Search for packages
| purl | pkg:pypi/tensorflow-gpu@2.4.2 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-11qd-d7c7-sbdm
Aliases: BIT-tensorflow-2022-21731 CVE-2022-21731 GHSA-m4hf-j54p-p353 PYSEC-2022-110 PYSEC-2022-55 |
Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `ConcatV2` can be used to trigger a denial of service attack via a segfault caused by a type confusion. The `axis` argument is translated into `concat_dim` in the `ConcatShapeHelper` helper function. Then, a value for `min_rank` is computed based on `concat_dim`. This is then used to validate that the `values` tensor has at least the required rank. However, `WithRankAtLeast` receives the lower bound as a 64-bits value and then compares it against the maximum 32-bits integer value that could be represented. Due to the fact that `min_rank` is a 32-bits value and the value of `axis`, the `rank` argument is a negative value, so the error check is bypassed. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 2 other vulnerabilities. |
|
VCID-145d-k5w3-tfgz
Aliases: BIT-tensorflow-2022-23567 CVE-2022-23567 GHSA-rrx2-r989-2c43 PYSEC-2022-131 PYSEC-2022-76 |
Tensorflow is an Open Source Machine Learning Framework. The implementations of `Sparse*Cwise*` ops are vulnerable to integer overflows. These can be used to trigger large allocations (so, OOM based denial of service) or `CHECK`-fails when building new `TensorShape` objects (so, assert failures based denial of service). We are missing some validation on the shapes of the input tensors as well as directly constructing a large `TensorShape` with user-provided dimensions. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 2 other vulnerabilities. |
|
VCID-15nt-6tff-k7gb
Aliases: BIT-tensorflow-2022-23587 CVE-2022-23587 GHSA-8jj7-5vxc-pg2q PYSEC-2022-151 PYSEC-2022-96 |
Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow is vulnerable to an integer overflow during cost estimation for crop and resize. Since the cropping parameters are user controlled, a malicious person can trigger undefined behavior. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 2 other vulnerabilities. |
|
VCID-1ah5-hm7a-ykep
Aliases: BIT-tensorflow-2022-21730 CVE-2022-21730 GHSA-vjg4-v33c-ggc4 PYSEC-2022-109 PYSEC-2022-54 |
Tensorflow is an Open Source Machine Learning Framework. The implementation of `FractionalAvgPoolGrad` does not consider cases where the input tensors are invalid allowing an attacker to read from outside of bounds of heap. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 2 other vulnerabilities. |
|
VCID-1eqg-uh5g-6kck
Aliases: BIT-tensorflow-2021-29532 CVE-2021-29532 GHSA-j47f-4232-hvv8 PYSEC-2021-169 PYSEC-2021-460 PYSEC-2021-658 |
multiple issues |
Affected by 85 other vulnerabilities. |
|
VCID-1sr1-happ-6ugc
Aliases: BIT-tensorflow-2021-41221 CVE-2021-41221 GHSA-cqv6-3phm-hcwx PYSEC-2021-413 PYSEC-2021-630 PYSEC-2021-828 |
multiple issues |
Affected by 53 other vulnerabilities. Affected by 53 other vulnerabilities. Affected by 53 other vulnerabilities. Affected by 82 other vulnerabilities. |
|
VCID-22fu-tcf3-jqfa
Aliases: BIT-tensorflow-2021-29536 CVE-2021-29536 GHSA-2gfx-95x2-5v3x PYSEC-2021-173 PYSEC-2021-464 PYSEC-2021-662 |
multiple issues |
Affected by 85 other vulnerabilities. |
|
VCID-24nt-xz5z-nqdx
Aliases: BIT-tensorflow-2021-37657 CVE-2021-37657 GHSA-5xwc-mrhx-5g3m PYSEC-2021-279 PYSEC-2021-570 PYSEC-2021-768 |
multiple issues |
Affected by 85 other vulnerabilities. Affected by 85 other vulnerabilities. |
|
VCID-2cw7-2xzs-abfz
Aliases: BIT-tensorflow-2021-41217 CVE-2021-41217 GHSA-5crj-c72x-m7gq PYSEC-2021-409 PYSEC-2021-626 PYSEC-2021-824 |
multiple issues |
Affected by 53 other vulnerabilities. Affected by 53 other vulnerabilities. Affected by 53 other vulnerabilities. Affected by 82 other vulnerabilities. |
|
VCID-2hqc-3d51-4yf5
Aliases: BIT-tensorflow-2021-41198 CVE-2021-41198 GHSA-2p25-55c9-h58q PYSEC-2021-391 PYSEC-2021-608 PYSEC-2021-806 |
multiple issues |
Affected by 53 other vulnerabilities. Affected by 53 other vulnerabilities. Affected by 53 other vulnerabilities. Affected by 82 other vulnerabilities. |
|
VCID-37p1-d12g-quf8
Aliases: BIT-tensorflow-2021-37655 CVE-2021-37655 GHSA-7fvx-3jfc-2cpc PYSEC-2021-277 PYSEC-2021-568 PYSEC-2021-766 |
multiple issues |
Affected by 85 other vulnerabilities. Affected by 85 other vulnerabilities. |
|
VCID-3994-kqbn-67cn
Aliases: BIT-tensorflow-2021-37679 CVE-2021-37679 GHSA-g8wg-cjwc-xhhp PYSEC-2021-301 PYSEC-2021-592 PYSEC-2021-790 |
multiple issues |
Affected by 85 other vulnerabilities. Affected by 85 other vulnerabilities. |
|
VCID-39ck-bm9t-kqhs
Aliases: BIT-tensorflow-2022-23557 CVE-2022-23557 GHSA-gf2j-f278-xh4v PYSEC-2022-121 PYSEC-2022-66 |
Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would trigger a division by zero in `BiasAndClamp` implementation. There is no check that the `bias_size` is non zero. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 2 other vulnerabilities. |
|
VCID-3czq-3twf-skcg
Aliases: BIT-tensorflow-2022-23573 CVE-2022-23573 GHSA-q85f-69q7-55h2 PYSEC-2022-137 PYSEC-2022-82 |
Tensorflow is an Open Source Machine Learning Framework. The implementation of `AssignOp` can result in copying uninitialized data to a new tensor. This later results in undefined behavior. The implementation has a check that the left hand side of the assignment is initialized (to minimize number of allocations), but does not check that the right hand side is also initialized. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 2 other vulnerabilities. |
|
VCID-3ek8-jc2a-bfcq
Aliases: BIT-tensorflow-2021-29618 CVE-2021-29618 GHSA-xqfj-cr6q-pc8w PYSEC-2021-255 PYSEC-2021-546 PYSEC-2021-744 |
multiple issues |
Affected by 85 other vulnerabilities. |
|
VCID-3g5a-5csn-h3d9
Aliases: BIT-tensorflow-2022-23588 CVE-2022-23588 GHSA-fx5c-h9f6-rv7c PYSEC-2022-152 PYSEC-2022-97 |
Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that Grappler optimizer would attempt to build a tensor using a reference `dtype`. This would result in a crash due to a `CHECK`-fail in the `Tensor` constructor as reference types are not allowed. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 2 other vulnerabilities. |
|
VCID-3ndg-adf4-4kgw
Aliases: BIT-tensorflow-2021-29547 CVE-2021-29547 GHSA-4fg4-p75j-w5xj PYSEC-2021-184 PYSEC-2021-475 PYSEC-2021-673 |
multiple issues |
Affected by 85 other vulnerabilities. |
|
VCID-3ppf-jdk6-y3g8
Aliases: BIT-tensorflow-2021-37662 CVE-2021-37662 GHSA-f5cx-5wr3-5qrc PYSEC-2021-284 PYSEC-2021-575 PYSEC-2021-773 |
multiple issues |
Affected by 85 other vulnerabilities. Affected by 85 other vulnerabilities. |
|
VCID-466y-e26r-rka4
Aliases: BIT-tensorflow-2022-23595 CVE-2022-23595 GHSA-fpcp-9h7m-ffpx PYSEC-2022-103 PYSEC-2022-158 |
Tensorflow is an Open Source Machine Learning Framework. When building an XLA compilation cache, if default settings are used, TensorFlow triggers a null pointer dereference. In the default scenario, all devices are allowed, so `flr->config_proto` is `nullptr`. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 2 other vulnerabilities. |
|
VCID-4c8e-13wm-jyc6
Aliases: BIT-tensorflow-2021-37671 CVE-2021-37671 GHSA-qr82-2c78-4m8h PYSEC-2021-293 PYSEC-2021-584 PYSEC-2021-782 |
multiple issues |
Affected by 85 other vulnerabilities. Affected by 85 other vulnerabilities. |
|
VCID-4fax-cv4q-9bb2
Aliases: BIT-tensorflow-2021-37681 CVE-2021-37681 GHSA-7xwj-5r4v-429p PYSEC-2021-303 PYSEC-2021-594 PYSEC-2021-792 |
multiple issues |
Affected by 85 other vulnerabilities. Affected by 85 other vulnerabilities. |
|
VCID-4htf-7y2p-uyc3
Aliases: BIT-tensorflow-2021-29549 CVE-2021-29549 GHSA-x83m-p7pv-ch8v PYSEC-2021-186 PYSEC-2021-477 PYSEC-2021-675 |
multiple issues |
Affected by 85 other vulnerabilities. |
|
VCID-4z5r-weyj-abe7
Aliases: BIT-tensorflow-2021-29616 CVE-2021-29616 GHSA-4hvv-7x94-7vq8 PYSEC-2021-253 PYSEC-2021-544 PYSEC-2021-742 |
multiple issues |
Affected by 85 other vulnerabilities. |
|
VCID-55ry-uteb-7ke9
Aliases: BIT-tensorflow-2021-37661 CVE-2021-37661 GHSA-gf88-j2mg-cc82 PYSEC-2021-283 PYSEC-2021-574 PYSEC-2021-772 |
multiple issues |
Affected by 85 other vulnerabilities. Affected by 85 other vulnerabilities. |
|
VCID-58c5-tv8t-93fq
Aliases: BIT-tensorflow-2021-37678 CVE-2021-37678 GHSA-r6jx-9g48-2r5r PYSEC-2021-300 PYSEC-2021-591 PYSEC-2021-789 |
multiple issues |
Affected by 85 other vulnerabilities. Affected by 85 other vulnerabilities. |
|
VCID-5d73-819a-xbeg
Aliases: BIT-tensorflow-2021-41209 CVE-2021-41209 GHSA-6hpv-v2rx-c5g6 PYSEC-2021-401 PYSEC-2021-618 PYSEC-2021-816 |
multiple issues |
Affected by 53 other vulnerabilities. Affected by 53 other vulnerabilities. Affected by 53 other vulnerabilities. Affected by 82 other vulnerabilities. |
|
VCID-5dj1-vz8t-ffeb
Aliases: BIT-tensorflow-2021-37680 CVE-2021-37680 GHSA-cfpj-3q4c-jhvr PYSEC-2021-302 PYSEC-2021-593 PYSEC-2021-791 |
multiple issues |
Affected by 85 other vulnerabilities. Affected by 85 other vulnerabilities. |
|
VCID-5nsx-yqxh-77cb
Aliases: BIT-tensorflow-2021-29552 CVE-2021-29552 GHSA-jhq9-wm9m-cf89 PYSEC-2021-189 PYSEC-2021-480 PYSEC-2021-678 |
multiple issues |
Affected by 85 other vulnerabilities. |
|
VCID-5qyz-5xzb-zqc1
Aliases: BIT-tensorflow-2021-37674 CVE-2021-37674 GHSA-7ghq-fvr3-pj2x PYSEC-2021-296 PYSEC-2021-587 PYSEC-2021-785 |
multiple issues |
Affected by 85 other vulnerabilities. Affected by 85 other vulnerabilities. |
|
VCID-5tpp-sf62-zycs
Aliases: BIT-tensorflow-2022-23563 CVE-2022-23563 GHSA-wc4g-r73w-x8mm PYSEC-2022-127 PYSEC-2022-72 |
