CVE-2023-27536 affecting package tensorflow for versions less than 2.16.1-1

CVE-2023-27536 affecting package tensorflow for versions less than 2.16.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2023-38039 affecting package tensorflow for versions less than 2.16.1-1

CVE-2023-38039 affecting package tensorflow for versions less than 2.16.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2023-28320 affecting package tensorflow for versions less than 2.16.1-1

CVE-2023-28320 affecting package tensorflow for versions less than 2.16.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2023-29941 affecting package tensorflow for versions less than 2.16.1-1

CVE-2023-29941 affecting package tensorflow for versions less than 2.16.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2023-27535 affecting package tensorflow for versions less than 2.16.1-1

CVE-2023-27535 affecting package tensorflow for versions less than 2.16.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2022-42915 affecting package tensorflow for versions less than 2.16.1-1

CVE-2022-42915 affecting package tensorflow for versions less than 2.16.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2022-3857 affecting package tensorflow for versions less than 2.16.1-1

CVE-2022-3857 affecting package tensorflow for versions less than 2.16.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2023-27538 affecting package tensorflow for versions less than 2.16.1-1

CVE-2023-27538 affecting package tensorflow for versions less than 2.16.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2022-43552 affecting package tensorflow for versions less than 2.16.1-1

CVE-2022-43552 affecting package tensorflow for versions less than 2.16.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2022-32221 affecting package tensorflow for versions less than 2.16.1-1

CVE-2022-32221 affecting package tensorflow for versions less than 2.16.1-1. An upgraded version of the package is available that resolves this issue...

Keras code injection vulnerability

A arbitrary code injection vulnerability in TensorFlow's Keras framework 2.13 allows attackers to execute arbitrary code with the same permissions as the application using a model that allow arbitrary code irrespective of the application...

CVE-2024-3660

A arbitrary code injection vulnerability in TensorFlow's Keras framework 2.13 allows attackers to execute arbitrary code with the same permissions as the application using a model that allow arbitrary code irrespective of the application...

CVE-2024-3660

CVE-2024-3660 is an arbitrary code execution vulnerability in TensorFlow Keras (

CVE-2024-3660 Arbitrary code injection vulnerability in Keras framework < 2.13

A arbitrary code injection vulnerability in TensorFlow's Keras framework 2.13 allows attackers to execute arbitrary code with the same permissions as the application using a model that allow arbitrary code irrespective of the application...

Keras 2 Lambda Layers Allow Arbitrary Code Injection in TensorFlow Models

Overview Lambda Layers in third party TensorFlow-based Keras models allow attackers to inject arbitrary code into versions built prior to Keras 2.13 that may then unsafely run with the same permissions as the running application. For example, an attacker could use this feature to trojanize a...

BIT-TENSORFLOW-2020-15190 Segfault in Tensorflow

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the tf.rawops.Switch operation takes as input a tensor and a boolean and outputs two tensors. Depending on the boolean value, one of the tensors is exactly the input tensor whereas the other one should be an empty tensor. Howeve...

BIT-TENSORFLOW-2020-15191 Undefined behavior in Tensorflow

In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an invalid argument to dlpack.todlpack the expected validations will cause variables to bind to nullptr while setting a status variable to the error condition. However, this status argument is not properly checked. Hence, code...

BIT-TENSORFLOW-2020-15192 Memory leak in Tensorflow

In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes a list of strings to dlpack.todlpack there is a memory leak following an expected validation failure. The issue occurs because the status argument during validation failures is not properly checked. Since each of the above methods ca...

BIT-TENSORFLOW-2020-15193 Memory corruption in Tensorflow

In Tensorflow before versions 2.2.1 and 2.3.1, the implementation of dlpack.todlpack can be made to use uninitialized memory resulting in further memory corruption. This is because the pybind11 glue code assumes that the argument is a tensor. However, there is nothing stopping users from passing ...

BIT-TENSORFLOW-2020-15194 Denial of Service in Tensorflow

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the SparseFillEmptyRowsGrad implementation has incomplete validation of the shapes of its arguments. Although reverseindexmapt and gradvaluest are accessed in a similar pattern, only reverseindexmapt is validated to be of proper...