| CVE-2020-26269 |
critical |
— |
9.5 |
|
|
|
4y ago |
In TensorFlow release candidate versions 2.4.0rc*, the general implementation for matching filesystem paths to globbing pattern is vulnerable to an access out of bounds of the array holding the direc… |
| CVE-2021-29607 |
critical |
— |
9.5 |
|
|
|
4y ago |
TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in `SparseAdd` results in allowing attackers to exploit undefined behavior (dereferencing null pointers) a… |
| CVE-2021-37635 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of sparse reduction operations in TensorFlow can trigger accesses outside of bounds of h… |
| CVE-2021-37636 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.raw_ops.SparseDenseCwiseDiv` is vulnerable to a division by 0 error. The [impleme… |
| CVE-2021-37637 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. It is possible to trigger a null pointer dereference in TensorFlow by passing an invalid input to `tf.raw_ops.CompressElement`. … |
| CVE-2021-37638 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. Sending invalid argument for `row_partition_types` of `tf.raw_ops.RaggedTensorToTensor` API results in a null pointer dereferenc… |
| CVE-2021-37639 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. When restoring tensors via raw APIs, if the tensor name is not provided, TensorFlow can be tricked into dereferencing a null poi… |
| CVE-2021-37640 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.raw_ops.SparseReshape` can be made to trigger an integral division by 0 exception… |
| CVE-2021-37641 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. In affected versions if the arguments to `tf.raw_ops.RaggedGather` don't determine a valid ragged tensor code can trigger a read… |
| CVE-2021-37642 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.raw_ops.ResourceScatterDiv` is vulnerable to a division by 0 error. The [implemen… |
| CVE-2021-37643 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. If a user does not provide a valid padding value to `tf.raw_ops.MatrixDiagPartOp`, then the code triggers a null pointer derefer… |
| CVE-2021-37644 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. In affected versions providing a negative element to `num_elements` list argument of `tf.raw_ops.TensorListReserve` causes the r… |
| CVE-2021-37645 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.raw_ops.QuantizeAndDequantizeV4Grad` is vulnerable to an integer overflow issue c… |
| CVE-2021-37646 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.raw_ops.StringNGrams` is vulnerable to an integer overflow issue caused by conver… |
| CVE-2021-37647 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. When a user does not supply arguments that determine a valid sparse tensor, `tf.raw_ops.SparseTensorSliceDataset` implementation… |
| CVE-2021-37648 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the code for `tf.raw_ops.SaveV2` does not properly validate the inputs and an attacker can trigger a null p… |
| CVE-2021-37649 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. The code for `tf.raw_ops.UncompressElement` can be made to trigger a null pointer dereference. The [implementation](https://gith… |
| CVE-2021-37650 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for `tf.raw_ops.ExperimentalDatasetToTFRecord` and `tf.raw_ops.DatasetToTFRecord` can tr… |
| CVE-2021-37651 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for `tf.raw_ops.FractionalAvgPoolGrad` can be tricked into accessing data outside of bou… |
| CVE-2021-37652 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for `tf.raw_ops.BoostedTreesCreateEnsemble` can result in a use after free error if an a… |
| CVE-2021-37653 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a crash via a floating point exception in `tf.raw_ops.ResourceGather`. The [impleme… |
| CVE-2021-37654 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a crash via a `CHECK`-fail in debug builds of TensorFlow using `tf.raw_ops.Resource… |
| CVE-2021-37655 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a read from outside of bounds of heap allocated data by sending invalid arguments t… |
| CVE-2021-37656 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.RaggedTenso… |
| CVE-2021-37657 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type … |
| CVE-2021-37658 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type … |
| CVE-2021-37659 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all binary cwise operat… |
| CVE-2021-37660 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause a floating point exception by calling inplace operations with crafted arguments that … |
| CVE-2021-37661 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause a denial of service in `boosted_trees_create_quantile_stream_resource` by using negat… |
| CVE-2021-37662 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can generate undefined behavior via a reference binding to nullptr in `BoostedTreesCalculateBes… |
| CVE-2021-37663 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in `tf.raw_ops.QuantizeV2`, an attacker can trigger undefined behavior via bin… |
| CVE-2021-37664 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arg… |
| CVE-2021-37665 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in MKL implementation of requantization, an attacker can trigger undefined beh… |
| CVE-2021-37666 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.RaggedTenso… |
| CVE-2021-37667 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.UnicodeEnco… |
| CVE-2021-37668 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause denial of service in applications serving models using `tf.raw_ops.UnravelIndex` by t… |