Tensorflow is an Open Source Machine Learning Framework. In multiple places, TensorFlow uses `tempfile.mktemp` to create temporary files. While this is acceptable in testing, in utilities and libraries it is dangerous as a different process can create the file between the check for the filename in `mktemp` and the actual creation of the file by a subsequent operation (a TOC/TOU type of weakness). In several instances, TensorFlow was supposed to actually create a temporary directory instead of a file. This logic bug is hidden away by the `mktemp` function usage. We have patched the issue in several commits, replacing `mktemp` with the safer `mkstemp`/`mkdtemp` functions, according to the usage pattern. Users are advised to upgrade as soon as possible. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 2 other vulnerabilities. |
|
VCID-5ty2-z944-mbht
Aliases: BIT-tensorflow-2021-41214 CVE-2021-41214 GHSA-vwhq-49r4-gj9v PYSEC-2021-406 PYSEC-2021-623 PYSEC-2021-821 |
multiple issues |
Affected by 53 other vulnerabilities. Affected by 53 other vulnerabilities. Affected by 53 other vulnerabilities. Affected by 82 other vulnerabilities. |
|
VCID-5xgg-h9wh-3uh7
Aliases: BIT-tensorflow-2021-41226 CVE-2021-41226 GHSA-374m-jm66-3vj8 PYSEC-2021-418 PYSEC-2021-635 PYSEC-2021-833 |
multiple issues |
Affected by 53 other vulnerabilities. Affected by 53 other vulnerabilities. Affected by 53 other vulnerabilities. Affected by 82 other vulnerabilities. |
|
VCID-64j2-brru-xqfw
Aliases: BIT-tensorflow-2021-37682 CVE-2021-37682 GHSA-4c4g-crqm-xrxw PYSEC-2021-304 PYSEC-2021-595 PYSEC-2021-793 |
multiple issues |
Affected by 85 other vulnerabilities. Affected by 85 other vulnerabilities. |
|
VCID-6888-uhtp-8ub6
Aliases: BIT-tensorflow-2022-21737 CVE-2022-21737 GHSA-f2vv-v9cg-qhh7 PYSEC-2022-116 PYSEC-2022-61 |
Tensorflow is an Open Source Machine Learning Framework. The implementation of `*Bincount` operations allows malicious users to cause denial of service by passing in arguments which would trigger a `CHECK`-fail. There are several conditions that the input arguments must satisfy. Some are not caught during shape inference and others are not caught during kernel implementation. This results in `CHECK` failures later when the output tensors get allocated. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 2 other vulnerabilities. |
|
VCID-688g-g33x-67g9
Aliases: BIT-tensorflow-2021-41223 CVE-2021-41223 GHSA-f54p-f6jp-4rhr PYSEC-2021-415 PYSEC-2021-632 PYSEC-2021-830 |
multiple issues |
Affected by 53 other vulnerabilities. Affected by 53 other vulnerabilities. Affected by 53 other vulnerabilities. Affected by 82 other vulnerabilities. |
|
VCID-6ebn-m9rw-7ya7
Aliases: BIT-tensorflow-2021-37647 CVE-2021-37647 GHSA-c5x2-p679-95wc PYSEC-2021-269 PYSEC-2021-560 PYSEC-2021-758 |
multiple issues |
Affected by 85 other vulnerabilities. Affected by 85 other vulnerabilities. |
|
VCID-6gnj-az99-h7b4
Aliases: BIT-tensorflow-2022-21735 CVE-2022-21735 GHSA-87v6-crgm-2gfj PYSEC-2022-114 PYSEC-2022-59 |
Tensorflow is an Open Source Machine Learning Framework. The implementation of `FractionalMaxPool` can be made to crash a TensorFlow process via a division by 0. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 2 other vulnerabilities. |
|
VCID-6sab-b21w-9kc9
Aliases: BIT-tensorflow-2021-37638 CVE-2021-37638 GHSA-hwr7-8gxx-fj5p PYSEC-2021-260 PYSEC-2021-551 PYSEC-2021-749 |
multiple issues |
Affected by 85 other vulnerabilities. Affected by 85 other vulnerabilities. |
|
VCID-6tpr-dnht-t3eb
Aliases: BIT-tensorflow-2021-29551 CVE-2021-29551 GHSA-vqw6-72r7-fgw7 PYSEC-2021-188 PYSEC-2021-479 PYSEC-2021-677 |
multiple issues |
Affected by 85 other vulnerabilities. |
|
VCID-6wkx-ycyz-1qhd
Aliases: BIT-tensorflow-2021-37665 CVE-2021-37665 GHSA-v82p-hv3v-p6qp PYSEC-2021-287 PYSEC-2021-578 PYSEC-2021-776 |
multiple issues |
Affected by 85 other vulnerabilities. Affected by 85 other vulnerabilities. |
|
VCID-7wsk-p6nu-7fa5
Aliases: BIT-tensorflow-2021-37636 CVE-2021-37636 GHSA-hp4c-x6r7-6555 PYSEC-2021-258 PYSEC-2021-549 PYSEC-2021-747 |
multiple issues |
Affected by 85 other vulnerabilities. Affected by 85 other vulnerabilities. |
|
VCID-81sp-dd4z-2khc
Aliases: BIT-tensorflow-2021-37670 CVE-2021-37670 GHSA-9697-98pf-4rw7 PYSEC-2021-292 PYSEC-2021-583 PYSEC-2021-781 |
multiple issues |
Affected by 85 other vulnerabilities. Affected by 85 other vulnerabilities. |
|
VCID-83pe-ztey-dbf4
Aliases: BIT-tensorflow-2022-23569 CVE-2022-23569 GHSA-qj5r-f9mv-rffh PYSEC-2022-133 PYSEC-2022-78 |
Tensorflow is an Open Source Machine Learning Framework. Multiple operations in TensorFlow can be used to trigger a denial of service via `CHECK`-fails (i.e., assertion failures). This is similar to TFSA-2021-198 and has similar fixes. We have patched the reported issues in multiple GitHub commits. It is possible that other similar instances exist in TensorFlow, we will issue fixes as these are discovered. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 2 other vulnerabilities. |
|
VCID-85qc-3pn5-1fas
Aliases: BIT-tensorflow-2021-29595 CVE-2021-29595 GHSA-vf94-36g5-69v8 PYSEC-2021-232 PYSEC-2021-523 PYSEC-2021-721 |
multiple issues |
Affected by 85 other vulnerabilities. |
|
VCID-87bh-depq-8fdm
Aliases: BIT-tensorflow-2021-37648 CVE-2021-37648 GHSA-wp77-4gmm-7cq8 PYSEC-2021-270 PYSEC-2021-561 PYSEC-2021-759 |
multiple issues |
Affected by 85 other vulnerabilities. Affected by 85 other vulnerabilities. |
|
VCID-8k4s-zwck-fkg4
Aliases: BIT-tensorflow-2021-37675 CVE-2021-37675 GHSA-9c8h-2mv3-49ww PYSEC-2021-297 PYSEC-2021-588 PYSEC-2021-786 |
multiple issues |
Affected by 85 other vulnerabilities. Affected by 85 other vulnerabilities. |
|
VCID-8ndu-z4z1-guds
Aliases: BIT-tensorflow-2021-29546 CVE-2021-29546 GHSA-m34j-p8rj-wjxq PYSEC-2021-183 PYSEC-2021-474 PYSEC-2021-672 |
multiple issues |
Affected by 85 other vulnerabilities. |
|
VCID-8qh6-fg49-u3b2
Aliases: BIT-tensorflow-2021-37660 CVE-2021-37660 GHSA-cm5x-837x-jf3c PYSEC-2021-282 PYSEC-2021-573 PYSEC-2021-771 |
multiple issues |
Affected by 85 other vulnerabilities. Affected by 85 other vulnerabilities. |
|
VCID-97cs-4kx3-37gm
Aliases: BIT-tensorflow-2022-21733 CVE-2022-21733 GHSA-98j8-c9q4-r38g PYSEC-2022-112 PYSEC-2022-57 |
Tensorflow is an Open Source Machine Learning Framework. The implementation of `StringNGrams` can be used to trigger a denial of service attack by causing an out of memory condition after an integer overflow. We are missing a validation on `pad_witdh` and that result in computing a negative value for `ngram_width` which is later used to allocate parts of the output. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 2 other vulnerabilities. |
|
VCID-984t-vw4n-wqf5
Aliases: BIT-tensorflow-2021-29568 CVE-2021-29568 GHSA-4p4p-www8-8fv9 PYSEC-2021-205 PYSEC-2021-496 PYSEC-2021-694 |
multiple issues |
Affected by 85 other vulnerabilities. |
|
VCID-9arh-a8wj-wka6
Aliases: BIT-tensorflow-2022-21734 CVE-2022-21734 GHSA-gcvh-66ff-4mwm PYSEC-2022-113 PYSEC-2022-58 |
Tensorflow is an Open Source Machine Learning Framework. The implementation of `MapStage` is vulnerable a `CHECK`-fail if the key tensor is not a scalar. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 2 other vulnerabilities. |
|
VCID-9dhc-1f13-5qht
Aliases: BIT-tensorflow-2021-41219 CVE-2021-41219 GHSA-4f99-p9c2-3j8x PYSEC-2021-411 PYSEC-2021-628 PYSEC-2021-826 |
multiple issues |
Affected by 53 other vulnerabilities. Affected by 53 other vulnerabilities. Affected by 53 other vulnerabilities. Affected by 82 other vulnerabilities. |
|
VCID-9faa-mq8t-z7c1
Aliases: BIT-tensorflow-2021-37651 CVE-2021-37651 GHSA-hpv4-7p9c-mvfr PYSEC-2021-273 PYSEC-2021-564 PYSEC-2021-762 |
multiple issues |
Affected by 85 other vulnerabilities. Affected by 85 other vulnerabilities. |
|
VCID-9gde-ga9q-pqb4
Aliases: BIT-tensorflow-2021-41207 CVE-2021-41207 GHSA-7v94-64hj-m82h PYSEC-2021-399 PYSEC-2021-616 PYSEC-2021-814 |
multiple issues |
Affected by 53 other vulnerabilities. Affected by 53 other vulnerabilities. Affected by 53 other vulnerabilities. Affected by 82 other vulnerabilities. |
|
VCID-9snf-qxka-83hd
Aliases: BIT-tensorflow-2021-41204 CVE-2021-41204 GHSA-786j-5qwq-r36x PYSEC-2021-397 PYSEC-2021-614 PYSEC-2021-812 |
multiple issues |
Affected by 53 other vulnerabilities. Affected by 53 other vulnerabilities. Affected by 53 other vulnerabilities. Affected by 82 other vulnerabilities. |
|
VCID-9vmj-dga9-vbah
Aliases: BIT-tensorflow-2021-29540 CVE-2021-29540 GHSA-xgc3-m89p-vr3x PYSEC-2021-177 PYSEC-2021-468 PYSEC-2021-666 |
multiple issues |
Affected by 85 other vulnerabilities. |
|
VCID-aad5-dg9x-53cz
Aliases: BIT-tensorflow-2021-41199 CVE-2021-41199 GHSA-5hx2-qx8j-qjqm PYSEC-2021-392 PYSEC-2021-609 PYSEC-2021-807 |
multiple issues |
Affected by 53 other vulnerabilities. Affected by 53 other vulnerabilities. Affected by 53 other vulnerabilities. Affected by 82 other vulnerabilities. |
|
VCID-ahyr-2qmm-tqbb
Aliases: BIT-tensorflow-2021-29587 CVE-2021-29587 GHSA-j7rm-8ww4-xx2g PYSEC-2021-224 PYSEC-2021-515 PYSEC-2021-713 |
multiple issues |
Affected by 85 other vulnerabilities. |
|
VCID-akmu-fas1-33h6
Aliases: BIT-tensorflow-2022-21741 CVE-2022-21741 GHSA-428x-9xc2-m8mj PYSEC-2022-120 PYSEC-2022-65 |
Tensorflow is an Open Source Machine Learning Framework. ### Impact An attacker can craft a TFLite model that would trigger a division by zero in the implementation of depthwise convolutions. The parameters of the convolution can be user controlled and are also used within a division operation to determine the size of the padding that needs to be added before applying the convolution. There is no check before this division that the divisor is strictly positive. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 2 other vulnerabilities. |
