5349 matches found
adapt-diagnostics (=1.2.0), adversarial-friend (=1.1.8) +64 more potentially affected by CVE-2020-15207 via tensorflow (=2.3.0)
tensorflow PYPI version =2.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow and may be impacted: - adapt-diagnostics =1.2.0 - adversarial-friend =1.1.8 - aliby-baby =0.1.0, =0.0.1a0, =0.0.1, =1.0.1.0, =0.1.0, =2.0.0, =0.1.0, =0.0.17, =0.1...
accuinsight (>=1.0.47 <=1.0.61), alphad3m (>=0.10.0 <=0.10.0.dev1) +82 more potentially affected by CVE-2020-15207 via tensorflow (=2.2.0)
tensorflow PYPI version =2.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow and may be impacted: - accuinsight =1.0.47, =0.10.0, =0.5.0, =0.2.0, =0.0.6, =1.2.0, =1.0.0, =0.0.15, =0.0.16 and more Source cves: CVE-2020-15207 Source advisory...
GHSA-Q8GV-Q7WR-9JF8 Segfault in Tensorflow
Impact In eager mode, TensorFlow does not set the session state. Hence, calling tf.rawops.GetSessionHandle or tf.rawops.GetSessionHandleV2 results in a null pointer dereference:...
d3m-simon (=1.2.5), easyquake (>=1.3.0 <=1.4.0) potentially affected by CVE-2020-15204 via tensorflow-gpu (=2.2.0)
tensorflow-gpu PYPI version =2.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-gpu and may be impacted: - d3m-simon =1.2.5 - easyquake =1.3.0, =1.4.0 Source cves: CVE-2020-15204 Source advisory: OSV:GHSA-Q8GV-Q7WR-9JF8...
deep-floorplan (=0.0.0) potentially affected by CVE-2020-15204 via tensorflow-gpu (=2.3.0)
tensorflow-gpu PYPI version =2.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-gpu and may be impacted: - deep-floorplan =0.0.0 Source cves: CVE-2020-15204 Source advisory: OSV:GHSA-Q8GV-Q7WR-9JF8...
adapt-diagnostics (=1.2.0), adversarial-friend (=1.1.8) +64 more potentially affected by CVE-2020-15204 via tensorflow (=2.3.0)
tensorflow PYPI version =2.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow and may be impacted: - adapt-diagnostics =1.2.0 - adversarial-friend =1.1.8 - aliby-baby =0.1.0, =0.0.1a0, =0.0.1, =1.0.1.0, =0.1.0, =2.0.0, =0.1.0, =0.0.17, =0.1...
abba-python (>=0.1.6 <=0.3.0), adpred (>=1.1.2 <=1.2.7) +233 more potentially affected by CVE-2020-15204 via tensorflow (>=1.0.1 <=1.15.3)
tensorflow PYPI version =1.0.1, =0.1.6, =1.1.2, =0.0.1, =0.3.26, =0.2.0, =0.4.2, =0.1.1, =0.1.5 - autobazaar =0.1.0 - autogan =0.0.5 - automationobjectdetection-sandeepjena7 =0.0.1 - automl-lib =0.0.1 and more Source cves: CVE-2020-15204 Source advisory: OSV:GHSA-Q8GV-Q7WR-9JF8...
aglvq (=1.0.0), beacon-trellis (=0.1.0) +64 more potentially affected by CVE-2020-15204 via tensorflow (=2.1.0)
tensorflow PYPI version =2.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow and may be impacted: - aglvq =1.0.0 - beacon-trellis =0.1.0 - biobb-ml =3.0.0, =0.0.1, =0.2.0, =0.0.2, =0.1.0, =1.1.0, =0.2.0rc1, =0.2.0rc3 and more Source cves:...
Segfault in Tensorflow
Impact In eager mode, TensorFlow does not set the session state. Hence, calling tf.rawops.GetSessionHandle or tf.rawops.GetSessionHandleV2 results in a null pointer dereference:...
azureml-designer-recommender-modules (>=0.0.1 <=0.0.9), monk-cuda100 (=0.0.1) +9 more potentially affected by CVE-2020-15206 via tensorflow-gpu (>=2.0.0 <=2.0.1)
tensorflow-gpu PYPI version =2.0.0, =0.0.1, =0.0.9 - monk-cuda100 =0.0.1 - monk-cuda100-test =0.0.1 - monk-cuda101 =0.0.1 - monk-cuda101-test =0.0.1 - monk-keras-cuda100 =0.0.1 - monk-keras-cuda100-test =0.0.1 - monk-keras-cuda101 =0.0.1 - monk-keras-cuda101-test =0.0.1 - monk-keras-cuda102 =0.0....
