87 matches found
AZL-38452 CVE-2020-28366 affecting package python-tensorboard for versions less than 2.16.2-1
Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file...
Security Bulletin: WML CE: TensorBoard: Node.js lodash module is vulnerable to a denial of service, caused by a prototype pollution attack.
Summary Node.js lodash module is vulnerable to a denial of service, caused by a prototype pollution attack. TensorBoard uses lodash. A remote attacker could exploit this vulnerability using the merge, mergeWith, and defaultsDeep functions to inject properties onto Object.prototype to crash the...
AZL-38206 CVE-2020-15586 affecting package python-tensorboard for versions less than 2.16.2-1
Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time...
AZL-38449 CVE-2019-9512 affecting package python-tensorboard for versions less than 2.16.2-1
Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU,...
AZL-38389 CVE-2019-9514 affecting package python-tensorboard for versions less than 2.16.2-1
Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RSTSTREAM frames from the peer. Depending on how the peer queues the...
Security Bulletin: vulnerability in urllib3 library embedded into Tensorboard PowerAI CVE-2019-11324
Summary The urllib3 1.24.1 library mishandles SSL connections in certain cases where a verification failure is the correct outcome. This library version is embedded into Tensorboard 1.13, which is included in PowerAI 1.6.0. Vulnerability Details Vulnerability Details CVEID: CVE-2019-11324...
AZL-38599 CVE-2019-9741 affecting package python-tensorboard for versions less than 2.16.2-1
An issue was discovered in net/http in Go 1.11.5. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the second argument to http.NewRequest with \r\n followed by an HTTP header or a Redis command...