|
VCID-axj7-aq9m-rqdu
Aliases: BIT-tensorflow-2022-23571 CVE-2022-23571 GHSA-j3mj-fhpq-qqjj PYSEC-2022-135 PYSEC-2022-80 |
Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, a TensorFlow process can encounter cases where a `CHECK` assertion is invalidated based on user controlled arguments, if the tensors have an invalid `dtype` and 0 elements or an invalid shape. This allows attackers to cause denial of services in TensorFlow processes. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 2 other vulnerabilities. |
|
VCID-b8fg-9cu3-5khz
Aliases: BIT-tensorflow-2021-29610 CVE-2021-29610 GHSA-mq5c-prh3-3f3h PYSEC-2021-247 PYSEC-2021-538 PYSEC-2021-736 |
multiple issues |
Affected by 85 other vulnerabilities. |
|
VCID-b8sr-erwh-5yh8
Aliases: BIT-tensorflow-2021-41228 CVE-2021-41228 GHSA-3rcw-9p9x-582v PYSEC-2021-420 PYSEC-2021-637 PYSEC-2021-835 |
multiple issues |
Affected by 53 other vulnerabilities. Affected by 53 other vulnerabilities. Affected by 53 other vulnerabilities. Affected by 82 other vulnerabilities. |
|
VCID-bcub-rasm-nbbq
Aliases: BIT-tensorflow-2021-37639 CVE-2021-37639 GHSA-gh6x-4whr-2qv4 PYSEC-2021-261 PYSEC-2021-552 PYSEC-2021-750 |
multiple issues |
Affected by 85 other vulnerabilities. Affected by 85 other vulnerabilities. |
|
VCID-bkk1-p7vx-vkdh
Aliases: BIT-tensorflow-2021-29585 CVE-2021-29585 GHSA-mv78-g7wq-mhp4 PYSEC-2021-222 PYSEC-2021-513 PYSEC-2021-711 |
multiple issues |
Affected by 85 other vulnerabilities. |
|
VCID-bm3u-2ych-eqac
Aliases: BIT-tensorflow-2021-41227 CVE-2021-41227 GHSA-j8c8-67vp-6mx7 PYSEC-2021-419 PYSEC-2021-636 PYSEC-2021-834 |
multiple issues |
Affected by 53 other vulnerabilities. Affected by 53 other vulnerabilities. Affected by 53 other vulnerabilities. Affected by 82 other vulnerabilities. |
|
VCID-bw75-tr4m-vygp
Aliases: BIT-tensorflow-2021-29543 CVE-2021-29543 GHSA-fphq-gw9m-ghrv PYSEC-2021-180 PYSEC-2021-471 PYSEC-2021-669 |
multiple issues |
Affected by 85 other vulnerabilities. |
|
VCID-bzfw-bhxx-b7df
Aliases: BIT-tensorflow-2021-37658 CVE-2021-37658 GHSA-6p5r-g9mq-ggh2 PYSEC-2021-280 PYSEC-2021-571 PYSEC-2021-769 |
multiple issues |
Affected by 85 other vulnerabilities. Affected by 85 other vulnerabilities. |
|
VCID-bzsf-bjda-3ber
Aliases: BIT-tensorflow-2021-37649 CVE-2021-37649 GHSA-6gv8-p3vj-pxvr PYSEC-2021-271 PYSEC-2021-562 PYSEC-2021-760 |
multiple issues |
Affected by 85 other vulnerabilities. Affected by 85 other vulnerabilities. |
|
VCID-c2rb-aeku-dfdu
Aliases: BIT-tensorflow-2021-29558 CVE-2021-29558 GHSA-mqh2-9wrp-vx84 PYSEC-2021-195 PYSEC-2021-486 PYSEC-2021-684 |
multiple issues |
Affected by 85 other vulnerabilities. |
|
VCID-ccv1-pgda-r7ba
Aliases: BIT-tensorflow-2022-23566 CVE-2022-23566 GHSA-5qw5-89mw-wcg2 PYSEC-2022-130 PYSEC-2022-75 |
Tensorflow is an Open Source Machine Learning Framework. TensorFlow is vulnerable to a heap OOB write in `Grappler`. The `set_output` function writes to an array at the specified index. Hence, this gives a malicious user a write primitive. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 2 other vulnerabilities. |
|
VCID-cggq-9awk-3qfm
Aliases: BIT-tensorflow-2021-37688 CVE-2021-37688 GHSA-vcjj-9vg7-vf68 PYSEC-2021-310 PYSEC-2021-601 PYSEC-2021-799 |
multiple issues |
Affected by 85 other vulnerabilities. Affected by 85 other vulnerabilities. |
|
VCID-cu5c-pmqv-xkdz
Aliases: BIT-tensorflow-2021-41200 CVE-2021-41200 GHSA-gh8h-7j2j-qv4f PYSEC-2021-393 PYSEC-2021-610 PYSEC-2021-808 |
multiple issues |
Affected by 53 other vulnerabilities. Affected by 53 other vulnerabilities. Affected by 53 other vulnerabilities. Affected by 82 other vulnerabilities. |
|
VCID-cwvm-wntu-tfck
Aliases: BIT-tensorflow-2022-23579 CVE-2022-23579 GHSA-5f2r-qp73-37mr PYSEC-2022-143 PYSEC-2022-88 |
Tensorflow is an Open Source Machine Learning Framework. The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a `SavedModel` such that `SafeToRemoveIdentity` would trigger `CHECK` failures. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 2 other vulnerabilities. |
|
VCID-cyk5-z76t-9bgc
Aliases: BIT-tensorflow-2021-37667 CVE-2021-37667 GHSA-w74j-v8xh-3w5h PYSEC-2021-289 PYSEC-2021-580 PYSEC-2021-778 |
multiple issues |
Affected by 85 other vulnerabilities. Affected by 85 other vulnerabilities. |
|
VCID-d3dc-su6w-s3ag
Aliases: BIT-tensorflow-2022-21726 CVE-2022-21726 GHSA-23hm-7w47-xw72 PYSEC-2022-105 PYSEC-2022-50 |
Tensorflow is an Open Source Machine Learning Framework. The implementation of `Dequantize` does not fully validate the value of `axis` and can result in heap OOB accesses. The `axis` argument can be `-1` (the default value for the optional argument) or any other positive value at most the number of dimensions of the input. Unfortunately, the upper bound is not checked and this results in reading past the end of the array containing the dimensions of the input tensor. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 2 other vulnerabilities. |
|
VCID-d7j8-4k9m-9kb5
Aliases: BIT-tensorflow-2021-29545 CVE-2021-29545 GHSA-hmg3-c7xj-6qwm PYSEC-2021-182 PYSEC-2021-473 PYSEC-2021-671 |
multiple issues |
Affected by 85 other vulnerabilities. |
|
VCID-ddf8-mugz-pbbk
Aliases: BIT-tensorflow-2021-37644 CVE-2021-37644 GHSA-27j5-4p9v-pp67 PYSEC-2021-266 PYSEC-2021-557 PYSEC-2021-755 |
multiple issues |
Affected by 85 other vulnerabilities. Affected by 85 other vulnerabilities. |
|
VCID-ee2j-htng-z7d3
Aliases: BIT-tensorflow-2021-29538 CVE-2021-29538 GHSA-j8qc-5fqr-52fp PYSEC-2021-175 PYSEC-2021-466 PYSEC-2021-664 |
multiple issues |
Affected by 85 other vulnerabilities. |
|
VCID-egc6-6pwr-fyej
Aliases: BIT-tensorflow-2022-23577 CVE-2022-23577 GHSA-8cxv-76p7-jxwr PYSEC-2022-141 PYSEC-2022-86 |
Tensorflow is an Open Source Machine Learning Framework. The implementation of `GetInitOp` is vulnerable to a crash caused by dereferencing a null pointer. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 2 other vulnerabilities. |
|
VCID-ekez-y9nd-bbgz
Aliases: BIT-tensorflow-2021-29563 CVE-2021-29563 GHSA-ph87-fvjr-v33w PYSEC-2021-200 PYSEC-2021-491 PYSEC-2021-689 |
multiple issues |
Affected by 85 other vulnerabilities. |
|
VCID-en5f-xtha-cyhp
Aliases: BIT-tensorflow-2022-23586 CVE-2022-23586 GHSA-43jf-985q-588j PYSEC-2022-150 PYSEC-2022-95 |
Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that assertions in `function.cc` would be falsified and crash the Python interpreter. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 2 other vulnerabilities. |
|
VCID-ev23-kazv-nkas
Aliases: BIT-tensorflow-2022-23575 CVE-2022-23575 GHSA-c94w-c95p-phf8 PYSEC-2022-139 PYSEC-2022-84 |
Tensorflow is an Open Source Machine Learning Framework. The implementation of `OpLevelCostEstimator::CalculateTensorSize` is vulnerable to an integer overflow if an attacker can create an operation which would involve a tensor with large enough number of elements. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 2 other vulnerabilities. |
|
VCID-ev84-gxjn-6bf1
Aliases: BIT-tensorflow-2022-21727 CVE-2022-21727 GHSA-c6fh-56w7-fvjw PYSEC-2022-106 PYSEC-2022-51 |
Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulnerable to an integer overflow weakness. The `axis` argument can be `-1` (the default value for the optional argument) or any other positive value at most the number of dimensions of the input. Unfortunately, the upper bound is not checked, and, since the code computes `axis + 1`, an attacker can trigger an integer overflow. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 2 other vulnerabilities. |
|
VCID-exm3-hpp6-g7hg
Aliases: BIT-tensorflow-2021-41205 CVE-2021-41205 GHSA-49rx-x2rw-pc6f PYSEC-2021-398 PYSEC-2021-615 PYSEC-2021-813 |
multiple issues |
Affected by 53 other vulnerabilities. Affected by 53 other vulnerabilities. Affected by 53 other vulnerabilities. Affected by 82 other vulnerabilities. |
|
VCID-eyqx-7k24-zfhq
Aliases: BIT-tensorflow-2022-21738 CVE-2022-21738 GHSA-x4qx-4fjv-hmw6 PYSEC-2022-117 PYSEC-2022-62 |
Tensorflow is an Open Source Machine Learning Framework. The implementation of `SparseCountSparseOutput` can be made to crash a TensorFlow process by an integer overflow whose result is then used in a memory allocation. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 2 other vulnerabilities. |
|
VCID-f25m-udat-n3fd
Aliases: BIT-tensorflow-2022-23562 CVE-2022-23562 GHSA-qx3f-p745-w4hr PYSEC-2022-126 PYSEC-2022-71 |
Tensorflow is an Open Source Machine Learning Framework. The implementation of `Range` suffers from integer overflows. These can trigger undefined behavior or, in some scenarios, extremely large allocations. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 2 other vulnerabilities. |
|
VCID-f3cx-k63z-7qde
Aliases: BIT-tensorflow-2022-23559 CVE-2022-23559 GHSA-98p5-x8x4-c9m5 PYSEC-2022-123 PYSEC-2022-68 |
Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in embedding lookup operations. Both `embedding_size` and `lookup_size` are products of values provided by the user. Hence, a malicious user could trigger overflows in the multiplication. In certain scenarios, this can then result in heap OOB read/write. Users are advised to upgrade to a patched version. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 2 other vulnerabilities. |
|
VCID-f8xv-gky2-kuhu
