14329 matches found
animl (>=1.1.2 <=1.1.4), arekit (>=0.21.0 <=0.22.1) +188 more potentially affected by CVE-2022-41891 via tensorflow-gpu (>=1.10.1 <=2.8.3)
tensorflow-gpu PYPI version =1.10.1, =1.1.2, =0.21.0, =0.23.0, =0.9.2, =1.0.0, =0.1.0, =0.0.1, =0.0.9, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - brainhance =0.0.1 and more Source cves: CVE-2022-41891 Source advisory: OSV:GHSA-66VQ-54FQ-6JVV...
aimodelshare (>=0.0.157 <=0.1.0), aliby (>=0.1.18 <=0.1.55) +69 more potentially affected by CVE-2022-41891 via tensorflow (>=2.9.0 <=2.9.2)
tensorflow PYPI version =2.9.0, =0.0.157, =0.1.18, =0.1.11, =0.30.0, =0.2.6, =0.0.1, =1.0.0, =0.0.0, =4.8.2, =0.9.0, =0.99.1 - cvt-tensorflow =1.1.4 and more Source cves: CVE-2022-41891 Source advisory: OSV:GHSA-66VQ-54FQ-6JVV...
Segfault in `tf.raw_ops.TensorListConcat`
Impact If tf.rawops.TensorListConcat is given elementshape=, it results segmentation fault which can be used to trigger a denial of service attack. python import tensorflow as tf tf.rawops.TensorListConcat inputhandle=tf.data.experimental.tovarianttf.data.Dataset.fromtensorslices1, 2, 3,...
GHSA-66VQ-54FQ-6JVV Segfault in `tf.raw_ops.TensorListConcat`
Impact If tf.rawops.TensorListConcat is given elementshape=, it results segmentation fault which can be used to trigger a denial of service attack. python import tensorflow as tf tf.rawops.TensorListConcat inputhandle=tf.data.experimental.tovarianttf.data.Dataset.fromtensorslices1, 2, 3,...
aimodelshare (>=0.0.157 <=0.1.0), aliby (>=0.1.18 <=0.1.55) +69 more potentially affected by CVE-2022-41890 via tensorflow (>=2.9.0 <=2.9.2)
tensorflow PYPI version =2.9.0, =0.0.157, =0.1.18, =0.1.11, =0.30.0, =0.2.6, =0.0.1, =1.0.0, =0.0.0, =4.8.2, =0.9.0, =0.99.1 - cvt-tensorflow =1.1.4 and more Source cves: CVE-2022-41890 Source advisory: OSV:GHSA-H246-CGH4-7475...
a62-emotion (>=0.10.12 <=0.11.4), aiproteomics (=0.2.1) +98 more potentially affected by CVE-2022-41890 via tensorflow-cpu (>=1.15.0 <=2.7.4)
tensorflow-cpu PYPI version =1.15.0, =0.10.12, =2.0.0, =2.0.0, =1.0.0, =0.0.5, =0.3.0, =0.0.1, =0.8.1, =0.1.1, =1.3.0, =0.1.0.dev1, =0.0.1, =0.3.3 and more Source cves: CVE-2022-41890 Source advisory: OSV:GHSA-H246-CGH4-7475...
clip-jax (=0.0.5), sdeper (>=1.1.0 <=1.6.1) potentially affected by CVE-2022-41890 via tensorflow-cpu (>=2.9.0 <=2.9.1)
tensorflow-cpu PYPI version =2.9.0, =1.1.0, =1.6.1 Source cves: CVE-2022-41890 Source advisory: OSV:GHSA-H246-CGH4-7475...
aggmap (>=1.1.1 <=1.2.1), molmap (>=1.3.1 <=1.4.0) potentially affected by CVE-2022-41890 via tensorflow-gpu (=2.9.1)
tensorflow-gpu PYPI version =2.9.1 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-gpu and may be impacted: - aggmap =1.1.1, =1.3.1, =1.4.0 Source cves: CVE-2022-41890 Source advisory: OSV:GHSA-H246-CGH4-7475...
125softnlp (=0.0.1), a2 (>=0.10.11 <=0.10.13) +4934 more potentially affected by CVE-2022-41890 via tensorflow (>=1.0.1 <=2.8.3)
tensorflow PYPI version =1.0.1, =0.10.11, =0.1.0, =0.0.0, =0.5.0, =0.1.6, =1.0.0, =2.0.0, =1.0.0, =0.0.1, =0.0.7 and more Source cves: CVE-2022-41890 Source advisory: OSV:GHSA-H246-CGH4-7475...
