diff --git a/data/insecure_full.json b/data/insecure_full.json index 942e6988..ddd37c0d 100644 --- a/data/insecure_full.json +++ b/data/insecure_full.json @@ -2,7 +2,7 @@ "$meta": { "advisory": "PyUp.io metadata", "base_domain": "https://pyup.io", - "timestamp": 1696140056 + "timestamp": 1698818458 }, "10cent10": [ { @@ -929,9 +929,9 @@ "aim": [ { "advisory": "Aim 1.2.13 updates its dependency 'pillow' to v6.2.2 to include security fixes.", - "cve": "CVE-2020-5313", - "id": "pyup.io-48615", - "more_info_path": "/vulnerabilities/CVE-2020-5313/48615", + "cve": "CVE-2020-5311", + "id": "pyup.io-48613", + "more_info_path": "/vulnerabilities/CVE-2020-5311/48613", "specs": [ "<1.2.13" ], @@ -939,9 +939,9 @@ }, { "advisory": "Aim 1.2.13 updates its dependency 'pillow' to v6.2.2 to include security fixes.", - "cve": "CVE-2020-5311", - "id": "pyup.io-48613", - "more_info_path": "/vulnerabilities/CVE-2020-5311/48613", + "cve": "CVE-2020-5313", + "id": "pyup.io-48615", + "more_info_path": "/vulnerabilities/CVE-2020-5313/48615", "specs": [ "<1.2.13" ], @@ -1079,6 +1079,26 @@ ], "v": "<3.8.0" }, + { + "advisory": "Aiohttp 3.8.6 updates vendored copy of 'llhttp' to v9.1.3 to include a security fix.\r\nhttps://github.com/aio-libs/aiohttp/security/advisories/GHSA-pjjw-qhg8-p2p9", + "cve": "PVE-2023-61657", + "id": "pyup.io-61657", + "more_info_path": "/vulnerabilities/PVE-2023-61657/61657", + "specs": [ + "<3.8.6" + ], + "v": "<3.8.6" + }, + { + "advisory": "Aiohttp 3.8.6 updates Python parser to comply with RFCs 9110/9112.\r\nhttps://github.com/aio-libs/aiohttp/security/advisories/GHSA-gfw2-4jvh-wgfg\r\nhttps://github.com/aio-libs/aiohttp/pull/7663", + "cve": null, + "id": "pyup.io-61661", + "more_info_path": "/vulnerabilities/None/61661", + "specs": [ + "<3.8.6" + ], + "v": "<3.8.6" + }, { "advisory": "Aiohttp 3.8.5 includes a fix for CVE-2023-37276: Sending a crafted HTTP request will cause the server to misinterpret one of the HTTP header values leading to HTTP request smuggling.\r\nhttps://github.com/aio-libs/aiohttp/commit/9337fb3f2ab2b5f38d7e98a194bde6f7e3d16c40\r\nhttps://github.com/aio-libs/aiohttp/security/advisories/GHSA-45c4-8wx5-qw6w", "cve": "CVE-2023-37276", @@ -1662,6 +1682,116 @@ ], "v": "<3.2.12.0" }, + { + "advisory": "Aldryn-django 3.2.13.0 updates its dependency 'django' to v3.2.13 to include a security fix.", + "cve": "CVE-2022-28346", + "id": "pyup.io-61624", + "more_info_path": "/vulnerabilities/CVE-2022-28346/61624", + "specs": [ + "<3.2.13.0" + ], + "v": "<3.2.13.0" + }, + { + "advisory": "Aldryn-django 3.2.13.0 updates its dependency 'django' to v3.2.13 to include a security fix.", + "cve": "CVE-2022-28347", + "id": "pyup.io-61645", + "more_info_path": "/vulnerabilities/CVE-2022-28347/61645", + "specs": [ + "<3.2.13.0" + ], + "v": "<3.2.13.0" + }, + { + "advisory": "Aldryn-django 3.2.14.0 updates its dependency 'django' to v3.2.14 to include a security fix.", + "cve": "CVE-2022-34265", + "id": "pyup.io-61623", + "more_info_path": "/vulnerabilities/CVE-2022-34265/61623", + "specs": [ + "<3.2.14.0" + ], + "v": "<3.2.14.0" + }, + { + "advisory": "Aldryn-django 3.2.15.0 updates its dependency 'django' to v3.2.15 to include a security fix.", + "cve": "CVE-2022-36359", + "id": "pyup.io-61622", + "more_info_path": "/vulnerabilities/CVE-2022-36359/61622", + "specs": [ + "<3.2.15.0" + ], + "v": "<3.2.15.0" + }, + { + "advisory": "Aldryn-django 3.2.16.0 updates its dependency 'django' to v3.2.16 to include a security fix.", + "cve": "CVE-2022-41323", + "id": "pyup.io-61621", + "more_info_path": "/vulnerabilities/CVE-2022-41323/61621", + "specs": [ + "<3.2.16.0" + ], + "v": "<3.2.16.0" + }, + { + "advisory": "Aldryn-django 3.2.17.0 updates its dependency 'django' to v3.2.17 to include a security fix.", + "cve": "CVE-2023-23969", + "id": "pyup.io-61620", + "more_info_path": "/vulnerabilities/CVE-2023-23969/61620", + "specs": [ + "<3.2.17.0" + ], + "v": "<3.2.17.0" + }, + { + "advisory": "Aldryn-django 3.2.18.0 updates its dependency 'django' to v3.2.18 to include a security fix.", + "cve": "CVE-2023-24580", + "id": "pyup.io-61619", + "more_info_path": "/vulnerabilities/CVE-2023-24580/61619", + "specs": [ + "<3.2.18.0" + ], + "v": "<3.2.18.0" + }, + { + "advisory": "Aldryn-django 3.2.19.0 updates its dependency 'django' to v3.2.19 to include a security fix.", + "cve": "CVE-2023-31047", + "id": "pyup.io-61618", + "more_info_path": "/vulnerabilities/CVE-2023-31047/61618", + "specs": [ + "<3.2.19.0" + ], + "v": "<3.2.19.0" + }, + { + "advisory": "Aldryn-django 3.2.20.0 updates its dependency 'django' to v3.2.20 to include a security fix.", + "cve": "CVE-2023-36053", + "id": "pyup.io-61617", + "more_info_path": "/vulnerabilities/CVE-2023-36053/61617", + "specs": [ + "<3.2.20.0" + ], + "v": "<3.2.20.0" + }, + { + "advisory": "Aldryn-django 3.2.21.0 updates its dependency 'django' to v3.2.21 to include a security fix.", + "cve": "CVE-2023-41164", + "id": "pyup.io-61616", + "more_info_path": "/vulnerabilities/CVE-2023-41164/61616", + "specs": [ + "<3.2.21.0" + ], + "v": "<3.2.21.0" + }, + { + "advisory": "Aldryn-django 3.2.22.0 updates its dependency 'django' to v3.2.22 to include a security fix.", + "cve": "CVE-2023-43665", + "id": "pyup.io-61615", + "more_info_path": "/vulnerabilities/CVE-2023-43665/61615", + "specs": [ + "<3.2.22.0" + ], + "v": "<3.2.22.0" + }, { "advisory": "Aldryn-django 3.2.4.0 updates its dependency 'django' to v3.2.4 to include security