14326 matches found
Unitialized access in `EinsumHelper::ParseEquation`
Impact During execution, EinsumHelper::ParseEquation is supposed to set the flags in inputhasellipsis vector and outputhasellipsis boolean to indicate whether there is ellipsis in the corresponding inputs and output. However, the code only changes these flags to true and never assigns false. cc f...
alwakeupword (=1.0.0), armadillin (>=0.0.2 <=0.53.0) +35 more potentially affected by CVE-2021-41201 via tensorflow (>=2.6.0 <=2.6.0rc2)
tensorflow PYPI version =2.6.0, =0.0.2, =0.0.9, =0.2.0, =4.4.0, =1.1.2, =0.2.0, =0.0.1, =1.0.0, =0.1.5, =0.2.1 and more Source cves: CVE-2021-41201 Source advisory: OSV:GHSA-J86V-P27C-73FM...
125softnlp (=0.0.1), a2 (>=0.10.11 <=0.10.13) +4817 more potentially affected by CVE-2021-41202 via tensorflow (>=1.0.1 <=2.4.3)
tensorflow PYPI version =1.0.1, =0.10.11, =0.1.0, =0.0.0, =0.6.0, =0.1.6, =1.0.0, =2.0.0, =1.0.0, =0.0.1, =0.0.7 and more Source cves: CVE-2021-41202 Source advisory: OSV:GHSA-XRQM-FPGR-6HHX...
alphapulldown (>=0.21.2 <=0.22.3), analytics-lib (>=0.0.1 <=0.0.2) +62 more potentially affected by CVE-2021-41202 via tensorflow (>=2.5.0 <=2.5.1)
tensorflow PYPI version =2.5.0, =0.21.2, =0.0.1, =1.1.0, =0.1.0.dev2, =0.1.6, =0.8.1, =3.3.0, =0.0.24, =1.0.0, =2.0.2, =3.0.0 and more Source cves: CVE-2021-41202 Source advisory: OSV:GHSA-XRQM-FPGR-6HHX...
alwakeupword (=1.0.0), armadillin (>=0.0.2 <=0.53.0) +35 more potentially affected by CVE-2021-41202 via tensorflow (>=2.6.0 <=2.6.0rc2)
tensorflow PYPI version =2.6.0, =0.0.2, =0.0.9, =0.2.0, =4.4.0, =1.1.2, =0.2.0, =0.0.1, =1.0.0, =0.1.5, =0.2.1 and more Source cves: CVE-2021-41202 Source advisory: OSV:GHSA-XRQM-FPGR-6HHX...
a62-emotion (>=0.10.12 <=0.11.4), aiproteomics (=0.2.1) +96 more potentially affected by CVE-2021-41202 via tensorflow-cpu (>=1.15.0 <=2.4.0)
tensorflow-cpu PYPI version =1.15.0, =0.10.12, =2.0.0, =2.0.0, =1.0.0, =0.0.5, =0.3.0, =0.0.1, =0.8.1, =0.1.1, =1.3.0, =0.1.0.dev1, =0.0.1, =0.3.3 and more Source cves: CVE-2021-41202 Source advisory: OSV:GHSA-XRQM-FPGR-6HHX...
arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +168 more potentially affected by CVE-2021-41202 via tensorflow-gpu (>=1.10.1 <=2.4.2)
tensorflow-gpu PYPI version =1.10.1, =0.21.0, =0.23.0, =0.9.2, =0.1.0, =0.0.1, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - brainhance =0.0.1 - cctv-analysis =0.0.2 - chatbot-nlu =1.0.0 and more Source cves: CVE-2021-41202 Source advisory: OSV:GHSA-XRQM-FPGR-6HHX...
bent (>=0.0.9 <=0.0.80), tensorflow-recommenders-addons-gpu (>=0.3.0 <=0.4.1) potentially affected by CVE-2021-41202 via tensorflow-gpu (=2.5.1)
tensorflow-gpu PYPI version =2.5.1 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-gpu and may be impacted: - bent =0.0.9, =0.3.0, =0.4.1 Source cves: CVE-2021-41202 Source advisory: OSV:GHSA-XRQM-FPGR-6HHX...
iqradre (>=0.1.5 <=0.2.1), lurara (>=0.1.0 <=0.1.1) +5 more potentially affected by CVE-2021-41202 via tensorflow-gpu (=2.6.0)
tensorflow-gpu PYPI version =2.6.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-gpu and may be impacted: - iqradre =0.1.5, =0.1.0, =0.9.0, =1.0.5, =1.0.6 Source cves: CVE-2021-41202 Source advisory: OSV:GHSA-XRQM-FPGR-6HHX...
GHSA-XRQM-FPGR-6HHX Overflow/crash in `tf.range`
Impact While calculating the size of the output within the tf.range kernel, there is a conditional statement of type int64 = condition ? int64 : double. Due to C++ implicit conversion rules, both branches of the condition will be cast to double and the result would be truncated before the...