Aliases: BIT-tensorflow-2021-29537 CVE-2021-29537 GHSA-8c89-2vwr-chcq PYSEC-2021-174 PYSEC-2021-465 PYSEC-2021-663 |
multiple issues |
Affected by 85 other vulnerabilities. |
|
VCID-fasn-dhy8-yub8
Aliases: BIT-tensorflow-2021-29556 CVE-2021-29556 GHSA-fxqh-cfjm-fp93 PYSEC-2021-193 PYSEC-2021-484 PYSEC-2021-682 |
multiple issues |
Affected by 85 other vulnerabilities. |
|
VCID-fe5k-3n3u-j3cg
Aliases: BIT-tensorflow-2021-29571 CVE-2021-29571 GHSA-whr9-vfh2-7hm6 PYSEC-2021-208 PYSEC-2021-499 PYSEC-2021-697 |
multiple issues |
Affected by 85 other vulnerabilities. |
|
VCID-fggx-3rzd-8kf5
Aliases: BIT-tensorflow-2022-23585 CVE-2022-23585 GHSA-fq6p-6334-8gr4 PYSEC-2022-149 PYSEC-2022-94 |
Tensorflow is an Open Source Machine Learning Framework. When decoding PNG images TensorFlow can produce a memory leak if the image is invalid. After calling `png::CommonInitDecode(..., &decode)`, the `decode` value contains allocated buffers which can only be freed by calling `png::CommonFreeDecode(&decode)`. However, several error case in the function implementation invoke the `OP_REQUIRES` macro which immediately terminates the execution of the function, without allowing for the memory free to occur. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 2 other vulnerabilities. |
|
VCID-fhfh-ryxe-67ha
Aliases: BIT-tensorflow-2021-37664 CVE-2021-37664 GHSA-r4c4-5fpq-56wg PYSEC-2021-286 PYSEC-2021-577 PYSEC-2021-775 |
multiple issues |
Affected by 85 other vulnerabilities. Affected by 85 other vulnerabilities. |
|
VCID-fx76-8ajz-qkd3
Aliases: BIT-tensorflow-2021-29535 CVE-2021-29535 GHSA-m3f9-w3p3-p669 PYSEC-2021-172 PYSEC-2021-463 PYSEC-2021-661 |
multiple issues |
Affected by 85 other vulnerabilities. |
|
VCID-g144-4yvx-xybr
Aliases: BIT-tensorflow-2021-41202 CVE-2021-41202 GHSA-xrqm-fpgr-6hhx PYSEC-2021-395 PYSEC-2021-612 PYSEC-2021-810 |
multiple issues |
Affected by 53 other vulnerabilities. Affected by 53 other vulnerabilities. Affected by 53 other vulnerabilities. Affected by 82 other vulnerabilities. |
|
VCID-g423-bnfj-kybz
Aliases: BIT-tensorflow-2021-41224 CVE-2021-41224 GHSA-rg3m-hqc5-344v PYSEC-2021-416 PYSEC-2021-633 PYSEC-2021-831 |
multiple issues |
Affected by 53 other vulnerabilities. Affected by 53 other vulnerabilities. Affected by 53 other vulnerabilities. Affected by 82 other vulnerabilities. |
|
VCID-g4y6-tura-gbhx
Aliases: BIT-tensorflow-2021-37653 CVE-2021-37653 GHSA-qjj8-32p7-h289 PYSEC-2021-275 PYSEC-2021-566 PYSEC-2021-764 |
multiple issues |
Affected by 85 other vulnerabilities. Affected by 85 other vulnerabilities. |
|
VCID-g8er-52ns-j7b1
Aliases: BIT-tensorflow-2022-21728 CVE-2022-21728 GHSA-6gmv-pjp9-p8w8 PYSEC-2022-107 PYSEC-2022-52 |
Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `ReverseSequence` does not fully validate the value of `batch_dim` and can result in a heap OOB read. There is a check to make sure the value of `batch_dim` does not go over the rank of the input, but there is no check for negative values. Negative dimensions are allowed in some cases to mimic Python's negative indexing (i.e., indexing from the end of the array), however if the value is too negative then the implementation of `Dim` would access elements before the start of an array. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 2 other vulnerabilities. |
|
VCID-g8ts-ghhv-33e3
Aliases: BIT-tensorflow-2022-23580 CVE-2022-23580 GHSA-627q-g293-49q7 PYSEC-2022-144 PYSEC-2022-89 |
Tensorflow is an Open Source Machine Learning Framework. During shape inference, TensorFlow can allocate a large vector based on a value from a tensor controlled by the user. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 2 other vulnerabilities. |
|
VCID-gbft-tx74-wkhf
Aliases: BIT-tensorflow-2021-41210 CVE-2021-41210 GHSA-m342-ff57-4jcc PYSEC-2021-402 PYSEC-2021-619 PYSEC-2021-817 |
multiple issues |
Affected by 53 other vulnerabilities. Affected by 53 other vulnerabilities. Affected by 53 other vulnerabilities. Affected by 82 other vulnerabilities. |
|
VCID-gg52-vvcd-zben
Aliases: BIT-tensorflow-2021-37691 CVE-2021-37691 GHSA-27qf-jwm8-g7f3 PYSEC-2021-313 PYSEC-2021-604 PYSEC-2021-802 |
multiple issues |
Affected by 85 other vulnerabilities. Affected by 85 other vulnerabilities. |
|
VCID-gg98-zkw8-5ben
Aliases: BIT-tensorflow-2022-21725 CVE-2022-21725 GHSA-v3f7-j968-4h5f PYSEC-2022-104 PYSEC-2022-49 |
Tensorflow is an Open Source Machine Learning Framework. The estimator for the cost of some convolution operations can be made to execute a division by 0. The function fails to check that the stride argument is strictly positive. Hence, the fix is to add a check for the stride argument to ensure it is valid. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 2 other vulnerabilities. |
|
VCID-gm34-n1kp-5qh4
Aliases: BIT-tensorflow-2021-37652 CVE-2021-37652 GHSA-m7fm-4jfh-jrg6 PYSEC-2021-274 PYSEC-2021-565 PYSEC-2021-763 |
multiple issues |
Affected by 85 other vulnerabilities. Affected by 85 other vulnerabilities. |
|
VCID-gvws-rve9-nbat
Aliases: BIT-tensorflow-2021-37642 CVE-2021-37642 GHSA-ch4f-829c-v5pw PYSEC-2021-264 PYSEC-2021-555 PYSEC-2021-753 |
multiple issues |
Affected by 85 other vulnerabilities. Affected by 85 other vulnerabilities. |
|
VCID-hfhh-k29v-1kaf
Aliases: BIT-tensorflow-2021-37683 CVE-2021-37683 GHSA-rhrq-64mq-hf9h PYSEC-2021-305 PYSEC-2021-596 PYSEC-2021-794 |
multiple issues |
Affected by 85 other vulnerabilities. Affected by 85 other vulnerabilities. |
|
VCID-hk2y-fdnq-ybf1
Aliases: BIT-tensorflow-2021-37690 CVE-2021-37690 GHSA-3hxh-8cp2-g4hg PYSEC-2021-312 PYSEC-2021-603 PYSEC-2021-801 |
multiple issues |
Affected by 85 other vulnerabilities. Affected by 85 other vulnerabilities. |
|
VCID-hpt6-maej-a3fb
Aliases: BIT-tensorflow-2021-37654 CVE-2021-37654 GHSA-2r8p-fg3c-wcj4 PYSEC-2021-276 PYSEC-2021-567 PYSEC-2021-765 |
multiple issues |
Affected by 85 other vulnerabilities. Affected by 85 other vulnerabilities. |
|
VCID-htjj-5ms9-akfz
Aliases: BIT-tensorflow-2021-29544 CVE-2021-29544 GHSA-6g85-3hm8-83f9 PYSEC-2021-181 PYSEC-2021-472 PYSEC-2021-670 |
multiple issues |
Affected by 85 other vulnerabilities. |
|
VCID-hujj-6vv2-u3c2
Aliases: BIT-tensorflow-2022-23583 CVE-2022-23583 GHSA-gjqc-q9g6-q2j3 PYSEC-2022-147 PYSEC-2022-92 |
Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that any binary op would trigger `CHECK` failures. This occurs when the protobuf part corresponding to the tensor arguments is modified such that the `dtype` no longer matches the `dtype` expected by the op. In that case, calling the templated binary operator for the binary op would receive corrupted data, due to the type confusion involved. If `Tin` and `Tout` don't match the type of data in `out` and `input_*` tensors then `flat<*>` would interpret it wrongly. In most cases, this would be a silent failure, but we have noticed scenarios where this results in a `CHECK` crash, hence a denial of service. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 2 other vulnerabilities. |
|
VCID-jbqp-8s14-nqf6
Aliases: BIT-tensorflow-2021-29514 CVE-2021-29514 GHSA-8h46-5m9h-7553 PYSEC-2021-151 PYSEC-2021-442 PYSEC-2021-640 |
multiple issues |
Affected by 85 other vulnerabilities. |
|
VCID-jdud-ufqp-4yg5
Aliases: BIT-tensorflow-2022-23591 CVE-2022-23591 GHSA-247x-2f9f-5wp7 PYSEC-2022-100 PYSEC-2022-155 |
Tensorflow is an Open Source Machine Learning Framework. The `GraphDef` format in TensorFlow does not allow self recursive functions. The runtime assumes that this invariant is satisfied. However, a `GraphDef` containing a fragment such as the following can be consumed when loading a `SavedModel`. This would result in a stack overflow during execution as resolving each `NodeDef` means resolving the function itself and its nodes. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 2 other vulnerabilities. |
|
VCID-k149-grwj-cyg5
Aliases: BIT-tensorflow-2021-37635 CVE-2021-37635 GHSA-cgfm-62j4-v4rf PYSEC-2021-257 PYSEC-2021-548 PYSEC-2021-746 |
multiple issues |
Affected by 85 other vulnerabilities. Affected by 85 other vulnerabilities. |
|
VCID-kta3-2zcq-83ch
Aliases: BIT-tensorflow-2021-37684 CVE-2021-37684 GHSA-q7f7-544h-67h9 PYSEC-2021-306 PYSEC-2021-597 PYSEC-2021-795 |
multiple issues |
Affected by 85 other vulnerabilities. Affected by 85 other vulnerabilities. |
|
VCID-kupu-frrt-pqen
Aliases: BIT-tensorflow-2021-41216 CVE-2021-41216 GHSA-3ff2-r28g-w7h9 PYSEC-2021-408 PYSEC-2021-625 PYSEC-2021-823 |
multiple issues |
Affected by 53 other vulnerabilities. Affected by 53 other vulnerabilities. Affected by 53 other vulnerabilities. Affected by 82 other vulnerabilities. |
|
VCID-kuxe-7hab-a3cv
Aliases: BIT-tensorflow-2021-37666 CVE-2021-37666 GHSA-w4xf-2pqw-5mq7 PYSEC-2021-288 PYSEC-2021-579 PYSEC-2021-777 |
multiple issues |
Affected by 85 other vulnerabilities. Affected by 85 other vulnerabilities. |
|
VCID-ky4u-eny7-33fy
Aliases: BIT-tensorflow-2022-21729 CVE-2022-21729 GHSA-34f9-hjfq-rr8j PYSEC-2022-108 PYSEC-2022-53 |
Tensorflow is an Open Source Machine Learning Framework. The implementation of `UnravelIndex` is vulnerable to a division by zero caused by an integer overflow bug. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 2 other vulnerabilities. |
|
VCID-m4na-tgrp-d7fk
Aliases: BIT-tensorflow-2022-23576 CVE-2022-23576 GHSA-wm93-f238-7v37 PYSEC-2022-140 PYSEC-2022-85 |