`CHECK` fail in `BCast` overflow
Impact If BCast::ToShape is given input larger than an int32, it will crash, despite being supposed to handle up to an int64. An example can be seen in tf.experimental.numpy.outer by passing in large input to the input b. python import tensorflow as tf value = tf.constantshape=2, 1024, 1024, 1024...
animl (>=1.1.2 <=1.1.4), arekit (>=0.21.0 <=0.22.1) +188 more potentially affected by CVE-2022-41890 via tensorflow-gpu (>=1.10.1 <=2.8.3)
tensorflow-gpu PYPI version =1.10.1, =1.1.2, =0.21.0, =0.23.0, =0.9.2, =1.0.0, =0.1.0, =0.0.1, =0.0.9, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - brainhance =0.0.1 and more Source cves: CVE-2022-41890 Source advisory: OSV:GHSA-H246-CGH4-7475...
GHSA-H246-CGH4-7475 `CHECK` fail in `BCast` overflow
Impact If BCast::ToShape is given input larger than an int32, it will crash, despite being supposed to handle up to an int64. An example can be seen in tf.experimental.numpy.outer by passing in large input to the input b. python import tensorflow as tf value = tf.constantshape=2, 1024, 1024, 1024...
125softnlp (=0.0.1), a2 (>=0.10.11 <=0.10.13) +4934 more potentially affected by CVE-2022-41889 via tensorflow (>=1.0.1 <=2.8.3)
tensorflow PYPI version =1.0.1, =0.10.11, =0.1.0, =0.0.0, =0.5.0, =0.1.6, =1.0.0, =2.0.0, =1.0.0, =0.0.1, =0.0.7 and more Source cves: CVE-2022-41889 Source advisory: OSV:GHSA-XXCJ-RHQG-M46G...
aimodelshare (>=0.0.157 <=0.1.0), aliby (>=0.1.18 <=0.1.55) +69 more potentially affected by CVE-2022-41889 via tensorflow (>=2.9.0 <=2.9.2)
tensorflow PYPI version =2.9.0, =0.0.157, =0.1.18, =0.1.11, =0.30.0, =0.2.6, =0.0.1, =1.0.0, =0.0.0, =4.8.2, =0.9.0, =0.99.1 - cvt-tensorflow =1.1.4 and more Source cves: CVE-2022-41889 Source advisory: OSV:GHSA-XXCJ-RHQG-M46G...
a62-emotion (>=0.10.12 <=0.11.4), aiproteomics (=0.2.1) +98 more potentially affected by CVE-2022-41889 via tensorflow-cpu (>=1.15.0 <=2.7.4)
tensorflow-cpu PYPI version =1.15.0, =0.10.12, =2.0.0, =2.0.0, =1.0.0, =0.0.5, =0.3.0, =0.0.1, =0.8.1, =0.1.1, =1.3.0, =0.1.0.dev1, =0.0.1, =0.3.3 and more Source cves: CVE-2022-41889 Source advisory: OSV:GHSA-XXCJ-RHQG-M46G...
clip-jax (=0.0.5), sdeper (>=1.1.0 <=1.6.1) potentially affected by CVE-2022-41889 via tensorflow-cpu (>=2.9.0 <=2.9.1)
tensorflow-cpu PYPI version =2.9.0, =1.1.0, =1.6.1 Source cves: CVE-2022-41889 Source advisory: OSV:GHSA-XXCJ-RHQG-M46G...
Segfault via invalid attributes in `pywrap_tfe_src.cc`
Impact If a list of quantized tensors is assigned to an attribute, the pywrap code fails to parse the tensor and returns a nullptr, which is not caught. An example can be seen in tf.compat.v1.extractvolumepatches by passing in quantized tensors as input ksizes. python import numpy as np import...
GHSA-XXCJ-RHQG-M46G Segfault via invalid attributes in `pywrap_tfe_src.cc`
Impact If a list of quantized tensors is assigned to an attribute, the pywrap code fails to parse the tensor and returns a nullptr, which is not caught. An example can be seen in tf.compat.v1.extractvolumepatches by passing in quantized tensors as input ksizes. python import numpy as np import...
animl (>=1.1.2 <=1.1.4), arekit (>=0.21.0 <=0.22.1) +188 more potentially affected by CVE-2022-41889 via tensorflow-gpu (>=1.10.1 <=2.8.3)
tensorflow-gpu PYPI version =1.10.1, =1.1.2, =0.21.0, =0.23.0, =0.9.2, =1.0.0, =0.1.0, =0.0.1, =0.0.9, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - brainhance =0.0.1 and more Source cves: CVE-2022-41889 Source advisory: OSV:GHSA-XXCJ-RHQG-M46G...
clip-jax (=0.0.5), sdeper (>=1.1.0 <=1.6.1) potentially affected by CVE-2022-41888 via tensorflow-cpu (>=2.9.0 <=2.9.1)
tensorflow-cpu PYPI version =2.9.0, =1.1.0, =1.6.1 Source cves: CVE-2022-41888 Source advisory: OSV:GHSA-6X99-GV2V-Q76V...