Search for packages
| purl | pkg:pypi/tensorflow@2.3.0rc2 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1sr1-happ-6ugc
Aliases: BIT-tensorflow-2021-41221 CVE-2021-41221 GHSA-cqv6-3phm-hcwx PYSEC-2021-413 PYSEC-2021-630 PYSEC-2021-828 |
multiple issues |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 79 other vulnerabilities. |
|
VCID-2cw7-2xzs-abfz
Aliases: BIT-tensorflow-2021-41217 CVE-2021-41217 GHSA-5crj-c72x-m7gq PYSEC-2021-409 PYSEC-2021-626 PYSEC-2021-824 |
multiple issues |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 79 other vulnerabilities. |
|
VCID-2hqc-3d51-4yf5
Aliases: BIT-tensorflow-2021-41198 CVE-2021-41198 GHSA-2p25-55c9-h58q PYSEC-2021-391 PYSEC-2021-608 PYSEC-2021-806 |
multiple issues |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 79 other vulnerabilities. |
|
VCID-5d73-819a-xbeg
Aliases: BIT-tensorflow-2021-41209 CVE-2021-41209 GHSA-6hpv-v2rx-c5g6 PYSEC-2021-401 PYSEC-2021-618 PYSEC-2021-816 |
multiple issues |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 79 other vulnerabilities. |
|
VCID-5ty2-z944-mbht
Aliases: BIT-tensorflow-2021-41214 CVE-2021-41214 GHSA-vwhq-49r4-gj9v PYSEC-2021-406 PYSEC-2021-623 PYSEC-2021-821 |
multiple issues |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 79 other vulnerabilities. |
|
VCID-5xgg-h9wh-3uh7
Aliases: BIT-tensorflow-2021-41226 CVE-2021-41226 GHSA-374m-jm66-3vj8 PYSEC-2021-418 PYSEC-2021-635 PYSEC-2021-833 |
multiple issues |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 79 other vulnerabilities. |
|
VCID-63n6-7fva-5qh7
Aliases: BIT-tensorflow-2020-15197 CVE-2020-15197 GHSA-qc53-44cj-vfvx PYSEC-2020-120 PYSEC-2020-277 PYSEC-2020-312 |
In Tensorflow before version 2.3.1, the `SparseCountSparseOutput` implementation does not validate that the input arguments form a valid sparse tensor. In particular, there is no validation that the `indices` tensor has rank 2. This tensor must be a matrix because code assumes its elements are accessed as elements of a matrix. However, malicious users can pass in tensors of different rank, resulting in a `CHECK` assertion failure and a crash. This can be used to cause denial of service in serving installations, if users are allowed to control the components of the input sparse tensor. The issue is patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02 and is released in TensorFlow version 2.3.1. |
Affected by 205 other vulnerabilities. |
|
VCID-688g-g33x-67g9
Aliases: BIT-tensorflow-2021-41223 CVE-2021-41223 GHSA-f54p-f6jp-4rhr PYSEC-2021-415 PYSEC-2021-632 PYSEC-2021-830 |
multiple issues |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 79 other vulnerabilities. |
|
VCID-7tq1-zhms-yybt
Aliases: BIT-tensorflow-2020-15196 CVE-2020-15196 GHSA-pg59-2f92-5cph PYSEC-2020-119 PYSEC-2020-276 PYSEC-2020-311 |
In Tensorflow version 2.3.0, the `SparseCountSparseOutput` and `RaggedCountSparseOutput` implementations don't validate that the `weights` tensor has the same shape as the data. The check exists for `DenseCountSparseOutput`, where both tensors are fully specified. In the sparse and ragged count weights are still accessed in parallel with the data. But, since there is no validation, a user passing fewer weights than the values for the tensors can generate a read from outside the bounds of the heap buffer allocated for the weights. The issue is patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02 and is released in TensorFlow version 2.3.1. |
Affected by 205 other vulnerabilities. |
|
VCID-8cew-f7ja-5bbe
Aliases: BIT-tensorflow-2020-15265 CVE-2020-15265 GHSA-rrfp-j2mp-hq9c PYSEC-2020-138 PYSEC-2020-295 PYSEC-2020-330 |
denial of service |
Affected by 198 other vulnerabilities. |
|
VCID-9dhc-1f13-5qht
Aliases: BIT-tensorflow-2021-41219 CVE-2021-41219 GHSA-4f99-p9c2-3j8x PYSEC-2021-411 PYSEC-2021-628 PYSEC-2021-826 |
