{"url":"http://public2.vulnerablecode.io/api/packages/13382?format=json","purl":"pkg:pypi/tensorflow-cpu@1.7.1","type":"pypi","namespace":"","name":"tensorflow-cpu","version":"1.7.1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"1.12.2","latest_non_vulnerable_version":"2.11.1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35355?format=json","vulnerability_id":"VCID-fjh5-fxj2-e3ap","summary":"Google TensorFlow 1.7 and below is affected by: Buffer Overflow. The impact is: execute arbitrary code (local).","references":[{"reference_url":"https://github.com/advisories/GHSA-frxx-2m33-6wcr","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-frxx-2m33-6wcr"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2019-226.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2019-226.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2019-233.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2019-233.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2019-208.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2019-208.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2018-003.md","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2018-003.md"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/41335abb46f80ca644b5738550daef6136ba5476","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/tensorflow/tensorflow/commit/41335abb46f80ca644b5738550daef6136ba5476"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/8badd11d875a826bd318ed439909d5c47a7fb811","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/tensorflow/tensorflow/commit/8badd11d875a826bd318ed439909d5c47a7fb811"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-8825","reference_id":"CVE-2018-8825","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-8825"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/13382?format=json","purl":"pkg:pypi/tensorflow-cpu@1.7.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@1.7.1"}],"aliases":["CVE-2018-8825","GHSA-frxx-2m33-6wcr","PYSEC-2019-208","PYSEC-2019-226","PYSEC-2019-233"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fjh5-fxj2-e3ap"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35358?format=json","vulnerability_id":"VCID-q81h-cm4m-93c9","summary":"Memcpy parameter overlap in Google Snappy library 1.1.4, as used in Google TensorFlow before 1.7.1, could result in a crash or read from other parts of process memory.","references":[{"reference_url":"https://github.com/advisories/GHSA-qx2v-j445-g354","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-qx2v-j445-g354"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2019-225.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2019-225.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2019-232.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2019-232.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2019-207.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2019-207.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2018-005.md","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2018-005.md"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/dfa9921e6343727b05f42f8d4a918b19528ff994","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/tensorflow/tensorflow/commit/dfa9921e6343727b05f42f8d4a918b19528ff994"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-7577","reference_id":"CVE-2018-7577","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-7577"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/13382?format=json","purl":"pkg:pypi/tensorflow-cpu@1.7.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@1.7.1"}],"aliases":["CVE-2018-7577","GHSA-qx2v-j445-g354","PYSEC-2019-207","PYSEC-2019-225","PYSEC-2019-232"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q81h-cm4m-93c9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35359?format=json","vulnerability_id":"VCID-qcq3-q226-u7gn","summary":"Google TensorFlow 1.7.x and earlier is affected by a Buffer Overflow vulnerability. The type of exploitation is context-dependent.","references":[{"reference_url":"https://github.com/advisories/GHSA-mw6v-crh8-8533","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-mw6v-crh8-8533"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2019-223.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2019-223.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2019-230.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2019-230.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2019-205.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2019-205.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2018-004.md","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2018-004.md"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/d107fee1e4a9a4462f01564798d345802acc2aef","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/tensorflow/tensorflow/commit/d107fee1e4a9a4462f01564798d345802acc2aef"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-7575","reference_id":"CVE-2018-7575","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-7575"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/13382?format=json","purl":"pkg:pypi/tensorflow-cpu@1.7.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@1.7.1"}],"aliases":["CVE-2018-7575","GHSA-mw6v-crh8-8533","PYSEC-2019-205","PYSEC-2019-223","PYSEC-2019-230"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qcq3-q226-u7gn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35356?format=json","vulnerability_id":"VCID-vwuk-11fn-ake8","summary":"Invalid memory access and/or a heap buffer overflow in the TensorFlow XLA compiler in Google TensorFlow before 1.7.1 could cause a crash or read from other parts of process memory via a crafted configuration file.","references":[{"reference_url":"https://github.com/advisories/GHSA-q492-f7gr-27rp","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-q492-f7gr-27rp"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2019-222.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2019-222.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2019-229.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2019-229.yaml"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2019-204.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2019-204.yaml"},{"reference_url":"https://github.com/tensorflow/tensorflow","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/tensorflow/tensorflow"},{"reference_url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2018-006.md","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2018-006.md"},{"reference_url":"https://github.com/tensorflow/tensorflow/commit/c89ab82a82585cdaa90bf4911980e9e845909e78","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/tensorflow/tensorflow/commit/c89ab82a82585cdaa90bf4911980e9e845909e78"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-10055","reference_id":"CVE-2018-10055","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-10055"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/13382?format=json","purl":"pkg:pypi/tensorflow-cpu@1.7.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@1.7.1"}],"aliases":["CVE-2018-10055","GHSA-q492-f7gr-27rp","PYSEC-2019-204","PYSEC-2019-222","PYSEC-2019-229"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vwuk-11fn-ake8"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/tensorflow-cpu@1.7.1"}