tensorflow
PyPI427 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting tensorflowpage 2 of 9
- CVE-2021-29520LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.22021-05-14
vulnerable: 0.12.0 ... 2.4.1 (98 versions)
TensorFlow is an end-to-end open source platform for machine learning. Missing validation between arguments to `tf.raw_ops.Conv3DBackprop*` operations can result in heap buffer overflows. This is because the implementation(https://github.c…
- CVE-2021-29521LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.22021-05-14
vulnerable: 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1
TensorFlow is an end-to-end open source platform for machine learning. Specifying a negative dense shape in `tf.raw_ops.SparseCountSparseOutput` results in a segmentation fault being thrown out from the standard library as `std::vector` in…
- CVE-2021-29522LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.22021-05-14
vulnerable: 0.12.0 ... 2.4.1 (98 versions)
TensorFlow is an end-to-end open source platform for machine learning. The `tf.raw_ops.Conv3DBackprop*` operations fail to validate that the input tensors are not empty. In turn, this would result in a division by 0. This is because the im…
- CVE-2021-29523LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.22021-05-14
vulnerable: 0.12.0 ... 2.4.1 (98 versions)
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a `CHECK`-fail in `tf.raw_ops.AddManySparseToTensorsMap`. This is because the implementation(https://github.com/tensorfl…
- CVE-2021-29524LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.22021-05-14
vulnerable: 0.12.0 ... 2.4.1 (98 versions)
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in `tf.raw_ops.Conv2DBackpropFilter`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/496c2630e…
- CVE-2021-29525LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.22021-05-14
vulnerable: 0.12.0 ... 2.4.1 (98 versions)
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in `tf.raw_ops.Conv2DBackpropInput`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/b40060c9f6…
- CVE-2021-29526LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.22021-05-14
vulnerable: 0.12.0 ... 2.4.1 (98 versions)
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in `tf.raw_ops.Conv2D`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/988087bd83f144af14087fe…
- CVE-2021-29527LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.22021-05-14
vulnerable: 0.12.0 ... 2.4.1 (98 versions)
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in `tf.raw_ops.QuantizedConv2D`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/00e9a4d67d7670…
- CVE-2021-29528LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.22021-05-14
vulnerable: 0.12.0 ... 2.4.1 (98 versions)
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in `tf.raw_ops.QuantizedMul`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/55900e961ed4a23b4…
- CVE-2021-29529LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.22021-05-14
vulnerable: 0.12.0 ... 2.4.1 (98 versions)
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a heap buffer overflow in `tf.raw_ops.QuantizedResizeBilinear` by manipulating input values so that float rounding results in off-by-one error i…
- CVE-2021-29530LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.22021-05-14
vulnerable: 0.12.0 ... 2.4.1 (98 versions)
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a null pointer dereference by providing an invalid `permutation` to `tf.raw_ops.SparseMatrixSparseCholesky`. This is because the implementation(…
- CVE-2021-29531LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.22021-05-14
vulnerable: 0.12.0 ... 2.4.1 (98 versions)
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a `CHECK` fail in PNG encoding by providing an empty input tensor as the pixel data. This is because the implementation(https://github.com/tenso…
- CVE-2021-29532LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.32021-05-14
vulnerable: 0.12.0 ... 2.4.2 (102 versions)
TensorFlow is an end-to-end open source platform for machine learning. An attacker can force accesses outside the bounds of heap allocated arrays by passing in invalid tensor values to `tf.raw_ops.RaggedCross`. This is because the implemen…
- CVE-2021-29533LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.32021-05-14
vulnerable: 0.12.0 ... 2.4.2 (102 versions)
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a `CHECK` failure by passing an empty image to `tf.raw_ops.DrawBoundingBoxes`. This is because the implementation(https:…
- CVE-2021-29534LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.32021-05-14
vulnerable: 0.12.0 ... 2.4.2 (102 versions)
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a `CHECK`-fail in `tf.raw_ops.SparseConcat`. This is because the implementation(https://github.com/tensorflow/tensorflow…
- CVE-2021-29535LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.32021-05-14
vulnerable: 0.12.0 ... 2.4.2 (102 versions)
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in `QuantizedMul` by passing in invalid thresholds for the quantization. This is because the implementation(https://github.…
- CVE-2021-29536LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.32021-05-14
vulnerable: 0.12.0 ... 2.4.2 (102 versions)
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in `QuantizedReshape` by passing in invalid thresholds for the quantization. This is because the implementation(https://git…
