21 matches found
CVE-2020-26266
In affected versions of TensorFlow under certain cases a saved model can trigger use of uninitialized values during code execution. This is caused by having tensor buffers be filled with the default value of the type but forgetting to default initialize the quantized floating point types in Eigen...
CVE-2020-26266
creationtimestamp| type| source ---|---|--- 2020-12-11 02:34:23+00:00| seen| https://t.me/cibsecurity/19629 2020-12-11 02:37:24+00:00| seen| https://t.me/cibsecurity/19649 2020-12-11 03:25:13+00:00| seen| https://t.me/cibsecurity/19669 2020-12-11 04:25:11+00:00| seen| https://t.me/cibsecurity/196...
aglvq (=1.0.0), beacon-trellis (=0.1.0) +64 more potentially affected by CVE-2020-26266 via tensorflow (>=2.1.0 <=2.1.2)
tensorflow PYPI version =2.1.0, =3.0.0, =0.0.1, =0.2.0, =0.0.2, =0.1.0, =1.1.0, =0.2.0rc1, =0.2.0rc3 and more Source cves: CVE-2020-26266 Source advisory: OSV:PYSEC-2020-254...
c4v-py (>=0.1.0.dev1 <=0.1.0.dev202107081840) potentially affected by CVE-2020-26266 via tensorflow-cpu (=2.3.1)
tensorflow-cpu PYPI version =2.3.1 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-cpu and may be impacted: - c4v-py =0.1.0.dev1, =0.1.0.dev202107081840 Source cves: CVE-2020-26266 Source advisory: OSV:PYSEC-2020-297...
abba-python (>=0.1.6 <=0.3.0), adpred (>=1.1.2 <=1.2.7) +245 more potentially affected by CVE-2020-26266 via tensorflow (>=1.0.1 <=1.15.4)
tensorflow PYPI version =1.0.1, =0.1.6, =1.1.2, =0.0.1, =0.3.26, =0.2.0, =0.4.2, =0.1.1, =0.1.5 - autobazaar =0.1.0 - autogan =0.0.5 - automationobjectdetection-sandeepjena7 =0.0.1 - automl-lib =0.0.1 and more Source cves: CVE-2020-26266 Source advisory: OSV:PYSEC-2020-254...
accuinsight (>=1.0.62 <=3.0.0rc2), adapt-diagnostics (=1.2.0) +106 more potentially affected by CVE-2020-26266 via tensorflow (>=2.3.0 <=2.3.1)
tensorflow PYPI version =2.3.0, =1.0.62, =0.1.0, =0.0.1a0, =0.0.1, =1.0.0rc1, =20210206.0.0, =0.1.0.dev1, =0.2.4, =1.0.1.0, =1.0.3 - cardec-cite =1.1.0 and more Source cves: CVE-2020-26266 Source advisory: OSV:PYSEC-2020-254...
tensorflowjs (>=1.5.2 <=1.7.4) potentially affected by CVE-2020-26266 via tensorflow-cpu (=2.1.0)
tensorflow-cpu PYPI version =2.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-cpu and may be impacted: - tensorflowjs =1.5.2, =1.7.4 Source cves: CVE-2020-26266 Source advisory: OSV:PYSEC-2020-297...
d3m-simon (=1.2.5), easyquake (>=1.3.0 <=1.4.0) potentially affected by CVE-2020-26266 via tensorflow-gpu (=2.2.0)
tensorflow-gpu PYPI version =2.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-gpu and may be impacted: - d3m-simon =1.2.5 - easyquake =1.3.0, =1.4.0 Source cves: CVE-2020-26266 Source advisory: OSV:PYSEC-2020-332...
easyquake (>=1.1.0 <=1.2.2), epyseg (>=0.1.0 <=0.1.7) +3 more potentially affected by CVE-2020-26266 via tensorflow-gpu (>=2.1.0 <=2.1.1)
tensorflow-gpu PYPI version =2.1.0, =1.1.0, =0.1.0, =1.7.0, =1.9.5 Source cves: CVE-2020-26266 Source advisory: OSV:PYSEC-2020-332...
azureml-designer-recommender-modules (>=0.0.1 <=0.0.9), koncept (=0.2.1) +10 more potentially affected by CVE-2020-26266 via tensorflow-gpu (>=2.0.0 <=2.0.3)
tensorflow-gpu PYPI version =2.0.0, =0.0.1, =0.0.9 - koncept =0.2.1 - monk-cuda100 =0.0.1 - monk-cuda100-test =0.0.1 - monk-cuda101 =0.0.1 - monk-cuda101-test =0.0.1 - monk-keras-cuda100 =0.0.1 - monk-keras-cuda100-test =0.0.1 - monk-keras-cuda101 =0.0.1 - monk-keras-cuda101-test =0.0.1 -...
arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +49 more potentially affected by CVE-2020-26266 via tensorflow-gpu (>=1.10.1 <=1.15.4)
tensorflow-gpu PYPI version =1.10.1, =0.21.0, =0.23.0, =0.1.0, =0.1.0, =1.0.0, =0.2.3, =0.0.1, =0.0.7, =0.2.0 - keras-textclassification =0.1.6 and more Source cves: CVE-2020-26266 Source advisory: OSV:PYSEC-2020-332...
