PT-2022-19466 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.9.0 TensorFlow versions prior to 2.8.1 TensorFlow versions prior to 2.7.2 TensorFlow versions prior to 2.6.4 Description: The issue is related to the lack of input validation in the tf.compat.v1.signal.rfft2d an...

PT-2022-19463 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow version 2.8.0 Description: The issue arises from the TensorKey hash function using total estimated AllocatedBytes, which is an estimate per tensor and a poor hash function for constants, such as int32 t. It also attempts to access...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in TensorFlow

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of TensorFlow. Vulnerability Details CVEID: CVE-2022-21741 DESCRIPTION: TensorFlow is vulnerable to a denial of service, caused by a divide-by-zero condition in the implementation of depthwise convolutions in...

brainhance (=0.0.1), crystal4d (>=0.0.4 <=0.1.2) +3 more potentially affected by CVE-2021-29607 via tensorflow-gpu (>=2.4.0 <=2.4.1)

tensorflow-gpu PYPI version =2.4.0, =0.0.4, =1.1.1, =1.0.0, =1.0.1 - tf-yarn-gpu =0.6.3 Source cves: CVE-2021-29607 Source advisory: OSV:GHSA-GV26-JPJ9-C8GQ...

abmarl (>=0.1.1 <=0.1.3), agrothon (>=1.1.5 <=1.3.2) +92 more potentially affected by CVE-2021-29607 via tensorflow (>=2.4.0 <=2.4.1)

tensorflow PYPI version =2.4.0, =0.1.1, =1.1.5, =2.1.0, =0.0.1, =0.0.6, =0.1.0, =1.4.0, =1.2.2, =20210221.0.0, =0.7.2, =0.0.0, =0.0.0.post0 and more Source cves: CVE-2021-29607 Source advisory: OSV:GHSA-GV26-JPJ9-C8GQ...

deep-floorplan (=0.0.0), mpunet (=0.2.9) +1 more potentially affected by CVE-2021-29607 via tensorflow-gpu (>=2.3.0 <=2.3.2)

tensorflow-gpu PYPI version =2.3.0, =1.1.0, =1.6.1 Source cves: CVE-2021-29607 Source advisory: OSV:GHSA-GV26-JPJ9-C8GQ...

c4v-py (>=0.1.0.dev1 <=0.1.0.dev202107081840) potentially affected by CVE-2021-29607 via tensorflow-cpu (=2.3.1)

tensorflow-cpu PYPI version =2.3.1 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-cpu and may be impacted: - c4v-py =0.1.0.dev1, =0.1.0.dev202107081840 Source cves: CVE-2021-29607 Source advisory: OSV:GHSA-GV26-JPJ9-C8GQ...

accuinsight (>=1.0.62 <=3.0.0rc2), adapt-diagnostics (>=1.2.0 <=1.6.0) +110 more potentially affected by CVE-2021-29607 via tensorflow (>=2.3.0 <=2.3.2)

tensorflow PYPI version =2.3.0, =1.0.62, =1.2.0, =0.1.0, =0.0.1a0, =0.0.1, =1.0.0rc1, =20210206.0.0, =0.1.0.dev1, =0.2.4, =1.0.1.0, =1.0.3 - cardec-cite =1.1.0 and more Source cves: CVE-2021-29607 Source advisory: OSV:GHSA-GV26-JPJ9-C8GQ...

aiproteomics (=0.2.1), alpharing (>=1.0.0 <=2.0.0) +26 more potentially affected by CVE-2021-29607 via tensorflow-cpu (>=1.15.0 <=2.1.0)

tensorflow-cpu PYPI version =1.15.0, =1.0.0, =0.0.1, =1.0.0.4, =0.1.0, =0.2.3, =0.0.5, =0.1.2, =1.0.0, =1.8.2, =1.6.1, =1.8.3 - netfl =1.5.0 and more Source cves: CVE-2021-29607 Source advisory: OSV:GHSA-GV26-JPJ9-C8GQ...

complaintclassify (=0.0.9) potentially affected by CVE-2021-29607 via tensorflow-cpu (=2.4.0)

tensorflow-cpu PYPI version =2.4.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-cpu and may be impacted: - complaintclassify =0.0.9 Source cves: CVE-2021-29607 Source advisory: OSV:GHSA-GV26-JPJ9-C8GQ...