- CVE-2021-29537LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.32021-05-14
vulnerable: 0.12.0 ... 2.4.2 (102 versions)
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in `QuantizedResizeBilinear` by passing in invalid thresholds for the quantization. This is because the implementation(http…
- CVE-2021-29538LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.32021-05-14
vulnerable: 0.12.0 ... 2.4.2 (102 versions)
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a division by zero to occur in `Conv2DBackpropFilter`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/1b0296c3b8…
- CVE-2021-29539LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.32021-05-14
vulnerable: 0.12.0 ... 2.4.2 (102 versions)
TensorFlow is an end-to-end open source platform for machine learning. Calling `tf.raw_ops.ImmutableConst`(https://www.tensorflow.org/api_docs/python/tf/raw_ops/ImmutableConst) with a `dtype` of `tf.resource` or `tf.variant` results in a s…
- CVE-2021-29540LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.32021-05-14
vulnerable: 0.12.0 ... 2.4.2 (102 versions)
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow to occur in `Conv2DBackpropFilter`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/1b0296…
- CVE-2021-29541LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.22021-05-14
vulnerable: 0.12.0 ... 2.4.1 (98 versions)
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a dereference of a null pointer in `tf.raw_ops.StringNGrams`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/1…
- CVE-2021-29542LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.22021-05-14
vulnerable: 0.12.0 ... 2.4.1 (98 versions)
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow by passing crafted inputs to `tf.raw_ops.StringNGrams`. This is because the implementation(https://github.com/tensorflow/te…
- CVE-2021-29543LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.32021-05-14
vulnerable: 0.12.0 ... 2.4.2 (102 versions)
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a `CHECK`-fail in `tf.raw_ops.CTCGreedyDecoder`. This is because the implementation(https://github.com/tensorflow/tensor…
- CVE-2021-29544LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.32021-05-14
vulnerable: 0.12.0 ... 2.4.2 (102 versions)
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a `CHECK`-fail in `tf.raw_ops.QuantizeAndDequantizeV4Grad`. This is because the implementation does not validate the ran…
- CVE-2021-29545LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.32021-05-14
vulnerable: 0.12.0 ... 2.4.2 (102 versions)
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a `CHECK`-fail in converting sparse tensors to CSR Sparse matrices. This is because the implementation(https://github.co…
- CVE-2021-29546LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.32021-05-14
vulnerable: 0.12.0 ... 2.4.2 (102 versions)
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger an integer division by zero undefined behavior in `tf.raw_ops.QuantizedBiasAdd`. This is because the implementation of the Eigen kernel(https://…
- CVE-2021-29547LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.32021-05-14
vulnerable: 0.12.0 ... 2.4.2 (102 versions)
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a segfault and denial of service via accessing data outside of bounds in `tf.raw_ops.QuantizedBatchNormWithGlobalNormalization`. This is because t…
- CVE-2021-29548LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.22021-05-14
vulnerable: 0.12.0 ... 2.4.1 (98 versions)
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a runtime division by zero error and denial of service in `tf.raw_ops.QuantizedBatchNormWithGlobalNormalization`. This is because the implementati…
- CVE-2021-29549LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.32021-05-14
vulnerable: 0.12.0 ... 2.4.2 (102 versions)
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a runtime division by zero error and denial of service in `tf.raw_ops.QuantizedBatchNormWithGlobalNormalization`. This is because the implementati…
- CVE-2021-29550LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.32021-05-14
vulnerable: 0.12.0 ... 2.4.2 (102 versions)
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a runtime division by zero error and denial of service in `tf.raw_ops.FractionalAvgPool`. This is because the implementation(https://github.com/te…
- CVE-2021-29551LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.32021-05-14
vulnerable: 0.12.0 ... 2.4.2 (102 versions)
TensorFlow is an end-to-end open source platform for machine learning. The implementation of `MatrixTriangularSolve`(https://github.com/tensorflow/tensorflow/blob/8cae746d8449c7dda5298327353d68613f16e798/tensorflow/core/kernels/linalg/matr…
- CVE-2021-29552LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.32021-05-14
vulnerable: 0.12.0 ... 2.4.2 (102 versions)
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service by controlling the values of `num_segments` tensor argument for `UnsortedSegmentJoin`. This is because the implementation(http…
- CVE-2021-29553LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.22021-05-14
vulnerable: 0.12.0 ... 2.4.1 (98 versions)
