce a division by 0. |
| CVE-2021-41206 |
AVG-2529 |
High |
No |
Arbitrary code execution |
In TensorFlow before version 2.6.1, several TensorFlow operations are missing validation for the shapes of the tensor arguments involved in the call.... |
| CVE-2021-41205 |
AVG-2529 |
High |
No |
Information disclosure |
In TensorFlow before version 2.6.1, the shape inference functions for the QuantizeAndDequantizeV* operations can trigger a read outside of bounds of heap... |
| CVE-2021-41204 |
AVG-2529 |
Medium |
No |
Denial of service |
In TensorFlow before version 2.6.1, during TensorFlow's Grappler optimizer phase, constant folding might attempt to deep copy a resource tensor. This... |
| CVE-2021-41203 |
AVG-2529 |
High |
No |
Arbitrary code execution |
In TensorFlow before version 2.6.1, an attacker can trigger undefined behavior, integer overflows, segfaults and CHECK-fail crashes if they can change saved... |
| CVE-2021-41202 |
AVG-2529 |
Medium |
No |
Incorrect calculation |
In TensorFlow before version 2.6.1, while calculating the size of the output within the tf.range kernel, there is a conditional statement of type int64 =... |
| CVE-2021-41201 |
AVG-2529 |
High |
No |
Arbitrary code execution |
In TensorFlow before version 2.6.1 during execution, EinsumHelper::ParseEquation() is supposed to set the flags in input_has_ellipsis vector and... |
| CVE-2021-41200 |
AVG-2529 |
Medium |
No |
Denial of service |
In TensorFlow before version 2.6.1, if tf.summary.create_file_writer is called with non-scalar arguments code crashes due to a CHECK-fail. |
| CVE-2021-41199 |
AVG-2529 |
Medium |
No |
Denial of service |
In TensorFlow before version 2.6.1, if tf.image.resize is called with a large input argument then the TensorFlow process will crash due to a CHECK-failure... |
| CVE-2021-41198 |
AVG-2529 |
Medium |
No |
Denial of service |
In TensorFlow before version 2.6.1, if tf.tile is called with a large input argument then the TensorFlow process will crash due to a CHECK- failure caused... |
| CVE-2021-41197 |
AVG-2529 |
Medium |
No |
Incorrect calculation |
A security issue has been found in TensorFlow before version 2.6.1. TensorFlow allows tensor to have a large number of dimensions and each dimension can be... |
| CVE-2021-41196 |
AVG-2529 |
Medium |
No |
Denial of service |
In TensorFlow before version 2.6.1, the Keras pooling layers can trigger a segfault if the size of the pool is 0 or if a dimension is negative. This is due... |
| CVE-2021-41195 |
AVG-2529 |
Medium |
No |
Denial of service |
In TensorFlow before version 2.6.1, the implementation of tf.math.segment_* operations results in a CHECK-fail related abort (and denial of service) if a... |
| CVE-2021-37692 |
AVG-2292 |
Medium |
No |
Denial of service |
In TensorFlow before version 2.6.0 under certain conditions, Go code can trigger a segfault in string deallocation. For string tensors, C.TF_TString_Dealloc... |
| CVE-2021-37691 |
AVG-2292 |
Low |
No |
Denial of service |
In TensorFlow before version 2.6.0 an attacker can craft a TFLite model that would trigger a division by zero error in LSH implementation. |
| CVE-2021-37690 |
AVG-2292 |
Critical |
No |
Denial of service |
In TensorFlow before version 2.6.0 when running shape functions, some functions (such as MutableHashTableShape) produce extra output information in the form... |
| CVE-2021-37689 |
AVG-2292 |
Medium |
No |
Denial of service |
In TensorFlow before version 2.6.0 an attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a crash and... |
| CVE-2021-37688 |
AVG-2292 |
Medium |
No |
Denial of service |
In TensorFlow before version 2.6.0 an attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a crash and... |
| CVE-2021-37687 |
AVG-2292 |
Medium |
No |
Denial of service |
In TensorFlow before version 2.6.0 TFLite's GatherNd implementation does not support negative indices but there are no checks for this situation. Hence, an... |
| CVE-2021-37686 |
AVG-2292 |
High |
No |
Denial of service |
In TensorFlow before version 2.6.0 the strided slice implementation in TFLite has a logic bug which can allow an attacker to trigger an infinite loop. This... |
| CVE-2021-37685 |
AVG-2292 |
Medium |
No |
Information disclosure |
In TensorFlow before version 2.6.0 TFLite's expand_dims.cc contains a vulnerability which allows reading one element outside of bounds of heap allocated... |
| CVE-2021-37684 |
AVG-2292 |
Low |
No |
Denial of service |
In TensorFlow before version 2.6.0 the implementations of pooling in TFLite are vulnerable to division by 0 errors as there are no checks for divisors not... |
| CVE-2021-37683 |
AVG-2292 |
Low |
No |
Denial of service |
In TensorFlow before version 2.6.0 the implementation of division in TFLite is vulnerable to a division by 0 error. There is no check that the divisor... |
| CVE-2021-37682 |
AVG-2292 |
Medium |
No |
Denial of service |
In TensorFlow before version 2.6.0 all TFLite operations that use quantization can be made to use unitialized values. For example. The issue stems from the... |
| CVE-2021-37681 |
