tensorflow-cpu
PyPI424 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting tensorflow-cpupage 4 of 9
- CVE-2021-37635HIGHCVSS 7.3EG 7.3✓ Fixed in 2.4.32021-08-12
vulnerable: 2.3.0 ... 2.4.2 (7 versions)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of sparse reduction operations in TensorFlow can trigger accesses outside of bounds of heap allocated data. The [implementation]…
- CVE-2021-37636MEDIUMCVSS 5.5EG 5.5✓ Fixed in 2.4.32021-08-12
vulnerable: 2.3.0 ... 2.4.2 (7 versions)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.raw_ops.SparseDenseCwiseDiv` is vulnerable to a division by 0 error. The [implementation](https://github.com/tensorflow/t…
- CVE-2021-37637HIGHCVSS 7.7EG 7.7✓ Fixed in 2.4.32021-08-12
vulnerable: 2.3.0 ... 2.4.2 (7 versions)
TensorFlow is an end-to-end open source platform for machine learning. It is possible to trigger a null pointer dereference in TensorFlow by passing an invalid input to `tf.raw_ops.CompressElement`. The [implementation](https://github.com/…
- CVE-2021-37638HIGHCVSS 7.7EG 7.7✓ Fixed in 2.4.32021-08-12
vulnerable: 2.3.0 ... 2.4.2 (7 versions)
TensorFlow is an end-to-end open source platform for machine learning. Sending invalid argument for `row_partition_types` of `tf.raw_ops.RaggedTensorToTensor` API results in a null pointer dereference and undefined behavior. The [implement…
- CVE-2021-37639HIGHCVSS 8.4EG 8.4✓ Fixed in 2.4.32021-08-12
vulnerable: 2.3.0 ... 2.4.2 (7 versions)
TensorFlow is an end-to-end open source platform for machine learning. When restoring tensors via raw APIs, if the tensor name is not provided, TensorFlow can be tricked into dereferencing a null pointer. Alternatively, attackers can read …
- CVE-2021-37640MEDIUMCVSS 5.5EG 5.5✓ Fixed in 2.4.32021-08-12
vulnerable: 2.3.0 ... 2.4.2 (7 versions)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.raw_ops.SparseReshape` can be made to trigger an integral division by 0 exception. The [implementation](https://github.co…
- CVE-2021-37641HIGHCVSS 7.3EG 7.3✓ Fixed in 2.4.32021-08-12
vulnerable: 2.3.0 ... 2.4.2 (7 versions)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions if the arguments to `tf.raw_ops.RaggedGather` don't determine a valid ragged tensor code can trigger a read from outside of bounds of heap allocate…
- CVE-2021-37642MEDIUMCVSS 5.5EG 5.5✓ Fixed in 2.4.32021-08-12
vulnerable: 2.3.0 ... 2.4.2 (7 versions)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.raw_ops.ResourceScatterDiv` is vulnerable to a division by 0 error. The [implementation](https://github.com/tensorflow/te…
- CVE-2021-37643HIGHCVSS 7.7EG 7.7✓ Fixed in 2.4.32021-08-12
vulnerable: 2.3.0 ... 2.4.2 (7 versions)
TensorFlow is an end-to-end open source platform for machine learning. If a user does not provide a valid padding value to `tf.raw_ops.MatrixDiagPartOp`, then the code triggers a null pointer dereference (if input is empty) or produces inv…
- CVE-2021-37644MEDIUMCVSS 5.5EG 5.5✓ Fixed in 2.4.32021-08-12
vulnerable: 2.3.0 ... 2.4.2 (7 versions)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions providing a negative element to `num_elements` list argument of `tf.raw_ops.TensorListReserve` causes the runtime to abort the process due to reall…
- CVE-2021-37645MEDIUMCVSS 5.5EG 5.5✓ Fixed in 2.4.32021-08-12
vulnerable: 2.3.0 ... 2.4.2 (7 versions)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.raw_ops.QuantizeAndDequantizeV4Grad` is vulnerable to an integer overflow issue caused by converting a signed integer val…
