CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-21233
https://notcve.org/view.php?id=CVE-2018-21233
04 May 2020 — TensorFlow before 1.7.0 has an integer overflow that causes an out-of-bounds read, possibly causing disclosure of the contents of process memory. This occurs in the DecodeBmp feature of the BMP decoder in core/kernels/decode_bmp_op.cc. ensorFlow versiones anteriores a la versión 1.7.0, tiene un desbordamiento de enteros que causa una lectura fuera de límites, posiblemente causando una revelación del contenido de la memoria del proceso. Esto ocurre en la funcionalidad DecodeBmp del decodificador BMP en el ar... • https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2018-001.md • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2020-5215 – Segmentation faultin TensorFlow when converting a Python string to tf.float16
https://notcve.org/view.php?id=CVE-2020-5215
28 Jan 2020 — In TensorFlow before 1.15.2 and 2.0.1, converting a string (from Python) to a tf.float16 value results in a segmentation fault in eager mode as the format checks for this use case are only in the graph mode. This issue can lead to denial of service in inference/training where a malicious attacker can send a data point which contains a string instead of a tf.float16 value. Similar effects can be obtained by manipulating saved models and checkpoints whereby replacing a scalar tf.float16 value with a scalar st... • https://github.com/tensorflow/tensorflow/commit/5ac1b9e24ff6afc465756edf845d2e9660bd34bf • CWE-20: Improper Input Validation CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-16778 – Heap buffer overflow in `UnsortedSegmentSum` in TensorFlow
https://notcve.org/view.php?id=CVE-2019-16778
16 Dec 2019 — In TensorFlow before 1.15, a heap buffer overflow in UnsortedSegmentSum can be produced when the Index template argument is int32. In this case data_size and num_segments fields are truncated from int64 to int32 and can produce negative numbers, resulting in accessing out of bounds heap memory. This is unlikely to be exploitable and was detected and fixed internally in TensorFlow 1.15 and 2.0. En TensorFlow versiones anteriores a 1.15, un desbordamiento de búfer de la pila puede ser producido en la función ... • https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2019-002.md • CWE-122: Heap-based Buffer Overflow CWE-681: Incorrect Conversion between Numeric Types •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7575
https://notcve.org/view.php?id=CVE-2018-7575
24 Apr 2019 — Google TensorFlow 1.7.x and earlier is affected by a Buffer Overflow vulnerability. The type of exploitation is context-dependent. Google TensorFlow versiones 1.7.X y anteriores, se ve afectado por una vulnerabilidad de desbordamiento de búfer. El tipo de explotación es: dependiente del contexto. • https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2018-004.md • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-9635
https://notcve.org/view.php?id=CVE-2019-9635
24 Apr 2019 — NULL pointer dereference in Google TensorFlow before 1.12.2 could cause a denial of service via an invalid GIF file. Desreferencia de puntero NULL en Google TensorFlow versiones anteriores a 1.12.2 podía causar una denegación de servicio mediante un archivo de GIF no válido. • https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2019-001.md • CWE-476: NULL Pointer Dereference •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-10055
https://notcve.org/view.php?id=CVE-2018-10055
24 Apr 2019 — Invalid memory access and/or a heap buffer overflow in the TensorFlow XLA compiler in Google TensorFlow before 1.7.1 could cause a crash or read from other parts of process memory via a crafted configuration file. El acceso no válido a la memoria y/o un desbordamiento de búfer en el compilador TensorFlow XLA en Google TensorFlow versiones anteriores a la 1.7.1 podría causar un cierre inesperado o leer de otras partes de la memoria de proceso a través de un archivo de configuración diseñado. • https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2018-006.md • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2018-7577
https://notcve.org/view.php?id=CVE-2018-7577
24 Apr 2019 — Memcpy parameter overlap in Google Snappy library 1.1.4, as used in Google TensorFlow before 1.7.1, could result in a crash or read from other parts of process memory. La superposición de parámetros de Memcpy en la libreria Google Snappy versión 1.1.4, tal y como se utilizaba en Google TensorFlow en las versiones anteriores a la 1.7.1, puede provocar un cierre inesperado o una lectura de otras partes de la memoria de proceso. • https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2018-005.md • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-8825
https://notcve.org/view.php?id=CVE-2018-8825
23 Apr 2019 — Google TensorFlow 1.7 and below is affected by: Buffer Overflow. The impact is: execute arbitrary code (local). Google TensorFlow, versión 1.7 y anteriores, se ve afectado por: Desbordamiento de búfer. El impacto es: ejecutar código arbitrario (local). • https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2018-003.md • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7576
https://notcve.org/view.php?id=CVE-2018-7576
23 Apr 2019 — Google TensorFlow 1.6.x and earlier is affected by: Null Pointer Dereference. The type of exploitation is: context-dependent. Google TensorFlow, versiones 1.6.x y anteriores, se ve afectado por: Desreferencia de puntero nulo. El tipo de explotación es: dependiente del contexto. • https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2018-002.md • CWE-476: NULL Pointer Dereference •