AVG-2292 |
High |
No |
Denial of service |
In TensorFlow before version 2.6.0 the implementation of SVDF in TFLite is vulnerable to a null pointer error. The GetVariableInput function can return a... |
| CVE-2021-37680 |
AVG-2292 |
Low |
No |
Denial of service |
In TensorFlow before version 2.6.0 the implementation of fully connected layers in TFLite is vulnerable to a division by zero error. |
| CVE-2021-37679 |
AVG-2292 |
High |
No |
Arbitrary code execution |
In TensorFlow before version 2.6.0 it is possible to nest a tf.map_fn within another tf.map_fn call. However, if the input tensor is a RaggedTensor and... |
| CVE-2021-37678 |
AVG-2292 |
Critical |
No |
Arbitrary code execution |
In TensorFlow before version 2.6.0 TensorFlow and Keras can be tricked to perform arbitrary code execution when deserializing a Keras model from YAML... |
| CVE-2021-37677 |
AVG-2292 |
Medium |
No |
Denial of service |
In TensorFlow before version 2.6.0 the shape inference code for tf.raw_ops.Dequantize has a vulnerability that could trigger a denial of service via a... |
| CVE-2021-37676 |
AVG-2292 |
Low |
No |
Insufficient validation |
In TensorFlow before version 2.6.0 an attacker can cause undefined behavior via binding a reference to null pointer in tf.raw_ops.SparseFillEmptyRows. The... |
| CVE-2021-37675 |
AVG-2292 |
Medium |
No |
Denial of service |
In TensorFlow before version 2.6.0 most implementations of convolution operators in TensorFlow are affected by a division by 0 vulnerability where an... |
| CVE-2021-37674 |
AVG-2292 |
Medium |
No |
Denial of service |
In TensorFlow before version 2.6.0 an attacker can trigger a denial of service via a segmentation fault in tf.raw_ops.MaxPoolGrad caused by missing... |
| CVE-2021-37673 |
AVG-2292 |
Medium |
No |
Denial of service |
In TensorFlow before version 2.6.0 an attacker can trigger a denial of service via a CHECK-fail in tf.raw_ops.MapStage. The implementation does not check... |
| CVE-2021-37672 |
AVG-2292 |
Medium |
No |
Information disclosure |
In TensorFlow before version 2.6.0 an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to... |
| CVE-2021-37671 |
AVG-2292 |
Low |
No |
Insufficient validation |
In TensorFlow before version 2.6.0 an attacker can cause undefined behavior via binding a reference to null pointer in tf.raw_ops.Map* and... |
| CVE-2021-37670 |
AVG-2292 |
Medium |
No |
Information disclosure |
In TensorFlow before version 2.6.0 an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to... |
| CVE-2021-37669 |
AVG-2292 |
High |
No |
Denial of service |
In TensorFlow before version 2.6.0 an attacker can cause denial of service in applications serving models using tf.raw_ops.NonMaxSuppressionV5 by triggering... |
| CVE-2021-37668 |
AVG-2292 |
Low |
No |
Denial of service |
In TensorFlow before version 2.6.0 an attacker can cause denial of service in applications serving models using tf.raw_ops.UnravelIndex by triggering a... |
| CVE-2021-37667 |
AVG-2292 |
Low |
No |
Insufficient validation |
In TensorFlow before version 2.6.0 an attacker can cause undefined behavior via binding a reference to null pointer in tf.raw_ops.UnicodeEncode. The... |
| CVE-2021-37666 |
AVG-2292 |
Low |
No |
Insufficient validation |
In TensorFlow before version 2.6.0 an attacker can cause undefined behavior via binding a reference to null pointer in tf.raw_ops.RaggedTensorToVariant. The... |
| CVE-2021-37665 |
AVG-2292 |
Medium |
No |
Insufficient validation |
In TensorFlow before version 2.6.0 due to incomplete validation in MKL implementation of requantization, an attacker can trigger undefined behavior via... |
| CVE-2021-37664 |
AVG-2292 |
Medium |
No |
Information disclosure |
In TensorFlow before version 2.6.0 an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to... |
| CVE-2021-37663 |
AVG-2292 |
Medium |
No |
Information disclosure |
In TensorFlow before version 2.6.0 due to incomplete validation in tf.raw_ops.QuantizeV2, an attacker can trigger undefined behavior via binding a reference... |
| CVE-2021-37662 |
AVG-2292 |
Low |
No |
Insufficient validation |
In TensorFlow before version 2.6.0 an attacker can generate undefined behavior via a reference binding to nullptr in... |
| CVE-2021-37661 |
AVG-2292 |
High |
No |
Denial of service |
In TensorFlow before version 2.6.0 an attacker can cause a denial of service in boosted_trees_create_quantile_stream_resource by using negative arguments.... |
| CVE-2021-37660 |
AVG-2292 |
Low |
No |
Denial of service |
In TensorFlow before version 2.6.0 an attacker can cause a floating point exception by calling inplace operations with crafted arguments that would result... |
| CVE-2021-37659 |
AVG-2292 |
Low |
No |
Information disclosure |
In TensorFlow before version 2.6.0 an attacker can cause undefined behavior via binding a reference to null pointer in all binary cwise operations that... |
| CVE-2021-37658 |
AVG-2292 |
Low |
No |
Information disclosure |
In TensorFlow before version 2.6.0 an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type... |
| CVE-2021-37657 |