- CVE-2021-37646MEDIUMCVSS 5.5EG 5.5✓ Fixed in 2.4.32021-08-12
vulnerable: 2.3.0 ... 2.4.2 (7 versions)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.raw_ops.StringNGrams` is vulnerable to an integer overflow issue caused by converting a signed integer value to an unsign…
- CVE-2021-37647HIGHCVSS 7.7EG 7.7✓ Fixed in 2.4.32021-08-12
vulnerable: 2.3.0 ... 2.4.2 (7 versions)
TensorFlow is an end-to-end open source platform for machine learning. When a user does not supply arguments that determine a valid sparse tensor, `tf.raw_ops.SparseTensorSliceDataset` implementation can be made to dereference a null point…
- CVE-2021-37648HIGHCVSS 7.8EG 7.8✓ Fixed in 2.4.32021-08-12
vulnerable: 2.3.0 ... 2.4.2 (7 versions)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the code for `tf.raw_ops.SaveV2` does not properly validate the inputs and an attacker can trigger a null pointer dereference. The [implementation]…
- CVE-2021-37649HIGHCVSS 7.7EG 7.7✓ Fixed in 2.4.32021-08-12
vulnerable: 2.3.0 ... 2.4.2 (7 versions)
TensorFlow is an end-to-end open source platform for machine learning. The code for `tf.raw_ops.UncompressElement` can be made to trigger a null pointer dereference. The [implementation](https://github.com/tensorflow/tensorflow/blob/f24faa…
- CVE-2021-37650HIGHCVSS 7.8EG 7.8✓ Fixed in 2.4.32021-08-12
vulnerable: 2.3.0 ... 2.4.2 (7 versions)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for `tf.raw_ops.ExperimentalDatasetToTFRecord` and `tf.raw_ops.DatasetToTFRecord` can trigger heap buffer overflow and segmentat…
- CVE-2021-37651HIGHCVSS 7.1EG 7.1✓ Fixed in 2.4.32021-08-12
vulnerable: 2.3.0 ... 2.4.2 (7 versions)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for `tf.raw_ops.FractionalAvgPoolGrad` can be tricked into accessing data outside of bounds of heap allocated buffers. The [impl…
- CVE-2021-37652HIGHCVSS 7.8EG 7.8✓ Fixed in 2.4.32021-08-12
vulnerable: 2.3.0 ... 2.4.2 (7 versions)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for `tf.raw_ops.BoostedTreesCreateEnsemble` can result in a use after free error if an attacker supplies specially crafted argum…
- CVE-2021-37653MEDIUMCVSS 5.5EG 5.5✓ Fixed in 2.4.32021-08-12
vulnerable: 2.3.0 ... 2.4.2 (7 versions)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a crash via a floating point exception in `tf.raw_ops.ResourceGather`. The [implementation](https://github.com/tensorflow/t…
- CVE-2021-37654HIGHCVSS 7.3EG 7.3✓ Fixed in 2.4.32021-08-12
vulnerable: 2.3.0 ... 2.4.2 (7 versions)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a crash via a `CHECK`-fail in debug builds of TensorFlow using `tf.raw_ops.ResourceGather` or a read from outside the bound…
- CVE-2021-37655HIGHCVSS 7.3EG 7.3✓ Fixed in 2.4.32021-08-12
vulnerable: 2.3.0 ... 2.4.2 (7 versions)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a read from outside of bounds of heap allocated data by sending invalid arguments to `tf.raw_ops.ResourceScatterUpdate`. Th…
- CVE-2021-37656HIGHCVSS 7.1EG 7.1✓ Fixed in 2.4.32021-08-12
vulnerable: 2.3.0 ... 2.4.2 (7 versions)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.RaggedTensorToSparse`. The [implementation](https:/…
- CVE-2021-37657HIGHCVSS 7.1EG 7.1✓ Fixed in 2.4.32021-08-12
vulnerable: 2.3.0 ... 2.4.2 (7 versions)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type `tf.raw_ops.MatrixDiagV*`. The [implemen…
- CVE-2021-37658HIGHCVSS 7.1EG 7.1✓ Fixed in 2.4.32021-08-12
vulnerable: 2.3.0 ... 2.4.2 (7 versions)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type `tf.raw_ops.MatrixSetDiagV*`. The [imple…
