Security Bulletin: Multiple TensorFlow Vulnerabilities Affect IBM Watson Machine Learning on CP4D

Vulnerability Details

CVEID:   CVE-2021-29608
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a heap out-of-bounds and NULL pointer dereference flaw in "RaggedTensorToTensor". By using a specially-crafted model, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201858 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H)

CVEID:   CVE-2021-29585
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by division by zero in padding computation in TFLite. By crafting a model, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201878 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2021-29549
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a division by zero flaw in tf.raw_ops.QuantizedAdd. By using a specially-crafted model, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201933 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2021-29575
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a stack-based buffer overflow in the implementation of tf.raw_ops.ReverseSequence. By using a specially-crafted model, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201951 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2021-29589
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by division by zero in TFLite's implementation of `GatherNd`. By crafting a model, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201871 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2021-29593
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by division by zero in TFLite's implementation of `BatchToSpaceNd`. By crafting a model, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201899 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2021-29571
DESCRIPTION:   TensorFlow could allow a local authenticated attacker to execute arbitrary code on the system, caused by a memory corruption flaw in the implementation of tf.raw_ops.DrawBoundingBoxesV2. By using a specially-crafted model, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 4.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201947 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L)

CVEID:   CVE-2021-29616
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in the implementation of TrySimplify. By using a specially-crafted model, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201866 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2021-29597
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by division by zero in TFLite's implementation of `SpaceToBatchNd `. By crafting a model, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201895 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2021-29557
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a division by zero flaw in tf.raw_ops.SparseMatMul. By using a specially-crafted model, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201941 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2021-29603
DESCRIPTION:   TensorFlow could allow a local authenticated attacker is vulnerable to a denial of service, caused by an out-of-bounds write flaw on heap in the TFLite implementation of ArgMin/ArgMax. By using a specially-crafted model, an attacker could exploit this vulnerability to cause a denial of service condition on the system.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201853 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2021-29612
DESCRIPTION:   TensorFlow is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the Eigen implementation of tf.raw_ops.BandedTriangularSolve. By using a specially-crafted model, a local authenticated attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base score: 3.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201862 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L)

CVEID:   CVE-2021-29581
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a segfault in `CTCBeamSearchDecoder`. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201885 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2021-29553
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a heap out-of-bounds read flaw in tf.raw_ops.QuantizeAndDequantizeV3. By using a specially-crafted model, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201937 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2021-29579
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a heap-based buffer overflow in the implementation of tf.raw_ops.MaxPoolGrad. By using a specially-crafted model, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201955 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2021-29615
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a stack overflow due to recursion. By using a specially-crafted input, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201865 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2021-29598
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by division by zero in TFLite's implementation of `SVDF `. By crafting a model, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201893 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2021-29556
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a division by zero flaw in tf.raw_ops.Reverse. By using a specially-crafted model, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201940 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2021-29602
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a division by zero flaw in TFLite's implementation of "DepthwiseConv". By using a specially-crafted model, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201852 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2021-29611
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by improper validation in the SparseReshape results. By using a specially-crafted model, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 3.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201861 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L)

CVEID:   CVE-2021-29582
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a heap-based buffer overflow intf.raw_ops.Dequantize. By sending a specially-crafted request, a local authenticated attacker could overflow a buffer and cause a denial of service.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201883 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2021-29552
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a CHECK`-failure in UnsortedSegmentJoin. By using a specially-crafted model, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201936 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2021-29578
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a heap-based buffer overflow in the implementation of tf.raw_ops.FractionalAvgPoolGrad. By using a specially-crafted model, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201954 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2021-29607
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a division by improper validation in SparseAdd results. By using a specially-crafted model, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201857 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H)

CVEID:   CVE-2021-29586
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by division by zero optimized pooling implementations in TFLite. By crafting a model, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201875 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2021-29590
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a heap-based buffer overflow in TFLite's implementation of `Minimum` or `Maximum`. By crafting a model, a local authenticated attacker could overflow a buffer and cause a denial of service.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201903 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2021-29574
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in the implementation of tf.raw_ops.MaxPool3DGradGrad. By using a specially-crafted model, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201950 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2021-29619
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by improper input validation in tf.raw_ops.SparseCountSparseOutput. By using a specially-crafted input, a local authenticated attacker could exploit this vulnerability to cause a segfault.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201869 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2021-29594
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by division by zero in TFLite's convolution code. By crafting a model, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201898 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2021-29570
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a heap out-of-bounds read flaw in tf.raw_ops.MaxPoolGradWithArgmax. By using a specially-crafted model, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201946 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2021-29606
DESCRIPTION:   TensorFlow could allow a local authenticated attacker to obtain sensitive information, caused by an out-of-bounds read flaw on heap in the TFLite implementation. By using a specially-crafted model, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVSS Base score: 7.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201856 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H)