| CVE-2021-37669 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause denial of service in applications serving models using `tf.raw_ops.NonMaxSuppressionV… |
| CVE-2021-37670 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arg… |
| CVE-2021-37671 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.Map*` and `… |
| CVE-2021-37672 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arg… |
| CVE-2021-37673 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a denial of service via a `CHECK`-fail in `tf.raw_ops.MapStage`. The [implementatio… |
| CVE-2021-37674 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a denial of service via a segmentation fault in `tf.raw_ops.MaxPoolGrad` caused by … |
| CVE-2021-37675 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. In affected versions most implementations of convolution operators in TensorFlow are affected by a division by 0 vulnerability w… |
| CVE-2021-37676 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.SparseFillE… |
| CVE-2021-37677 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the shape inference code for `tf.raw_ops.Dequantize` has a vulnerability that could trigger a denial of ser… |
| CVE-2021-37678 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. In affected versions TensorFlow and Keras can be tricked to perform arbitrary code execution when deserializing a Keras model fr… |
| CVE-2021-37679 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. In affected versions it is possible to nest a `tf.map_fn` within another `tf.map_fn` call. However, if the input tensor is a `Ra… |
| CVE-2021-37680 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of fully connected layers in TFLite is [vulnerable to a division by zero error](https://… |
| CVE-2021-37681 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of SVDF in TFLite is [vulnerable to a null pointer error](https://github.com/tensorflow/… |
| CVE-2021-37682 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. In affected versions all TFLite operations that use quantization can be made to use unitialized values. [For example](https://gi… |
| CVE-2021-37683 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of division in TFLite is [vulnerable to a division by 0 error](https://github.com/tensor… |
| CVE-2021-37684 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementations of pooling in TFLite are vulnerable to division by 0 errors as there are no checks for … |
| CVE-2021-37685 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. In affected versions TFLite's [`expand_dims.cc`](https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005… |
| CVE-2021-37687 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. In affected versions TFLite's [`GatherNd` implementation](https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d9… |
| CVE-2021-37686 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the strided slice implementation in TFLite has a logic bug which can allow an attacker to trigger an infini… |
| CVE-2021-37688 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a… |
| CVE-2021-37689 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a… |
| CVE-2021-37690 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. In affected versions when running shape functions, some functions (such as `MutableHashTableShape`) produce extra output informa… |
| CVE-2021-37691 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a division by zero error in LSH [implementation](ht… |
| CVE-2021-37692 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. In affected versions under certain conditions, Go code can trigger a segfault in string deallocation. For string tensors, `C.TF_… |
| CVE-2021-29619 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. Passing invalid arguments (e.g., discovered via fuzzing) to `tf.raw_ops.SparseCountSparseOutput` results in segfault. The fix wi… |
| CVE-2021-29618 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. Passing a complex argument to `tf.transpose` at the same time as passing `conjugate=True` argument results in a crash. The fix w… |
| CVE-2021-29617 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via `CHECK`-fail in `tf.strings.substr` with invalid arguments. The fix will be includ… |
| CVE-2021-29616 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. The implementation of TrySimplify(https://github.com/tensorflow/tensorflow/blob/c22d88d6ff33031aa113e48aa3fc9aa74ed79595/tensorf… |
| CVE-2021-29615 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. The implementation of `ParseAttrValue`(https://github.com/tensorflow/tensorflow/blob/c22d88d6ff33031aa113e48aa3fc9aa74ed79595/te… |
| CVE-2021-29614 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. The implementation of `tf.io.decode_raw` produces incorrect results and crashes the Python interpreter when combining `fixed_len… |
| CVE-2021-29613 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in `tf.raw_ops.CTCLoss` allows an attacker to trigger an OOB read from heap. The fix will be included in T… |
| CVE-2021-29612 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a heap buffer overflow in Eigen implementation of `tf.raw_ops.BandedTriangularSolve`. The implementation… |
| CVE-2021-29611 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in `SparseReshape` results in a denial of service based on a `CHECK`-failure. The implementation(https://g… |
| CVE-2021-29610 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. The validation in `tf.raw_ops.QuantizeAndDequantizeV2` allows invalid values for `axis` argument:. The validation(https://github… |
| CVE-2021-29609 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in `SparseAdd` results in allowing attackers to exploit undefined behavior (dereferencing null pointers) a… |
