Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in TensorFlow

Summary

IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of TensorFlow.

Vulnerability Details

CVEID:CVE-2021-37635
**DESCRIPTION:**TensorFlow could allow a local authenticated attacker to obtain sensitive information, caused by a heap out-of-bounds read flaw in the implementation of sparse reduction operations. By sending a specially-crafted request, an attacker could exploit this vulnerability to read from outside of bounds of heap allocated data, or cause a denial of service condition.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/207544 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H)

CVEID:CVE-2021-37636
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a division by zero flaw in the implementation of “tf.raw_ops.SparseDenseCwiseDiv”. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/207342 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2021-37637
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in the implementation of “tf.raw_ops.CompressElement”. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/207343 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2021-37638
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in the implementation of “tf.raw_ops.RaggedTensorToTensor”. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/207344 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H)

CVEID:CVE-2021-37639
**DESCRIPTION:**TensorFlow could allow a local attacker to obtain sensitive information, caused by a NULL pointer dereference and heap out-of-bounds read flaw when restoring tensors via raw APIs. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service condition.
CVSS Base score: 7.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/207345 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H)

CVEID:CVE-2021-37640
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a division by zero flaw in the implementation of “tf.raw_ops.SparseReshape”. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/207346 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2021-37641
**DESCRIPTION:**TensorFlow could allow a local authenticated attacker to obtain sensitive information, caused by a heap out-of-bounds read flaw in the implementation of “tf.raw_ops.RaggedGather”. By sending a specially-crafted arguments, an attacker could exploit this vulnerability to read from outside of bounds of heap allocated buffers, or cause a denial of service condition.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/207545 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H)

CVEID:CVE-2021-37642
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a division by zero flaw in the implementation of “tf.raw_ops.ResourceScatterDiv”. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/207347 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2021-37643
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in the implementation of “tf.raw_ops.MatrixDiagPartOp”. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/207348 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2021-37644
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by improper input validation by the implementation of “tf.raw_ops.TensorListReserve”. By sending specially-crafted arguments, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/207546 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2021-37645
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by an integer overflow in the implementation of “tf.raw_ops.QuantizeAndDequantizeV4Grad”. By converting a signed integer value to an unsigned one and then allocating memory based on this value, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/207547 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2021-37646
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by an integer overflow in the implementation of “tf.raw_ops.StringNGrams”. By converting a signed integer value to an unsigned one and then allocating memory based on this value, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/207548 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2021-37647
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in the implementation of “tf.raw_ops.SparseTensorSliceDataset”. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/207349 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H)

CVEID:CVE-2021-37648
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by improper input validation by the implementation of “tf.raw_ops.SaveV2”. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/207549 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2021-37649
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in the implementation of “tf.raw_ops.UncompressElement”. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/207350 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H)

CVEID:CVE-2021-37650
**DESCRIPTION:**TensorFlow is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the implementation for “tf.raw_ops.ExperimentalDatasetToTFRecord”. By sending a specially-crafted request, a local authenticated attacker could overflow a buffer and execute arbitrary code or a segmentation fault on the system .
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/207550 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2021-37651
**DESCRIPTION:**TensorFlow is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the implementation of “tf.raw_ops.FractionalAvgPoolGrad”. By sending a specially-crafted request, a local authenticated attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base score: 7.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/207551 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)

CVEID:CVE-2021-37652
**DESCRIPTION:**TensorFlow could allow a local authenticated attacker to execute arbitrary code on the system, caused by a use-after-free in the implementation for tf.raw_ops.BoostedTreesCreateEnsemble. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/207552 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2021-37653
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a division by zero flaw in the implementation of “tf.raw_ops.ResourceGather”. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/207351 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2021-37654
**DESCRIPTION:**TensorFlow could allow a local authenticated attacker to obtain sensitive information, caused by a heap out-of-bounds read and CHECK fail in the implementation of “tf.raw_ops.ResourceGather”. By binding a reference to a null pointer, an attacker could exploit this vulnerability to read from outside the bounds of heap allocated data, or cause the application to crash.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/207525 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H)

CVEID:CVE-2021-37655
**DESCRIPTION:**TensorFlow could allow a local authenticated attacker to obtain sensitive information, caused by a heap out-of-bounds read in the implementation of “tf.raw_ops.ResourceScatterUpdate”. By sending a specially-crafted HTTP request, an attacker could exploit this vulnerability to read from outside the bounds of heap allocated data, or cause the application to crash.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/207531 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H)