Tensorflow is an Open Source Machine Learning Framework. The implementation of `OpLevelCostEstimator::CalculateOutputSize` is vulnerable to an integer overflow if an attacker can create an operation which would involve tensors with large enough number of elements. We can have a large enough number of dimensions in `output_shape.dim()` or just a small number of dimensions being large enough to cause an overflow in the multiplication. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 2 other vulnerabilities. |
|
VCID-m5yn-gjpw-53b5
Aliases: BIT-tensorflow-2021-37689 CVE-2021-37689 GHSA-wf5p-c75w-w3wh PYSEC-2021-311 PYSEC-2021-602 PYSEC-2021-800 |
multiple issues |
Affected by 85 other vulnerabilities. Affected by 85 other vulnerabilities. |
|
VCID-mh7p-x5et-67h4
Aliases: BIT-tensorflow-2021-37637 CVE-2021-37637 GHSA-c9qf-r67m-p7cg PYSEC-2021-259 PYSEC-2021-550 PYSEC-2021-748 |
multiple issues |
Affected by 85 other vulnerabilities. Affected by 85 other vulnerabilities. |
|
VCID-mt3j-jwu5-pueu
Aliases: BIT-tensorflow-2021-37685 CVE-2021-37685 GHSA-c545-c4f9-rf6v PYSEC-2021-307 PYSEC-2021-598 PYSEC-2021-796 |
multiple issues |
Affected by 85 other vulnerabilities. Affected by 85 other vulnerabilities. |
|
VCID-mtqg-yga8-eqeu
Aliases: BIT-tensorflow-2022-23581 CVE-2022-23581 GHSA-fq86-3f29-px2c PYSEC-2022-145 PYSEC-2022-90 |
Tensorflow is an Open Source Machine Learning Framework. The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a `SavedModel` such that `IsSimplifiableReshape` would trigger `CHECK` failures. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 2 other vulnerabilities. |
|
VCID-mtxy-nkwy-pkcz
Aliases: BIT-tensorflow-2021-29583 CVE-2021-29583 GHSA-9xh4-23q4-v6wr PYSEC-2021-220 PYSEC-2021-511 PYSEC-2021-709 |
multiple issues |
Affected by 85 other vulnerabilities. |
|
VCID-myjm-gbbc-qucg
Aliases: BIT-tensorflow-2021-41203 CVE-2021-41203 GHSA-7pxj-m4jf-r6h2 PYSEC-2021-396 PYSEC-2021-613 PYSEC-2021-811 |
multiple issues |
Affected by 53 other vulnerabilities. Affected by 53 other vulnerabilities. Affected by 53 other vulnerabilities. Affected by 82 other vulnerabilities. |
|
VCID-n2wb-menj-87hu
Aliases: BIT-tensorflow-2021-29534 CVE-2021-29534 GHSA-6j9c-grc6-5m6g PYSEC-2021-171 PYSEC-2021-462 PYSEC-2021-660 |
multiple issues |
Affected by 85 other vulnerabilities. |
|
VCID-n62z-1akp-ebck
Aliases: BIT-tensorflow-2022-23584 CVE-2022-23584 GHSA-24x4-6qmh-88qg PYSEC-2022-148 PYSEC-2022-93 |
Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a use after free behavior when decoding PNG images. After `png::CommonFreeDecode(&decode)` gets called, the values of `decode.width` and `decode.height` are in an unspecified state. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 2 other vulnerabilities. |
|
VCID-nfr9-fgdn-4kh8
Aliases: BIT-tensorflow-2021-41222 CVE-2021-41222 GHSA-cpf4-wx82-gxp6 PYSEC-2021-414 PYSEC-2021-631 PYSEC-2021-829 |
multiple issues |
Affected by 53 other vulnerabilities. Affected by 53 other vulnerabilities. Affected by 53 other vulnerabilities. Affected by 82 other vulnerabilities. |
|
VCID-ngkq-s26c-qkfj
Aliases: BIT-tensorflow-2022-23589 CVE-2022-23589 GHSA-9px9-73fg-3fqp PYSEC-2022-153 PYSEC-2022-98 |
Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow can trigger a null pointer dereference. There are 2 places where this can occur, for the same malicious alteration of a `SavedModel` file (fixing the first one would trigger the same dereference in the second place). First, during constant folding, the `GraphDef` might not have the required nodes for the binary operation. If a node is missing, the correposning `mul_*child` would be null, and the dereference in the subsequent line would be incorrect. We have a similar issue during `IsIdentityConsumingSwitch`. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 2 other vulnerabilities. |
|
VCID-ngsv-ca8h-q7bg
Aliases: BIT-tensorflow-2021-37645 CVE-2021-37645 GHSA-9w2p-5mgw-p94c PYSEC-2021-267 PYSEC-2021-558 PYSEC-2021-756 |
multiple issues |
Affected by 85 other vulnerabilities. Affected by 85 other vulnerabilities. |
|
VCID-nhv1-35p3-tyfq
Aliases: BIT-tensorflow-2021-37641 CVE-2021-37641 GHSA-9c8h-vvrj-w2p8 PYSEC-2021-263 PYSEC-2021-554 PYSEC-2021-752 |
multiple issues |
Affected by 85 other vulnerabilities. Affected by 85 other vulnerabilities. |
|
VCID-ntth-8qpp-jfet
Aliases: BIT-tensorflow-2021-37673 CVE-2021-37673 GHSA-278g-rq84-9hmg PYSEC-2021-295 PYSEC-2021-586 PYSEC-2021-784 |
multiple issues |
Affected by 85 other vulnerabilities. Affected by 85 other vulnerabilities. |
|
VCID-pe9p-a7nn-8bhj
Aliases: BIT-tensorflow-2022-23582 CVE-2022-23582 GHSA-4j82-5ccr-4r8v PYSEC-2022-146 PYSEC-2022-91 |
Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that `TensorByteSize` would trigger `CHECK` failures. `TensorShape` constructor throws a `CHECK`-fail if shape is partial or has a number of elements that would overflow the size of an `int`. The `PartialTensorShape` constructor instead does not cause a `CHECK`-abort if the shape is partial, which is exactly what this function needs to be able to return `-1`. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 2 other vulnerabilities. |
|
VCID-pwmn-8jqu-83es
Aliases: BIT-tensorflow-2021-29550 CVE-2021-29550 GHSA-f78g-q7r4-9wcv PYSEC-2021-187 PYSEC-2021-478 PYSEC-2021-676 |
multiple issues |
Affected by 85 other vulnerabilities. |
|
VCID-q4zv-syab-bbh8
Aliases: BIT-tensorflow-2022-23558 CVE-2022-23558 GHSA-9gwq-6cwj-47h3 PYSEC-2022-122 PYSEC-2022-67 |
Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in `TfLiteIntArrayCreate`. The `TfLiteIntArrayGetSizeInBytes` returns an `int` instead of a `size_t. An attacker can control model inputs such that `computed_size` overflows the size of `int` datatype. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 2 other vulnerabilities. |
|
VCID-q5yr-cajq-1bcj
Aliases: BIT-tensorflow-2021-29589 CVE-2021-29589 GHSA-3w67-q784-6w7c PYSEC-2021-226 PYSEC-2021-517 PYSEC-2021-715 |
multiple issues |
Affected by 85 other vulnerabilities. |
|
VCID-qa9p-g79v-fbe1
Aliases: BIT-tensorflow-2021-37650 CVE-2021-37650 GHSA-f8h4-7rgh-q2gm PYSEC-2021-272 PYSEC-2021-563 PYSEC-2021-761 |
multiple issues |
Affected by 85 other vulnerabilities. Affected by 85 other vulnerabilities. |
|
VCID-qdnt-cg25-5kdx
Aliases: BIT-tensorflow-2021-41197 CVE-2021-41197 GHSA-prcg-wp5q-rv7p PYSEC-2021-390 PYSEC-2021-607 PYSEC-2021-805 |
multiple issues |
Affected by 53 other vulnerabilities. Affected by 53 other vulnerabilities. Affected by 53 other vulnerabilities. Affected by 82 other vulnerabilities. |
|
VCID-qgr6-bqrc-puhs
Aliases: BIT-tensorflow-2022-23560 CVE-2022-23560 GHSA-4hvf-hxvg-f67v PYSEC-2022-124 PYSEC-2022-69 |
Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would allow limited reads and writes outside of arrays in TFLite. This exploits missing validation in the conversion from sparse tensors to dense tensors. The fix is included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. Users are advised to upgrade as soon as possible. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 2 other vulnerabilities. |
|
VCID-quc8-whc2-cbg7
Aliases: BIT-tensorflow-2021-37687 CVE-2021-37687 GHSA-jwf9-w5xm-f437 PYSEC-2021-309 PYSEC-2021-600 PYSEC-2021-798 |
multiple issues |
Affected by 85 other vulnerabilities. Affected by 85 other vulnerabilities. |
|
VCID-qvnc-gzf6-y3f3
Aliases: BIT-tensorflow-2021-41196 CVE-2021-41196 GHSA-m539-j985-hcr8 PYSEC-2021-389 PYSEC-2021-606 PYSEC-2021-804 |
multiple issues |
Affected by 53 other vulnerabilities. Affected by 53 other vulnerabilities. Affected by 53 other vulnerabilities. Affected by 82 other vulnerabilities. |
|
VCID-qxqd-f1bw-y7h4
Aliases: BIT-tensorflow-2022-21732 CVE-2022-21732 GHSA-c582-c96p-r5cq PYSEC-2022-111 PYSEC-2022-56 |
Tensorflow is an Open Source Machine Learning Framework. The implementation of `ThreadPoolHandle` can be used to trigger a denial of service attack by allocating too much memory. This is because the `num_threads` argument is only checked to not be negative, but there is no upper bound on its value. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 2 other vulnerabilities. |
|
VCID-rk26-e4eh-e7a4
Aliases: BIT-tensorflow-2021-29533 CVE-2021-29533 GHSA-393f-2jr3-cp69 PYSEC-2021-170 PYSEC-2021-461 PYSEC-2021-659 |
multiple issues |
Affected by 85 other vulnerabilities. |
|
VCID-rkx2-5nyj-bbhu
Aliases: BIT-tensorflow-2021-41218 CVE-2021-41218 GHSA-9crf-c6qr-r273 PYSEC-2021-410 PYSEC-2021-627 PYSEC-2021-825 |
multiple issues |
Affected by 53 other vulnerabilities. Affected by 53 other vulnerabilities. Affected by 53 other vulnerabilities. Affected by 82 other vulnerabilities. |
|
VCID-rr2a-8jrx-6ue8
Aliases: BIT-tensorflow-2021-41213 CVE-2021-41213 GHSA-h67m-xg8f-fxcf PYSEC-2021-405 PYSEC-2021-622 PYSEC-2021-820 |
multiple issues |
Affected by 53 other vulnerabilities. Affected by 53 other vulnerabilities. Affected by 53 other vulnerabilities. Affected by 82 other vulnerabilities. |
|
VCID-rsau-jvcr-uudd
Aliases: BIT-tensorflow-2022-21736 CVE-2022-21736 GHSA-pfjj-m3jj-9jc9 PYSEC-2022-115 PYSEC-2022-60 |
Tensorflow is an Open Source Machine Learning Framework. The implementation of `SparseTensorSliceDataset` has an undefined behavior: under certain condition it can be made to dereference a `nullptr` value. The 3 input arguments to `SparseTensorSliceDataset` represent a sparse tensor. However, there are some preconditions that these arguments must satisfy but these are not validated in the implementation. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 2 other vulnerabilities. |
|
VCID-rt4b-xxm6-xubs
Aliases: BIT-tensorflow-2022-23590 CVE-2022-23590 GHSA-pqrv-8r2f-7278 PYSEC-2022-154 PYSEC-2022-99 |