Denial of Service in Tensorflow
Impact Changing the TensorFlow's SavedModel protocol buffer and altering the name of required keys results in segfaults and data corruption while loading the model. This can cause a denial of service in products using tensorflow-serving or other inference-as-a-service installments. We have added...
arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +49 more potentially affected by CVE-2020-15205 via tensorflow-gpu (>=1.10.1 <=1.15.3)
tensorflow-gpu PYPI version =1.10.1, =0.21.0, =0.23.0, =0.1.0, =0.1.0, =1.0.0, =0.2.3, =0.0.1, =0.0.7, =0.2.0 - keras-textclassification =0.1.6 and more Source cves: CVE-2020-15205 Source advisory: OSV:GHSA-G7P5-5759-QV46...
adapt-diagnostics (=1.2.0), adversarial-friend (=1.1.8) +64 more potentially affected by CVE-2020-15205 via tensorflow (=2.3.0)
tensorflow PYPI version =2.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow and may be impacted: - adapt-diagnostics =1.2.0 - adversarial-friend =1.1.8 - aliby-baby =0.1.0, =0.0.1a0, =0.0.1, =1.0.1.0, =0.1.0, =2.0.0, =0.1.0, =0.0.17, =0.1...
abba-python (>=0.1.6 <=0.3.0), adpred (>=1.1.2 <=1.2.7) +233 more potentially affected by CVE-2020-15205 via tensorflow (>=1.0.1 <=1.15.3)
tensorflow PYPI version =1.0.1, =0.1.6, =1.1.2, =0.0.1, =0.3.26, =0.2.0, =0.4.2, =0.1.1, =0.1.5 - autobazaar =0.1.0 - autogan =0.0.5 - automationobjectdetection-sandeepjena7 =0.0.1 - automl-lib =0.0.1 and more Source cves: CVE-2020-15205 Source advisory: OSV:GHSA-G7P5-5759-QV46...
accuinsight (>=1.0.47 <=1.0.61), alphad3m (>=0.10.0 <=0.10.0.dev1) +82 more potentially affected by CVE-2020-15205 via tensorflow (=2.2.0)
tensorflow PYPI version =2.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow and may be impacted: - accuinsight =1.0.47, =0.10.0, =0.5.0, =0.2.0, =0.0.6, =1.2.0, =1.0.0, =0.0.15, =0.0.16 and more Source cves: CVE-2020-15205 Source advisory...
Data leak in Tensorflow
Impact The datasplits argument of tf.rawops.StringNGrams lacks validation. This allows a user to pass values that can cause heap overflow errors and even leak contents of memory python tf.rawops.StringNGramsdata="aa", "bb", "cc", "dd", "ee", "ff", datasplits=0,8, separator=" ", ngramwidths=3,...
GHSA-XMQ7-7FXM-RR79 Denial of Service in Tensorflow
Impact By controlling the fill argument of tf.strings.asstring, a malicious attacker is able to trigger a format string vulnerability due to the way the internal format use in a printf call is constructed:...
adapt-diagnostics (=1.2.0), adversarial-friend (=1.1.8) +64 more potentially affected by CVE-2020-15203 via tensorflow (=2.3.0)
tensorflow PYPI version =2.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow and may be impacted: - adapt-diagnostics =1.2.0 - adversarial-friend =1.1.8 - aliby-baby =0.1.0, =0.0.1a0, =0.0.1, =1.0.1.0, =0.1.0, =2.0.0, =0.1.0, =0.0.17, =0.1...
Denial of Service in Tensorflow
Impact By controlling the fill argument of tf.strings.asstring, a malicious attacker is able to trigger a format string vulnerability due to the way the internal format use in a printf call is constructed:...
adapt-diagnostics (=1.2.0), adversarial-friend (=1.1.8) +64 more potentially affected by CVE-2020-15202 via tensorflow (=2.3.0)
tensorflow PYPI version =2.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow and may be impacted: - adapt-diagnostics =1.2.0 - adversarial-friend =1.1.8 - aliby-baby =0.1.0, =0.0.1a0, =0.0.1, =1.0.1.0, =0.1.0, =2.0.0, =0.1.0, =0.0.17, =0.1...