AVG-2292 |
Low |
No |
Insufficient validation |
In TensorFlow before version 2.6.0 an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type... |
| CVE-2021-37656 |
AVG-2292 |
Low |
No |
Insufficient validation |
In TensorFlow before version 2.6.0 an attacker can cause undefined behavior via binding a reference to null pointer in tf.raw_ops.RaggedTensorToSparse. The... |
| CVE-2021-37655 |
AVG-2292 |
High |
No |
Information disclosure |
In TensorFlow before version 2.6.0 an attacker can trigger a read from outside of bounds of heap allocated data by sending invalid arguments to... |
| CVE-2021-37654 |
AVG-2292 |
High |
No |
Information disclosure |
In TensorFlow before version 2.6.0 an attacker can trigger a crash via a CHECK-fail in debug builds of TensorFlow using tf.raw_ops.ResourceGather or a read... |
| CVE-2021-37653 |
AVG-2292 |
Low |
No |
Denial of service |
In TensorFlow before version 2.6.0 an attacker can trigger a crash via a floating point exception in tf.raw_ops.ResourceGather. The implementation computes... |
| CVE-2021-37652 |
AVG-2292 |
High |
No |
Arbitrary code execution |
In TensorFlow before version 2.6.0 the implementation for tf.raw_ops.BoostedTreesCreateEnsemble can result in a use after free error if an attacker supplies... |
| CVE-2021-37651 |
AVG-2292 |
High |
No |
Information disclosure |
In TensorFlow before version 2.6.0 the implementation for tf.raw_ops.FractionalAvgPoolGrad can be tricked into accessing data outside of bounds of heap... |
| CVE-2021-37650 |
AVG-2292 |
High |
No |
Denial of service |
In TensorFlow before version 2.6.0 the implementation for tf.raw_ops.ExperimentalDatasetToTFRecord and tf.raw_ops.DatasetToTFRecord can trigger heap buffer... |
| CVE-2021-37649 |
AVG-2292 |
Low |
No |
Denial of service |
In TensorFlow before version 2.6.0, the code for tf.raw_ops.UncompressElement can be made to trigger a null pointer dereference. The implementation obtains... |
| CVE-2021-37648 |
AVG-2292 |
Medium |
No |
Denial of service |
In TensorFlow before version 2.6.0 the code for tf.raw_ops.SaveV2 does not properly validate the inputs and an attacker can trigger a null pointer... |
| CVE-2021-37647 |
AVG-2292 |
Low |
No |
Denial of service |
In TensorFlow before version 2.6.0, when a user does not supply arguments that determine a valid sparse tensor, tf.raw_ops.SparseTensorSliceDataset... |
| CVE-2021-37646 |
AVG-2292 |
Medium |
No |
Incorrect calculation |
In TensorFlow before version 2.6.0 the implementation of tf.raw_ops.StringNGrams is vulnerable to an integer overflow issue caused by converting a signed... |
| CVE-2021-37645 |
AVG-2292 |
Medium |
No |
Incorrect calculation |
In TensorFlow before version 2.6.0 the implementation of tf.raw_ops.QuantizeAndDequantizeV4Grad is vulnerable to an integer overflow issue caused by... |
| CVE-2021-37644 |
AVG-2292 |
Medium |
No |
Denial of service |
In TensorFlow before version 2.6.0 providing a negative element to num_elements list argument of tf.raw_ops.TensorListReserve causes the runtime to abort... |
| CVE-2021-37643 |
AVG-2292 |
Low |
No |
Denial of service |
In TensorFlow before version 2.6.0, If a user does not provide a valid padding value to tf.raw_ops.MatrixDiagPartOp, then the code triggers a null pointer... |
| CVE-2021-37642 |
AVG-2292 |
Low |
No |
Denial of service |
In TensorFlow before version 2.6.0 the implementation of tf.raw_ops.ResourceScatterDiv is vulnerable to a division by 0 error. The implementation uses a... |
| CVE-2021-37641 |
AVG-2292 |
Low |
No |
Information disclosure |
In TensorFlow before version 2.6.0 if the arguments to tf.raw_ops.RaggedGather don't determine a valid ragged tensor code can trigger a read from outside of... |
| CVE-2021-37640 |
AVG-2292 |
Low |
No |
Denial of service |
In TensorFlow before version 2.6.0 the implementation of tf.raw_ops.SparseReshape can be made to trigger an integral division by 0 exception. The... |
| CVE-2021-37639 |
AVG-2292 |
Low |
No |
Information disclosure |
In TensorFlow before version 2.6.0, when restoring tensors via raw APIs, if the tensor name is not provided, TensorFlow can be tricked into dereferencing a... |
| CVE-2021-37638 |
AVG-2292 |
Low |
No |
Denial of service |
In TensorFlow before version 2.6.0, sending invalid argument for row_partition_types of tf.raw_ops.RaggedTensorToTensor API results in a null pointer... |
| CVE-2021-37637 |
AVG-2292 |
Low |
No |
Denial of service |
In TensorFlow before version 2.6.0 it is possible to trigger a null pointer dereference in TensorFlow by passing an invalid input to... |
| CVE-2021-37636 |
AVG-2292 |
Low |
No |
Denial of service |
In TensorFlow before version 2.6.0 the implementation of tf.raw_ops.SparseDenseCwiseDiv is vulnerable to a division by 0 error. The implementation uses a... |
| CVE-2021-37635 |
AVG-2292 |
Medium |
No |
Information disclosure |
In TensorFlow before version 2.6.0 the implementation of sparse reduction operations in TensorFlow can trigger accesses outside of bounds of heap allocated... |
| CVE-2021-29619 |
AVG-1962 |
Low |
No |