Tensorflow is an Open Source Machine Learning Framework. A `GraphDef` from a TensorFlow `SavedModel` can be maliciously altered to cause a TensorFlow process to crash due to encountering a `StatusOr` value that is an error and forcibly extracting the value from it. We have patched the issue in multiple GitHub commits and these will be included in TensorFlow 2.8.0 and TensorFlow 2.7.1, as both are affected. |
Affected by 2 other vulnerabilities. |
|
VCID-rujq-67w1-u3g7
Aliases: BIT-tensorflow-2021-41225 CVE-2021-41225 GHSA-7r94-xv9v-63jw PYSEC-2021-417 PYSEC-2021-634 PYSEC-2021-832 |
multiple issues |
Affected by 53 other vulnerabilities. Affected by 53 other vulnerabilities. Affected by 53 other vulnerabilities. Affected by 82 other vulnerabilities. |
|
VCID-sb7m-pngm-5fbj
Aliases: BIT-tensorflow-2021-41215 CVE-2021-41215 GHSA-x3v8-c8qx-3j3r PYSEC-2021-407 PYSEC-2021-624 PYSEC-2021-822 |
multiple issues |
Affected by 53 other vulnerabilities. Affected by 53 other vulnerabilities. Affected by 53 other vulnerabilities. Affected by 82 other vulnerabilities. |
|
VCID-sd2q-w7wz-vke2
Aliases: BIT-tensorflow-2021-29513 CVE-2021-29513 GHSA-452g-f7fp-9jf7 PYSEC-2021-150 PYSEC-2021-441 PYSEC-2021-639 |
multiple issues |
Affected by 85 other vulnerabilities. |
|
VCID-sf59-u7jt-4bd5
Aliases: BIT-tensorflow-2021-41206 CVE-2021-41206 GHSA-pgcq-h79j-2f69 PYSEC-2021-843 PYSEC-2021-845 PYSEC-2021-847 |
multiple issues |
Affected by 53 other vulnerabilities. Affected by 53 other vulnerabilities. Affected by 53 other vulnerabilities. |
|
VCID-spbh-6rka-y3a8
Aliases: BIT-tensorflow-2021-37643 CVE-2021-37643 GHSA-fcwc-p4fc-c5cc PYSEC-2021-265 PYSEC-2021-556 PYSEC-2021-754 |
multiple issues |
Affected by 85 other vulnerabilities. Affected by 85 other vulnerabilities. |
|
VCID-try6-1d3f-y3aq
Aliases: BIT-tensorflow-2021-37663 CVE-2021-37663 GHSA-g25h-jr74-qp5j PYSEC-2021-285 PYSEC-2021-576 PYSEC-2021-774 |
multiple issues |
Affected by 85 other vulnerabilities. Affected by 85 other vulnerabilities. |
|
VCID-u1r8-c86t-r3bj
Aliases: BIT-tensorflow-2021-29539 CVE-2021-29539 GHSA-g4h2-gqm3-c9wq PYSEC-2021-176 PYSEC-2021-467 PYSEC-2021-665 |
multiple issues |
Affected by 85 other vulnerabilities. |
|
VCID-u597-6euj-auh5
Aliases: BIT-tensorflow-2021-37646 CVE-2021-37646 GHSA-h6jh-7gv5-28vg PYSEC-2021-268 PYSEC-2021-559 PYSEC-2021-757 |
multiple issues |
Affected by 85 other vulnerabilities. Affected by 85 other vulnerabilities. |
|
VCID-ugta-nt2s-27fk
Aliases: BIT-tensorflow-2022-23572 CVE-2022-23572 GHSA-rww7-2gpw-fv6j PYSEC-2022-136 PYSEC-2022-81 |
Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, TensorFlow can fail to specialize a type during shape inference. This case is covered by the `DCHECK` function however, `DCHECK` is a no-op in production builds and an assertion failure in debug builds. In the first case execution proceeds to the `ValueOrDie` line. This results in an assertion failure as `ret` contains an error `Status`, not a value. In the second case we also get a crash due to the assertion failure. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, and TensorFlow 2.6.3, as these are also affected and still in supported range. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 2 other vulnerabilities. |
|
VCID-uy7w-xnc7-d7c5
Aliases: BIT-tensorflow-2021-37676 CVE-2021-37676 GHSA-v768-w7m9-2vmm PYSEC-2021-298 PYSEC-2021-589 PYSEC-2021-787 |
multiple issues |
Affected by 85 other vulnerabilities. Affected by 85 other vulnerabilities. |
|
VCID-uz51-m6ng-mygx
Aliases: BIT-tensorflow-2021-29566 CVE-2021-29566 GHSA-pvrc-hg3f-58r6 PYSEC-2021-203 PYSEC-2021-494 PYSEC-2021-692 |
multiple issues |
Affected by 85 other vulnerabilities. |
|
VCID-v2nf-1526-nkbp
Aliases: BIT-tensorflow-2022-23565 CVE-2022-23565 GHSA-4v5p-v5h9-6xjx PYSEC-2022-129 PYSEC-2022-74 |
Tensorflow is an Open Source Machine Learning Framework. An attacker can trigger denial of service via assertion failure by altering a `SavedModel` on disk such that `AttrDef`s of some operation are duplicated. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 2 other vulnerabilities. |
|
VCID-v5em-3qqk-jqfs
Aliases: BIT-tensorflow-2021-37640 CVE-2021-37640 GHSA-95xm-g58g-3p88 PYSEC-2021-262 PYSEC-2021-553 PYSEC-2021-751 |
multiple issues |
Affected by 85 other vulnerabilities. Affected by 85 other vulnerabilities. |
|
VCID-v92m-yfvz-2khe
Aliases: BIT-tensorflow-2021-29608 CVE-2021-29608 GHSA-rgvq-pcvf-hx75 PYSEC-2021-245 PYSEC-2021-536 PYSEC-2021-734 |
multiple issues |
Affected by 85 other vulnerabilities. |
|
VCID-vckb-n5sw-qyey
Aliases: BIT-tensorflow-2021-37686 CVE-2021-37686 GHSA-mhhc-q96p-mfm9 PYSEC-2021-308 PYSEC-2021-599 PYSEC-2021-797 |
multiple issues |
Affected by 85 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-vfgz-fss4-wbgu
Aliases: BIT-tensorflow-2022-23574 CVE-2022-23574 GHSA-77gp-3h4r-6428 PYSEC-2022-138 PYSEC-2022-83 |
Tensorflow is an Open Source Machine Learning Framework. There is a typo in TensorFlow's `SpecializeType` which results in heap OOB read/write. Due to a typo, `arg` is initialized to the `i`th mutable argument in a loop where the loop index is `j`. Hence it is possible to assign to `arg` from outside the vector of arguments. Since this is a mutable proto value, it allows both read and write to outside of bounds data. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, and TensorFlow 2.6.3, as these are also affected and still in supported range. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 2 other vulnerabilities. |
|
VCID-vgv7-xc3c-1fb3
Aliases: BIT-tensorflow-2022-23564 CVE-2022-23564 GHSA-8rcj-c8pj-v3m3 PYSEC-2022-128 PYSEC-2022-73 |
Tensorflow is an Open Source Machine Learning Framework. When decoding a resource handle tensor from protobuf, a TensorFlow process can encounter cases where a `CHECK` assertion is invalidated based on user controlled arguments. This allows attackers to cause denial of services in TensorFlow processes. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 2 other vulnerabilities. |
|
VCID-vh5d-4p9r-wubf
Aliases: BIT-tensorflow-2021-37669 CVE-2021-37669 GHSA-vmjw-c2vp-p33c PYSEC-2021-291 PYSEC-2021-582 PYSEC-2021-780 |
multiple issues |
Affected by 85 other vulnerabilities. Affected by 85 other vulnerabilities. |
|
VCID-vnn5-y8ez-rub9
Aliases: BIT-tensorflow-2022-23568 CVE-2022-23568 GHSA-6445-fm66-fvq2 PYSEC-2022-132 PYSEC-2022-77 |
Tensorflow is an Open Source Machine Learning Framework. The implementation of `AddManySparseToTensorsMap` is vulnerable to an integer overflow which results in a `CHECK`-fail when building new `TensorShape` objects (so, an assert failure based denial of service). We are missing some validation on the shapes of the input tensors as well as directly constructing a large `TensorShape` with user-provided dimensions. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 2 other vulnerabilities. |
|
VCID-vpyd-he5n-b3a4
Aliases: BIT-tensorflow-2022-21739 CVE-2022-21739 GHSA-3mw4-6rj6-74g5 PYSEC-2022-118 PYSEC-2022-63 |
Tensorflow is an Open Source Machine Learning Framework. The implementation of `QuantizedMaxPool` has an undefined behavior where user controlled inputs can trigger a reference binding to null pointer. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 2 other vulnerabilities. |
|
VCID-vqxg-mnz4-13cg
Aliases: BIT-tensorflow-2022-23570 CVE-2022-23570 GHSA-9p77-mmrw-69c7 PYSEC-2022-134 PYSEC-2022-79 |
Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, TensorFlow might do a null-dereference if attributes of some mutable arguments to some operations are missing from the proto. This is guarded by a `DCHECK`. However, `DCHECK` is a no-op in production builds and an assertion failure in debug builds. In the first case execution proceeds to the dereferencing of the null pointer, whereas in the second case it results in a crash due to the assertion failure. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, and TensorFlow 2.6.3, as these are also affected and still in supported range. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 2 other vulnerabilities. |
|
VCID-vx4g-ckr3-27dm
Aliases: BIT-tensorflow-2021-37692 CVE-2021-37692 GHSA-cmgw-8vpc-rc59 PYSEC-2021-314 PYSEC-2021-605 PYSEC-2021-803 |
multiple issues |
Affected by 85 other vulnerabilities. Affected by 85 other vulnerabilities. |
|
VCID-w2ns-kqmv-xfan
Aliases: BIT-tensorflow-2021-41208 CVE-2021-41208 GHSA-57wx-m983-2f88 PYSEC-2021-400 PYSEC-2021-617 PYSEC-2021-815 |
multiple issues |
Affected by 53 other vulnerabilities. Affected by 53 other vulnerabilities. Affected by 53 other vulnerabilities. Affected by 82 other vulnerabilities. |
|
VCID-wwwt-6qtg-mfb7
Aliases: BIT-tensorflow-2021-37672 CVE-2021-37672 GHSA-5hj3-vjjf-f5m7 PYSEC-2021-294 PYSEC-2021-585 PYSEC-2021-783 |
multiple issues |
Affected by 85 other vulnerabilities. Affected by 85 other vulnerabilities. |
|
VCID-x23c-1b8p-4qak
Aliases: BIT-tensorflow-2021-37677 CVE-2021-37677 GHSA-qfpc-5pjr-mh26 PYSEC-2021-299 PYSEC-2021-590 PYSEC-2021-788 |
multiple issues |
Affected by 85 other vulnerabilities. Affected by 85 other vulnerabilities. |
|
VCID-x2t2-4sa6-qygs
Aliases: BIT-tensorflow-2022-23561 CVE-2022-23561 GHSA-9c78-vcq7-7vxq PYSEC-2022-125 PYSEC-2022-70 |
Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause a write outside of bounds of an array in TFLite. In fact, the attacker can override the linked list used by the memory allocator. This can be leveraged for an arbitrary write primitive under certain conditions. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 2 other vulnerabilities. |
|
VCID-x5x3-2cyz-xbhe
