Lucene search
K

87 matches found

OSV
OSV
added 2020/11/18 5:15 p.m.7 views

AZL-38452 CVE-2020-28366 affecting package python-tensorboard for versions less than 2.16.2-1

Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file...

7.5CVSS7.8AI score0.02244EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/17 11:4 p.m.11 views

Security Bulletin: WML CE: TensorBoard: Node.js lodash module is vulnerable to a denial of service, caused by a prototype pollution attack.

Summary Node.js lodash module is vulnerable to a denial of service, caused by a prototype pollution attack. TensorBoard uses lodash. A remote attacker could exploit this vulnerability using the merge, mergeWith, and defaultsDeep functions to inject properties onto Object.prototype to crash the...

2.2AI score
Exploits0Affected Software1
OSV
OSV
added 2020/07/17 4:15 p.m.8 views

AZL-38206 CVE-2020-15586 affecting package python-tensorboard for versions less than 2.16.2-1

Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time...

5.9CVSS6.8AI score0.02893EPSS
Exploits0References1
OSV
OSV
added 2019/08/13 9:15 p.m.6 views

AZL-38449 CVE-2019-9512 affecting package python-tensorboard for versions less than 2.16.2-1

Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU,...

7.5CVSS7.3AI score0.83433EPSS
Exploits1References1
OSV
OSV
added 2019/08/13 9:15 p.m.5 views

AZL-38389 CVE-2019-9514 affecting package python-tensorboard for versions less than 2.16.2-1

Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RSTSTREAM frames from the peer. Depending on how the peer queues the...

7.5CVSS7.3AI score0.82813EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2019/07/01 5:40 p.m.29 views

Security Bulletin: vulnerability in urllib3 library embedded into Tensorboard PowerAI CVE-2019-11324

Summary The urllib3 1.24.1 library mishandles SSL connections in certain cases where a verification failure is the correct outcome. This library version is embedded into Tensorboard 1.13, which is included in PowerAI 1.6.0. Vulnerability Details Vulnerability Details CVEID: CVE-2019-11324...

7.5CVSS0.5AI score0.02836EPSS
Exploits0Affected Software1
OSV
OSV
added 2019/03/13 8:29 a.m.4 views

AZL-38599 CVE-2019-9741 affecting package python-tensorboard for versions less than 2.16.2-1

An issue was discovered in net/http in Go 1.11.5. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the second argument to http.NewRequest with \r\n followed by an HTTP header or a Redis command...

6.1CVSS6.7AI score0.02346EPSS
Exploits1References1
Rows per page
Query Builder