Insecure Temporary File in tensorflow/tensorflow

Description tensorflow package is using the deprecated function tempfile.mktemp which is not secure. Because a different process may create a file with this name in the time between the call to mktemp and the subsequent attempt to create the file by the first process. Impact Availability will get...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in TensorFlow

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of TensorFlow. Vulnerability Details CVEID: CVE-2021-37635 DESCRIPTION: TensorFlow could allow a local authenticated attacker to obtain sensitive information, caused by a heap out-of-bounds read flaw in the...

Google TensorFlow Numeric Error Vulnerability (CNVD-2022-09877)

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. Google TensorFlow suffers from a numeric error vulnerability that stems from TensorFlow's implementation of pooling operations in which values in a sliding window are not rigorously checked for...

Google TensorFlow Buffer Overflow Vulnerability (CNVD-2022-09872)

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. Google TensorFlow suffers from a buffer overflow vulnerability that can be exploited by an attacker to cause uninitialized variable access...

Google TensorFlow Buffer Overflow Vulnerability (CNVD-2022-09870)

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. A buffer overflow vulnerability exists in Google TensorFlow, which stems from undefined behavior of the shape inference code of "tf.ragged.cross" due to a bound reference to "nullptr" in the...

Google TensorFlow buffer overflow vulnerability (CNVD-2021-91276)

Google TensorFlow is an end-to-end open source platform for machine learning from Google Google. A buffer overflow vulnerability exists in Google TensorFlow, which stems from the fact that during the crawler optimization phase of the affected version of TensorFlow, constant folding may attempt to...

Google TensorFlow Data Falsification Issue Vulnerability

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. Google TensorFlow suffers from a data forgery vulnerability that stems from a lack of validation of invalid file formats in the checkpoint loading infrastructure, which can be exploited by an...

Google TensorFlow Input Validation Error Vulnerability (CNVD-2022-09874)

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. Google TensorFlow suffers from an input validation error vulnerability that can be exploited by an attacker to cause an abort and denial of service related to a CHECK failure...

Google TensorFlow Input Validation Error Vulnerability (CNVD-2022-09876)

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. Google TensorFlow suffers from an input validation error vulnerability that stems from the fact that TensorFlow allows tensors to have a large number of dimensions, each of which can be adjusted...

Google TensorFlow code issue vulnerability (CNVD-2022-09869)

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. Google TensorFlow has a code issue vulnerability that can be exploited by an attacker to cause the program to crash...

Google TensorFlow Input Validation Error Vulnerability (CNVD-2022-09875)

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. Google TensorFlow suffers from an input validation error vulnerability that can be exploited by an attacker to cause a CHECK failure and crash...

Google TensorFlow Input Validation Error Vulnerability (CNVD-2022-09873)

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. Google TensorFlow suffers from an input validation error vulnerability that can be exploited by an attacker to call tf.image.resize with a large input parameter, then the TensorFlow process will...

alphapulldown (>=0.21.2 <=0.22.3), analytics-lib (>=0.0.1 <=0.0.2) +62 more potentially affected by CVE-2021-41208 via tensorflow (>=2.5.0 <=2.5.1)

tensorflow PYPI version =2.5.0, =0.21.2, =0.0.1, =1.1.0, =0.1.0.dev2, =0.1.6, =0.8.1, =3.3.0, =0.0.24, =1.0.0, =2.0.2, =3.0.0 and more Source cves: CVE-2021-41208 Source advisory: OSV:GHSA-57WX-M983-2F88...

alwakeupword (=1.0.0), armadillin (>=0.0.2 <=0.53.0) +35 more potentially affected by CVE-2021-41208 via tensorflow (>=2.6.0 <=2.6.0rc2)

tensorflow PYPI version =2.6.0, =0.0.2, =0.0.9, =0.2.0, =4.4.0, =1.1.2, =0.2.0, =0.0.1, =1.0.0, =0.1.5, =0.2.1 and more Source cves: CVE-2021-41208 Source advisory: OSV:GHSA-57WX-M983-2F88...

a62-emotion (>=0.10.12 <=0.11.4), aiproteomics (=0.2.1) +96 more potentially affected by CVE-2021-41208 via tensorflow-cpu (>=1.15.0 <=2.4.0)

tensorflow-cpu PYPI version =1.15.0, =0.10.12, =2.0.0, =2.0.0, =1.0.0, =0.0.5, =0.3.0, =0.0.1, =0.8.1, =0.1.1, =1.3.0, =0.1.0.dev1, =0.0.1, =0.3.3 and more Source cves: CVE-2021-41208 Source advisory: OSV:GHSA-57WX-M983-2F88...

arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +168 more potentially affected by CVE-2021-41208 via tensorflow-gpu (>=1.10.1 <=2.4.2)

tensorflow-gpu PYPI version =1.10.1, =0.21.0, =0.23.0, =0.9.2, =0.1.0, =0.0.1, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - brainhance =0.0.1 - cctv-analysis =0.0.2 - chatbot-nlu =1.0.0 and more Source cves: CVE-2021-41208 Source advisory: OSV:GHSA-57WX-M983-2F88...

bent (>=0.0.9 <=0.0.80), tensorflow-recommenders-addons-gpu (>=0.3.0 <=0.4.1) potentially affected by CVE-2021-41208 via tensorflow-gpu (=2.5.1)

tensorflow-gpu PYPI version =2.5.1 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-gpu and may be impacted: - bent =0.0.9, =0.3.0, =0.4.1 Source cves: CVE-2021-41208 Source advisory: OSV:GHSA-57WX-M983-2F88...

iqradre (>=0.1.5 <=0.2.1), lurara (>=0.1.0 <=0.1.1) +5 more potentially affected by CVE-2021-41208 via tensorflow-gpu (=2.6.0)

tensorflow-gpu PYPI version =2.6.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-gpu and may be impacted: - iqradre =0.1.5, =0.1.0, =0.9.0, =1.0.5, =1.0.6 Source cves: CVE-2021-41208 Source advisory: OSV:GHSA-57WX-M983-2F88...

GHSA-57WX-M983-2F88 Incomplete validation in boosted trees code

Impact The code for boosted trees in TensorFlow is still missing validation. As a result, attackers can trigger denial of service via dereferencing nullptrs or via CHECK-failures as well as abuse undefined behavior binding references to nullptrs. An attacker can also read and write from heap...

125softnlp (=0.0.1), a2 (>=0.10.11 <=0.10.13) +4817 more potentially affected by CVE-2021-41208 via tensorflow (>=1.0.1 <=2.4.3)

tensorflow PYPI version =1.0.1, =0.10.11, =0.1.0, =0.0.0, =0.6.0, =0.1.6, =1.0.0, =2.0.0, =1.0.0, =0.0.1, =0.0.7 and more Source cves: CVE-2021-41208 Source advisory: OSV:GHSA-57WX-M983-2F88...