10 matches found
openSUSE Security Update : tensorflow2 (openSUSE-2020-1766)
This update for tensorflow2 fixes the following issues : - updated to 2.1.2 with following fixes boo1177022 : - Fixes an undefined behavior causing a segfault in tf.rawops.Switch CVE-2020-15190 - Fixes three vulnerabilities in conversion to DLPack format CVE-2020-15191, CVE-2020-15192,...
arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +163 more potentially affected by CVE-2020-15191 via tensorflow-gpu (>=1.10.1 <=2.2.0)
tensorflow-gpu PYPI version =1.10.1, =0.21.0, =0.23.0, =0.9.2, =0.1.0, =0.0.1, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - cctv-analysis =0.0.2 - chatbot-nlu =1.0.0 - classitransformers =0.0.1 and more Source cves: CVE-2020-15191 Source advisory: OSV:PYSEC-2020-306...
125softnlp (=0.0.1), a2 (>=0.10.11 <=0.10.13) +4695 more potentially affected by CVE-2020-15191 via tensorflow (>=1.0.1 <=2.2.0)
tensorflow PYPI version =1.0.1, =0.10.11, =0.1.0, =0.0.0, =0.6.0, =0.1.6, =1.0.0, =0.0.1, =0.2.0, =0.6.0, =0.1.0, =0.1.0, =0.2.0 and more Source cves: CVE-2020-15191 Source advisory: OSV:PYSEC-2020-114...
a62-emotion (>=0.10.12 <=0.11.4), agent-atm (>=0.1.0 <=0.1.1) +98 more potentially affected by CVE-2020-15191 via tensorflow-cpu (>=1.15.0 <=2.2.0)
tensorflow-cpu PYPI version =1.15.0, =0.10.12, =0.1.0, =2.0.0, =2.0.0, =1.0.0, =0.0.5, =0.3.0, =0.0.1, =0.8.1, =0.1.1, =1.3.0, =0.0.1, =0.3.3 and more Source cves: CVE-2020-15191 Source advisory: OSV:PYSEC-2020-271...
CVE-2020-15191 Undefined behavior in Tensorflow
In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an invalid argument to dlpack.todlpack the expected validations will cause variables to bind to nullptr while setting a status variable to the error condition. However, this status argument is not properly checked. Hence, code...
CVE-2020-15191
CVE-2020-15191 is a TensorFlow vulnerability affecting dlpack.to_dlpack. In TF versions prior to 2.2.1 and 2.3.1, passing an invalid argument to to_dlpack allows the code to bind references to null pointers due to improper status handling, leading to undefined behavior when compiled with -fsaniti...
adapt-diagnostics (=1.2.0), adversarial-friend (=1.1.8) +64 more potentially affected by CVE-2020-15191 via tensorflow (=2.3.0)
tensorflow PYPI version =2.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow and may be impacted: - adapt-diagnostics =1.2.0 - adversarial-friend =1.1.8 - aliby-baby =0.1.0, =0.0.1a0, =0.0.1, =1.0.1.0, =0.1.0, =2.0.0, =0.1.0, =0.0.17, =0.1...
pycnet-audio (>=0.5.1 <=0.5.8) potentially affected by CVE-2020-15191 via tensorflow-cpu (=2.2.0)
tensorflow-cpu PYPI version =2.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-cpu and may be impacted: - pycnet-audio =0.5.1, =0.5.8 Source cves: CVE-2020-15191 Source advisory: OSV:GHSA-Q8QJ-FC9Q-CPHR...
accuinsight (>=1.0.47 <=1.0.61), alphad3m (>=0.10.0 <=0.10.0.dev1) +82 more potentially affected by CVE-2020-15191 via tensorflow (=2.2.0)
tensorflow PYPI version =2.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow and may be impacted: - accuinsight =1.0.47, =0.10.0, =0.5.0, =0.2.0, =0.0.6, =1.2.0, =1.0.0, =0.0.15, =0.0.16 and more Source cves: CVE-2020-15191 Source advisory...
d3m-simon (=1.2.5), easyquake (>=1.3.0 <=1.4.0) potentially affected by CVE-2020-15191 via tensorflow-gpu (=2.2.0)
tensorflow-gpu PYPI version =2.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-gpu and may be impacted: - d3m-simon =1.2.5 - easyquake =1.3.0, =1.4.0 Source cves: CVE-2020-15191 Source advisory: OSV:GHSA-Q8QJ-FC9Q-CPHR...