AI Threat Alert

Google

432 AI/ML vulnerabilities tracked for Google.

432

Total CVEs

22

Pages

Page 9 of 22

Current

Severity	CVE	Headline	Package	CVSS
MEDIUM	CVE-2021-37647	TensorFlow: null deref in SparseTensor ops causes DoS	tensorflow	5.5
MEDIUM	CVE-2021-37649	TensorFlow: null ptr deref crashes inference via bad tensor	tensorflow	5.5
HIGH	CVE-2021-37635	TensorFlow: heap OOB read in sparse reduction ops	tensorflow	7.1
HIGH	CVE-2021-37641	TensorFlow: RaggedGather OOB read - heap leak + DoS	tensorflow	7.1
MEDIUM	CVE-2021-37644	TensorFlow: DoS via negative TensorListReserve input	tensorflow	5.5
MEDIUM	CVE-2021-37645	TensorFlow: integer overflow in quantize grad causes DoS	tensorflow	5.5
MEDIUM	CVE-2021-37646	TensorFlow: StringNGrams integer overflow triggers DoS	tensorflow	5.5
HIGH	CVE-2021-37650	TensorFlow: heap overflow in DatasetToTFRecord ops	tensorflow	7.8
HIGH	CVE-2021-37651	TensorFlow: heap OOB r/w in FractionalAvgPoolGrad op	tensorflow	7.8
HIGH	CVE-2021-37654	TensorFlow: OOB read/crash via ResourceGather batch_dims	tensorflow	7.1
HIGH	CVE-2021-37655	TensorFlow: OOB heap read in ResourceScatterUpdate	tensorflow	7.3
HIGH	CVE-2021-37656	TensorFlow: null ptr deref in RaggedTensorToSparse op	tensorflow	7.8
HIGH	CVE-2021-37657	TensorFlow: null ptr deref in MatrixDiagV ops	tensorflow	7.8
HIGH	CVE-2021-37658	TensorFlow: null ptr deref in MatrixSetDiagV ops	tensorflow	7.8
HIGH	CVE-2021-37659	TensorFlow: heap OOB in cwise ops enables local RCE	tensorflow	7.8
MEDIUM	CVE-2021-37661	TensorFlow: integer sign conversion DoS in boosted trees	tensorflow	5.5
HIGH	CVE-2021-37662	TensorFlow: null deref in BoostedTrees training ops	tensorflow	7.8
HIGH	CVE-2021-37664	TensorFlow: heap OOB read in BoostedTrees ops	tensorflow	7.1
HIGH	CVE-2021-37648	TensorFlow SaveV2: null ptr deref, local crash/RCE	tensorflow	7.8
HIGH	CVE-2021-37652	TensorFlow: double-free in BoostedTrees, code exec	tensorflow	7.8

Page 9 of 22