multiple issues |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 79 other vulnerabilities. |
|
VCID-9gde-ga9q-pqb4
Aliases: BIT-tensorflow-2021-41207 CVE-2021-41207 GHSA-7v94-64hj-m82h PYSEC-2021-399 PYSEC-2021-616 PYSEC-2021-814 |
multiple issues |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 79 other vulnerabilities. |
|
VCID-9snf-qxka-83hd
Aliases: BIT-tensorflow-2021-41204 CVE-2021-41204 GHSA-786j-5qwq-r36x PYSEC-2021-397 PYSEC-2021-614 PYSEC-2021-812 |
multiple issues |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 79 other vulnerabilities. |
|
VCID-aad5-dg9x-53cz
Aliases: BIT-tensorflow-2021-41199 CVE-2021-41199 GHSA-5hx2-qx8j-qjqm PYSEC-2021-392 PYSEC-2021-609 PYSEC-2021-807 |
multiple issues |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 79 other vulnerabilities. |
|
VCID-b8sr-erwh-5yh8
Aliases: BIT-tensorflow-2021-41228 CVE-2021-41228 GHSA-3rcw-9p9x-582v PYSEC-2021-420 PYSEC-2021-637 PYSEC-2021-835 |
multiple issues |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 79 other vulnerabilities. |
|
VCID-bfaj-n1c3-3kb2
Aliases: BIT-tensorflow-2020-15192 CVE-2020-15192 GHSA-8fxw-76px-3rxv PYSEC-2020-115 PYSEC-2020-272 PYSEC-2020-307 |
In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes a list of strings to `dlpack.to_dlpack` there is a memory leak following an expected validation failure. The issue occurs because the `status` argument during validation failures is not properly checked. Since each of the above methods can return an error status, the `status` value must be checked before continuing. The issue is patched in commit 22e07fb204386768e5bcbea563641ea11f96ceb8 and is released in TensorFlow versions 2.2.1, or 2.3.1. |
Affected by 205 other vulnerabilities. |
|
VCID-bm3u-2ych-eqac
Aliases: BIT-tensorflow-2021-41227 CVE-2021-41227 GHSA-j8c8-67vp-6mx7 PYSEC-2021-419 PYSEC-2021-636 PYSEC-2021-834 |
multiple issues |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 79 other vulnerabilities. |
|
VCID-bpt2-9hm2-uqad
Aliases: BIT-tensorflow-2020-15191 CVE-2020-15191 GHSA-q8qj-fc9q-cphr PYSEC-2020-114 PYSEC-2020-271 PYSEC-2020-306 |
In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an invalid argument to `dlpack.to_dlpack` the expected validations will cause variables to bind to `nullptr` while setting a `status` variable to the error condition. However, this `status` argument is not properly checked. Hence, code following these methods will bind references to null pointers. This is undefined behavior and reported as an error if compiling with `-fsanitize=null`. The issue is patched in commit 22e07fb204386768e5bcbea563641ea11f96ceb8 and is released in TensorFlow versions 2.2.1, or 2.3.1. |
Affected by 205 other vulnerabilities. |
|
VCID-cgnk-q2ak-rfhg
Aliases: BIT-tensorflow-2020-15199 CVE-2020-15199 GHSA-x5cp-9pcf-pp3h PYSEC-2020-122 PYSEC-2020-279 PYSEC-2020-314 |
In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the `splits` tensor has the minimum required number of elements. Code uses this quantity to initialize a different data structure. Since `BatchedMap` is equivalent to a vector, it needs to have at least one element to not be `nullptr`. If user passes a `splits` tensor that is empty or has exactly one element, we get a `SIGABRT` signal raised by the operating system. The issue is patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02 and is released in TensorFlow version 2.3.1. |
Affected by 205 other vulnerabilities. |
|
VCID-cu5c-pmqv-xkdz
Aliases: BIT-tensorflow-2021-41200 CVE-2021-41200 GHSA-gh8h-7j2j-qv4f PYSEC-2021-393 PYSEC-2021-610 PYSEC-2021-808 |
multiple issues |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 79 other vulnerabilities. |
|
VCID-d1s7-gp3x-1ff6