CVE-2020-26266
CVE-2020-26266 (TensorFlow) arises from use of uninitialized Eigen quantized floating point types during code execution, triggered by saved-model handling. Affected TensorFlow versions include 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0; fixes are in those same branches as indicated. The issue ...
CVE-2020-26266 Uninitialized memory access in Eigen types in TensorFlow
In affected versions of TensorFlow under certain cases a saved model can trigger use of uninitialized values during code execution. This is caused by having tensor buffers be filled with the default value of the type but forgetting to default initialize the quantized floating point types in Eigen...
deep-floorplan (=0.0.0), tensorflowtts (>=1.1.0 <=1.6.1) potentially affected by CVE-2020-26266 via tensorflow-gpu (>=2.3.0 <=2.3.1)
tensorflow-gpu PYPI version =2.3.0, =1.1.0, =1.6.1 Source cves: CVE-2020-26266 Source advisory: OSV:GHSA-QHXX-J73R-QPM2...
accuinsight (>=1.0.47 <=1.0.61), alphad3m (>=0.10.0 <=0.10.0.dev1) +86 more potentially affected by CVE-2020-26266 via tensorflow (>=2.2.0 <=2.2.1)
tensorflow PYPI version =2.2.0, =1.0.47, =0.10.0, =0.5.0, =0.2.0, =0.0.6, =1.2.0, =1.0.0, =0.0.15, =0.0.16 and more Source cves: CVE-2020-26266 Source advisory: OSV:GHSA-QHXX-J73R-QPM2...
accuinsight (>=1.0.62 <=3.0.0rc2), adapt-diagnostics (=1.2.0) +106 more potentially affected by CVE-2020-26266 via tensorflow (>=2.3.0 <=2.3.1)
tensorflow PYPI version =2.3.0, =1.0.62, =0.1.0, =0.0.1a0, =0.0.1, =1.0.0rc1, =20210206.0.0, =0.1.0.dev1, =0.2.4, =1.0.1.0, =1.0.3 - cardec-cite =1.1.0 and more Source cves: CVE-2020-26266 Source advisory: OSV:GHSA-QHXX-J73R-QPM2...
abba-python (>=0.1.6 <=0.3.0), adpred (>=1.1.2 <=1.2.7) +245 more potentially affected by CVE-2020-26266 via tensorflow (>=1.0.1 <=1.15.4)
tensorflow PYPI version =1.0.1, =0.1.6, =1.1.2, =0.0.1, =0.3.26, =0.2.0, =0.4.2, =0.1.1, =0.1.5 - autobazaar =0.1.0 - autogan =0.0.5 - automationobjectdetection-sandeepjena7 =0.0.1 - automl-lib =0.0.1 and more Source cves: CVE-2020-26266 Source advisory: OSV:GHSA-QHXX-J73R-QPM2...
azureml-designer-recommender-modules (>=0.0.1 <=0.0.9), koncept (=0.2.1) +10 more potentially affected by CVE-2020-26266 via tensorflow-gpu (>=2.0.0 <=2.0.3)
tensorflow-gpu PYPI version =2.0.0, =0.0.1, =0.0.9 - koncept =0.2.1 - monk-cuda100 =0.0.1 - monk-cuda100-test =0.0.1 - monk-cuda101 =0.0.1 - monk-cuda101-test =0.0.1 - monk-keras-cuda100 =0.0.1 - monk-keras-cuda100-test =0.0.1 - monk-keras-cuda101 =0.0.1 - monk-keras-cuda101-test =0.0.1 -...
easyquake (>=1.1.0 <=1.2.2), epyseg (>=0.1.0 <=0.1.7) +3 more potentially affected by CVE-2020-26266 via tensorflow-gpu (>=2.1.0 <=2.1.1)
tensorflow-gpu PYPI version =2.1.0, =1.1.0, =0.1.0, =1.7.0, =1.9.5 Source cves: CVE-2020-26266 Source advisory: OSV:GHSA-QHXX-J73R-QPM2...
tensorflowjs (>=1.5.2 <=1.7.4) potentially affected by CVE-2020-26266 via tensorflow-cpu (=2.1.0)
tensorflow-cpu PYPI version =2.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-cpu and may be impacted: - tensorflowjs =1.5.2, =1.7.4 Source cves: CVE-2020-26266 Source advisory: OSV:GHSA-QHXX-J73R-QPM2...