CVEID:CVE-2021-37656
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by an incomplete validation of the splits values. By binding a reference to null pointer in “tf.raw_ops.RaggedTensorToSparse”, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/207532 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H)

CVEID:CVE-2021-37657
**DESCRIPTION:*TensorFlow is vulnerable to a denial of service, caused by an incomplete validation that the value of k is a valid tensor. By binding a reference to null pointer in all operations of type tf.raw_ops.MatrixDiagV, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/207533 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H)

CVEID:CVE-2021-37658
**DESCRIPTION:*TensorFlow is vulnerable to a denial of service, caused by an incomplete validation that the value of k is a valid tensor. By binding a reference to null pointer in all operations of type tf.raw_ops.MatrixSetDiagV, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/207534 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H)

CVEID:CVE-2021-37659
**DESCRIPTION:**TensorFlow could allow a local authenticated attacker to obtain sensitive information, caused by a heap out-of-bounds read and CHECK fail in the implementation of “tf.raw_ops.SqrtGrad”. By binding a reference to null pointer in all binary cwise operations, an attacker could exploit this vulnerability to read from outside the bounds of heap allocated data, or cause the application to crash.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/207535 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H)

CVEID:CVE-2021-37660
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a division by zero flaw in the inplace operations. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/207352 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2021-37661
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by not validate that num_streams only contains non-negative numbers in boosted_trees_create_quantile_stream_resource. By using negative arguments, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/207536 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2021-37662
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by not validating the input values. By binding a reference to null pointer in BoostedTreesCalculateBestGainsPerFeature, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/207537 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H)

CVEID:CVE-2021-37663
**DESCRIPTION:**TensorFlow could allow a local authenticated attacker to obtain sensitive information, caused by incomplete validation in the implementation of tf.raw_ops.QuantizeV2. By binding a reference to a null pointer, an attacker could exploit this vulnerability to read from outside the bounds of heap allocated arrays, or cause the application to crash.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/207538 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2021-37664
**DESCRIPTION:**TensorFlow could allow a local authenticated attacker to obtain sensitive information, caused by a heap out-of-bounds read in the implementation of “tf.raw_ops.BoostedTreesSparseCalculateBestFeatureSplit”. By sending specially-crafted illegal arguments, an attacker could exploit this vulnerability to read from outside the bounds of heap allocated data, or cause the application to crash.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/207539 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H)

CVEID:CVE-2021-37665
**DESCRIPTION:**TensorFlow could allow a local authenticated attacker to execute arbitrary code on the system, caused by an incomplete validation in MKL implementation of requantization. By sending specially-crafted input arguments, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/207432 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2021-37666
**DESCRIPTION:**TensorFlow could allow a local authenticated attacker to execute arbitrary code on the system, caused by an incomplete validation of the splits values. By binding a reference to null pointer in “tf.raw_ops.RaggedTensorToVariant”, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/207433 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2021-37667
**DESCRIPTION:**TensorFlow could allow a local authenticated attacker to execute arbitrary code on the system, caused by an incomplete validation of the first dimension of the input_splits tensor. By binding a reference to null pointer in “tf.raw_ops.UnicodeEncode”, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/207434 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2021-37668
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a a division by zero flaw in the “tf.raw_ops.UnravelIndex” implementation. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/207435 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2021-37669
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a a division by zero flaw in the “tf.raw_ops.NonMaxSuppressionV5” implementation. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/207436 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2021-37670
**DESCRIPTION:**TensorFlow could allow a remote attacker to obtain sensitive information, caused by a heap out-of-bounds read flaw. By sending a specially-crafted illegal arguments to “tf.raw_ops.UpperBound”, an attacker could exploit this vulnerability to read from outside of bounds of heap allocated data, and use this information to launch further attacks against the affected system.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/207437 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