Aliases: BIT-tensorflow-2020-15193 CVE-2020-15193 GHSA-rjjg-hgv6-h69v PYSEC-2020-116 PYSEC-2020-273 PYSEC-2020-308 |
In Tensorflow before versions 2.2.1 and 2.3.1, the implementation of `dlpack.to_dlpack` can be made to use uninitialized memory resulting in further memory corruption. This is because the pybind11 glue code assumes that the argument is a tensor. However, there is nothing stopping users from passing in a Python object instead of a tensor. The uninitialized memory address is due to a `reinterpret_cast` Since the `PyObject` is a Python object, not a TensorFlow Tensor, the cast to `EagerTensor` fails. The issue is patched in commit 22e07fb204386768e5bcbea563641ea11f96ceb8 and is released in TensorFlow versions 2.2.1, or 2.3.1. |
Affected by 205 other vulnerabilities. |
|
VCID-dumr-5w15-kbfg
Aliases: BIT-tensorflow-2020-15198 CVE-2020-15198 GHSA-jc87-6vpp-7ff3 PYSEC-2020-121 PYSEC-2020-278 PYSEC-2020-313 |
In Tensorflow before version 2.3.1, the `SparseCountSparseOutput` implementation does not validate that the input arguments form a valid sparse tensor. In particular, there is no validation that the `indices` tensor has the same shape as the `values` one. The values in these tensors are always accessed in parallel. Thus, a shape mismatch can result in accesses outside the bounds of heap allocated buffers. The issue is patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02 and is released in TensorFlow version 2.3.1. |
Affected by 205 other vulnerabilities. |
|
VCID-exm3-hpp6-g7hg
Aliases: BIT-tensorflow-2021-41205 CVE-2021-41205 GHSA-49rx-x2rw-pc6f PYSEC-2021-398 PYSEC-2021-615 PYSEC-2021-813 |
multiple issues |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 79 other vulnerabilities. |
|
VCID-g144-4yvx-xybr
Aliases: BIT-tensorflow-2021-41202 CVE-2021-41202 GHSA-xrqm-fpgr-6hhx PYSEC-2021-395 PYSEC-2021-612 PYSEC-2021-810 |
multiple issues |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 79 other vulnerabilities. |
|
VCID-g423-bnfj-kybz
Aliases: BIT-tensorflow-2021-41224 CVE-2021-41224 GHSA-rg3m-hqc5-344v PYSEC-2021-416 PYSEC-2021-633 PYSEC-2021-831 |
multiple issues |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 79 other vulnerabilities. |
|
VCID-gbft-tx74-wkhf
Aliases: BIT-tensorflow-2021-41210 CVE-2021-41210 GHSA-m342-ff57-4jcc PYSEC-2021-402 PYSEC-2021-619 PYSEC-2021-817 |
multiple issues |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 79 other vulnerabilities. |
|
VCID-kupu-frrt-pqen
Aliases: BIT-tensorflow-2021-41216 CVE-2021-41216 GHSA-3ff2-r28g-w7h9 PYSEC-2021-408 PYSEC-2021-625 PYSEC-2021-823 |
multiple issues |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 79 other vulnerabilities. |
|
VCID-mq77-h12e-2ybx
Aliases: BIT-tensorflow-2020-15200 CVE-2020-15200 GHSA-x7rp-74x2-mjf3 PYSEC-2020-123 PYSEC-2020-280 PYSEC-2020-315 |
In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` implementation does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the values in the `splits` tensor generate a valid partitioning of the `values` tensor. Thus, the code sets up conditions to cause a heap buffer overflow. A `BatchedMap` is equivalent to a vector where each element is a hashmap. However, if the first element of `splits_values` is not 0, `batch_idx` will never be 1, hence there will be no hashmap at index 0 in `per_batch_counts`. Trying to access that in the user code results in a segmentation fault. The issue is patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02 and is released in TensorFlow version 2.3.1. |
Affected by 205 other vulnerabilities. |
|
VCID-myjm-gbbc-qucg
Aliases: BIT-tensorflow-2021-41203 CVE-2021-41203 GHSA-7pxj-m4jf-r6h2 PYSEC-2021-396 PYSEC-2021-613 PYSEC-2021-811 |
multiple issues |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 79 other vulnerabilities. |