Denial of service |
A security issue has been found in TensorFlow before version 2.4.2. Passing invalid arguments (e.g., discovered via fuzzing) to... |
| CVE-2021-29618 |
AVG-1962 |
Low |
No |
Denial of service |
A security issue has been found in TensorFlow before version 2.4.2. Passing a complex argument to `tf.transpose` at the same time as passing... |
| CVE-2021-29617 |
AVG-1962 |
Low |
No |
Denial of service |
A security issue has been found in TensorFlow before version 2.4.2. An attacker can cause a denial of service via `CHECK`-fail in `tf.strings.substr` with... |
| CVE-2021-29616 |
AVG-1962 |
Low |
No |
Denial of service |
A security issue has been found in TensorFlow before version 2.4.2. The implementation of TrySimplify(https://github.com/tensorflow/tensor... |
| CVE-2021-29615 |
AVG-1962 |
Low |
No |
Denial of service |
A security issue has been found in TensorFlow before version 2.4.2. The implementation of `ParseAttrValue`(https://github.com/tensorflow/t... |
| CVE-2021-29614 |
AVG-1962 |
Critical |
No |
Arbitrary code execution |
A security issue has been found in TensorFlow before version 2.4.2. The implementation of `tf.io.decode_raw` produces incorrect results and crashes the... |
| CVE-2021-29613 |
AVG-1962 |
High |
No |
Information disclosure |
A security issue has been found in TensorFlow before version 2.4.2. Incomplete validation in `tf.raw_ops.CTCLoss` allows an attacker to trigger an OOB read... |
| CVE-2021-29612 |
AVG-1962 |
Low |
No |
Arbitrary code execution |
A security issue has been found in TensorFlow before version 2.4.2. An attacker can trigger a heap buffer overflow in Eigen implementation of... |
| CVE-2021-29611 |
AVG-1962 |
Low |
No |
Denial of service |
A security issue has been found in TensorFlow before version 2.4.2. Incomplete validation in `SparseReshape` results in a denial of service based on a... |
| CVE-2021-29610 |
AVG-1962 |
Low |
No |
Arbitrary code execution |
A security issue has been found in TensorFlow before version 2.4.2. The validation in `tf.raw_ops.QuantizeAndDequantizeV2` allows invalid values for `axis`... |
| CVE-2021-29609 |
AVG-1962 |
Critical |
No |
Arbitrary code execution |
A security issue has been found in TensorFlow before version 2.4.2. Incomplete validation in `SparseAdd` results in allowing attackers to exploit undefined... |
| CVE-2021-29608 |
AVG-1962 |
Medium |
No |
Arbitrary code execution |
A security issue has been found in TensorFlow before version 2.4.2. Due to lack of validation in `tf.raw_ops.RaggedTensorToTensor`, an attacker can exploit... |
| CVE-2021-29607 |
AVG-1962 |
Medium |
No |
Arbitrary code execution |
A security issue has been found in TensorFlow before version 2.4.2. Incomplete validation in `SparseAdd` results in allowing attackers to exploit undefined... |
| CVE-2021-29606 |
AVG-1962 |
High |
No |
Information disclosure |
A security issue has been found in TensorFlow before version 2.4.2. A specially crafted TFLite model could trigger an OOB read on heap in the TFLite... |
| CVE-2021-29605 |
AVG-1962 |
Critical |
No |
Arbitrary code execution |
A security issue has been found in TensorFlow before version 2.4.2. The TFLite code for allocating `TFLiteIntArray`s is vulnerable to an integer overflow... |
| CVE-2021-29604 |
AVG-1962 |
Low |
No |
Denial of service |
A security issue has been found in TensorFlow before version 2.4.2. The TFLite implementation of hashtable lookup is vulnerable to a division by zero... |
| CVE-2021-29603 |
AVG-1962 |
Medium |
No |
Arbitrary code execution |
A security issue has been found in TensorFlow before version 2.4.2. A specially crafted TFLite model could trigger an OOB write on heap in the TFLite... |
| CVE-2021-29602 |
AVG-1962 |
Low |
No |
Denial of service |
A security issue has been found in TensorFlow before version 2.4.2. The implementation of the `DepthwiseConv` TFLite operator is vulnerable to a division by... |
| CVE-2021-29601 |
AVG-1962 |
High |
No |
Insufficient validation |
A security issue has been found in TensorFlow before version 2.4.2. The TFLite implementation of concatenation is vulnerable to an integer overflow... |
| CVE-2021-29600 |
AVG-1962 |
Low |
No |
Denial of service |
A security issue has been found in TensorFlow before version 2.4.2. The implementation of the `OneHot` TFLite operator is vulnerable to a division by zero... |
| CVE-2021-29599 |
AVG-1962 |
Low |
No |
Denial of service |
A security issue has been found in TensorFlow before version 2.4.2. The implementation of the `Split` TFLite operator is vulnerable to a division by zero... |
| CVE-2021-29598 |
AVG-1962 |
Low |
No |
Denial of service |
A security issue has been found in TensorFlow before version 2.4.2. The implementation of the `SVDF` TFLite operator is vulnerable to a division by zero... |
| CVE-2021-29597 |
AVG-1962 |
Low |
No |
Denial of service |
A security issue has been found in TensorFlow before version 2.4.2. The implementation of the `SpaceToBatchNd` TFLite operator is [vulnerable to a division... |
| CVE-2021-29596 |
AVG-1962 |
Low |
No |