Overflow/crash in `tf.range`
Impact While calculating the size of the output within the tf.range kernel, there is a conditional statement of type int64 = condition ? int64 : double. Due to C++ implicit conversion rules, both branches of the condition will be cast to double and the result would be truncated before the...
125softnlp (=0.0.1), a2 (>=0.10.11 <=0.10.13) +4817 more potentially affected by CVE-2021-41203 via tensorflow (>=1.0.1 <=2.4.3)
tensorflow PYPI version =1.0.1, =0.10.11, =0.1.0, =0.0.0, =0.6.0, =0.1.6, =1.0.0, =2.0.0, =1.0.0, =0.0.1, =0.0.7 and more Source cves: CVE-2021-41203 Source advisory: OSV:GHSA-7PXJ-M4JF-R6H2...
alwakeupword (=1.0.0), armadillin (>=0.0.2 <=0.53.0) +35 more potentially affected by CVE-2021-41203 via tensorflow (>=2.6.0 <=2.6.0rc2)
tensorflow PYPI version =2.6.0, =0.0.2, =0.0.9, =0.2.0, =4.4.0, =1.1.2, =0.2.0, =0.0.1, =1.0.0, =0.1.5, =0.2.1 and more Source cves: CVE-2021-41203 Source advisory: OSV:GHSA-7PXJ-M4JF-R6H2...
arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +168 more potentially affected by CVE-2021-41203 via tensorflow-gpu (>=1.10.1 <=2.4.2)
tensorflow-gpu PYPI version =1.10.1, =0.21.0, =0.23.0, =0.9.2, =0.1.0, =0.0.1, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - brainhance =0.0.1 - cctv-analysis =0.0.2 - chatbot-nlu =1.0.0 and more Source cves: CVE-2021-41203 Source advisory: OSV:GHSA-7PXJ-M4JF-R6H2...
iqradre (>=0.1.5 <=0.2.1), lurara (>=0.1.0 <=0.1.1) +5 more potentially affected by CVE-2021-41203 via tensorflow-gpu (=2.6.0)
tensorflow-gpu PYPI version =2.6.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-gpu and may be impacted: - iqradre =0.1.5, =0.1.0, =0.9.0, =1.0.5, =1.0.6 Source cves: CVE-2021-41203 Source advisory: OSV:GHSA-7PXJ-M4JF-R6H2...
a62-emotion (>=0.10.12 <=0.11.4), aiproteomics (=0.2.1) +96 more potentially affected by CVE-2021-41203 via tensorflow-cpu (>=1.15.0 <=2.4.0)
tensorflow-cpu PYPI version =1.15.0, =0.10.12, =2.0.0, =2.0.0, =1.0.0, =0.0.5, =0.3.0, =0.0.1, =0.8.1, =0.1.1, =1.3.0, =0.1.0.dev1, =0.0.1, =0.3.3 and more Source cves: CVE-2021-41203 Source advisory: OSV:GHSA-7PXJ-M4JF-R6H2...
bent (>=0.0.9 <=0.0.80), tensorflow-recommenders-addons-gpu (>=0.3.0 <=0.4.1) potentially affected by CVE-2021-41203 via tensorflow-gpu (=2.5.1)
tensorflow-gpu PYPI version =2.5.1 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-gpu and may be impacted: - bent =0.0.9, =0.3.0, =0.4.1 Source cves: CVE-2021-41203 Source advisory: OSV:GHSA-7PXJ-M4JF-R6H2...
alphapulldown (>=0.21.2 <=0.22.3), analytics-lib (>=0.0.1 <=0.0.2) +62 more potentially affected by CVE-2021-41203 via tensorflow (>=2.5.0 <=2.5.1)
tensorflow PYPI version =2.5.0, =0.21.2, =0.0.1, =1.1.0, =0.1.0.dev2, =0.1.6, =0.8.1, =3.3.0, =0.0.24, =1.0.0, =2.0.2, =3.0.0 and more Source cves: CVE-2021-41203 Source advisory: OSV:GHSA-7PXJ-M4JF-R6H2...
GHSA-7PXJ-M4JF-R6H2 Missing validation during checkpoint loading
Impact An attacker can trigger undefined behavior, integer overflows, segfaults and CHECK-fail crashes if they can change saved checkpoints from outside of TensorFlow. This is because the checkpoints loading infrastructure is missing validation for invalid file formats. Patches We have patched th...
Missing validation during checkpoint loading
Impact An attacker can trigger undefined behavior, integer overflows, segfaults and CHECK-fail crashes if they can change saved checkpoints from outside of TensorFlow. This is because the checkpoints loading infrastructure is missing validation for invalid file formats. Patches We have patched th...