fixes.", "cve": "CVE-2021-33571", @@ -2175,20 +2305,20 @@ "v": "<1.5.4" }, { - "advisory": "Ansible 1.5.5 includes a fix for CVE-2014-4658: The vault subsystem in Ansible before 1.5.5 does not set the umask before creation or modification of a vault file, which allows local users to obtain sensitive key information by reading a file.", - "cve": "CVE-2014-4658", - "id": "pyup.io-25618", - "more_info_path": "/vulnerabilities/CVE-2014-4658/25618", + "advisory": "Ansible 1.5.5 includes a fix for CVE-2014-4659: Ansible before 1.5.5 sets 0644 permissions for sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by reading a file that uses the \"deb http://user:pass@server:port/\" format.", + "cve": "CVE-2014-4659", + "id": "pyup.io-42854", + "more_info_path": "/vulnerabilities/CVE-2014-4659/42854", "specs": [ "<1.5.5" ], "v": "<1.5.5" }, { - "advisory": "Ansible 1.5.5 includes a fix for CVE-2014-4659: Ansible before 1.5.5 sets 0644 permissions for sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by reading a file that uses the \"deb http://user:pass@server:port/\" format.", - "cve": "CVE-2014-4659", - "id": "pyup.io-42854", - "more_info_path": "/vulnerabilities/CVE-2014-4659/42854", + "advisory": "Ansible 1.5.5 includes a fix for CVE-2014-4658: The vault subsystem in Ansible before 1.5.5 does not set the umask before creation or modification of a vault file, which allows local users to obtain sensitive key information by reading a file.", + "cve": "CVE-2014-4658", + "id": "pyup.io-25618", + "more_info_path": "/vulnerabilities/CVE-2014-4658/25618", "specs": [ "<1.5.5" ], @@ -2285,20 +2415,20 @@ "v": "<1.8.3" }, { - "advisory": "Ansible before 1.9.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.", - "cve": "CVE-2015-3908", - "id": "pyup.io-25625", - "more_info_path": "/vulnerabilities/CVE-2015-3908/25625", + "advisory": "Ansible 1.9.2 includes a fix for CVE-2015-6240: The chroot, jail, and zone connection plugins in Ansible before 1.9.2 allow local users to escape a restricted environment via a symlink attack.\r\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1243468", + "cve": "CVE-2015-6240", + "id": "pyup.io-42917", + "more_info_path": "/vulnerabilities/CVE-2015-6240/42917", "specs": [ "<1.9.2" ], "v": "<1.9.2" }, { - "advisory": "Ansible 1.9.2 includes a fix for CVE-2015-6240: The chroot, jail, and zone connection plugins in Ansible before 1.9.2 allow local users to escape a restricted environment via a symlink attack.\r\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1243468", - "cve": "CVE-2015-6240", - "id": "pyup.io-42917", - "more_info_path": "/vulnerabilities/CVE-2015-6240/42917", + "advisory": "Ansible before 1.9.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.", + "cve": "CVE-2015-3908", + "id": "pyup.io-25625", + "more_info_path": "/vulnerabilities/CVE-2015-3908/25625", "specs": [ "<1.9.2" ], @@ -2776,6 +2906,18 @@ ], "v": ">=2.7.0a0,<2.7.17,>=2.8.0a0,<2.8.11,>=2.9.0a0,<2.9.7" }, + { + "advisory": "Ansible versions 2.7.17, 2.8.9 and 2.9.6 include a fix for CVE-2020-1740: A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes \"ansible-vault edit\", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and the method write_data is called to write the existing secret in the file. This method will delete the file before recreating it insecurely. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.\r\nhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1740", + "cve": "CVE-2020-1740", + "id": "pyup.io-42869", + "more_info_path": "/vulnerabilities/CVE-2020-1740/42869", + "specs": [ + ">=2.7.0a0,<2.7.17", + ">=2.8.0a0,<2.8.9", + ">=2.9.0a0,<2.9.6" + ], + "v": ">=2.7.0a0,<2.7.17,>=2.8.0a0,<2.8.9,>=2.9.0a0,<2.9.6" + }, { "advisory": "Ansible versions 2.7.17, 2.8.9 and 2.9.6 include a fix for CVE-2020-1738: A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.\r\nhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1738", "cve": "CVE-2020-1738", @@ -2836,18 +2978,6 @@ ], "v": ">=2.7.0a0,<2.7.17,>=2.8.0a0,<2.8.9,>=2.9.0a0,<2.9.6" }, - { - "advisory": "Ansible versions 2.7.17, 2.8.9 and 2.9.6 include a fix for CVE-2020-1740: A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes \"ansible-vault edit\", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and the method write_data is called to write the existing secret in the file. This method will delete the file before recreating it insecurely. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.\r\nhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1740", - "cve": "CVE-2020-1740", - "id": "pyup.io-42869", - "more_info_path": "/vulnerabilities/CVE-2020-1740/42869", - "specs": [ - ">=2.7.0a0,<2.7.17", - ">=2.8.0a0,<2.8.9", - ">=2.9.0a0,<2.9.6" - ], - "v": ">=2.7.0a0,<2.7.17,>=2.8.0a0,<2.8.9,>=2.9.0a0,<2.9.6" - }, { "advisory": "Ansible versions 2.7.18, 2.8.12 and 2.9.9 include a fix for CVE-2020-10744: The provided fix for CVE-2020-1733 was insufficient to prevent the race condition on systems using ACLs and FUSE filesystems. Ansible Engine 2.7.18, 2.8.12, and 2.9.9 and previous versions are affected. Also Ansible Tower 3.4.5, 3.5.6 and 3.6.4 and previous versions.