170 matches found
PYSEC-2020-317
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the Shard API in TensorFlow expects the last argument to be a function taking two int64 i.e., long long arguments. However, there are several places in TensorFlow where a lambda taking int or int32 arguments is being used. In...
PYSEC-2020-321
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, changing the TensorFlow's SavedModel protocol buffer and altering the name of required keys results in segfaults and data corruption while loading the model. This can cause a denial of service in products using tensorflow-servin...
PYSEC-2020-286
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, changing the TensorFlow's SavedModel protocol buffer and altering the name of required keys results in segfaults and data corruption while loading the model. This can cause a denial of service in products using tensorflow-servin...
PYSEC-2020-321
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, changing the TensorFlow's SavedModel protocol buffer and altering the name of required keys results in segfaults and data corruption while loading the model. This can cause a denial of service in products using tensorflow-servin...
PYSEC-2020-129
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, changing the TensorFlow's SavedModel protocol buffer and altering the name of required keys results in segfaults and data corruption while loading the model. This can cause a denial of service in products using tensorflow-servin...
PYSEC-2020-282
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the Shard API in TensorFlow expects the last argument to be a function taking two int64 i.e., long long arguments. However, there are several places in TensorFlow where a lambda taking int or int32 arguments is being used. In...
CVE-2020-15202
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the Shard API in TensorFlow expects the last argument to be a function taking two int64 i.e., long long arguments. However, there are several places in TensorFlow where a lambda taking int or int32 arguments is being used. In...
CVE-2020-15206
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, changing the TensorFlow's SavedModel protocol buffer and altering the name of required keys results in segfaults and data corruption while loading the model. This can cause a denial of service in products using tensorflow-servin...
CVE-2020-15207
CVE-2020-15207 affects TensorFlow Lite: negative indexing support uses ResolveAxis and only debug builds validate the converted index, allowing out-of-bounds access that can cause segfaults/data corruption. Affected: TensorFlow Lite before 1.15.4, 2.0.3, 2.1.2, 2.2.1, 2.3.1. Root cause: insuffici...
GHSA-Q4QF-3FC6-8X34 Segfault and data corruption in tensorflow-lite
Impact To mimic Python's indexing with negative values, TFLite uses ResolveAxis to convert negative values to positive indices. However, the only check that the converted index is now valid is only present in debug builds:...
Denial of Service in Tensorflow
Impact Changing the TensorFlow's SavedModel protocol buffer and altering the name of required keys results in segfaults and data corruption while loading the model. This can cause a denial of service in products using tensorflow-serving or other inference-as-a-service installments. We have added...
Integer truncation in Shard API usage
Impact The Shard API in TensorFlow expects the last argument to be a function taking two int64 i.e., long long arguments: https://github.com/tensorflow/tensorflow/blob/0e68f4d3295eb0281a517c3662f6698992b7b2cf/tensorflow/core/util/worksharder.hL59-L60 However, there are several places in TensorFlo...
PT-2020-14273 · Google +1 · Tensorflow +1
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 1.15.4 TensorFlow versions prior to 2.0.3 TensorFlow versions prior to 2.1.2 TensorFlow versions prior to 2.2.1 TensorFlow versions prior to 2.3.1 Description: The Shard API in TensorFlow expects the last argument...
PT-2020-14277 · Google +1 · Tensorflow +1
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 1.15.4 TensorFlow versions prior to 2.0.3 TensorFlow versions prior to 2.1.2 TensorFlow versions prior to 2.2.1 TensorFlow versions prior to 2.3.1 Description: Changing the TensorFlow's SavedModel protocol buffer...
PT-2020-14278 · Google +1 · Tensorflow +1
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 1.15.4 TensorFlow versions prior to 2.0.3 TensorFlow versions prior to 2.1.2 TensorFlow versions prior to 2.2.1 TensorFlow versions prior to 2.3.1 Description: The issue arises from TensorFlow's attempt to mimic...
OPENSUSE-SU-2020:0953-1 Security update for mozilla-nss
This update for mozilla-nss fixes the following issues: mozilla-nss was updated to version 3.53.1 - CVE-2020-12402: Fixed a potential side channel attack during RSA key generation bsc1173032 - Fixed various FIPS issues in libfreebl3 which were causing segfaults in the test suite of chrony...
Security update for mozilla-nss (moderate)
openSUSE Security Update: Security update for mozilla-nss Announcement ID: openSUSE-SU-2020:0953-1 Rating: moderate References: 1168669 1173032 Cross-References: CVE-2020-12402 Affected Products: openSUSE Leap 15.1 An update that solves one vulnerability and has one errata is now available...
Security update for mozilla-nss (moderate)
openSUSE Security Update: Security update for mozilla-nss Announcement ID: openSUSE-SU-2020:0955-1 Rating: moderate References: 1168669 1173032 Cross-References: CVE-2020-12402 Affected Products: openSUSE Leap 15.2 An update that solves one vulnerability and has one errata is now available...
SUSE-SU-2020:1850-1 Security update for mozilla-nss
This update for mozilla-nss fixes the following issues: mozilla-nss was updated to version 3.53.1 - CVE-2020-12402: Fixed a potential side channel attack during RSA key generation bsc1173032 - Fixed various FIPS issues in libfreebl3 which were causing segfaults in the test suite of chrony...
RUSTSEC-2020-0100 Double free when calling `sys_info::disk_info` from multiple threads
Affected versions of sys-info use a static, global, list to store temporary disk information while running. The function that cleans up this list, DFCleanup, assumes a single threaded environment and will try to free the same memory twice in a multithreaded environment. This results in consistent...