Aliases: BIT-tensorflow-2022-23578 CVE-2022-23578 GHSA-8r7c-3cm2-3h8f PYSEC-2022-142 PYSEC-2022-87 |
Tensorflow is an Open Source Machine Learning Framework. If a graph node is invalid, TensorFlow can leak memory in the implementation of `ImmutableExecutorState::Initialize`. Here, we set `item->kernel` to `nullptr` but it is a simple `OpKernel*` pointer so the memory that was previously allocated to it would leak. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 2 other vulnerabilities. |
|
VCID-xbt8-r95u-sqbu
Aliases: BIT-tensorflow-2021-41201 CVE-2021-41201 GHSA-j86v-p27c-73fm PYSEC-2021-394 PYSEC-2021-611 PYSEC-2021-809 |
multiple issues |
Affected by 53 other vulnerabilities. Affected by 53 other vulnerabilities. Affected by 53 other vulnerabilities. Affected by 82 other vulnerabilities. |
|
VCID-y191-8mqq-zqgk
Aliases: BIT-tensorflow-2021-37668 CVE-2021-37668 GHSA-2wmv-37vq-52g5 PYSEC-2021-290 PYSEC-2021-581 PYSEC-2021-779 |
multiple issues |
Affected by 85 other vulnerabilities. Affected by 85 other vulnerabilities. |
|
VCID-y7hx-h69v-wfcy
Aliases: BIT-tensorflow-2021-41212 CVE-2021-41212 GHSA-fr77-rrx3-cp7g PYSEC-2021-404 PYSEC-2021-621 PYSEC-2021-819 |
multiple issues |
Affected by 53 other vulnerabilities. Affected by 53 other vulnerabilities. Affected by 53 other vulnerabilities. Affected by 82 other vulnerabilities. |
|
VCID-y87e-g3nh-hbgx
Aliases: BIT-tensorflow-2021-29560 CVE-2021-29560 GHSA-8gv3-57p6-g35r PYSEC-2021-197 PYSEC-2021-488 PYSEC-2021-686 |
multiple issues |
Affected by 85 other vulnerabilities. |
|
VCID-yh43-ndzp-4ue9
Aliases: BIT-tensorflow-2021-41195 CVE-2021-41195 GHSA-cq76-mxrc-vchh PYSEC-2021-842 PYSEC-2021-844 PYSEC-2021-846 |
multiple issues |
Affected by 53 other vulnerabilities. Affected by 53 other vulnerabilities. Affected by 53 other vulnerabilities. |
|
VCID-yvag-32h1-yfc5
Aliases: BIT-tensorflow-2022-21740 CVE-2022-21740 GHSA-44qp-9wwf-734r PYSEC-2022-119 PYSEC-2022-64 |
Tensorflow is an Open Source Machine Learning Framework. The implementation of `SparseCountSparseOutput` is vulnerable to a heap overflow. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 2 other vulnerabilities. |
|
VCID-z712-rg6q-t7bm
Aliases: BIT-tensorflow-2021-37659 CVE-2021-37659 GHSA-q3g3-h9r4-prrc PYSEC-2021-281 PYSEC-2021-572 PYSEC-2021-770 |
multiple issues |
Affected by 85 other vulnerabilities. Affected by 85 other vulnerabilities. |
|
VCID-z8mc-3qt1-2qhp
Aliases: BIT-tensorflow-2021-29617 CVE-2021-29617 GHSA-mmq6-q8r3-48fm PYSEC-2021-254 PYSEC-2021-545 PYSEC-2021-743 |
multiple issues |
Affected by 85 other vulnerabilities. |
|
VCID-zky1-z6wv-37c5
Aliases: BIT-tensorflow-2021-37656 CVE-2021-37656 GHSA-4xfp-4pfp-89wg PYSEC-2021-278 PYSEC-2021-569 PYSEC-2021-767 |
multiple issues |
Affected by 85 other vulnerabilities. Affected by 85 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-15bp-snhe-1ygs | multiple issues |
BIT-tensorflow-2021-29570
CVE-2021-29570 GHSA-545v-42p7-98fq PYSEC-2021-207 PYSEC-2021-498 PYSEC-2021-696 |
| VCID-1736-xm66-2qfb | multiple issues |
BIT-tensorflow-2021-29591
CVE-2021-29591 GHSA-cwv3-863g-39vx PYSEC-2021-228 PYSEC-2021-519 PYSEC-2021-717 |
| VCID-1dus-skme-ykbv | multiple issues |
BIT-tensorflow-2021-29612
CVE-2021-29612 GHSA-2xgj-xhgf-ggjv PYSEC-2021-249 PYSEC-2021-540 PYSEC-2021-738 |
| VCID-1eqg-uh5g-6kck | multiple issues |
BIT-tensorflow-2021-29532
CVE-2021-29532 GHSA-j47f-4232-hvv8 PYSEC-2021-169 PYSEC-2021-460 PYSEC-2021-658 |
| VCID-22fu-tcf3-jqfa | multiple issues |
BIT-tensorflow-2021-29536
CVE-2021-29536 GHSA-2gfx-95x2-5v3x PYSEC-2021-173 PYSEC-2021-464 PYSEC-2021-662 |
| VCID-2m1n-m5m2-mqb5 | multiple issues |
BIT-tensorflow-2021-29590
CVE-2021-29590 GHSA-24x6-8c7m-hv3f PYSEC-2021-227 PYSEC-2021-518 PYSEC-2021-716 |
| VCID-2qkj-a4mh-z3c7 | multiple issues |
BIT-tensorflow-2021-29582
CVE-2021-29582 GHSA-c45w-2wxr-pp53 PYSEC-2021-219 PYSEC-2021-510 PYSEC-2021-708 |
| VCID-3dm7-19pb-2kb1 | multiple issues |
BIT-tensorflow-2021-29586
CVE-2021-29586 GHSA-26j7-6w8w-7922 PYSEC-2021-223 PYSEC-2021-514 PYSEC-2021-712 |
| VCID-3ek8-jc2a-bfcq | multiple issues |
BIT-tensorflow-2021-29618
CVE-2021-29618 GHSA-xqfj-cr6q-pc8w PYSEC-2021-255 PYSEC-2021-546 PYSEC-2021-744 |
| VCID-3ndg-adf4-4kgw | multiple issues |
BIT-tensorflow-2021-29547
CVE-2021-29547 GHSA-4fg4-p75j-w5xj PYSEC-2021-184 PYSEC-2021-475 PYSEC-2021-673 |
| VCID-3zv2-pyba-5bej | multiple issues |
BIT-tensorflow-2021-29588
CVE-2021-29588 GHSA-vfr4-x8j2-3rf9 PYSEC-2021-225 PYSEC-2021-516 PYSEC-2021-714 |
| VCID-4htf-7y2p-uyc3 | multiple issues |
BIT-tensorflow-2021-29549
CVE-2021-29549 GHSA-x83m-p7pv-ch8v PYSEC-2021-186 PYSEC-2021-477 PYSEC-2021-675 |
| VCID-4z5r-weyj-abe7 | multiple issues |
BIT-tensorflow-2021-29616
CVE-2021-29616 GHSA-4hvv-7x94-7vq8 PYSEC-2021-253 PYSEC-2021-544 PYSEC-2021-742 |
| VCID-5hqy-s6hh-cfb6 | multiple issues |
BIT-tensorflow-2021-29577
CVE-2021-29577 GHSA-v6r6-84gr-92rm PYSEC-2021-214 PYSEC-2021-505 PYSEC-2021-703 |
| VCID-5nh2-gkqw-hbgp | multiple issues |
BIT-tensorflow-2021-29607
CVE-2021-29607 GHSA-gv26-jpj9-c8gq PYSEC-2021-244 PYSEC-2021-535 PYSEC-2021-733 |
| VCID-5nsx-yqxh-77cb | multiple issues |
BIT-tensorflow-2021-29552
CVE-2021-29552 GHSA-jhq9-wm9m-cf89 PYSEC-2021-189 PYSEC-2021-480 PYSEC-2021-678 |
| VCID-5r7h-k5vv-5qda | multiple issues |
BIT-tensorflow-2021-29611
CVE-2021-29611 GHSA-9rpc-5v9q-5r7f PYSEC-2021-248 PYSEC-2021-539 PYSEC-2021-737 |
| VCID-5u92-aa9z-87c7 | multiple issues |
BIT-tensorflow-2021-29598
CVE-2021-29598 GHSA-pmpr-55fj-r229 PYSEC-2021-235 PYSEC-2021-526 PYSEC-2021-724 |
| VCID-5vx7-bwx7-wfbw | multiple issues |
BIT-tensorflow-2021-29576
CVE-2021-29576 GHSA-7cqx-92hp-x6wh PYSEC-2021-213 PYSEC-2021-504 PYSEC-2021-702 |
| VCID-5w93-rzzm-vkb9 | multiple issues |
BIT-tensorflow-2021-29527
CVE-2021-29527 GHSA-x4g7-fvjj-prg8 PYSEC-2021-164 PYSEC-2021-455 PYSEC-2021-653 |
| VCID-6pgh-52f1-rbde | multiple issues |
BIT-tensorflow-2021-29548
CVE-2021-29548 GHSA-p45v-v4pw-77jr PYSEC-2021-185 PYSEC-2021-476 PYSEC-2021-674 |
| VCID-6tpr-dnht-t3eb | multiple issues |
BIT-tensorflow-2021-29551
CVE-2021-29551 GHSA-vqw6-72r7-fgw7 PYSEC-2021-188 PYSEC-2021-479 PYSEC-2021-677 |
| VCID-7hck-1dxy-buf4 | multiple issues |
BIT-tensorflow-2021-29572
CVE-2021-29572 GHSA-5gqf-456p-4836 PYSEC-2021-209 PYSEC-2021-500 PYSEC-2021-698 |
| VCID-81vb-55gk-guhy | multiple issues |
BIT-tensorflow-2021-29600
CVE-2021-29600 GHSA-j8qh-3xrq-c825 PYSEC-2021-237 PYSEC-2021-528 PYSEC-2021-726 |
| VCID-84kt-r79z-bkfu | multiple issues |
BIT-tensorflow-2021-29530
CVE-2021-29530 GHSA-xcwj-wfcm-m23c PYSEC-2021-167 PYSEC-2021-458 PYSEC-2021-656 |
| VCID-85qc-3pn5-1fas | multiple issues |
BIT-tensorflow-2021-29595
CVE-2021-29595 GHSA-vf94-36g5-69v8 PYSEC-2021-232 PYSEC-2021-523 PYSEC-2021-721 |
| VCID-893t-26y6-kff7 | multiple issues |
BIT-tensorflow-2021-29581
CVE-2021-29581 GHSA-vq2r-5xvm-3hc3 PYSEC-2021-218 PYSEC-2021-509 PYSEC-2021-707 |
| VCID-8aar-hxgd-1bea | multiple issues |
BIT-tensorflow-2021-29521
CVE-2021-29521 GHSA-hr84-fqvp-48mm PYSEC-2021-158 PYSEC-2021-449 PYSEC-2021-647 |
| VCID-8ndu-z4z1-guds | multiple issues |
BIT-tensorflow-2021-29546
CVE-2021-29546 GHSA-m34j-p8rj-wjxq PYSEC-2021-183 PYSEC-2021-474 PYSEC-2021-672 |
| VCID-8qg6-zuvb-6bb6 | multiple issues |
BIT-tensorflow-2021-29596
CVE-2021-29596 GHSA-4vrf-ff7v-hpgr PYSEC-2021-233 PYSEC-2021-524 PYSEC-2021-722 |
| VCID-96uv-19z4-2qgk | multiple issues |
BIT-tensorflow-2021-29606
CVE-2021-29606 GHSA-h4pc-gx2w-f2xv PYSEC-2021-243 PYSEC-2021-534 PYSEC-2021-732 |
| VCID-984t-vw4n-wqf5 | multiple issues |
BIT-tensorflow-2021-29568
CVE-2021-29568 GHSA-4p4p-www8-8fv9 PYSEC-2021-205 PYSEC-2021-496 PYSEC-2021-694 |
| VCID-9a7a-hvpn-gke5 | multiple issues |
BIT-tensorflow-2021-29597
CVE-2021-29597 GHSA-v52p-hfjf-wg88 PYSEC-2021-234 PYSEC-2021-525 PYSEC-2021-723 |
| VCID-9kx1-12yg-suc9 | multiple issues |
BIT-tensorflow-2021-29520
CVE-2021-29520 GHSA-wcv5-qrj6-9pfm PYSEC-2021-157 PYSEC-2021-448 PYSEC-2021-646 |
| VCID-9sxd-matk-23cp | multiple issues |
BIT-tensorflow-2021-29574
CVE-2021-29574 GHSA-828x-qc2p-wprq PYSEC-2021-211 PYSEC-2021-502 PYSEC-2021-700 |
| VCID-9vmj-dga9-vbah | multiple issues |
BIT-tensorflow-2021-29540
CVE-2021-29540 GHSA-xgc3-m89p-vr3x PYSEC-2021-177 PYSEC-2021-468 PYSEC-2021-666 |
| VCID-ad6g-q6my-5bdy | multiple issues |
BIT-tensorflow-2021-29593
CVE-2021-29593 GHSA-cfx7-2xpc-8w4h PYSEC-2021-230 PYSEC-2021-521 PYSEC-2021-719 |
| VCID-adxp-jw64-akbz | multiple issues |
BIT-tensorflow-2021-29605
CVE-2021-29605 GHSA-jf7h-7m85-w2v2 PYSEC-2021-242 PYSEC-2021-533 PYSEC-2021-731 |
| VCID-afzh-7fmb-17he | multiple issues |
BIT-tensorflow-2021-29518
CVE-2021-29518 GHSA-62gx-355r-9fhg PYSEC-2021-155 PYSEC-2021-446 PYSEC-2021-644 |
| VCID-ahyr-2qmm-tqbb | multiple issues |
BIT-tensorflow-2021-29587
CVE-2021-29587 GHSA-j7rm-8ww4-xx2g PYSEC-2021-224 PYSEC-2021-515 PYSEC-2021-713 |
| VCID-avbn-pm4q-nuer | multiple issues |
BIT-tensorflow-2021-29559
CVE-2021-29559 GHSA-59q2-x2qc-4c97 PYSEC-2021-196 PYSEC-2021-487 PYSEC-2021-685 |
| VCID-b8fg-9cu3-5khz | multiple issues |
BIT-tensorflow-2021-29610
CVE-2021-29610 GHSA-mq5c-prh3-3f3h PYSEC-2021-247 PYSEC-2021-538 PYSEC-2021-736 |
| VCID-b9z6-zju3-s7bd | multiple issues |
BIT-tensorflow-2021-29613
CVE-2021-29613 GHSA-vvg4-vgrv-xfr7 PYSEC-2021-250 PYSEC-2021-541 PYSEC-2021-739 |
| VCID-bdaz-61wa-ybe3 | multiple issues |
BIT-tensorflow-2021-29578
CVE-2021-29578 GHSA-6f89-8j54-29xf PYSEC-2021-215 PYSEC-2021-506 PYSEC-2021-704 |
| VCID-bkk1-p7vx-vkdh | multiple issues |
BIT-tensorflow-2021-29585