CVEID:   CVE-2021-29587
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by division by zero in TFLite's implementation of `SpaceToDepth`. By crafting a model, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201873 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2021-29591
DESCRIPTION:   TensorFlow is vulnerable to a stack-based buffer overflow, caused by an infinite loop during evaluation. By crafting a model, a local authenticated attacker could overflow a buffer and execute arbitrary code on the system or cause a denial of service.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201901 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H)

CVEID:   CVE-2021-29573
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a division by zero flaw in the implementation of tf.raw_ops.MaxPoolGradWithArgmax. By using a specially-crafted model, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201949 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2021-29618
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by improper input validation in tf.transpose. By using a specially-crafted input, a local authenticated attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201868 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2021-29595
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by division by zero in TFLite's implementation of `DepthToSpace`. By crafting a model, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201897 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2021-29569
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a heap out-of-bounds read flaw in tf.raw_ops.RequantizationRange. By using a specially-crafted model, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201945 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2021-29614
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a flaw in the implementation of tf.io.decode_raw. By using a specially-crafted model, a local authenticated attacker could exploit this vulnerability to cause interpreter to crash.
CVSS Base score: 7.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201864 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H)

CVEID:   CVE-2021-29599
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by division by zero in TFLite's implementation of `Split`. By crafting a model, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201892 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2021-29555
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a division by zero flaw in tf.raw_ops.FusedBatchNorm. By using a specially-crafted model, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201939 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2021-29601
DESCRIPTION:   TensorFlow could allow a local authenticated attacker to execute arbitrary code on the system, caused by an integer overflow in the TFLite's implementation of concatenation. By using a specially-crafted model, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 6.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201851 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H)

CVEID:   CVE-2021-29610
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by improper validation in tf.raw_ops.QuantizeAndDequantizeV2. By using a specially-crafted model, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 3.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201860 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L)

CVEID:   CVE-2021-29583
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a heap-based buffer overflow in the implementation of `tf.raw_ops.FusedBatchNorm`. By sending a specially-crafted request, a local authenticated attacker could overflow a buffer and cause a denial of service.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201880 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2021-29551
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by an out-of-bounds read flaw in the implementation of MatrixTriangularSolve. By using a specially-crafted model, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201935 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2021-29577
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a heap-based buffer overflow in the implementation of tf.raw_ops.AvgPool3DGrad. By using a specially-crafted model, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201953 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2021-29604
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a division by zero flaw in TFLite's implementation of hashtable lookup. By using a specially-crafted model, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201854 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2021-29613
DESCRIPTION:   TensorFlow could allow a local authenticated attacker to obtain sensitive information, caused by an out-of-bounds read flaw due to incomplete validation in tf.raw_ops.CTCLoss. By using a specially-crafted model, an attacker could exploit this vulnerability to obtain sensitive information, or cause a denial of service condition.
CVSS Base score: 6.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201863 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H)

CVEID:   CVE-2021-29580
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by division by an undefined behavior in implementation of 'tf.raw_ops.FractionalMaxPoolGrad'. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201887 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2021-29554
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a division by zero flaw in tf.raw_ops.DenseCountSparseOutput. By using a specially-crafted model, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201938 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2021-29600
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a division by zero flaw in TFLite's implementation of "OneHot". By using a specially-crafted model, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201850 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2021-29609
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by improper validation in the SparseAdd results. By using a specially-crafted model, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201859 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H)

CVEID:   CVE-2021-29584
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by division by an integer overflow in constructing a new tensor shape. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201879 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2021-29550
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a division by zero flaw in tf.raw_ops.FractionalAvgPool. By using a specially-crafted model, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201934 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2021-29576
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a heap-based buffer overflow in the implementation of tf.raw_ops.MaxPool3DGradGrad. By using a specially-crafted model, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201952 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2021-29605
DESCRIPTION:   TensorFlow could allow a local authenticated attacker to execute arbitrary code on the system, caused by an integer overflow in the TFLite code for allocating TFLiteIntArray. By using a specially-crafted model, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 7.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201855 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H)

CVEID:   CVE-2021-29588
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by division by zero in TFLite's implementation of `TransposeConv`. By crafting a model, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201872 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2021-29592
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a NULL pointer dereference in TFLite's `Reshape` operator. By crafting a model, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201900 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2021-29572
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in the implementation of tf.raw_ops.SdcaOptimizer. By using a specially-crafted model, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201948 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2021-29617
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a CHECK-fail in tf.strings.substr. By using a specially-crafted arguments, a local authenticated attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201867 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2021-29596
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by division by zero in TFLite's implementation of `EmbeddingLookup`. By crafting a model, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201896 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2021-29558
DESCRIPTION:   TensorFlow is vulnerable to a denial of service, caused by a heap-based buffer overflow in tf.raw_ops.SparseSplit. By using a specially-crafted model, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 2.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201942 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L)