| CVE-2021-29608 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in `tf.raw_ops.RaggedTensorToTensor`, an attacker can exploit an undefined behavior if input arguments… |
| CVE-2021-29606 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. A specially crafted TFLite model could trigger an OOB read on heap in the TFLite implementation of `Split_V`(https://github.com/… |
| CVE-2021-29605 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. The TFLite code for allocating `TFLiteIntArray`s is vulnerable to an integer overflow issue(https://github.com/tensorflow/tensor… |
| CVE-2021-29604 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. The TFLite implementation of hashtable lookup is vulnerable to a division by zero error(https://github.com/tensorflow/tensorflow… |
| CVE-2021-29603 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. A specially crafted TFLite model could trigger an OOB write on heap in the TFLite implementation of `ArgMin`/`ArgMax`(https://gi… |
| CVE-2021-29602 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. The implementation of the `DepthwiseConv` TFLite operator is vulnerable to a division by zero error(https://github.com/tensorflo… |
| CVE-2021-29601 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. The TFLite implementation of concatenation is vulnerable to an integer overflow issue(https://github.com/tensorflow/tensorflow/b… |
| CVE-2021-29600 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. The implementation of the `OneHot` TFLite operator is vulnerable to a division by zero error(https://github.com/tensorflow/tenso… |
| CVE-2021-29599 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. The implementation of the `Split` TFLite operator is vulnerable to a division by zero error(https://github.com/tensorflow/tensor… |
| CVE-2021-29598 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. The implementation of the `SVDF` TFLite operator is vulnerable to a division by zero error(https://github.com/tensorflow/tensorf… |
| CVE-2021-29597 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. The implementation of the `SpaceToBatchNd` TFLite operator is [vulnerable to a division by zero error](https://github.com/tensor… |
| CVE-2021-29596 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. The implementation of the `EmbeddingLookup` TFLite operator is vulnerable to a division by zero error(https://github.com/tensorf… |
| CVE-2021-29595 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. The implementation of the `DepthToSpace` TFLite operator is vulnerable to a division by zero error(https://github.com/tensorflow… |
| CVE-2021-29594 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. TFLite's convolution code(https://github.com/tensorflow/tensorflow/blob/09c73bca7d648e961dd05898292d91a8322a9d45/tensorflow/lite… |
| CVE-2021-29593 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. The implementation of the `BatchToSpaceNd` TFLite operator is vulnerable to a division by zero error(https://github.com/tensorfl… |
| CVE-2021-29592 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. The fix for CVE-2020-15209(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15209) missed the case when the target shape … |
| CVE-2021-29591 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. TFlite graphs must not have loops between nodes. However, this condition was not checked and an attacker could craft models that… |
| CVE-2021-29590 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. The implementations of the `Minimum` and `Maximum` TFLite operators can be used to read data outside of bounds of heap allocated… |
| CVE-2021-29589 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. The reference implementation of the `GatherNd` TFLite operator is vulnerable to a division by zero error(https://github.com/tens… |
| CVE-2021-29588 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. The optimized implementation of the `TransposeConv` TFLite operator is [vulnerable to a division by zero error](https://github.c… |
| CVE-2021-29587 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. The `Prepare` step of the `SpaceToDepth` TFLite operator does not check for 0 before division(https://github.com/tensorflow/tens… |
| CVE-2021-29586 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. Optimized pooling implementations in TFLite fail to check that the stride arguments are not 0 before calling `ComputePaddingHeig… |
| CVE-2021-29585 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. The TFLite computation for size of output after padding, `ComputeOutSize`(https://github.com/tensorflow/tensorflow/blob/0c9692ae… |
| CVE-2021-29584 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a `CHECK`-fail in caused by an integer overflow in constructing a new tensor sha… |
| CVE-2021-29583 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. The implementation of `tf.raw_ops.FusedBatchNorm` is vulnerable to a heap buffer overflow. If the tensors are empty, the same im… |
| CVE-2021-29582 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in `tf.raw_ops.Dequantize`, an attacker can trigger a read from outside of bounds of heap allocated da… |
| CVE-2021-29581 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in `tf.raw_ops.CTCBeamSearchDecoder`, an attacker can trigger denial of service via segmentation fault… |
| CVE-2021-29580 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. The implementation of `tf.raw_ops.FractionalMaxPoolGrad` triggers an undefined behavior if one of the input tensors is empty. Th… |
| CVE-2021-29579 |
critical |
— |
9.5 |
|
|
|
5y ago |
TensorFlow is an end-to-end open source platform for machine learning. The implementation of `tf.raw_ops.MaxPoolGrad` is vulnerable to a heap buffer overflow. The implementation(https://github.com/te… |