Denial of service |
A security issue has been found in TensorFlow before version 2.4.2. The implementation of the `EmbeddingLookup` TFLite operator is vulnerable to a division... |
| CVE-2021-29595 |
AVG-1962 |
Low |
No |
Denial of service |
A security issue has been found in TensorFlow before version 2.4.2. The implementation of the `DepthToSpace` TFLite operator is vulnerable to a division by... |
| CVE-2021-29594 |
AVG-1962 |
Low |
No |
Denial of service |
A security issue has been found in TensorFlow before version 2.4.2. TFLite's convolution code(https://github.com/tensorflow/tensorflow/blo... |
| CVE-2021-29593 |
AVG-1962 |
Low |
No |
Denial of service |
A security issue has been found in TensorFlow before version 2.4.2. The implementation of the `BatchToSpaceNd` TFLite operator is vulnerable to a division... |
| CVE-2021-29592 |
AVG-1962 |
Medium |
No |
Denial of service |
A security issue has been found in TensorFlow before version 2.4.2. The fix for CVE-2020-15209(https://cve.mitre.org/cgi-... |
| CVE-2021-29591 |
AVG-1962 |
High |
No |
Denial of service |
A security issue has been found in TensorFlow before version 2.4.2. TFlite graphs must not have loops between nodes. However, this condition was not checked... |
| CVE-2021-29590 |
AVG-1962 |
Low |
No |
Information disclosure |
A security issue has been found in TensorFlow before version 2.4.2. The implementations of the `Minimum` and `Maximum` TFLite operators can be used to read... |
| CVE-2021-29589 |
AVG-1962 |
Low |
No |
Denial of service |
A security issue has been found in TensorFlow before version 2.4.2. The reference implementation of the `GatherNd` TFLite operator is vulnerable to a... |
| CVE-2021-29588 |
AVG-1962 |
Low |
No |
Denial of service |
A security issue has been found in TensorFlow before version 2.4.2. The optimized implementation of the `TransposeConv` TFLite operator is [vulnerable to a... |
| CVE-2021-29587 |
AVG-1962 |
Low |
No |
Insufficient validation |
A security issue has been found in TensorFlow before version 2.4.2. The `Prepare` step of the `SpaceToDepth` TFLite operator does not check for 0 before... |
| CVE-2021-29586 |
AVG-1962 |
Low |
No |
Denial of service |
A security issue has been found in TensorFlow before version 2.4.2. Optimized pooling implementations in TFLite fail to check that the stride arguments are... |
| CVE-2021-29585 |
AVG-1962 |
Low |
No |
Insufficient validation |
A security issue has been found in TensorFlow before version 2.4.2. The TFLite computation for size of output after padding, `ComputeOutSi... |
| CVE-2021-29584 |
AVG-1962 |
Low |
No |
Denial of service |
A security issue has been found in TensorFlow before version 2.4.2. An attacker can trigger a denial of service via a `CHECK`-fail in caused by an integer... |
| CVE-2021-29583 |
AVG-1962 |
Low |
No |
Arbitrary code execution |
A security issue has been found in TensorFlow before version 2.4.2. The implementation of `tf.raw_ops.FusedBatchNorm` is vulnerable to a heap buffer... |
| CVE-2021-29582 |
AVG-1962 |
Low |
No |
Information disclosure |
A security issue has been found in TensorFlow before version 2.4.2. Due to lack of validation in `tf.raw_ops.Dequantize`, an attacker can trigger a read... |
| CVE-2021-29581 |
AVG-1962 |
Low |
No |
Denial of service |
A security issue has been found in TensorFlow before version 2.4.2. Due to lack of validation in `tf.raw_ops.CTCBeamSearchDecoder`, an attacker can trigger... |
| CVE-2021-29580 |
AVG-1962 |
Low |
No |
Denial of service |
A security issue has been found in TensorFlow before version 2.4.2. The implementation of `tf.raw_ops.FractionalMaxPoolGrad` triggers an undefined behavior... |
| CVE-2021-29579 |
AVG-1962 |
Low |
No |
Arbitrary code execution |
A security issue has been found in TensorFlow before version 2.4.2. The implementation of `tf.raw_ops.MaxPoolGrad` is vulnerable to a heap buffer overflow.... |
| CVE-2021-29578 |
AVG-1962 |
Low |
No |
Arbitrary code execution |
A security issue has been found in TensorFlow before version 2.4.2. The implementation of `tf.raw_ops.FractionalAvgPoolGrad` is vulnerable to a heap buffer... |
| CVE-2021-29577 |
AVG-1962 |
Low |
No |
Arbitrary code execution |
A security issue has been found in TensorFlow before version 2.4.2. The implementation of `tf.raw_ops.AvgPool3DGrad` is vulnerable to a heap buffer... |
| CVE-2021-29576 |
AVG-1962 |
Low |
No |
Arbitrary code execution |
A security issue has been found in TensorFlow before version 2.4.2. The implementation of `tf.raw_ops.MaxPool3DGradGrad` is vulnerable to a heap buffer... |
| CVE-2021-29575 |
AVG-1962 |
Low |
No |
Denial of service |
A security issue has been found in TensorFlow before version 2.4.2. The implementation of `tf.raw_ops.ReverseSequence` allows for stack overflow and/or... |
| CVE-2021-29574 |
AVG-1962 |
Low |
No |
Denial of service |
A security issue has been found in TensorFlow before version 2.4.2. The implementation of `tf.raw_ops.MaxPool3DGradGrad` exhibits undefined behavior by... |
| CVE-2021-29573 |
AVG-1962 |
Low |
No |