CVE-2021-29585 GHSA-mv78-g7wq-mhp4 PYSEC-2021-222 PYSEC-2021-513 PYSEC-2021-711 |
| VCID-bw75-tr4m-vygp | multiple issues |
BIT-tensorflow-2021-29543
CVE-2021-29543 GHSA-fphq-gw9m-ghrv PYSEC-2021-180 PYSEC-2021-471 PYSEC-2021-669 |
| VCID-c2rb-aeku-dfdu | multiple issues |
BIT-tensorflow-2021-29558
CVE-2021-29558 GHSA-mqh2-9wrp-vx84 PYSEC-2021-195 PYSEC-2021-486 PYSEC-2021-684 |
| VCID-cak9-vt8q-dbhk | multiple issues |
BIT-tensorflow-2021-29567
CVE-2021-29567 GHSA-wp3c-xw9g-gpcg PYSEC-2021-204 PYSEC-2021-495 PYSEC-2021-693 |
| VCID-cyjm-89wt-hbdy | multiple issues |
BIT-tensorflow-2021-29519
CVE-2021-29519 GHSA-772j-h9xw-ffp5 PYSEC-2021-156 PYSEC-2021-447 PYSEC-2021-645 |
| VCID-d7j8-4k9m-9kb5 | multiple issues |
BIT-tensorflow-2021-29545
CVE-2021-29545 GHSA-hmg3-c7xj-6qwm PYSEC-2021-182 PYSEC-2021-473 PYSEC-2021-671 |
| VCID-dbb5-21xw-fbfh | multiple issues |
BIT-tensorflow-2021-29580
CVE-2021-29580 GHSA-x8h6-xgqx-jqgp PYSEC-2021-217 PYSEC-2021-508 PYSEC-2021-706 |
| VCID-ee2j-htng-z7d3 | multiple issues |
BIT-tensorflow-2021-29538
CVE-2021-29538 GHSA-j8qc-5fqr-52fp PYSEC-2021-175 PYSEC-2021-466 PYSEC-2021-664 |
| VCID-ekez-y9nd-bbgz | multiple issues |
BIT-tensorflow-2021-29563
CVE-2021-29563 GHSA-ph87-fvjr-v33w PYSEC-2021-200 PYSEC-2021-491 PYSEC-2021-689 |
| VCID-f8xv-gky2-kuhu | multiple issues |
BIT-tensorflow-2021-29537
CVE-2021-29537 GHSA-8c89-2vwr-chcq PYSEC-2021-174 PYSEC-2021-465 PYSEC-2021-663 |
| VCID-f9ua-tntc-7fb1 | multiple issues |
BIT-tensorflow-2021-29515
CVE-2021-29515 GHSA-hc6c-75p4-hmq4 PYSEC-2021-152 PYSEC-2021-443 PYSEC-2021-641 |
| VCID-fasn-dhy8-yub8 | multiple issues |
BIT-tensorflow-2021-29556
CVE-2021-29556 GHSA-fxqh-cfjm-fp93 PYSEC-2021-193 PYSEC-2021-484 PYSEC-2021-682 |
| VCID-fe5k-3n3u-j3cg | multiple issues |
BIT-tensorflow-2021-29571
CVE-2021-29571 GHSA-whr9-vfh2-7hm6 PYSEC-2021-208 PYSEC-2021-499 PYSEC-2021-697 |
| VCID-fm3p-x44b-s7fc | multiple issues |
BIT-tensorflow-2021-29575
CVE-2021-29575 GHSA-6qgm-fv6v-rfpv PYSEC-2021-212 PYSEC-2021-503 PYSEC-2021-701 |
| VCID-fx76-8ajz-qkd3 | multiple issues |
BIT-tensorflow-2021-29535
CVE-2021-29535 GHSA-m3f9-w3p3-p669 PYSEC-2021-172 PYSEC-2021-463 PYSEC-2021-661 |
| VCID-gbx8-z6n4-7ydc | multiple issues |
BIT-tensorflow-2021-29557
CVE-2021-29557 GHSA-xw93-v57j-fcgh PYSEC-2021-194 PYSEC-2021-485 PYSEC-2021-683 |
| VCID-hqx5-weu3-t7cb | multiple issues |
BIT-tensorflow-2021-29517
CVE-2021-29517 GHSA-772p-x54p-hjrv PYSEC-2021-154 PYSEC-2021-445 PYSEC-2021-643 |
| VCID-htd7-d3jj-3ubs | multiple issues |
BIT-tensorflow-2021-29565
CVE-2021-29565 GHSA-r6pg-pjwc-j585 PYSEC-2021-202 PYSEC-2021-493 PYSEC-2021-691 |
| VCID-htjj-5ms9-akfz | multiple issues |
BIT-tensorflow-2021-29544
CVE-2021-29544 GHSA-6g85-3hm8-83f9 PYSEC-2021-181 PYSEC-2021-472 PYSEC-2021-670 |
| VCID-j8rk-k34q-hfgy | multiple issues |
BIT-tensorflow-2021-29554
CVE-2021-29554 GHSA-qg48-85hg-mqc5 PYSEC-2021-191 PYSEC-2021-482 PYSEC-2021-680 |
| VCID-jbqp-8s14-nqf6 | multiple issues |
BIT-tensorflow-2021-29514
CVE-2021-29514 GHSA-8h46-5m9h-7553 PYSEC-2021-151 PYSEC-2021-442 PYSEC-2021-640 |
| VCID-k13c-kgag-dfgc | multiple issues |
BIT-tensorflow-2021-29569
CVE-2021-29569 GHSA-3h8m-483j-7xxm PYSEC-2021-206 PYSEC-2021-497 PYSEC-2021-695 |
| VCID-k768-6ush-puhk | multiple issues |
BIT-tensorflow-2021-29584
CVE-2021-29584 GHSA-xvjm-fvxx-q3hv PYSEC-2021-221 PYSEC-2021-512 PYSEC-2021-710 |
| VCID-ka3v-q689-n7a4 | multiple issues |
BIT-tensorflow-2021-29529
CVE-2021-29529 GHSA-jfp7-4j67-8r3q PYSEC-2021-166 PYSEC-2021-457 PYSEC-2021-655 |
| VCID-kujr-wk4f-aua3 | multiple issues |
BIT-tensorflow-2021-29522
CVE-2021-29522 GHSA-c968-pq7h-7fxv PYSEC-2021-159 PYSEC-2021-450 PYSEC-2021-648 |
| VCID-kumd-zcgr-ekb1 | multiple issues |
BIT-tensorflow-2021-29579
CVE-2021-29579 GHSA-79fv-9865-4qcv PYSEC-2021-216 PYSEC-2021-507 PYSEC-2021-705 |
| VCID-m3vv-6tqs-sydv | multiple issues |
BIT-tensorflow-2021-29553
CVE-2021-29553 GHSA-h9px-9vqg-222h PYSEC-2021-190 PYSEC-2021-481 PYSEC-2021-679 |
| VCID-m7af-p4up-33bh | multiple issues |
BIT-tensorflow-2021-29602
CVE-2021-29602 GHSA-rf3h-xgv5-2q39 PYSEC-2021-239 PYSEC-2021-530 PYSEC-2021-728 |
| VCID-mtxy-nkwy-pkcz | multiple issues |
BIT-tensorflow-2021-29583
CVE-2021-29583 GHSA-9xh4-23q4-v6wr PYSEC-2021-220 PYSEC-2021-511 PYSEC-2021-709 |
| VCID-n2wb-menj-87hu | multiple issues |
BIT-tensorflow-2021-29534
CVE-2021-29534 GHSA-6j9c-grc6-5m6g PYSEC-2021-171 PYSEC-2021-462 PYSEC-2021-660 |
| VCID-njqw-ewga-nka4 | multiple issues |
BIT-tensorflow-2021-29609
CVE-2021-29609 GHSA-cjc7-49v2-jp64 PYSEC-2021-246 PYSEC-2021-537 PYSEC-2021-735 |
| VCID-nkbd-gkxc-43ba | multiple issues |
BIT-tensorflow-2021-29531
CVE-2021-29531 GHSA-3qxp-qjq7-w4hf PYSEC-2021-168 PYSEC-2021-459 PYSEC-2021-657 |
| VCID-nxjj-u8zy-gbaz | multiple issues |
BIT-tensorflow-2021-29541
CVE-2021-29541 GHSA-xqfj-35wv-m3cr PYSEC-2021-178 PYSEC-2021-469 PYSEC-2021-667 |
| VCID-p34z-fc5p-ryg1 | multiple issues |
BIT-tensorflow-2021-29604
CVE-2021-29604 GHSA-8rm6-75mf-7r7r PYSEC-2021-241 PYSEC-2021-532 PYSEC-2021-730 |
| VCID-pegb-mj64-fqgr | multiple issues |
BIT-tensorflow-2021-29516
CVE-2021-29516 GHSA-84mw-34w6-2q43 PYSEC-2021-153 PYSEC-2021-444 PYSEC-2021-642 |
| VCID-ptys-rse5-9yep | multiple issues |
BIT-tensorflow-2021-29555
CVE-2021-29555 GHSA-r35g-4525-29fq PYSEC-2021-192 PYSEC-2021-483 PYSEC-2021-681 |
| VCID-pwmn-8jqu-83es | multiple issues |
BIT-tensorflow-2021-29550
CVE-2021-29550 GHSA-f78g-q7r4-9wcv PYSEC-2021-187 PYSEC-2021-478 PYSEC-2021-676 |
| VCID-q5yr-cajq-1bcj | multiple issues |
BIT-tensorflow-2021-29589
CVE-2021-29589 GHSA-3w67-q784-6w7c PYSEC-2021-226 PYSEC-2021-517 PYSEC-2021-715 |
| VCID-qd5d-rh84-h3bd | multiple issues |
BIT-tensorflow-2021-29523
CVE-2021-29523 GHSA-2cpx-427x-q2c6 PYSEC-2021-160 PYSEC-2021-451 PYSEC-2021-649 |
| VCID-r32y-zznb-pyga | multiple issues |
BIT-tensorflow-2021-29615
CVE-2021-29615 GHSA-qw5h-7f53-xrp6 PYSEC-2021-252 PYSEC-2021-543 PYSEC-2021-741 |
| VCID-r9rr-mbk1-8bah | multiple issues |
BIT-tensorflow-2021-29599
CVE-2021-29599 GHSA-97wf-p777-86jq PYSEC-2021-236 PYSEC-2021-527 PYSEC-2021-725 |
| VCID-rk26-e4eh-e7a4 | multiple issues |
BIT-tensorflow-2021-29533
CVE-2021-29533 GHSA-393f-2jr3-cp69 PYSEC-2021-170 PYSEC-2021-461 PYSEC-2021-659 |
| VCID-rpdd-ny62-jkee | multiple issues |
BIT-tensorflow-2021-29619
CVE-2021-29619 GHSA-wvjw-p9f5-vq28 PYSEC-2021-256 PYSEC-2021-547 PYSEC-2021-745 |
| VCID-sd2q-w7wz-vke2 | multiple issues |
BIT-tensorflow-2021-29513
CVE-2021-29513 GHSA-452g-f7fp-9jf7 PYSEC-2021-150 PYSEC-2021-441 PYSEC-2021-639 |
| VCID-sdvq-3mgg-8bad | multiple issues |
BIT-tensorflow-2021-29524
CVE-2021-29524 GHSA-r4pj-74mg-8868 PYSEC-2021-161 PYSEC-2021-452 PYSEC-2021-650 |
| VCID-sua8-8a3m-17f2 | multiple issues |
BIT-tensorflow-2021-29512
CVE-2021-29512 GHSA-4278-2v5v-65r4 PYSEC-2021-149 PYSEC-2021-440 PYSEC-2021-638 |
| VCID-tdn4-zmmf-skgv | multiple issues |
BIT-tensorflow-2021-29564
CVE-2021-29564 GHSA-75f6-78jr-4656 PYSEC-2021-201 PYSEC-2021-492 PYSEC-2021-690 |
| VCID-u1r8-c86t-r3bj | multiple issues |
BIT-tensorflow-2021-29539
CVE-2021-29539 GHSA-g4h2-gqm3-c9wq PYSEC-2021-176 PYSEC-2021-467 PYSEC-2021-665 |
| VCID-u2wr-m7dj-fkax | multiple issues |
BIT-tensorflow-2021-29601
CVE-2021-29601 GHSA-9c84-4hx6-xmm4 PYSEC-2021-238 PYSEC-2021-529 PYSEC-2021-727 |
| VCID-uz51-m6ng-mygx | multiple issues |
BIT-tensorflow-2021-29566
CVE-2021-29566 GHSA-pvrc-hg3f-58r6 PYSEC-2021-203 PYSEC-2021-494 PYSEC-2021-692 |
| VCID-v4py-xnk2-qbc9 | multiple issues |
BIT-tensorflow-2021-29594
CVE-2021-29594 GHSA-3qgw-p4fm-x7gf PYSEC-2021-231 PYSEC-2021-522 PYSEC-2021-720 |
| VCID-v92m-yfvz-2khe | multiple issues |
BIT-tensorflow-2021-29608
CVE-2021-29608 GHSA-rgvq-pcvf-hx75 PYSEC-2021-245 PYSEC-2021-536 PYSEC-2021-734 |
| VCID-vy9b-gx6f-hqbf | multiple issues |
BIT-tensorflow-2021-29592
CVE-2021-29592 GHSA-jjr8-m8g8-p6wv PYSEC-2021-229 PYSEC-2021-520 PYSEC-2021-718 |
| VCID-w1sh-pmw3-z7fb | multiple issues |
BIT-tensorflow-2021-29614
CVE-2021-29614 GHSA-8pmx-p244-g88h PYSEC-2021-251 PYSEC-2021-542 PYSEC-2021-740 |
| VCID-w5yv-rqt2-mkcy | multiple issues |
BIT-tensorflow-2021-29525
CVE-2021-29525 GHSA-xm2v-8rrw-w9pm PYSEC-2021-162 PYSEC-2021-453 PYSEC-2021-651 |
| VCID-y37k-6f6n-myd3 | multiple issues |
BIT-tensorflow-2021-29573
CVE-2021-29573 GHSA-9vpm-rcf4-9wqw PYSEC-2021-210 PYSEC-2021-501 PYSEC-2021-699 |
| VCID-y87e-g3nh-hbgx | multiple issues |
BIT-tensorflow-2021-29560
CVE-2021-29560 GHSA-8gv3-57p6-g35r PYSEC-2021-197 PYSEC-2021-488 PYSEC-2021-686 |
| VCID-y8f2-x15n-7ycg | multiple issues |
BIT-tensorflow-2021-29561
CVE-2021-29561 GHSA-gvm4-h8j3-rjrq PYSEC-2021-198 PYSEC-2021-489 PYSEC-2021-687 |
| VCID-yv86-j6kw-xbb7 | multiple issues |
BIT-tensorflow-2021-29542
CVE-2021-29542 GHSA-4hrh-9vmp-2jgg PYSEC-2021-179 PYSEC-2021-470 PYSEC-2021-668 |
| VCID-z89g-f2a7-9yhg | multiple issues |
BIT-tensorflow-2021-29603
CVE-2021-29603 GHSA-crch-j389-5f84 PYSEC-2021-240 PYSEC-2021-531 PYSEC-2021-729 |
| VCID-z8mc-3qt1-2qhp | multiple issues |
BIT-tensorflow-2021-29617
CVE-2021-29617 GHSA-mmq6-q8r3-48fm PYSEC-2021-254 PYSEC-2021-545 PYSEC-2021-743 |
| VCID-z9y3-drjc-mycn | multiple issues |
BIT-tensorflow-2021-29528
CVE-2021-29528 GHSA-6f84-42vf-ppwp PYSEC-2021-165 PYSEC-2021-456 PYSEC-2021-654 |
| VCID-zg2k-9558-g7c3 | multiple issues |
BIT-tensorflow-2021-29562
CVE-2021-29562 GHSA-36vm-xw34-x4pj PYSEC-2021-199 PYSEC-2021-490 PYSEC-2021-688 |
| VCID-zh2k-2s8c-bqfn | multiple issues |
BIT-tensorflow-2021-29526
CVE-2021-29526 GHSA-4vf2-4xcg-65cx PYSEC-2021-163 PYSEC-2021-454 PYSEC-2021-652 |