- CVE-2021-37659HIGHCVSS 7.3EG 7.3✓ Fixed in 2.4.32021-08-12
vulnerable: 2.3.0 ... 2.4.2 (7 versions)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all binary cwise operations that don't require broadcasting (e.…
- CVE-2021-37660MEDIUMCVSS 5.5EG 5.5✓ Fixed in 2.4.32021-08-12
vulnerable: 2.3.0 ... 2.4.2 (7 versions)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause a floating point exception by calling inplace operations with crafted arguments that would result in a division by 0. The [im…
- CVE-2021-37661MEDIUMCVSS 5.5EG 5.5✓ Fixed in 2.4.32021-08-12
vulnerable: 2.3.0 ... 2.4.2 (7 versions)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause a denial of service in `boosted_trees_create_quantile_stream_resource` by using negative arguments. The [implementation](http…
- CVE-2021-37662HIGHCVSS 7.1EG 7.1✓ Fixed in 2.4.32021-08-12
vulnerable: 2.3.0 ... 2.4.2 (7 versions)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can generate undefined behavior via a reference binding to nullptr in `BoostedTreesCalculateBestGainsPerFeature` and similar attack can…
- CVE-2021-37663HIGHCVSS 7.8EG 7.8✓ Fixed in 2.4.32021-08-12
vulnerable: 2.3.0 ... 2.4.2 (7 versions)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in `tf.raw_ops.QuantizeV2`, an attacker can trigger undefined behavior via binding a reference to a null pointer or ca…
- CVE-2021-37664HIGHCVSS 7.3EG 7.3✓ Fixed in 2.4.32021-08-12
vulnerable: 2.3.0 ... 2.4.2 (7 versions)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to `BoostedTreesSparseCalculateBe…
- CVE-2021-37665HIGHCVSS 7.8EG 7.8✓ Fixed in 2.4.32021-08-12
vulnerable: 2.3.0 ... 2.4.2 (7 versions)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in MKL implementation of requantization, an attacker can trigger undefined behavior via binding a reference to a null …
- CVE-2021-37666HIGHCVSS 7.8EG 7.8✓ Fixed in 2.4.32021-08-12
vulnerable: 2.3.0 ... 2.4.2 (7 versions)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.RaggedTensorToVariant`. The [implementation](https:…
- CVE-2021-37667HIGHCVSS 7.8EG 7.8✓ Fixed in 2.4.32021-08-12
vulnerable: 2.3.0 ... 2.4.2 (7 versions)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.UnicodeEncode`. The [implementation](https://github…
- CVE-2021-37668MEDIUMCVSS 5.5EG 5.5✓ Fixed in 2.4.32021-08-12
vulnerable: 2.3.0 ... 2.4.2 (7 versions)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause denial of service in applications serving models using `tf.raw_ops.UnravelIndex` by triggering a division by 0. The [implemen…
- CVE-2021-37669MEDIUMCVSS 5.5EG 5.5✓ Fixed in 2.4.32021-08-12
vulnerable: 2.3.0 ... 2.4.2 (7 versions)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause denial of service in applications serving models using `tf.raw_ops.NonMaxSuppressionV5` by triggering a division by 0. The [i…
- CVE-2021-37670MEDIUMCVSS 5.5EG 5.5✓ Fixed in 2.4.32021-08-12
vulnerable: 2.3.0 ... 2.4.2 (7 versions)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to `tf.raw_ops.UpperBound`. The […
- CVE-2021-37671HIGHCVSS 7.8EG 7.8✓ Fixed in 2.4.32021-08-12
vulnerable: 2.3.0 ... 2.4.2 (7 versions)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.Map*` and `tf.raw_ops.OrderedMap*` operations. The …
- CVE-2021-37672MEDIUMCVSS 5.5EG 5.5✓ Fixed in 2.4.32021-08-12
vulnerable: 2.3.0 ... 2.4.2 (7 versions)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to `tf.raw_ops.SdcaOptimizerV2`. …
- CVE-2021-37673MEDIUMCVSS 5.5EG 5.5✓ Fixed in 2.4.32021-08-12