\r\nhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10744", "cve": "CVE-2020-10744", @@ -3151,9 +3281,9 @@ "ansys-tools-repo-sync": [ { "advisory": "Ansys-tools-repo-sync 0.1.17 updates its dependency 'urllib3' to v1.26.9 to include security fixes.", - "cve": "CVE-2020-26137", - "id": "pyup.io-51112", - "more_info_path": "/vulnerabilities/CVE-2020-26137/51112", + "cve": "CVE-2018-20060", + "id": "pyup.io-51115", + "more_info_path": "/vulnerabilities/CVE-2018-20060/51115", "specs": [ "<0.1.17" ], @@ -3161,9 +3291,9 @@ }, { "advisory": "Ansys-tools-repo-sync 0.1.17 updates its dependency 'urllib3' to v1.26.9 to include security fixes.", - "cve": "CVE-2018-20060", - "id": "pyup.io-51115", - "more_info_path": "/vulnerabilities/CVE-2018-20060/51115", + "cve": "CVE-2019-11324", + "id": "pyup.io-51113", + "more_info_path": "/vulnerabilities/CVE-2019-11324/51113", "specs": [ "<0.1.17" ], @@ -3171,9 +3301,9 @@ }, { "advisory": "Ansys-tools-repo-sync 0.1.17 updates its dependency 'urllib3' to v1.26.9 to include security fixes.", - "cve": "CVE-2019-11324", - "id": "pyup.io-51113", - "more_info_path": "/vulnerabilities/CVE-2019-11324/51113", + "cve": "CVE-2021-33503", + "id": "pyup.io-51024", + "more_info_path": "/vulnerabilities/CVE-2021-33503/51024", "specs": [ "<0.1.17" ], @@ -3191,9 +3321,9 @@ }, { "advisory": "Ansys-tools-repo-sync 0.1.17 updates its dependency 'urllib3' to v1.26.9 to include security fixes.", - "cve": "CVE-2021-33503", - "id": "pyup.io-51024", - "more_info_path": "/vulnerabilities/CVE-2021-33503/51024", + "cve": "CVE-2020-26137", + "id": "pyup.io-51112", + "more_info_path": "/vulnerabilities/CVE-2020-26137/51112", "specs": [ "<0.1.17" ], @@ -3342,20 +3472,20 @@ "v": "<1.10.12" }, { - "advisory": "The \"origin\" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions prior to 1.10.13. This is same as CVE-2020-13944 but the implemented fix in Airflow 1.10.13 did not fix the issue completely.", - "cve": "CVE-2020-17515", - "id": "pyup.io-42326", - "more_info_path": "/vulnerabilities/CVE-2020-17515/42326", + "advisory": "In Apache Airflow versions prior to 1.10.13, the Charts and Query View of the old (Flask-admin based) UI were vulnerable for SSRF attack. See CVE-2020-17513.", + "cve": "CVE-2020-17513", + "id": "pyup.io-39282", + "more_info_path": "/vulnerabilities/CVE-2020-17513/39282", "specs": [ "<1.10.13" ], "v": "<1.10.13" }, { - "advisory": "In Apache Airflow versions prior to 1.10.13, the Charts and Query View of the old (Flask-admin based) UI were vulnerable for SSRF attack. See CVE-2020-17513.", - "cve": "CVE-2020-17513", - "id": "pyup.io-39282", - "more_info_path": "/vulnerabilities/CVE-2020-17513/39282", + "advisory": "The \"origin\" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions prior to 1.10.13. This is same as CVE-2020-13944 but the implemented fix in Airflow 1.10.13 did not fix the issue completely.", + "cve": "CVE-2020-17515", + "id": "pyup.io-42326", + "more_info_path": "/vulnerabilities/CVE-2020-17515/42326", "specs": [ "<1.10.13" ], @@ -3461,6 +3591,16 @@ ], "v": "<2.2.5" }, + { + "advisory": "Apache-airflow 2.3.0 updates its NPM dependency 'tar' requirement to '>=6.1.9' to include security fixes.", + "cve": "CVE-2021-37712", + "id": "pyup.io-48617", + "more_info_path": "/vulnerabilities/CVE-2021-37712/48617", + "specs": [ + "<2.3.0" + ], + "v": "<2.3.0" + }, { "advisory": "Apache-airflow 2.3.0 updates its NPM dependency 'tar' requirement to '>=6.1.9' to include security fixes.", "cve": "CVE-2021-37701", @@ -3491,16 +3631,6 @@ ], "v": "<2.3.0" }, - { - "advisory": "Apache-airflow 2.3.0 updates its NPM dependency 'tar' requirement to '>=6.1.9' to include security fixes.", - "cve": "CVE-2021-37712", - "id": "pyup.io-48617", - "more_info_path": "/vulnerabilities/CVE-2021-37712/48617", - "specs": [ - "<2.3.0" - ], - "v": "<2.3.0" - }, { "advisory": "Apache-airflow 2.7.0 disables default allowing the testing of connections in UI, API and CLI for security reasons.\r\nhttps://github.com/apache/airflow/pull/32052", "cve": "PVE-2023-60952", @@ -3592,20 +3722,20 @@ "v": ">=0,<1.10.11rc1" }, { - "advisory": "An issue was found in Apache Airflow versions 1.10.10 and below. A stored XSS vulnerability was discovered in the Chart pages of the the \"classic\" UI.", - "cve": "CVE-2020-9485", - "id": "pyup.io-54204", - "more_info_path": "/vulnerabilities/CVE-2020-9485/54204", + "advisory": "Apache-airflow 1.10.11rc1 includes a fix for CVE-2020-11978: A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow which would allow any authenticated user to run arbitrary commands as the user running airflow worker/scheduler (depending on the executor in use). If you already have examples disabled by setting load_examples=False in the config then you are not vulnerable.", + "cve": "CVE-2020-11978", + "id": "pyup.io-54349", + "more_info_path": "/vulnerabilities/CVE-2020-11978/54349", "specs": [ ">=0,<1.10.11rc1" ], "v": ">=0,<1.10.11rc1" }, { - "advisory": "Apache-airflow 1.10.11rc1 includes a fix for CVE-2020-11978: A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow which would allow any authenticated user to run arbitrary commands as the user running airflow worker/scheduler (depending on the executor in use). If you already have examples disabled by setting load_examples=False in the config then you are not vulnerable.", - "cve": "CVE-2020-11978", - "id": "pyup.io-54349", - "more_info_path": "/vulnerabilities/CVE-2020-11978/54349", + "advisory": "An issue was found in Apache Airflow versions 1.10.10 and below. A stored XSS vulnerability was discovered in the Chart pages of the the \"classic\" UI.", + "cve": "CVE-2020-9485", + "id": "pyup.io-54204", + "more_info_path": "/vulnerabilities/CVE-2020-9485/54204", "specs": [ ">=0,<1.10.11rc1" ], @@ -3702,20 +3832,20 @@ "v": ">=0,<1.9.0" }, { - "advisory": "In Apache Airflow 1.8.2 and earlier, an authenticated user can execute code remotely on the Airflow webserver by creating a special object.