Denial of service |
A security issue has been found in TensorFlow before version 2.4.2. The implementation of `tf.raw_ops.MaxPoolGradWithArgmax` is vulnerable to a division by... |
| CVE-2021-29572 |
AVG-1962 |
Low |
No |
Denial of service |
A security issue has been found in TensorFlow before version 2.4.2. The implementation of `tf.raw_ops.SdcaOptimizer` triggers undefined behavior due to... |
| CVE-2021-29571 |
AVG-1962 |
Medium |
No |
Information disclosure |
A security issue has been found in TensorFlow before version 2.4.2. The implementation of `tf.raw_ops.MaxPoolGradWithArgmax` can cause reads outside of... |
| CVE-2021-29570 |
AVG-1962 |
Low |
No |
Information disclosure |
A security issue has been found in TensorFlow before version 2.4.2. The implementation of `tf.raw_ops.MaxPoolGradWithArgmax` can cause reads outside of... |
| CVE-2021-29569 |
AVG-1962 |
Low |
No |
Information disclosure |
A security issue has been found in TensorFlow before version 2.4.2. The implementation of `tf.raw_ops.MaxPoolGradWithArgmax` can cause reads outside of... |
| CVE-2021-29568 |
AVG-1962 |
Low |
No |
Insufficient validation |
A security issue has been found in TensorFlow before version 2.4.2. An attacker can trigger undefined behavior by binding to null pointer in... |
| CVE-2021-29567 |
AVG-1962 |
Low |
No |
Denial of service |
A security issue has been found in TensorFlow before version 2.4.2. Due to lack of validation in `tf.raw_ops.SparseDenseCwiseMul`, an attacker can trigger... |
| CVE-2021-29566 |
AVG-1962 |
Low |
No |
Arbitrary code execution |
A security issue has been found in TensorFlow before version 2.4.2. An attacker can write outside the bounds of heap allocated arrays by passing invalid... |
| CVE-2021-29565 |
AVG-1962 |
Low |
No |
Denial of service |
A security issue has been found in TensorFlow before version 2.4.2. An attacker can trigger a null pointer dereference in the implementation of... |
| CVE-2021-29564 |
AVG-1962 |
Low |
No |
Denial of service |
A security issue has been found in TensorFlow before version 2.4.2. An attacker can trigger a null pointer dereference in the implementation of... |
| CVE-2021-29563 |
AVG-1962 |
Low |
No |
Denial of service |
A security issue has been found in TensorFlow before version 2.4.2. An attacker can cause a denial of service by exploiting a `CHECK`-failure coming from... |
| CVE-2021-29562 |
AVG-1962 |
Low |
No |
Denial of service |
A security issue has been found in TensorFlow before version 2.4.2. An attacker can cause a denial of service by exploiting a `CHECK`-failure coming from... |
| CVE-2021-29561 |
AVG-1962 |
Low |
No |
Denial of service |
A security issue has been found in TensorFlow before version 2.4.2. An attacker can cause a denial of service by exploiting a `CHECK`-failure coming from... |
| CVE-2021-29560 |
AVG-1962 |
Low |
No |
Arbitrary code execution |
A security issue has been found in TensorFlow before version 2.4.2. An attacker can cause a heap buffer overflow in `tf.raw_ops.RaggedTensorToTensor`. This... |
| CVE-2021-29559 |
AVG-1962 |
Low |
No |
Information disclosure |
A security issue has been found in TensorFlow before version 2.4.2. An attacker can access data outside of bounds of heap allocated array in... |
| CVE-2021-29558 |
AVG-1962 |
Low |
No |
Arbitrary code execution |
A security issue has been found in TensorFlow before version 2.4.2. An attacker can cause a heap buffer overflow in `tf.raw_ops.SparseSplit`. This is... |
| CVE-2021-29557 |
AVG-1962 |
Low |
No |
Denial of service |
A security issue has been found in TensorFlow before version 2.4.2. An attacker can cause a denial of service via a FPE runtime error in... |
| CVE-2021-29556 |
AVG-1962 |
Low |
No |
Denial of service |
A security issue has been found in TensorFlow before version 2.4.2. An attacker can cause a denial of service via a FPE runtime error in... |
| CVE-2021-29555 |
AVG-1962 |
Low |
No |
Denial of service |
A security issue has been found in TensorFlow before version 2.4.2. An attacker can cause a denial of service via a FPE runtime error in... |
| CVE-2021-29554 |
AVG-1962 |
Low |
No |
Denial of service |
A security issue has been found in TensorFlow before version 2.4.2. An attacker can cause a denial of service via a FPE runtime error in... |
| CVE-2021-29553 |
AVG-1962 |
Low |
No |
Information disclosure |
A security issue has been found in TensorFlow before version 2.4.2. An attacker can read data outside of bounds of heap allocated buffer in... |
| CVE-2021-29552 |
AVG-1962 |
Low |
No |
Denial of service |
A security issue has been found in TensorFlow before version 2.4.2. An attacker can cause a denial of service by controlling the values of `num_segments`... |
| CVE-2021-29551 |
AVG-1962 |
Low |
No |
Denial of service |
A security issue has been found in TensorFlow before version 2.4.2. The implementation of `MatrixTriangularSolve`(https://github.com/tenso... |
| CVE-2021-29550 |
AVG-1962 |
Low |
No |
Denial of service |
A security issue has been found in TensorFlow before version 2.4.2. An attacker can cause a runtime division by zero error and denial of service in... |