vulnerable: 2.3.0 ... 2.4.2 (7 versions)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a denial of service via a `CHECK`-fail in `tf.raw_ops.MapStage`. The [implementation](https://github.com/tensorflow/tensorf…
- CVE-2021-37674MEDIUMCVSS 5.5EG 5.5✓ Fixed in 2.4.32021-08-12
vulnerable: 2.3.0 ... 2.4.2 (7 versions)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a denial of service via a segmentation fault in `tf.raw_ops.MaxPoolGrad` caused by missing validation. The [implementation]…
- CVE-2021-37675MEDIUMCVSS 5.5EG 5.5✓ Fixed in 2.4.32021-08-12
vulnerable: 2.3.0 ... 2.4.2 (7 versions)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions most implementations of convolution operators in TensorFlow are affected by a division by 0 vulnerability where an attacker can trigger a denial of…
- CVE-2021-37676HIGHCVSS 7.8EG 7.8✓ Fixed in 2.4.32021-08-12
vulnerable: 2.3.0 ... 2.4.2 (7 versions)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.SparseFillEmptyRows`. The shape inference [implemen…
- CVE-2021-37677MEDIUMCVSS 5.5EG 5.5✓ Fixed in 2.4.32021-08-12
vulnerable: 2.3.0 ... 2.4.2 (7 versions)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the shape inference code for `tf.raw_ops.Dequantize` has a vulnerability that could trigger a denial of service via a segfault if an attacker provi…
- CVE-2021-37678CRITICALCVSS 9.3EG 9.3✓ Fixed in 2.4.32021-08-12
vulnerable: 2.3.0 ... 2.4.2 (7 versions)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions TensorFlow and Keras can be tricked to perform arbitrary code execution when deserializing a Keras model from YAML format. The [implementation](htt…
- CVE-2021-37679HIGHCVSS 7.1EG 7.1✓ Fixed in 2.4.32021-08-12
vulnerable: 2.3.0 ... 2.4.2 (7 versions)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions it is possible to nest a `tf.map_fn` within another `tf.map_fn` call. However, if the input tensor is a `RaggedTensor` and there is no function sig…
- CVE-2021-37680MEDIUMCVSS 5.5EG 5.5✓ Fixed in 2.4.32021-08-12
vulnerable: 2.3.0 ... 2.4.2 (7 versions)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of fully connected layers in TFLite is [vulnerable to a division by zero error](https://github.com/tensorflow/tensorflow/blob/46…
- CVE-2021-37681HIGHCVSS 7.8EG 7.8✓ Fixed in 2.4.32021-08-12
vulnerable: 2.3.0 ... 2.4.2 (7 versions)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of SVDF in TFLite is [vulnerable to a null pointer error](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a…
- CVE-2021-37682MEDIUMCVSS 4.4EG 4.4✓ Fixed in 2.4.32021-08-12
vulnerable: 2.3.0 ... 2.4.2 (7 versions)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions all TFLite operations that use quantization can be made to use unitialized values. [For example](https://github.com/tensorflow/tensorflow/blob/460e…
- CVE-2021-37683MEDIUMCVSS 5.5EG 5.5✓ Fixed in 2.4.32021-08-12
vulnerable: 2.3.0 ... 2.4.2 (7 versions)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of division in TFLite is [vulnerable to a division by 0 error](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb0…
- CVE-2021-37684MEDIUMCVSS 5.5EG 5.5✓ Fixed in 2.4.32021-08-12
vulnerable: 2.3.0 ... 2.4.2 (7 versions)
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementations of pooling in TFLite are vulnerable to division by 0 errors as there are no checks for divisors not being 0. We have patched th…
Check whether tensorflow-cpu is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for tensorflow-cpu CVEs against the assets you own.
Start Free Scan →