\r\nhttps://github.com/apache/airflow/pull/2132", - "cve": "CVE-2017-15720", - "id": "pyup.io-53938", - "more_info_path": "/vulnerabilities/CVE-2017-15720/53938", + "advisory": "In Apache Airflow 1.8.2 and earlier, a CSRF vulnerability allowed for a remote command injection on a default install of Airflow.", + "cve": "CVE-2017-17835", + "id": "pyup.io-53948", + "more_info_path": "/vulnerabilities/CVE-2017-17835/53948", "specs": [ ">=0,<1.9.0" ], "v": ">=0,<1.9.0" }, { - "advisory": "In Apache Airflow 1.8.2 and earlier, a CSRF vulnerability allowed for a remote command injection on a default install of Airflow.", - "cve": "CVE-2017-17835", - "id": "pyup.io-53948", - "more_info_path": "/vulnerabilities/CVE-2017-17835/53948", + "advisory": "In Apache Airflow 1.8.2 and earlier, an authenticated user can execute code remotely on the Airflow webserver by creating a special object.\r\nhttps://github.com/apache/airflow/pull/2132", + "cve": "CVE-2017-15720", + "id": "pyup.io-53938", + "more_info_path": "/vulnerabilities/CVE-2017-15720/53938", "specs": [ ">=0,<1.9.0" ], @@ -5280,20 +5410,20 @@ "v": "<=3.0.0" }, { - "advisory": "Apache-airflow-providers-cloudant 3.0.0 and prior versions ship with vulnerable dependencies (wtforms == 2.3.3).", - "cve": "PVE-2021-42852", - "id": "pyup.io-49844", - "more_info_path": "/vulnerabilities/PVE-2021-42852/49844", + "advisory": "Apache-airflow-providers-cloudant 3.0.0 and prior versions ship with vulnerable dependencies (click == 7.1.2).", + "cve": "PVE-2022-47833", + "id": "pyup.io-49842", + "more_info_path": "/vulnerabilities/PVE-2022-47833/49842", "specs": [ "<=3.0.0" ], "v": "<=3.0.0" }, { - "advisory": "Apache-airflow-providers-cloudant 3.0.0 and prior versions ship with vulnerable dependencies (click == 7.1.2).", - "cve": "PVE-2022-47833", - "id": "pyup.io-49842", - "more_info_path": "/vulnerabilities/PVE-2022-47833/49842", + "advisory": "Apache-airflow-providers-cloudant 3.0.0 and prior versions ship with vulnerable dependencies (wtforms == 2.3.3).", + "cve": "PVE-2021-42852", + "id": "pyup.io-49844", + "more_info_path": "/vulnerabilities/PVE-2021-42852/49844", "specs": [ "<=3.0.0" ], @@ -5311,16 +5441,6 @@ ], "v": "<=3.0.0" }, - { - "advisory": "Apache-airflow-providers-databricks 3.0.0 and prior versions ship with vulnerable dependencies (pyjwt == 1.7.1).", - "cve": "CVE-2022-29217", - "id": "pyup.io-49825", - "more_info_path": "/vulnerabilities/CVE-2022-29217/49825", - "specs": [ - "<=3.0.0" - ], - "v": "<=3.0.0" - }, { "advisory": "Apache-airflow-providers-databricks 3.0.0 and prior versions ship with vulnerable dependencies (click == 7.1.2).", "cve": "PVE-2022-47833", @@ -5330,19 +5450,19 @@ "<=3.0.0" ], "v": "<=3.0.0" - } - ], - "apache-airflow-providers-datadog": [ + }, { - "advisory": "Apache-airflow-providers-datadog 3.0.0 and prior versions ship with vulnerable dependencies (pyjwt == 1.7.1).", + "advisory": "Apache-airflow-providers-databricks 3.0.0 and prior versions ship with vulnerable dependencies (pyjwt == 1.7.1).", "cve": "CVE-2022-29217", - "id": "pyup.io-49888", - "more_info_path": "/vulnerabilities/CVE-2022-29217/49888", + "id": "pyup.io-49825", + "more_info_path": "/vulnerabilities/CVE-2022-29217/49825", "specs": [ "<=3.0.0" ], "v": "<=3.0.0" - }, + } + ], + "apache-airflow-providers-datadog": [ { "advisory": "Apache-airflow-providers-datadog 3.0.0 and prior versions ship with vulnerable dependencies (click == 7.1.2).", "cve": "PVE-2022-47833", @@ -5362,6 +5482,16 @@ "<=3.0.0" ], "v": "<=3.0.0" + }, + { + "advisory": "Apache-airflow-providers-datadog 3.0.0 and prior versions ship with vulnerable dependencies (pyjwt == 1.7.1).", + "cve": "CVE-2022-29217", + "id": "pyup.io-49888", + "more_info_path": "/vulnerabilities/CVE-2022-29217/49888", + "specs": [ + "<=3.0.0" + ], + "v": "<=3.0.0" } ], "apache-airflow-providers-docker": [ @@ -5397,16 +5527,6 @@ } ], "apache-airflow-providers-google": [ - { - "advisory": "Apache-airflow-providers-google 8.1.0 and prior versions ship with vulnerable dependencies (wtforms == 2.3.3).", - "cve": "PVE-2021-42852", - "id": "pyup.io-49886", - "more_info_path": "/vulnerabilities/PVE-2021-42852/49886", - "specs": [ - "<=8.1.0" - ], - "v": "<=8.1.0" - }, { "advisory": "Apache-airflow-providers-google 8.1.0 and prior versions ship with vulnerable dependencies (pyjwt == 1.7.1).", "cve": "CVE-2022-29217", @@ -5428,14 +5548,14 @@ "v": "<=8.1.0" }, { - "advisory": "Improper Input Validation vulnerability in the Apache Airflow Google Provider. This issue affects Apache Airflow Google Provider versions before 8.10.0.", - "cve": "CVE-2023-25691", - "id": "pyup.io-54665", - "more_info_path": "/vulnerabilities/CVE-2023-25691/54665", + "advisory": "Apache-airflow-providers-google 8.1.0 and prior versions ship with vulnerable dependencies (wtforms == 2.3.3).", + "cve": "PVE-2021-42852", + "id": "pyup.io-49886", + "more_info_path": "/vulnerabilities/PVE-2021-42852/49886", "specs": [ - ">=0,<8.10.0" + "<=8.1.0" ], - "v": ">=0,<8.10.0" + "v": "<=8.1.0" }, { "advisory": "Improper Input Validation vulnerability in the Apache Airflow Google Provider. This issue affects Apache Airflow Google Provider versions before 8.10.0.", @@ -5446,6 +5566,16 @@ ">=0,<8.10.0" ], "v": ">=0,<8.10.0" + }, + { + "advisory": "Improper