accuinsight (>=1.0.47 <=1.0.61), alphad3m (>=0.10.0 <=0.10.0.dev1) +88 more potentially affected by CVE-2021-29607 via tensorflow (>=2.2.0 <=2.2.2)

tensorflow PYPI version =2.2.0, =1.0.47, =0.10.0, =0.5.0, =0.2.0, =0.0.6, =1.2.0, =1.0.0, =0.0.15, =0.0.16 and more Source cves: CVE-2021-29607 Source advisory: OSV:GHSA-GV26-JPJ9-C8GQ...

pycnet-audio (>=0.5.1 <=0.5.8) potentially affected by CVE-2021-29607 via tensorflow-cpu (=2.2.0)

tensorflow-cpu PYPI version =2.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-cpu and may be impacted: - pycnet-audio =0.5.1, =0.5.8 Source cves: CVE-2021-29607 Source advisory: OSV:GHSA-GV26-JPJ9-C8GQ...

Incomplete validation in `SparseSparseMinimum`

Impact Incomplete validation in SparseAdd results in allowing attackers to exploit undefined behavior dereferencing null pointers as well as write outside of bounds of heap allocated data: python import tensorflow as tf aindices = tf.ones45, 92, dtype=tf.int64 avalues = tf.ones45, dtype=tf.int64...

d3m-simon (=1.2.5), easyquake (>=1.3.0 <=1.4.0) potentially affected by CVE-2021-29607 via tensorflow-gpu (=2.2.0)

tensorflow-gpu PYPI version =2.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-gpu and may be impacted: - d3m-simon =1.2.5 - easyquake =1.3.0, =1.4.0 Source cves: CVE-2021-29607 Source advisory: OSV:GHSA-GV26-JPJ9-C8GQ...

arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +160 more potentially affected by CVE-2021-29607 via tensorflow-gpu (>=1.10.1 <=2.1.1)

tensorflow-gpu PYPI version =1.10.1, =0.21.0, =0.23.0, =0.9.2, =0.1.0, =0.0.1, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - cctv-analysis =0.0.2 - chatbot-nlu =1.0.0 - classitransformers =0.0.1 and more Source cves: CVE-2021-29607 Source advisory: OSV:GHSA-GV26-JPJ9-C8GQ...

a2grunnerp (>=0.1.0 <=0.1.8), abba-python (>=0.1.6 <=0.3.0) +1361 more potentially affected by CVE-2021-29607 via tensorflow (>=1.0.1 <=2.1.2)

tensorflow PYPI version =1.0.1, =0.1.0, =0.1.6, =0.0.6, =0.1.0, =0.0.1, =1.1.2, =0.0.1, =2.0.0, =0.3.26, =0.2.1, =7.13.1, =0.0.1, =0.0.2 and more Source cves: CVE-2021-29607 Source advisory: OSV:GHSA-GV26-JPJ9-C8GQ...

Security Bulletin: Multiple vulnerabilities fixed in IBM Maximo Application Suite Monitor

Summary IBM Maximo Application Suite Monitor is vulnerable to Multiple vulnerabilities. See Vulnerability Details. This has been addressed in each of the components; refer to the Remediation section for details. Vulnerability Details CVEID: CVE-2020-15265 DESCRIPTION: Tensorflow is vulnerable to ...

Tensorflow Denial of Service Vulnerability (CNVD-2022-31833)

Tensorflow is an open source machine learning framework. a denial-of-access vulnerability exists in TensorFlow, which can be exploited by attackers to launch a denial-of-service attack against a target...

Google Tensorflow Denial of Service Vulnerability (CNVD-2022-13928)

TensorFlow is an end-to-end open source machine learning platform. It has a comprehensive and flexible ecosystem of tools, libraries, and community resources that help researchers push the boundaries of advanced machine learning techniques and enable developers to easily build and deploy...

Google TensorFlow Input Validation Error Vulnerability (CNVD-2022-14990)

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. Google Tensorflow suffers from an input validation error vulnerability that stems from a lack of validation of the input tensor shape, which could be exploited to launch a denial-of-service attack...