| CVE-2021-29549 |
AVG-1962 |
Low |
No |
Denial of service |
A security issue has been found in TensorFlow before version 2.4.2. An attacker can cause a runtime division by zero error and denial of service in... |
| CVE-2021-29548 |
AVG-1962 |
Low |
No |
Denial of service |
A security issue has been found in TensorFlow before version 2.4.2. An attacker can cause a runtime division by zero error and denial of service in... |
| CVE-2021-29547 |
AVG-1962 |
Low |
No |
Denial of service |
A security issue has been found in TensorFlow before version 2.4.2. An attacker can cause a segfault and denial of service via accessing data outside of... |
| CVE-2021-29546 |
AVG-1962 |
Low |
No |
Denial of service |
A security issue has been found in TensorFlow before version 2.4.2. An attacker can trigger an integer division by zero undefined behavior in... |
| CVE-2021-29545 |
AVG-1962 |
Low |
No |
Denial of service |
A security issue has been found in TensorFlow before version 2.4.2. An attacker can trigger a denial of service via a `CHECK`-fail in converting sparse... |
| CVE-2021-29544 |
AVG-1962 |
Low |
No |
Denial of service |
A security issue has been found in TensorFlow before version 2.4.2. An attacker can trigger a denial of service via a `CHECK`-fail in... |
| CVE-2021-29543 |
AVG-1962 |
Low |
No |
Denial of service |
A security issue has been found in TensorFlow before version 2.4.2. An attacker can trigger a denial of service via a `CHECK`-fail in... |
| CVE-2021-29542 |
AVG-1962 |
Low |
No |
Arbitrary code execution |
A security issue has been found in TensorFlow before version 2.4.2. An attacker can cause a heap buffer overflow by passing crafted inputs to... |
| CVE-2021-29541 |
AVG-1962 |
Low |
No |
Denial of service |
A security issue has been found in TensorFlow before version 2.4.2. An attacker can trigger a dereference of a null pointer in `tf.raw_ops.StringNGrams`.... |
| CVE-2021-29540 |
AVG-1962 |
Low |
No |
Insufficient validation |
A security issue has been found in TensorFlow before version 2.4.2. An attacker can cause a heap buffer overflow to occur in `Conv2DBackpropFilter`. This is... |
| CVE-2021-29539 |
AVG-1962 |
Low |
No |
Denial of service |
A security issue has been found in TensorFlow before version 2.4.2. Calling `tf.raw_ops.ImmutableConst`(https://www.tensorflow.org/api_doc... |
| CVE-2021-29538 |
AVG-1962 |
Low |
No |
Denial of service |
A security issue has been found in TensorFlow before version 2.4.2. An attacker can cause a division by zero to occur in `Conv2DBackpropFilter`. This is... |
| CVE-2021-29537 |
AVG-1962 |
Low |
No |
Arbitrary code execution |
A security issue has been found in TensorFlow before version 2.4.2. An attacker can cause a heap buffer overflow in `QuantizedResizeBilinear` by passing in... |
| CVE-2021-29536 |
AVG-1962 |
Low |
No |
Arbitrary code execution |
A security issue has been found in TensorFlow before version 2.4.2. An attacker can cause a heap buffer overflow in `QuantizedReshape` by passing in invalid... |
| CVE-2021-29535 |
AVG-1962 |
Low |
No |
Arbitrary code execution |
A security issue has been found in TensorFlow before version 2.4.2. An attacker can cause a heap buffer overflow in `QuantizedMul` by passing in invalid... |
| CVE-2021-29534 |
AVG-1962 |
Low |
No |
Denial of service |
A security issue has been found in TensorFlow before version 2.4.2. An attacker can trigger a denial of service via a `CHECK`-fail in... |
| CVE-2021-29533 |
AVG-1962 |
Low |
No |
Denial of service |
A security issue has been found in TensorFlow before version 2.4.2. An attacker can trigger a denial of service via a `CHECK` failure by passing an empty... |
| CVE-2021-29532 |
AVG-1962 |
Low |
No |
Information disclosure |
A security issue has been found in TensorFlow before version 2.4.2. An attacker can force accesses outside the bounds of heap allocated arrays by passing in... |
| CVE-2021-29531 |
AVG-1962 |
Low |
No |
Denial of service |
A security issue has been found in TensorFlow before version 2.4.2. An attacker can trigger a `CHECK` fail in PNG encoding by providing an empty input... |
| CVE-2021-29530 |
AVG-1962 |
Low |
No |
Denial of service |
A security issue has been found in TensorFlow before version 2.4.2. An attacker can trigger a null pointer dereference by providing an invalid `permutation`... |
| CVE-2021-29529 |
AVG-1962 |
Low |
No |
Arbitrary code execution |
A security issue has been found in TensorFlow before version 2.4.2. An attacker can trigger a heap buffer overflow in `tf.raw_ops.QuantizedResizeBilinear`... |
| CVE-2021-29528 |
AVG-1962 |
Low |
No |
Denial of service |
A security issue has been found in TensorFlow before version 2.4.2. An attacker can trigger a division by 0 in `tf.raw_ops.QuantizedMul`. This is because... |
| CVE-2021-29527 |
AVG-1962 |
Low |
No |
Denial of service |
A security issue has been found in TensorFlow before version 2.4.2. An attacker can trigger a division by 0 in `tf.raw_ops.QuantizedConv2D`. This is because... |
