AI Threat Alert
Attack Type
Code Execution
Remote code execution (RCE) vulnerabilities in AI frameworks allow attackers to execute arbitrary code on servers running ML inference, training pipelines, or AI agent frameworks.
629
Total CVEs
32
Pages
Page 7 of 32
Current
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| HIGH | CVE-2021-37671 | TensorFlow: null-ptr deref in Map ops, local C/I/A:High | tensorflow | 7.8 |
| HIGH | CVE-2021-37676 | TensorFlow: null ptr deref in SparseFillEmptyRows op | tensorflow | 7.8 |
| HIGH | CVE-2021-37681 | TensorFlow Lite: null ptr deref crashes SVDF inference | tensorflow | 7.8 |
| HIGH | CVE-2021-37663 | TensorFlow: QuantizeV2 heap OOB/null-deref in quantization | tensorflow | 7.8 |
| HIGH | CVE-2021-37665 | TensorFlow MKL: null-ptr/heap-OOB in requantization ops | tensorflow | 7.8 |
| HIGH | CVE-2021-37678 | TensorFlow/Keras: RCE via YAML model deserialization | tensorflow | 8.8 |
| HIGH | CVE-2021-37679 | TensorFlow: heap over-read leaks memory via RaggedTensor | tensorflow | 7.8 |
| HIGH | CVE-2021-37682 | TFLite: uninitialized quant params corrupt inference | tensorflow | 7.1 |
| MEDIUM | CVE-2021-37690 | TensorFlow: use-after-free crashes training processes | tensorflow | 6.6 |
| HIGH | CVE-2021-41201 | TensorFlow: uninitialized var in Einsum allows local RCE | tensorflow | 7.8 |
| HIGH | CVE-2021-41210 | TensorFlow: heap OOB read in SparseCountSparseOutput | tensorflow | 7.1 |
| HIGH | CVE-2021-41203 | TensorFlow: malformed checkpoint triggers overflow/crash | tensorflow | 7.8 |
| HIGH | CVE-2021-41212 | TensorFlow: heap OOB read in ragged.cross shape inference | tensorflow | 7.1 |
| HIGH | CVE-2021-41214 | TensorFlow: null deref in ragged ops, local RCE | tensorflow | 7.8 |
| HIGH | CVE-2021-41219 | TensorFlow: heap OOB in sparse matrix multiply | tensorflow | 7.8 |
| HIGH | CVE-2021-41224 | TensorFlow: heap OOB read in SparseFillEmptyRows op | tensorflow | 7.1 |
| HIGH | CVE-2021-41226 | TensorFlow: heap OOB in SparseBinCount, crash/disclosure | tensorflow | 7.1 |
| HIGH | CVE-2021-41206 | TensorFlow: missing shape validation allows heap R/W | tensorflow | 7.8 |
| HIGH | CVE-2021-41208 | TensorFlow: heap R/W + DoS in boosted trees APIs | tensorflow | 7.8 |
| HIGH | CVE-2021-41216 | TensorFlow: heap overflow in Transpose via negative perm | tensorflow | 7.8 |