Input Validation vulnerability in the Apache Airflow Google Provider. This issue affects Apache Airflow Google Provider versions before 8.10.0.", + "cve": "CVE-2023-25691", + "id": "pyup.io-54665", + "more_info_path": "/vulnerabilities/CVE-2023-25691/54665", + "specs": [ + ">=0,<8.10.0" + ], + "v": ">=0,<8.10.0" } ], "apache-airflow-providers-jdbc": [ @@ -5546,20 +5676,20 @@ ], "apache-airflow-providers-microsoft-azure": [ { - "advisory": "Apache-airflow-providers-microsoft-azure 4.0.0 and prior versions ship with vulnerable dependencies (pyjwt == 1.7.1).", - "cve": "CVE-2022-29217", - "id": "pyup.io-49876", - "more_info_path": "/vulnerabilities/CVE-2022-29217/49876", + "advisory": "Apache-airflow-providers-microsoft-azure 4.0.0 and prior versions ship with vulnerable dependencies (wtforms == 2.3.3).", + "cve": "PVE-2021-42852", + "id": "pyup.io-49877", + "more_info_path": "/vulnerabilities/PVE-2021-42852/49877", "specs": [ "<=4.0.0" ], "v": "<=4.0.0" }, { - "advisory": "Apache-airflow-providers-microsoft-azure 4.0.0 and prior versions ship with vulnerable dependencies (wtforms == 2.3.3).", - "cve": "PVE-2021-42852", - "id": "pyup.io-49877", - "more_info_path": "/vulnerabilities/PVE-2021-42852/49877", + "advisory": "Apache-airflow-providers-microsoft-azure 4.0.0 and prior versions ship with vulnerable dependencies (pyjwt == 1.7.1).", + "cve": "CVE-2022-29217", + "id": "pyup.io-49876", + "more_info_path": "/vulnerabilities/CVE-2022-29217/49876", "specs": [ "<=4.0.0" ], @@ -5715,16 +5845,6 @@ } ], "apache-airflow-providers-oracle": [ - { - "advisory": "Apache-airflow-providers-oracle 3.1.0 and prior versions ship with vulnerable dependencies (click == 7.1.2).", - "cve": "PVE-2022-47833", - "id": "pyup.io-49866", - "more_info_path": "/vulnerabilities/PVE-2022-47833/49866", - "specs": [ - "<=3.1.0" - ], - "v": "<=3.1.0" - }, { "advisory": "Apache-airflow-providers-oracle 3.1.0 and prior versions ship with vulnerable dependencies (pyjwt == 1.7.1).", "cve": "CVE-2022-29217", @@ -5744,6 +5864,16 @@ "<=3.1.0" ], "v": "<=3.1.0" + }, + { + "advisory": "Apache-airflow-providers-oracle 3.1.0 and prior versions ship with vulnerable dependencies (click == 7.1.2).", + "cve": "PVE-2022-47833", + "id": "pyup.io-49866", + "more_info_path": "/vulnerabilities/PVE-2022-47833/49866", + "specs": [ + "<=3.1.0" + ], + "v": "<=3.1.0" } ], "apache-airflow-providers-pagerduty": [ @@ -5790,20 +5920,20 @@ "v": "<=3.0.0" }, { - "advisory": "Apache-airflow-providers-plexus 3.0.0 and prior versions ship with vulnerable dependencies (click == 7.1.2).", - "cve": "PVE-2022-47833", - "id": "pyup.io-49839", - "more_info_path": "/vulnerabilities/PVE-2022-47833/49839", + "advisory": "Apache-airflow-providers-plexus 3.0.0 and prior versions ship with vulnerable dependencies (pyjwt == 1.7.1).", + "cve": "CVE-2022-29217", + "id": "pyup.io-49840", + "more_info_path": "/vulnerabilities/CVE-2022-29217/49840", "specs": [ "<=3.0.0" ], "v": "<=3.0.0" }, { - "advisory": "Apache-airflow-providers-plexus 3.0.0 and prior versions ship with vulnerable dependencies (pyjwt == 1.7.1).", - "cve": "CVE-2022-29217", - "id": "pyup.io-49840", - "more_info_path": "/vulnerabilities/CVE-2022-29217/49840", + "advisory": "Apache-airflow-providers-plexus 3.0.0 and prior versions ship with vulnerable dependencies (click == 7.1.2).", + "cve": "PVE-2022-47833", + "id": "pyup.io-49839", + "more_info_path": "/vulnerabilities/PVE-2022-47833/49839", "specs": [ "<=3.0.0" ], @@ -5844,10 +5974,10 @@ ], "apache-airflow-providers-presto": [ { - "advisory": "Apache-airflow-providers-presto 3.0.0 and prior versions ship with vulnerable dependencies (wtforms == 2.3.3).", - "cve": "PVE-2021-42852", - "id": "pyup.io-49865", - "more_info_path": "/vulnerabilities/PVE-2021-42852/49865", + "advisory": "Apache-airflow-providers-presto 3.0.0 and prior versions ship with vulnerable dependencies (click == 7.1.2).", + "cve": "PVE-2022-47833", + "id": "pyup.io-49863", + "more_info_path": "/vulnerabilities/PVE-2022-47833/49863", "specs": [ "<=3.0.0" ], @@ -5864,10 +5994,10 @@ "v": "<=3.0.0" }, { - "advisory": "Apache-airflow-providers-presto 3.0.0 and prior versions ship with vulnerable dependencies (click == 7.1.2).", - "cve": "PVE-2022-47833", - "id": "pyup.io-49863", - "more_info_path": "/vulnerabilities/PVE-2022-47833/49863", + "advisory": "Apache-airflow-providers-presto 3.0.0 and prior versions ship with vulnerable dependencies (wtforms == 2.3.3).", + "cve": "PVE-2021-42852", + "id": "pyup.io-49865", + "more_info_path": "/vulnerabilities/PVE-2021-42852/49865", "specs": [ "<=3.0.0" ], @@ -6036,20 +6166,20 @@ ], "apache-airflow-providers-ssh": [ { - "advisory": "Apache-airflow-providers-ssh 3.0.0 and prior versions ship with vulnerable dependencies (pyjwt == 1.7.1).", - "cve": "CVE-2022-29217", - "id": "pyup.io-49897", - "more_info_path": "/vulnerabilities/CVE-2022-29217/49897", + "advisory": "Apache-airflow-providers-ssh 3.0.0 and prior versions ship with vulnerable dependencies (wtforms == 2.3.3).", + "cve": "PVE-2021-42852", + "id": "pyup.io-49898", + "more_info_path": "/vulnerabilities/PVE-2021-42852/49898", "specs": [ "<=3.0.0" ], "v": "<=3.0.0" }, { - "advisory": "Apache-airflow-providers-ssh 3.0.0 and prior versions ship with vulnerable dependencies (wtforms == 2.3.3).", - "cve": "PVE-2021-42852", - "id": "pyup.io-49898", - "more_info_path": "/vulnerabilities/PVE-2021-42852/49898", + "advisory": "Apache-airflow-providers-ssh 