CVEID:CVE-2021-37671
**DESCRIPTION:TensorFlow could allow a local authenticated attacker to execute arbitrary code on the system, caused by not checking if “indices” is not empty. By binding a reference to null pointer in "tf.raw_ops.Map" and "tf.raw_ops.OrderedMap", an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/207438 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2021-37672
**DESCRIPTION:**TensorFlow could allow a local authenticated attacker to obtain sensitive information, caused by heap out-of-bounds read flaw. By sending specially-crafted illegal arguments to “tf.raw_ops.SdcaOptimizerV2”, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/207439 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

CVEID:CVE-2021-37673
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by CHECK-fail in MapStage. By executing a specially-crafted file, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/207477 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2021-37674
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by incomplete validation in MaxPoolGrad. By executing a specially-crafted file, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/207476 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2021-37675
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by division by 0 in most convolution operators. By executing a specially-crafted file, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/207475 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2021-37676
**DESCRIPTION:**TensorFlow could provide weaker than expected security, caused by a flaw in the shape inference implementation. By binding a reference to null pointer in tf.raw_ops.SparseFillEmptyRows, a local authenticated attacker could exploit this vulnerability to cause undefined behavior.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/207474 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2021-37677
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by missing validation in shape inference for Dequantize. By executing a specially-crafted file, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/207473 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2021-37679
**DESCRIPTION:**TensorFlow could allow a local authenticated attacker to obtain sensitive information, caused by heap out-of-bounds in nested tf.map_fn with RaggedTensors. By executing a specially-crafted file, an attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base score: 7.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/207471 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N)

CVEID:CVE-2021-37680
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a division by zero in TFLite.By executing a specially-crafted program, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/207470 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2021-37681
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a NULL pointer exception in TFLite. By executing a specially-crafted program, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/207469 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2021-37682
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by the use of initialized value in TFLite. By executing a specially-crafted program, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 4.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/207468 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L)

CVEID:CVE-2021-37683
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a division by zero flaw in the implementation of division in TFLite. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/207440 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2021-37684
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a division by zero flaw in the implementation of pooling in TFLite . By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/207441 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2021-37685
**DESCRIPTION:**TensorFlow could allow a local authenticated attacker to obtain sensitive information, caused by a heap out-of-bounds read flaw in expand_dims.cc in TFLite. By sending a specially-crafted request, an attacker could exploit this vulnerability to read one element outside of bounds of heap allocated data, and use this information to launch further attacks against the affected system.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/207442 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

CVEID:CVE-2021-37686
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by an infinite loop flaw in the strided slice implementation in TFLite. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/207443 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2021-37687
**DESCRIPTION:**TensorFlow could allow a local authenticated attacker to obtain sensitive information, caused by a heap out-of-bounds read flaw in the GatherNd implementation in TFLite. By using a specially-crafted model with negative values in indices, an attacker could exploit this vulnerability to read arbitrary data from the heap, and use this information to launch further attacks against the affected system.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/207444 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

