14329 matches found
125softnlp (=0.0.1), a2 (>=0.10.11 <=0.10.13) +4847 more potentially affected by CVE-2022-23558 via tensorflow (>=1.0.1 <=2.5.2)
tensorflow PYPI version =1.0.1, =0.10.11, =0.1.0, =0.0.0, =0.6.0, =0.1.6, =1.0.0, =2.0.0, =1.0.0, =0.0.1, =0.0.7 and more Source cves: CVE-2022-23558 Source advisory: OSV:GHSA-9GWQ-6CWJ-47H3...
lsmmdma (>=0.0.4 <=0.1.7), tpu-tf2 (=1.0.0) potentially affected by CVE-2022-23558 via tensorflow-cpu (=2.7.0)
tensorflow-cpu PYPI version =2.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-cpu and may be impacted: - lsmmdma =0.0.4, =0.1.7 - tpu-tf2 =1.0.0 Source cves: CVE-2022-23558 Source advisory: OSV:GHSA-9GWQ-6CWJ-47H3...
rpnet (>=0.0.1 <=0.1.0), rpnet-dev (>=0.0.5 <=0.0.12) +4 more potentially affected by CVE-2022-23558 via tensorflow-gpu (=2.7.0)
tensorflow-gpu PYPI version =2.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-gpu and may be impacted: - rpnet =0.0.1, =0.0.5, =1.0.5, =1.1.1 - tpu-tf2 =1.0.0 - troj =1.0.0 Source cves: CVE-2022-23558 Source advisory:...
animl (>=1.1.2 <=1.1.4), audio-classification-models (=1.0.1) +7 more potentially affected by CVE-2022-23558 via tensorflow-gpu (>=2.6.0 <=2.6.2)
tensorflow-gpu PYPI version =2.6.0, =1.1.2, =0.1.5, =0.1.0, =0.9.0, =1.0.5, =1.0.6 Source cves: CVE-2022-23558 Source advisory: OSV:GHSA-9GWQ-6CWJ-47H3...
a62-emotion (>=0.10.12 <=0.11.4), aiproteomics (=0.2.1) +97 more potentially affected by CVE-2022-23558 via tensorflow-cpu (>=1.15.0 <=2.4.4)
tensorflow-cpu PYPI version =1.15.0, =0.10.12, =2.0.0, =2.0.0, =1.0.0, =0.0.5, =0.3.0, =0.0.1, =0.8.1, =0.1.1, =1.3.0, =0.1.0.dev1, =0.0.1, =0.3.3 and more Source cves: CVE-2022-23558 Source advisory: OSV:GHSA-9GWQ-6CWJ-47H3...
GHSA-9GWQ-6CWJ-47H3 Integer overflow in TFLite array creation
Impact An attacker can craft a TFLite model that would cause an integer overflow in TfLiteIntArrayCreate: cc TfLiteIntArray TfLiteIntArrayCreateint size int allocsize = TfLiteIntArrayGetSizeInBytessize; // ... TfLiteIntArray ret = TfLiteIntArraymallocallocsize; // ... The...
arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +170 more potentially affected by CVE-2022-23565 via tensorflow-gpu (>=1.10.1 <=2.5.1)
tensorflow-gpu PYPI version =1.10.1, =0.21.0, =0.23.0, =0.9.2, =0.1.0, =0.0.1, =0.0.9, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - brainhance =0.0.1 - cctv-analysis =0.0.2 and more Source cves: CVE-2022-23565 Source advisory: OSV:GHSA-4V5P-V5H9-6XJX...
`CHECK`-failures in Tensorflow
Impact An attacker can trigger denial of service via assertion failure by altering a SavedModel on disk such that AttrDefs of some operation are duplicated. Patches We have patched the issue in GitHub commit c2b31ff2d3151acb230edc3f5b1832d2c713a9e0. The fix will be included in TensorFlow 2.8.0. W...
a62-emotion (>=0.10.12 <=0.11.4), aiproteomics (=0.2.1) +97 more potentially affected by CVE-2022-23565 via tensorflow-cpu (>=1.15.0 <=2.4.4)
tensorflow-cpu PYPI version =1.15.0, =0.10.12, =2.0.0, =2.0.0, =1.0.0, =0.0.5, =0.3.0, =0.0.1, =0.8.1, =0.1.1, =1.3.0, =0.1.0.dev1, =0.0.1, =0.3.3 and more Source cves: CVE-2022-23565 Source advisory: OSV:GHSA-4V5P-V5H9-6XJX...