| CVE-2021-29526 |
AVG-1962 |
Low |
No |
Denial of service |
A security issue has been found in TensorFlow before version 2.4.2. An attacker can trigger a division by 0 in `tf.raw_ops.Conv2D`. This is because the... |
| CVE-2021-29525 |
AVG-1962 |
Low |
No |
Denial of service |
A security issue has been found in TensorFlow before version 2.4.2. An attacker can trigger a division by 0 in `tf.raw_ops.Conv2DBackpropInput`. This is... |
| CVE-2021-29524 |
AVG-1962 |
Low |
No |
Denial of service |
A security issue has been found in TensorFlow before version 2.4.2. An attacker can trigger a division by 0 in `tf.raw_ops.Conv2DBackpropFilter`. This is... |
| CVE-2021-29523 |
AVG-1962 |
Low |
No |
Denial of service |
A security issue has been found in TensorFlow before version 2.4.2. An attacker can trigger a denial of service via a `CHECK`-fail in... |
| CVE-2021-29522 |
AVG-1962 |
Low |
No |
Denial of service |
A security issue has been found in TensorFlow before version 2.4.2. The `tf.raw_ops.Conv3DBackprop*` operations fail to validate that the input tensors are... |
| CVE-2021-29521 |
AVG-1962 |
Low |
No |
Denial of service |
A security issue has been found in TensorFlow before version 2.4.2. Specifying a negative dense shape in `tf.raw_ops.SparseCountSparseOutput` results in a... |
| CVE-2021-29520 |
AVG-1962 |
Low |
No |
Arbitrary code execution |
A security issue has been found in TensorFlow before version 2.4.2. Missing validation between arguments to `tf.raw_ops.Conv3DBackprop*` operations can... |
| CVE-2021-29519 |
AVG-1962 |
Low |
No |
Denial of service |
A security issue has been found in TensorFlow before version 2.4.2. The API of `tf.raw_ops.SparseCross` allows combinations which would result in a... |
| CVE-2021-29518 |
AVG-1962 |
Low |
No |
Denial of service |
A security issue has been found in TensorFlow before version 2.4.2. In eager mode (default in TF 2.0 and later), session operations are invalid. However,... |
| CVE-2021-29517 |
AVG-1962 |
Low |
No |
Denial of service |
A security issue has been found in TensorFlow before version 2.4.2. A malicious user could trigger a division by 0 in `Conv3D` implementation. The... |
| CVE-2021-29516 |
AVG-1962 |
Low |
No |
Denial of service |
A security issue has been found in TensorFlow before version 2.4.2. Calling `tf.raw_ops.RaggedTensorToVariant` with arguments specifying an invalid ragged... |
| CVE-2021-29515 |
AVG-1962 |
Low |
No |
Insufficient validation |
A security issue has been found in TensorFlow before version 2.4.2. The implementation of `MatrixDiag*` operations(https://github.com/tens... |
| CVE-2021-29514 |
AVG-1962 |
Low |
No |
Information disclosure |
A security issue has been found in TensorFlow before version 2.4.2. If the `splits` argument of `RaggedBincount` does not specify a valid `Sp... |
| CVE-2021-29513 |
AVG-1962 |
Low |
No |
Denial of service |
A security issue has been found in TensorFlow before version 2.4.2. Calling TF operations with tensors of non-numeric types when the operations expect... |
| CVE-2021-29512 |
AVG-1962 |
Low |
No |
Information disclosure |
A security issue has been found in TensorFlow before version 2.4.2. If the "splits" argument of RaggedBincount does not specify a valid SparseTensor, then... |
| CVE-2020-26271 |
AVG-1348 |
High |
No |
Information disclosure |
In affected versions of TensorFlow under certain cases, loading a saved model can result in accessing uninitialized memory while building the computation... |
| CVE-2020-26270 |
AVG-1348 |
Low |
No |
Denial of service |
In affected versions of TensorFlow running an LSTM/GRU model where the LSTM/GRU layer receives an input with zero-length results in a CHECK failure when... |
| CVE-2020-26269 |
AVG-1348 |
Critical |
No |
Information disclosure |
In TensorFlow release candidate versions 2.4.0rc*, the general implementation for matching filesystem paths to globbing pattern is vulnerable to an access... |
| CVE-2020-26268 |
AVG-1348 |
Low |
No |
Denial of service |
In affected versions of TensorFlow the tf.raw_ops.ImmutableConst operation returns a constant tensor created from a memory mapped file which is assumed... |
| CVE-2020-26267 |
AVG-1348 |
Low |
No |
Information disclosure |
In affected versions of TensorFlow the tf.raw_ops.DataFormatVecPermute API does not validate the src_format and dst_format attributes. The code assumes that... |
| CVE-2020-26266 |
AVG-1348 |
Low |
No |
Information disclosure |
In affected versions of TensorFlow under certain cases a saved model can trigger use of uninitialized values during code execution. This is caused by having... |
| CVE-2020-15266 |
AVG-1350 |
Low |
No |
Denial of service |
In Tensorflow before version 2.4.0, when the boxes argument of tf.image.crop_and_resize has a very large value, the CPU kernel implementation receives it as... |
| CVE-2020-15265 |
AVG-1350 |
Medium |
No |
Denial of service |
In Tensorflow before version 2.4.0, an attacker can pass an invalid axis value to tf.quantization.quantize_and_dequantize. This results in accessing a... |