TensorFlow is an end-to-end open source platform for machine learning. An attacker can read data outside of bounds of heap allocated buffer in `tf.raw_ops.QuantizeAndDequantizeV3`. This is because the implementation(https://github.com/tens…
- CVE-2021-29554LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.22021-05-14
vulnerable: 0.12.0 ... 2.4.1 (98 versions)
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via a FPE runtime error in `tf.raw_ops.DenseCountSparseOutput`. This is because the implementation(https://github.com/tensorfl…
- CVE-2021-29555LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.22021-05-14
vulnerable: 0.12.0 ... 2.4.1 (98 versions)
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via a FPE runtime error in `tf.raw_ops.FusedBatchNorm`. This is because the implementation(https://github.com/tensorflow/tenso…
- CVE-2021-29556LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.32021-05-14
vulnerable: 0.12.0 ... 2.4.2 (102 versions)
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via a FPE runtime error in `tf.raw_ops.Reverse`. This is because the implementation(https://github.com/tensorflow/tensorflow/b…
- CVE-2021-29557LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.22021-05-14
vulnerable: 0.12.0 ... 2.4.1 (98 versions)
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via a FPE runtime error in `tf.raw_ops.SparseMatMul`. The division by 0 occurs deep in Eigen code because the `b` tensor is em…
- CVE-2021-29558LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.32021-05-14
vulnerable: 0.12.0 ... 2.4.2 (101 versions)
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in `tf.raw_ops.SparseSplit`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/699bff5d961f0…
- CVE-2021-29559LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.22021-05-14
vulnerable: 0.12.0 ... 2.4.1 (98 versions)
TensorFlow is an end-to-end open source platform for machine learning. An attacker can access data outside of bounds of heap allocated array in `tf.raw_ops.UnicodeEncode`. This is because the implementation(https://github.com/tensorflow/te…
- CVE-2021-29560LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.32021-05-14
vulnerable: 0.12.0 ... 2.4.2 (102 versions)
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in `tf.raw_ops.RaggedTensorToTensor`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/d942…
- CVE-2021-29561LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.22021-05-14
vulnerable: 0.12.0 ... 2.4.1 (98 versions)
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service by exploiting a `CHECK`-failure coming from `tf.raw_ops.LoadAndRemapMatrix`. This is because the implementation(https://github…
- CVE-2021-29562LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.22021-05-14
vulnerable: 0.12.0 ... 2.4.1 (98 versions)
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service by exploiting a `CHECK`-failure coming from the implementation of `tf.raw_ops.IRFFT`. The fix will be included in TensorFlow 2…
- CVE-2021-29563LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.32021-05-14
vulnerable: 0.12.0 ... 2.4.2 (102 versions)
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service by exploiting a `CHECK`-failure coming from the implementation of `tf.raw_ops.RFFT`. Eigen code operating on an empty matrix c…
- CVE-2021-29564LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.22021-05-14
vulnerable: 0.12.0 ... 2.4.1 (98 versions)
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a null pointer dereference in the implementation of `tf.raw_ops.EditDistance`. This is because the implementation(https://github.com/tensorflow/…
- CVE-2021-29565LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.22021-05-14
vulnerable: 0.12.0 ... 2.4.1 (98 versions)
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a null pointer dereference in the implementation of `tf.raw_ops.SparseFillEmptyRows`. This is because of missing validation(https://github.com/t…
- CVE-2021-29566LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.32021-05-14
vulnerable: 0.12.0 ... 2.4.2 (102 versions)
TensorFlow is an end-to-end open source platform for machine learning. An attacker can write outside the bounds of heap allocated arrays by passing invalid arguments to `tf.raw_ops.Dilation2DBackpropInput`. This is because the implementati…
- CVE-2021-29567LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.22021-05-14
vulnerable: 0.12.0 ... 2.4.1 (98 versions)
TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in `tf.raw_ops.SparseDenseCwiseMul`, an attacker can trigger denial of service via `CHECK`-fails or accesses to outside the bounds of heap all…
- CVE-2021-29568LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.32021-05-14
vulnerable: 0.12.0 ... 2.4.2 (102 versions)
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger undefined behavior by binding to null pointer in `tf.raw_ops.ParameterizedTruncatedNormal`. This is because the implementation(https://github.co…
- CVE-2021-29569LOWCVSS 2.5EG 2.5✓ Fixed in 2.4.22021-05-14
vulnerable: 0.12.0 ... 2.4.1 (98 versions)
TensorFlow is an end-to-end open source platform for machine learning. The implementation of `tf.raw_ops.MaxPoolGradWithArgmax` can cause reads outside of bounds of heap allocated data if attacker supplies specially crafted inputs. The imp…
Check whether tensorflow is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for tensorflow CVEs against the assets you own.
Start Free Scan →