125softnlp (=0.0.1), a2 (>=0.10.11 <=0.10.13) +4847 more potentially affected by CVE-2022-23565 via tensorflow (>=1.0.1 <=2.5.2)
tensorflow PYPI version =1.0.1, =0.10.11, =0.1.0, =0.0.0, =0.6.0, =0.1.6, =1.0.0, =2.0.0, =1.0.0, =0.0.1, =0.0.7 and more Source cves: CVE-2022-23565 Source advisory: OSV:GHSA-4V5P-V5H9-6XJX...
rpnet (>=0.0.1 <=0.1.0), rpnet-dev (>=0.0.5 <=0.0.12) +4 more potentially affected by CVE-2022-23565 via tensorflow-gpu (=2.7.0)
tensorflow-gpu PYPI version =2.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-gpu and may be impacted: - rpnet =0.0.1, =0.0.5, =1.0.5, =1.1.1 - tpu-tf2 =1.0.0 - troj =1.0.0 Source cves: CVE-2022-23565 Source advisory:...
lsmmdma (>=0.0.4 <=0.1.7), tpu-tf2 (=1.0.0) potentially affected by CVE-2022-23565 via tensorflow-cpu (=2.7.0)
tensorflow-cpu PYPI version =2.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-cpu and may be impacted: - lsmmdma =0.0.4, =0.1.7 - tpu-tf2 =1.0.0 Source cves: CVE-2022-23565 Source advisory: OSV:GHSA-4V5P-V5H9-6XJX...
animl (>=1.1.2 <=1.1.4), audio-classification-models (=1.0.1) +7 more potentially affected by CVE-2022-23565 via tensorflow-gpu (>=2.6.0 <=2.6.2)
tensorflow-gpu PYPI version =2.6.0, =1.1.2, =0.1.5, =0.1.0, =0.9.0, =1.0.5, =1.0.6 Source cves: CVE-2022-23565 Source advisory: OSV:GHSA-4V5P-V5H9-6XJX...
aadhaar-detection (=0.5.0), accuinsight (>=1.0.84 <=1.0.87) +38 more potentially affected by CVE-2022-23565 via tensorflow (>=2.7.0 <=2.7.0rc1)
tensorflow PYPI version =2.7.0, =1.0.84, =3.0.22, =0.1.11, =0.1.11, =0.1.11, =0.1.0, =0.0.1, =0.1.5.dev202303131412, =0.1.0, =0.1.1 and more Source cves: CVE-2022-23565 Source advisory: OSV:GHSA-4V5P-V5H9-6XJX...
alwakeupword (=1.0.0), armadillin (>=0.0.2 <=0.53.0) +42 more potentially affected by CVE-2022-23565 via tensorflow (>=2.6.0 <=2.6.2)
tensorflow PYPI version =2.6.0, =0.0.2, =1.0.1, =0.0.9, =0.2.0, =4.4.0, =1.1.2, =0.2.0, =0.0.1, =1.0.0, =1.1.2 - imgtovar =0.8.5 and more Source cves: CVE-2022-23565 Source advisory: OSV:GHSA-4V5P-V5H9-6XJX...
Division by zero in TFLite
Impact An attacker can craft a TFLite model that would trigger a division by zero in BiasAndClamp implementation: cc inline void BiasAndClampfloat clampmin, float clampmax, int biassize, const float biasdata, int arraysize, float arraydata // ... TFLITEDCHECKEQarraysize % biassize, 0; // ... Ther...
125softnlp (=0.0.1), a2 (>=0.10.11 <=0.10.13) +4847 more potentially affected by CVE-2022-23557 via tensorflow (>=1.0.1 <=2.5.2)
tensorflow PYPI version =1.0.1, =0.10.11, =0.1.0, =0.0.0, =0.6.0, =0.1.6, =1.0.0, =2.0.0, =1.0.0, =0.0.1, =0.0.7 and more Source cves: CVE-2022-23557 Source advisory: OSV:GHSA-GF2J-F278-XH4V...
lsmmdma (>=0.0.4 <=0.1.7), tpu-tf2 (=1.0.0) potentially affected by CVE-2022-23557 via tensorflow-cpu (=2.7.0)
tensorflow-cpu PYPI version =2.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-cpu and may be impacted: - lsmmdma =0.0.4, =0.1.7 - tpu-tf2 =1.0.0 Source cves: CVE-2022-23557 Source advisory: OSV:GHSA-GF2J-F278-XH4V...
alwakeupword (=1.0.0), armadillin (>=0.0.2 <=0.53.0) +42 more potentially affected by CVE-2022-23557 via tensorflow (>=2.6.0 <=2.6.2)
tensorflow PYPI version =2.6.0, =0.0.2, =1.0.1, =0.0.9, =0.2.0, =4.4.0, =1.1.2, =0.2.0, =0.0.1, =1.0.0, =1.1.2 - imgtovar =0.8.5 and more Source cves: CVE-2022-23557 Source advisory: OSV:GHSA-GF2J-F278-XH4V...
animl (>=1.1.2 <=1.1.4), audio-classification-models (=1.0.1) +7 more potentially affected by CVE-2022-23557 via tensorflow-gpu (>=2.6.0 <=2.6.2)
tensorflow-gpu PYPI version =2.6.0, =1.1.2, =0.1.5, =0.1.0, =0.9.0, =1.0.5, =1.0.6 Source cves: CVE-2022-23557 Source advisory: OSV:GHSA-GF2J-F278-XH4V...