Google

Tensorflow

432 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2020-15195

Exploit
  • EPSS 0.36%
  • Veröffentlicht 25.09.2020 19:15:14
  • Zuletzt bearbeitet 21.11.2024 05:05:03

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the implementation of `SparseFillEmptyRowsGrad` uses a double indexing pattern. It is possible for `reverse_index_map(i)` to be an index outside of bounds of `grad_values`, thus res...

9.9

CVE-2020-15196

Exploit
  • EPSS 0.3%
  • Veröffentlicht 25.09.2020 19:15:14
  • Zuletzt bearbeitet 21.11.2024 05:05:03

In Tensorflow version 2.3.0, the `SparseCountSparseOutput` and `RaggedCountSparseOutput` implementations don't validate that the `weights` tensor has the same shape as the data. The check exists for `DenseCountSparseOutput`, where both tensors are fu...

6.3

CVE-2020-15197

Exploit
  • EPSS 0.22%
  • Veröffentlicht 25.09.2020 19:15:14
  • Zuletzt bearbeitet 21.11.2024 05:05:03

In Tensorflow before version 2.3.1, the `SparseCountSparseOutput` implementation does not validate that the input arguments form a valid sparse tensor. In particular, there is no validation that the `indices` tensor has rank 2. This tensor must be a ...

6.5

CVE-2018-21233

  • EPSS 0.13%
  • Veröffentlicht 04.05.2020 15:15:13
  • Zuletzt bearbeitet 21.11.2024 04:03:14

TensorFlow before 1.7.0 has an integer overflow that causes an out-of-bounds read, possibly causing disclosure of the contents of process memory. This occurs in the DecodeBmp feature of the BMP decoder in core/kernels/decode_bmp_op.cc.

7.5

CVE-2020-5215

Exploit
  • EPSS 0.25%
  • Veröffentlicht 28.01.2020 22:15:11
  • Zuletzt bearbeitet 21.11.2024 05:33:41

In TensorFlow before 1.15.2 and 2.0.1, converting a string (from Python) to a tf.float16 value results in a segmentation fault in eager mode as the format checks for this use case are only in the graph mode. This issue can lead to denial of service i...

9.8

CVE-2019-16778

  • EPSS 0.34%
  • Veröffentlicht 16.12.2019 21:15:11
  • Zuletzt bearbeitet 21.11.2024 04:31:10

In TensorFlow before 1.15, a heap buffer overflow in UnsortedSegmentSum can be produced when the Index template argument is int32. In this case data_size and num_segments fields are truncated from int64 to int32 and can produce negative numbers, resu...

9.8

CVE-2018-7575

  • EPSS 0.18%
  • Veröffentlicht 24.04.2019 21:29:00
  • Zuletzt bearbeitet 21.11.2024 04:12:23

Google TensorFlow 1.7.x and earlier is affected by a Buffer Overflow vulnerability. The type of exploitation is context-dependent.

8.1

CVE-2018-10055

  • EPSS 0.17%
  • Veröffentlicht 24.04.2019 17:29:00
  • Zuletzt bearbeitet 21.11.2024 03:40:44

Invalid memory access and/or a heap buffer overflow in the TensorFlow XLA compiler in Google TensorFlow before 1.7.1 could cause a crash or read from other parts of process memory via a crafted configuration file.

8.1

CVE-2018-7577

  • EPSS 0.17%
  • Veröffentlicht 24.04.2019 17:29:00
  • Zuletzt bearbeitet 21.11.2024 04:12:24

Memcpy parameter overlap in Google Snappy library 1.1.4, as used in Google TensorFlow before 1.7.1, could result in a crash or read from other parts of process memory.

6.5

CVE-2019-9635

  • EPSS 0.12%
  • Veröffentlicht 24.04.2019 17:29:00
  • Zuletzt bearbeitet 21.11.2024 04:52:01

NULL pointer dereference in Google TensorFlow before 1.12.2 could cause a denial of service via an invalid GIF file.