CVEID:CVE-2021-37688
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in TFLite. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/207445 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2021-37689
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a NULL pointer dereference in TFLite MLIR optimizations. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/207446 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2021-37690
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a use-after-free and segfault flaw in shape inference functions. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/207447 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2021-37691
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a division by zero flaw in LSH in in TFLite. By using a specially-crafted TFLite model, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/207448 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2021-37692
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a segfault in string deallocation in the Go code. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/207449 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2021-41222
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a segmentation fault in ‘SplitV’. By sending a specially-crafted request using at least one negative value in the size_splits parameter, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/213052 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2021-41226
**DESCRIPTION:**TensorFlow could allow a remote attacker to execute arbitrary code on the system, caused by a heap OOB access in ‘SparseBinCount’. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/213048 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2021-41218
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by an integer division by 0 in ‘tf.raw_ops.AllToAll’. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/213020 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2021-41219
**DESCRIPTION:**TensorFlow could provide weaker than expected security, caused by undefined behavior in sparse matrix multiplication. By binding a reference to ‘nullptr’, remote attacker could exploit this vulnerability to launch further attacks on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/213018 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2021-41225
**DESCRIPTION:**TensorFlow could provide weaker than expected security, caused by the use of an uninitialized variable. A remote attacker could exploit this vulnerability to launch further attacks on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/213051 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2021-41227
**DESCRIPTION:**TensorFlow could allow a remote attacker to obtain sensitive information, caused by arbitrary memory read in ‘ImmutableConst’. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/213047 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID:CVE-2021-41223
**DESCRIPTION:**TensorFlow could allow a remote attacker to execute arbitrary code on the system, caused by a heap OOB access in ‘FusedBatchNorm’. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/213050 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2021-41215
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by NULL pointer exception in ‘DeserializeSparse’. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/213025 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2021-41220
**DESCRIPTION:**TensorFlow could allow a remote attacker to execute arbitrary code on the system, caused by an use-after-free and memory leak in ‘CollectiveReduceV2’. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/213017 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2021-41221
**DESCRIPTION:*TensorFlow is vulnerable to a heap-based buffer overflow, caused by invalid memory accessing during shape inference in 'Cudnn’ ops. By sending a specially-crafted request, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/213015 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2021-41224
**DESCRIPTION:**TensorFlow could allow a remote attacker to execute arbitrary code on the system, caused by a heap OOB access in ‘SparseFillEmptyRows’. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/213049 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2021-41217
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by NULL pointer exception when ‘Exit’ node is not preceded by ‘Enter’ op. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/213022 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2021-41206
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by incomplete validation of shapes in multiple TF ops. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause undefined behavior and segfault.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/213598 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2021-41197
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by an overflow and CHECK-fail in ops with large tensor shapes. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause a crash.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/213612 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2021-41214
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by the reference binding to nullptr in tf.ragged.cross. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/213587 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2021-41210
**DESCRIPTION:**TensorFlow could allow a local attacker to execute arbitrary code on the system, caused by a heap OOB read in tf.raw_ops.SparseCountSparseOutput. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 8.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/213592 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2021-41201
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by unitialized access in EinsumHelper::ParseEquation. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause a crash.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/213606 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2021-41209
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by the FPE in convolutions with zero size filters. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/213595 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2021-41200
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by incomplete validation in tf.summary.create_file_writer. By sending a specially-crafted request using non-scalar arguments, a local attacker could exploit this vulnerability to cause a crash.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/213607 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2021-41205
**DESCRIPTION:**TensorFlow could allow a local attacker to execute arbitrary code on the system, caused by a heap OOB read in all tf.raw_ops.QuantizeAndDequantizeV* ops. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 8.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/213599 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2021-41196
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a flaw in max_pool3d when size argument is 0 or negative. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause a crash.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/213613 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2021-41213
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a deadlock in mutually recursive tf.function objects. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/213588 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2021-41212
**DESCRIPTION:**TensorFlow could allow a local attacker to execute arbitrary code on the system, caused by a heap OOB read in tf.ragged.cross. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 8.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/213589 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2021-41208
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by incomplete validation in boosted trees code. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/213596 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2021-41199
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by an overflow in tf.image.resize when the input size is larger than expected. By sending a specially-crafted request using a large input argument, a local attacker could exploit this vulnerability to cause a crash.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/213608 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2021-41204
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a segfault while copying constant resource tensor. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause a crash.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/213600 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2021-41195
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a flaw in tf.math.segment_* operations. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause a crash.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/213614 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2021-41211
**DESCRIPTION:**TensorFlow could allow a local attacker to execute arbitrary code on the system, caused by a heap OOB in shape inference for QuantizeV2. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 8.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/213590 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2021-41202
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by a buffer overflow in tf.range. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause a crash.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/213605 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2021-41207
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by FPE in ParallelConcat. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/213597 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2021-41198
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by an overflow in tf.tile when the input size is larger than expected. By sending a specially-crafted request using a large input argument, a local attacker could exploit this vulnerability to cause a crash.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/213610 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2021-41203
**DESCRIPTION:**TensorFlow is vulnerable to a denial of service, caused by missing validation during checkpoint loading. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause undefined behavior, integer overflows, segfaults.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/213604 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

Affected Product(s)	Version(s)
Watson Discovery	4.0.0-4.0.3
Watson Discovery	2.0.0-2.2.1

Remediation/Fixes

Upgrade to IBM Watson Discovery 4.0.4

Upgrade to IBM Watson Discovery 2.2.1 and apply cpd-watson-discovery-2.2.1-patch-6

<https://cloud.ibm.com/docs/discovery-data?topic=discovery-data-install&gt;

<https://www.ibm.com/support/pages/available-patches-watson-discovery-ibm-cloud-pak-data&gt;

Workarounds and Mitigations

None