344 matches found
d3m-simon (=1.2.5), deep-floorplan (=0.0.0) +2 more potentially affected by CVE-2021-29585 via tensorflow-gpu (>=2.2.0 <=2.3.0)
tensorflow-gpu PYPI version =2.2.0, =1.3.0, =2.2.0, =2.2.0rc2 Source cves: CVE-2021-29585 Source advisory: OSV:PYSEC-2021-711...
d3m-simon (=1.2.5), deep-floorplan (=0.0.0) +2 more potentially affected by CVE-2021-29571 via tensorflow-gpu (>=2.2.0 <=2.3.0)
tensorflow-gpu PYPI version =2.2.0, =1.3.0, =2.2.0, =2.2.0rc2 Source cves: CVE-2021-29571 Source advisory: OSV:PYSEC-2021-697...
d3m-simon (=1.2.5), deep-floorplan (=0.0.0) +2 more potentially affected by CVE-2021-29568 via tensorflow-gpu (>=2.2.0 <=2.3.0)
tensorflow-gpu PYPI version =2.2.0, =1.3.0, =2.2.0, =2.2.0rc2 Source cves: CVE-2021-29568 Source advisory: OSV:PYSEC-2021-694...
d3m-simon (=1.2.5), deep-floorplan (=0.0.0) +2 more potentially affected by CVE-2021-29563 via tensorflow-gpu (>=2.2.0 <=2.3.0)
tensorflow-gpu PYPI version =2.2.0, =1.3.0, =2.2.0, =2.2.0rc2 Source cves: CVE-2021-29563 Source advisory: OSV:PYSEC-2021-689...
d3m-simon (=1.2.5), deep-floorplan (=0.0.0) +2 more potentially affected by CVE-2021-29551 via tensorflow-gpu (>=2.2.0 <=2.3.0)
tensorflow-gpu PYPI version =2.2.0, =1.3.0, =2.2.0, =2.2.0rc2 Source cves: CVE-2021-29551 Source advisory: OSV:PYSEC-2021-677...
d3m-simon (=1.2.5), deep-floorplan (=0.0.0) +2 more potentially affected by CVE-2021-29549 via tensorflow-gpu (>=2.2.0 <=2.3.0)
tensorflow-gpu PYPI version =2.2.0, =1.3.0, =2.2.0, =2.2.0rc2 Source cves: CVE-2021-29549 Source advisory: OSV:PYSEC-2021-675...
d3m-simon (=1.2.5), deep-floorplan (=0.0.0) +2 more potentially affected by CVE-2021-29543 via tensorflow-gpu (>=2.2.0 <=2.3.0)
tensorflow-gpu PYPI version =2.2.0, =1.3.0, =2.2.0, =2.2.0rc2 Source cves: CVE-2021-29543 Source advisory: OSV:PYSEC-2021-669...
d3m-simon (=1.2.5), deep-floorplan (=0.0.0) +2 more potentially affected by CVE-2021-29535 via tensorflow-gpu (>=2.2.0 <=2.3.0)
tensorflow-gpu PYPI version =2.2.0, =1.3.0, =2.2.0, =2.2.0rc2 Source cves: CVE-2021-29535 Source advisory: OSV:PYSEC-2021-661...
d3m-simon (=1.2.5), deep-floorplan (=0.0.0) +2 more potentially affected by CVE-2021-29533 via tensorflow-gpu (>=2.2.0 <=2.3.0)
tensorflow-gpu PYPI version =2.2.0, =1.3.0, =2.2.0, =2.2.0rc2 Source cves: CVE-2021-29533 Source advisory: OSV:PYSEC-2021-659...
d3m-simon (=1.2.5), deep-floorplan (=0.0.0) +2 more potentially affected by CVE-2021-29532 via tensorflow-gpu (>=2.2.0 <=2.3.0)
tensorflow-gpu PYPI version =2.2.0, =1.3.0, =2.2.0, =2.2.0rc2 Source cves: CVE-2021-29532 Source advisory: OSV:PYSEC-2021-658...
ai.konduit.serving:konduit-serving-clients (>=0.0.2 <=0.3.0), ai.konduit.serving:konduit-serving-distro-bom (>=0.0.2 <=0.3.0) +195 more potentially affected by CVE-2021-21364 via io.swagger:swagger-codegen (>=2.1.1 <=2.4.18)
io.swagger:swagger-codegen MAVEN version =2.1.1, =0.0.2, =0.0.2, =0.1-1, =1.1, =0.1.13, =1.0.1, =1.1, =1.3, =0.12, =1.1.6, =1.1.7 and more Source cves: CVE-2021-21364 Source advisory: OSV:GHSA-HPV8-9RQ5-HQ7W...
ai.konduit.serving:konduit-serving-clients (>=0.0.2 <=0.3.0), ai.konduit.serving:konduit-serving-distro-bom (>=0.0.2 <=0.3.0) +195 more potentially affected by CVE-2021-21363 via io.swagger:swagger-codegen (>=2.1.1 <=2.4.18)
io.swagger:swagger-codegen MAVEN version =2.1.1, =0.0.2, =0.0.2, =0.1-1, =1.1, =0.1.13, =1.0.1, =1.1, =1.3, =0.12, =1.1.6, =1.1.7 and more Source cves: CVE-2021-21363 Source advisory: OSV:GHSA-PC22-3G76-GM6J...
Google TensorFlow Input Validation Error Vulnerability (CNVD-2020-55182)
Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. An input validation error vulnerability exists in Tensorflow versions prior to 1.15.4, 2.0.3, 2.1.2, 2.2.1, 2.3.1, and 2.3.1, which stems from the program's failure to adequately perform path...
PYSEC-2020-274
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the SparseFillEmptyRowsGrad implementation has incomplete validation of the shapes of its arguments. Although reverseindexmapt and gradvaluest are accessed in a similar pattern, only reverseindexmapt is validated to be of proper...
PYSEC-2020-321
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, changing the TensorFlow's SavedModel protocol buffer and altering the name of required keys results in segfaults and data corruption while loading the model. This can cause a denial of service in products using tensorflow-servin...
PYSEC-2020-129
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, changing the TensorFlow's SavedModel protocol buffer and altering the name of required keys results in segfaults and data corruption while loading the model. This can cause a denial of service in products using tensorflow-servin...
PT-2020-14277 · Google +1 · Tensorflow +1
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 1.15.4 TensorFlow versions prior to 2.0.3 TensorFlow versions prior to 2.1.2 TensorFlow versions prior to 2.2.1 TensorFlow versions prior to 2.3.1 Description: Changing the TensorFlow's SavedModel protocol buffer...
Ruby on Rails: XSS by file (Active Storage `Proxying`)
Hello, I've seen similar issues with 407319 and 429868 occur with Active Storage's new File serving strategies Proxying. Commit is https://github.com/rails/rails/commit/dfb5a82b259e134eac89784ac4ace0c44d1b4aee. ruby...
Directory Traversal
Overview rollup-plugin-serve-favicon is a rollup plugin to serve bundles. Affected versions of this package are vulnerable to Directory Traversal. There is no path sanitization in readFile operation. PoC by JHU System Security Lab Step 1: start a server var server = require"rollup-plugin-serve";...
Directory Traversal
Overview rollup-plugin-server is a rollup plugin to serve the bundle. Affected versions of this package are vulnerable to Directory Traversal. There is no path sanitization in readFile operation performed inside the readFileFromContentBase function. PoC by JHU System Security Lab 1. Create a serv...