|
VCID-nfr9-fgdn-4kh8
Aliases: BIT-tensorflow-2021-41222 CVE-2021-41222 GHSA-cpf4-wx82-gxp6 PYSEC-2021-414 PYSEC-2021-631 PYSEC-2021-829 |
multiple issues |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 79 other vulnerabilities. |
|
VCID-psxc-9ka2-uuaj
Aliases: BIT-tensorflow-2020-15201 CVE-2020-15201 GHSA-p5f8-gfw5-33w4 PYSEC-2020-124 PYSEC-2020-281 PYSEC-2020-316 |
In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` implementation does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the values in the `splits` tensor generate a valid partitioning of the `values` tensor. Hence, the code is prone to heap buffer overflow. If `split_values` does not end with a value at least `num_values` then the `while` loop condition will trigger a read outside of the bounds of `split_values` once `batch_idx` grows too large. The issue is patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02 and is released in TensorFlow version 2.3.1. |
Affected by 205 other vulnerabilities. |
|
VCID-qdnt-cg25-5kdx
Aliases: BIT-tensorflow-2021-41197 CVE-2021-41197 GHSA-prcg-wp5q-rv7p PYSEC-2021-390 PYSEC-2021-607 PYSEC-2021-805 |
multiple issues |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 79 other vulnerabilities. |
|
VCID-qvnc-gzf6-y3f3
Aliases: BIT-tensorflow-2021-41196 CVE-2021-41196 GHSA-m539-j985-hcr8 PYSEC-2021-389 PYSEC-2021-606 PYSEC-2021-804 |
multiple issues |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 79 other vulnerabilities. |
|
VCID-rkx2-5nyj-bbhu
Aliases: BIT-tensorflow-2021-41218 CVE-2021-41218 GHSA-9crf-c6qr-r273 PYSEC-2021-410 PYSEC-2021-627 PYSEC-2021-825 |
multiple issues |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 79 other vulnerabilities. |
|
VCID-rp89-jyjd-cbc2
Aliases: BIT-tensorflow-2020-15266 CVE-2020-15266 GHSA-xwhf-g6j5-j5gc PYSEC-2020-139 PYSEC-2020-296 PYSEC-2020-331 |
denial of service |
Affected by 198 other vulnerabilities. |
|
VCID-rr2a-8jrx-6ue8
Aliases: BIT-tensorflow-2021-41213 CVE-2021-41213 GHSA-h67m-xg8f-fxcf PYSEC-2021-405 PYSEC-2021-622 PYSEC-2021-820 |
multiple issues |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 79 other vulnerabilities. |
|
VCID-rujq-67w1-u3g7
Aliases: BIT-tensorflow-2021-41225 CVE-2021-41225 GHSA-7r94-xv9v-63jw PYSEC-2021-417 PYSEC-2021-634 PYSEC-2021-832 |
multiple issues |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 79 other vulnerabilities. |
|
VCID-sb7m-pngm-5fbj
Aliases: BIT-tensorflow-2021-41215 CVE-2021-41215 GHSA-x3v8-c8qx-3j3r PYSEC-2021-407 PYSEC-2021-624 PYSEC-2021-822 |
multiple issues |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 79 other vulnerabilities. |
|
VCID-sf59-u7jt-4bd5
Aliases: BIT-tensorflow-2021-41206 CVE-2021-41206 GHSA-pgcq-h79j-2f69 PYSEC-2021-843 PYSEC-2021-845 PYSEC-2021-847 |
multiple issues |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-w2ns-kqmv-xfan
Aliases: BIT-tensorflow-2021-41208 CVE-2021-41208 GHSA-57wx-m983-2f88 PYSEC-2021-400 PYSEC-2021-617 PYSEC-2021-815 |
multiple issues |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 79 other vulnerabilities. |
|
VCID-xbt8-r95u-sqbu
Aliases: BIT-tensorflow-2021-41201 CVE-2021-41201 GHSA-j86v-p27c-73fm PYSEC-2021-394 PYSEC-2021-611 PYSEC-2021-809 |
multiple issues |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 79 other vulnerabilities. |
|
VCID-y7hx-h69v-wfcy
Aliases: BIT-tensorflow-2021-41212 CVE-2021-41212 GHSA-fr77-rrx3-cp7g PYSEC-2021-404 PYSEC-2021-621 PYSEC-2021-819 |
multiple issues |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 79 other vulnerabilities. |
|
VCID-yh43-ndzp-4ue9
Aliases: BIT-tensorflow-2021-41195 CVE-2021-41195 GHSA-cq76-mxrc-vchh PYSEC-2021-842 PYSEC-2021-844 PYSEC-2021-846 |
multiple issues |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||