3.0.0 and prior versions ship with vulnerable dependencies (pyjwt == 1.7.1).", + "cve": "CVE-2022-29217", + "id": "pyup.io-49897", + "more_info_path": "/vulnerabilities/CVE-2022-29217/49897", "specs": [ "<=3.0.0" ], @@ -6067,6 +6197,16 @@ } ], "apache-airflow-providers-tableau": [ + { + "advisory": "Apache-airflow-providers-tableau 3.0.0 and prior versions ship with vulnerable dependencies (click == 7.1.2).", + "cve": "PVE-2022-47833", + "id": "pyup.io-49881", + "more_info_path": "/vulnerabilities/PVE-2022-47833/49881", + "specs": [ + "<=3.0.0" + ], + "v": "<=3.0.0" + }, { "advisory": "Apache-airflow-providers-tableau 3.0.0 and prior versions ship with vulnerable dependencies (wtforms == 2.3.3).", "cve": "PVE-2021-42852", @@ -6086,16 +6226,6 @@ "<=3.0.0" ], "v": "<=3.0.0" - }, - { - "advisory": "Apache-airflow-providers-tableau 3.0.0 and prior versions ship with vulnerable dependencies (click == 7.1.2).", - "cve": "PVE-2022-47833", - "id": "pyup.io-49881", - "more_info_path": "/vulnerabilities/PVE-2022-47833/49881", - "specs": [ - "<=3.0.0" - ], - "v": "<=3.0.0" } ], "apache-airflow-providers-telegram": [ @@ -6141,16 +6271,6 @@ ], "v": "<3.0.0" }, - { - "advisory": "Apache-dolphinscheduler 3.0.0 updates its MAVEN dependency 'jackson.databind' to v2.9.10.8 to include security fixes.", - "cve": "CVE-2018-19362", - "id": "pyup.io-50543", - "more_info_path": "/vulnerabilities/CVE-2018-19362/50543", - "specs": [ - "<3.0.0" - ], - "v": "<3.0.0" - }, { "advisory": "Apache-dolphinscheduler 3.0.0 updates its MAVEN dependency 'postgresql' to v42.3.4 to include security fixes.", "cve": "CVE-2022-31197", @@ -6163,9 +6283,9 @@ }, { "advisory": "Apache-dolphinscheduler 3.0.0 updates its MAVEN dependency 'jackson.databind' to v2.9.10.8 to include security fixes.", - "cve": "CVE-2020-11113", - "id": "pyup.io-50552", - "more_info_path": "/vulnerabilities/CVE-2020-11113/50552", + "cve": "CVE-2018-19362", + "id": "pyup.io-50543", + "more_info_path": "/vulnerabilities/CVE-2018-19362/50543", "specs": [ "<3.0.0" ], @@ -6181,6 +6301,16 @@ ], "v": "<3.0.0" }, + { + "advisory": "Apache-dolphinscheduler 3.0.0 updates its MAVEN dependency 'jackson.databind' to v2.9.10.8 to include security fixes.", + "cve": "CVE-2020-11113", + "id": "pyup.io-50552", + "more_info_path": "/vulnerabilities/CVE-2020-11113/50552", + "specs": [ + "<3.0.0" + ], + "v": "<3.0.0" + }, { "advisory": "Apache-dolphinscheduler 3.0.0 updates its MAVEN dependency 'jackson.databind' to v2.9.10.8 to include security fixes.", "cve": "CVE-2020-10672", @@ -6233,9 +6363,9 @@ }, { "advisory": "Apache-dolphinscheduler 3.0.0 updates its MAVEN dependency 'jackson.databind' to v2.9.10.8 to include security fixes.", - "cve": "CVE-2019-12086", - "id": "pyup.io-50535", - "more_info_path": "/vulnerabilities/CVE-2019-12086/50535", + "cve": "CVE-2019-14540", + "id": "pyup.io-50534", + "more_info_path": "/vulnerabilities/CVE-2019-14540/50534", "specs": [ "<3.0.0" ], @@ -6243,9 +6373,9 @@ }, { "advisory": "Apache-dolphinscheduler 3.0.0 updates its MAVEN dependency 'jackson.databind' to v2.9.10.8 to include security fixes.", - "cve": "CVE-2020-9546", - "id": "pyup.io-50523", - "more_info_path": "/vulnerabilities/CVE-2020-9546/50523", + "cve": "CVE-2018-11307", + "id": "pyup.io-50544", + "more_info_path": "/vulnerabilities/CVE-2018-11307/50544", "specs": [ "<3.0.0" ], @@ -6253,9 +6383,9 @@ }, { "advisory": "Apache-dolphinscheduler 3.0.0 updates its MAVEN dependency 'jackson.databind' to v2.9.10.8 to include security fixes.", - "cve": "CVE-2020-8840", - "id": "pyup.io-50529", - "more_info_path": "/vulnerabilities/CVE-2020-8840/50529", + "cve": "CVE-2020-10968", + "id": "pyup.io-50553", + "more_info_path": "/vulnerabilities/CVE-2020-10968/50553", "specs": [ "<3.0.0" ], @@ -6263,19 +6393,19 @@ }, { "advisory": "Apache-dolphinscheduler 3.0.0 updates its MAVEN dependency 'jackson.databind' to v2.9.10.8 to include security fixes.", - "cve": "CVE-2020-9548", - "id": "pyup.io-50526", - "more_info_path": "/vulnerabilities/CVE-2020-9548/50526", + "cve": "CVE-2018-14721", + "id": "pyup.io-50547", + "more_info_path": "/vulnerabilities/CVE-2018-14721/50547", "specs": [ "<3.0.0" ], "v": "<3.0.0" }, { - "advisory": "Apache-dolphinscheduler 3.0.0 updates its MAVEN dependency 'jackson.databind' to v2.9.10.8 to include security fixes.", - "cve": "CVE-2019-14540", - "id": "pyup.io-50534", - "more_info_path": "/vulnerabilities/CVE-2019-14540/50534", + "advisory": "Apache-dolphinscheduler 3.0.0 updates its MAVEN dependency 'postgresql' to v42.3.4 to include security fixes.", + "cve": "CVE-2022-21724", + "id": "pyup.io-50556", + "more_info_path": "/vulnerabilities/CVE-2022-21724/50556", "specs": [ "<3.0.0" ], @@ -6283,9 +6413,9 @@ }, { "advisory": "Apache-dolphinscheduler 3.0.0 updates its MAVEN dependency 'jackson.databind' to v2.9.10.8 to include security fixes.", - "cve": "CVE-2018-11307", - "id": "pyup.io-50544", - "more_info_path": "/vulnerabilities/CVE-2018-11307/50544", + "cve": "CVE-2020-10673", + "id": "pyup.io-50550", + "more_info_path": "/vulnerabilities/CVE-2020-10673/50550", "specs": [ "<3.0.0" ], @@ -6293,9 +6423,9 @@ }, { "advisory": "Apache-dolphinscheduler 3.0.0 updates its MAVEN dependency 'jackson.databind' to v2.9.10.8 to include security fixes.", - "cve": "CVE-2020-10968", - "id": "pyup.io-50553", - "more_info_path": "/vulnerabilities/CVE-2020-10968/50553", + "cve": "CVE-2019-17267", + "id": "pyup.io-50536", + "more_info_path": "/vulnerabilities/CVE-2019-17267/50536", "specs": [ "<3.0.0" ], @@ -6303,19 +6433,19 @@ }, { "advisory": "Apache-dolphinscheduler 3.0.0 updates its MAVEN dependency 'jackson.databind' to v2.9.10.8 to include security fixes.", - "cve": "CVE-2018-14721", - "id": "pyup.io-50547", - "more_info_path": "/vulnerabilities/CVE-2018-14721/50547", + "cve": "CVE-2019-12384", + "id": "pyup.io-50537", + "more_info_path": "/vulnerabilities/CVE-2019-12384/50537", "specs": [ "<3.0.0" ], "v": "<3.0.0" }, { - "advisory": "Apache-dolphinscheduler 3.0.0 updates its MAVEN dependency 'postgresql' to v42.3.4 to include security fixes.", - "cve": "CVE-2022-21724", - "id": "pyup.io-50556", - "more_info_path": "/vulnerabilities/CVE-2022-21724/50556", + "advisory": "Apache-dolphinscheduler 3.0.0 updates its MAVEN dependency 'jackson.databind' to v2.9.10.8 to include security fixes.", + "cve": "CVE-2019-16335", + "id": "pyup.io-50532", + "more_info_path": "/vulnerabilities/CVE-2019-16335/50532", "specs": [ "<3.0.0" ], @@ -6323,9 +6453,9 @@ }, { "advisory": "Apache-dolphinscheduler 3.0.0 updates its MAVEN dependency 'jackson.databind' to v2.9.10.8 to include security fixes.", - "cve": "CVE-2020-11111", - "id": "pyup.io-50551", - "more_info_path": "/vulnerabilities/CVE-2020-11111/50551", + "cve": "CVE-2019-20330", + "id": "pyup.io-50538", + "more_info_path": "/vulnerabilities/CVE-2019-20330/50538", "specs": [ "<3.0.0" ], @@ -6333,9 +6463,9 @@ }, { "advisory": "Apache-dolphinscheduler 3.0.0 updates its MAVEN dependency 'jackson.databind' to v2.9.10.8 to include security fixes.", - "cve": "CVE-2020-10673", - "id": "pyup.io-50550", - "more_info_path": "/vulnerabilities/CVE-2020-10673/50550", + "cve": "CVE-2020-9547", + "id": "pyup.io-50525", + "more_info_path": "/vulnerabilities/CVE-2020-9547/50525", "specs": [ "<3.0.0" ], @@ -6343,9 +6473,9 @@ }, { "advisory": "Apache-dolphinscheduler 3.0.0 updates its MAVEN dependency 'jackson.databind' to v2.9.10.8 to include security fixes.", - "cve": "CVE-2019-17267", - "id": "pyup.io-50536", - "more_info_path": "/vulnerabilities/CVE-2019-17267/50536", + "cve": "CVE-2018-14719", + "id": "pyup.io-50545", + "more_info_path": "/vulnerabilities/CVE-2018-14719/50545", "specs": [ "<3.0.0" ], @@ -6353,9 +6483,9 @@ }, { "advisory": "Apache-dolphinscheduler 3.0.0 updates its MAVEN dependency 'jackson.databind' to v2.9.10.8 to include security fixes.", - "cve": "CVE-2019-12384", - "id": "pyup.io-50537", - "more_info_path": "/vulnerabilities/CVE-2019-12384/50537", + "cve": "CVE-2019-17531", + "id": "pyup.io-50539", + "more_info_path": "/vulnerabilities/CVE-2019-17531/50539", "specs": [ "<3.0.0" ], @@ -6363,9 +6493,9 @@ }, { "advisory": "Apache-dolphinscheduler 3.0.0 updates its MAVEN dependency 'jackson.databind' to v2.9.10.8 to include security fixes.", - "cve": "CVE-2019-16335", - "id": "pyup.io-50532", - "more_info_path": "/vulnerabilities/CVE-2019-16335/50532", + "cve": "CVE-2019-14439", + "id": "pyup.io-50531", + "more_info_path": "/vulnerabilities/CVE-2019-14439/50531", "specs": [ "<3.0.0" ], @@ -6373,9 +6503,9 @@ }, { "advisory": "Apache-dolphinscheduler 3.0.0 updates its MAVEN dependency 'jackson.databind' to v2.9.10.8 to include security fixes.", - "cve": "CVE-2019-16943", - "id": "pyup.io-50533", - "more_info_path": "/vulnerabilities/CVE-2019-16943/50533", + "cve": "CVE-2018-19361", + "id": "pyup.io-50542", + "more_info_path": "/vulnerabilities/CVE-2018-19361/50542", "specs": [ "<3.0.0" ], @@ -6383,9 +6513,9 @@ }, { "advisory": "Apache-dolphinscheduler 3.0.0 updates its MAVEN dependency 'jackson.databind' to v2.9.10.8 to include security fixes.", - "cve": "CVE-2019-20330", - "id": "pyup.io-50538", - "more_info_path": "/vulnerabilities/CVE-2019-20330/50538", + "cve": "CVE-2019-14893", + "id": "pyup.io-50528", + "more_info_path": "/vulnerabilities/CVE-2019-14893/50528", "specs": [ "<3.0.0" ], @@ -6393,9 +6523,9 @@ }, { "advisory": "Apache-dolphinscheduler 3.0.0 updates its MAVEN dependency 'jackson.databind' to v2.9.10.8 to include security fixes.", - "cve": "CVE-2020-9547", - "id": "pyup.io-50525", - "more_info_path": "/vulnerabilities/CVE-2020-9547/50525", + "cve": "CVE-2019-12086", + "id": "pyup.io-50535", + "more_info_path": "/vulnerabilities/CVE-2019-12086/50535", "specs": [ "<3.0.0" ], @@ -6403,9 +6533,9 @@ }, { "advisory": "Apache-dolphinscheduler 3.0.0 updates its MAVEN dependency 'jackson.databind' to v2.9.10.8 to include security fixes.", - "cve": "CVE-2018-14719", - "id": "pyup.io-50545", - "more_info_path": "/vulnerabilities/CVE-2018-14719/50545", + "cve": "CVE-2020-9546", + "id": "pyup.io-50523", + "more_info_path": "/vulnerabilities/CVE-2020-9546/50523", "specs": [ "<3.0.0" ], @@ -6413,9 +6543,9 @@ }, { "advisory": "Apache-dolphinscheduler 3.0.0 updates its MAVEN dependency 'jackson.databind' to v2.9.10.8 to include security fixes.", - "cve": "CVE-2019-12814", - "id": "pyup.io-50540", - "more_info_path": "/vulnerabilities/CVE-2019-12814/50540", + "cve": "CVE-2020-9548", + "id": "pyup.io-50526", + "more_info_path": "/vulnerabilities/CVE-2020-9548/50526", "specs": [ "<3.0.0" ], @@ -6423,9 +6553,9 @@ }, { "advisory": "Apache-dolphinscheduler 3.0.0 updates its MAVEN dependency 'jackson.databind' to v2.9.10.8 to include security fixes.", - "cve": "CVE-2019-17531", - "id": "pyup.io-50539", - "more_info_path": "/vulnerabilities/CVE-2019-17531/50539", + "cve": "CVE-2020-8840", + "id": "pyup.io-50529", + "more_info_path": "/vulnerabilities/CVE-2020-8840/50529", "specs": [ "<3.0.0" ], @@ -6433,9 +6563,9 @@ }, { "advisory": "Apache-dolphinscheduler 3.0.0 updates its MAVEN dependency 'jackson.databind' to v2.9.10.8 to include security fixes.", - "cve": "CVE-2019-14439", - "id": "pyup.io-50531", - "more_info_path": "/vulnerabilities/CVE-2019-14439/50531", + "cve": "CVE-2020-11111", + "id": "pyup.io-50551", + "more_info_path": "/vulnerabilities/CVE-2020-11111/50551", "specs": [ "<3.0.0" ], @@ -6443,9 +6573,9 @@ }, { "advisory": "Apache-dolphinscheduler 3.0.0 updates its MAVEN dependency 'jackson.databind' to v2.9.10.8 to include security fixes.", - "cve": "CVE-2019-14379", - "id": "pyup.io-50530", - "more_info_path": "/vulnerabilities/CVE-2019-14379/50530", + "cve": "CVE-2019-16943", + "id": "pyup.io-50533", + "more_info_path": "/vulnerabilities/CVE-2019-16943/50533", "specs": [ "<3.0.0" ], @@ -6453,9 +6583,9 @@ }, { "advisory": "Apache-dolphinscheduler 3.0.0 updates its MAVEN dependency 'jackson.databind' to v2.9.10.8 to include security fixes.", - "cve": "CVE-2019-14892", - "id": "pyup.io-50527", - "more_info_path": "/vulnerabilities/CVE-2019-14892/50527", + "cve": "CVE-2019-12814", + "id": "pyup.io-50540", + "more_info_path": "/vulnerabilities/CVE-2019-12814/50540", "specs": [ "<3.0.0" ], @@ -6463,9 +6593,9 @@ }, { "advisory": "Apache-dolphinscheduler 3.0.0 updates its MAVEN dependency 'jackson.databind' to v2.9.10.8 to include security fixes.", - "cve": "CVE-2019-14893", - "id": "pyup.io-50528", - "more_info_path": "/vulnerabilities/CVE-2019-14893/50528", + "cve": "CVE-2019-14379", + "id": "pyup.io-50530", + "more_info_path": "/vulnerabilities/CVE-2019-14379/50530", "specs": [ "<3.0.0" ], @@ -6473,9 +6603,9 @@ }, { "advisory": "Apache-dolphinscheduler 3.0.0 updates its MAVEN dependency 'jackson.databind' to v2.9.10.8 to include security fixes.", - "cve": "CVE-2018-19361", - "id": "pyup.io-50542", - "more_info_path": "/vulnerabilities/CVE-2018-19361/50542", + "cve": "CVE-2019-14892", + "id": "pyup.io-50527", + "more_info_path": "/vulnerabilities/CVE-2019-14892/50527", "specs": [ "<3.0.0" ], @@ -6511,46 +6641,6 @@ ], "v": "<3.0.0beta1" }, - { - "advisory": "Apache-dolphinscheduler 3.0.0beta1 requires Maven dependency 'jackson-databind' v2.9.10.8 to include security fixes.", - "cve": "CVE-2020-36180", - "id": "pyup.io-49226", - "more_info_path": "/vulnerabilities/CVE-2020-36180/49226", - "specs": [ - "<3.0.0beta1" - ], - "v": "<3.0.0beta1" - }, - { - "advisory": "Apache-dolphinscheduler 3.0.0beta1 updates its Maven dependency 'postgresql' to v42.3.4 to include security fixes.", - "cve": "CVE-2020-13692", - "id": "pyup.io-49236", - "more_info_path": "/vulnerabilities/CVE-2020-13692/49236", - "specs": [ - "<3.0.0beta1" - ], - "v": "<3.0.0beta1" - }, - { - "advisory": "Apache-dolphinscheduler 3.0.0beta1 requires Maven dependency 'jackson-databind' v2.9.10.8 to include security fixes.", - "cve": "CVE-2020-36184", - "id": "pyup.io-49222", - "more_info_path": "/vulnerabilities/CVE-2020-36184/49222", - "specs": [ - "<3.0.0beta1" - ], - "v": "<3.0.0beta1" - }, - { - "advisory": "Apache-dolphinscheduler 3.0.0beta1 requires as a Maven dependency 'jackson-databind' v2.9.10.8 to include security fixes.", - "cve": "CVE-2020-35490", - "id": "pyup.io-49232", - "more_info_path": "/vulnerabilities/CVE-2020-35490/49232", - "specs": [ - "<3.0.0beta1" - ], - "v": "<3.0.0beta1" - }, { "advisory": "Apache-dolphinscheduler 3.0.0beta1 requires as a Maven dependency 'jackson-databind' v2.9.10.8 to include security fixes.", "cve": "CVE-2020-36189", @@ -6603,9 +6693,9 @@ }, { "advisory": "Apache-dolphinscheduler 3.0.0beta1 requires Maven dependency 'jackson-databind' v2.9.10.8 to include security fixes.", - "cve": "CVE-2020-36182", - "id": "pyup.io-49224", - "more_info_path": "/vulnerabilities/CVE-2020-36182/49224", + "cve": "CVE-2020-36181", + "id": "pyup.io-49225", + "more_info_path": "/vulnerabilities/CVE-2020-36181/49225", "specs": [ "<3.0.0beta1" ], @@ -6613,9 +6703,9 @@ }, { "advisory": "Apache-dolphinscheduler 3.0.0beta1 requires Maven dependency 'jackson-databind' v2.9.10.8 to include security fixes.", - "cve": "CVE-2020-36181", - "id": "pyup.io-49225", - "more_info_path": "/vulnerabilities/CVE-2020-36181/49225", + "cve": "CVE-2020-36182", + "id": "pyup.io-49224", + "more_info_path": "/vulnerabilities/CVE-2020-36182/49224", "specs": [ "<3.0.0beta1" ], @@ -6651,6 +6741,46 @@ ], "v": "<3.0.0beta1" }, + { + "advisory": "Apache-dolphinscheduler 3.0.0beta1 requires Maven dependency 'jackson-databind' v2.9.10.8 to include security fixes.", + "cve": "CVE-2020-36180", + "id": "pyup.io-49226", + "more_info_path": "/vulnerabilities/CVE-2020-36180/49226", + "specs": [ + "<3.0.0beta1" + ], + "v": "<3.0.0beta1" + }, + { + "advisory": "Apache-dolphinscheduler 3.0.0beta1 updates its Maven dependency 'postgresql' to v42.3.4 to include security fixes.", + "cve": "CVE-2020-13692", + "id": "pyup.io-49236", + "more_info_path": "/vulnerabilities/CVE-2020-13692/49236", + "specs": [ + "<3.0.0beta1" + ], + "v": "<3.0.0beta1" + }, + { + "advisory": "Apache-dolphinscheduler 3.0.0beta1 requires Maven dependency 'jackson-databind' v2.9.10.8 to include security fixes.", + "cve": "CVE-2020-36184", + "id": "pyup.io-49222", + "more_info_path": "/vulnerabilities/CVE-2020-36184/49222", + "specs": [ + "<3.0.0beta1" + ], + "v": "<3.0.0beta1" + }, + { + "advisory": "Apache-dolphinscheduler 3.0.0beta1 requires as a Maven dependency 'jackson-databind' v2.9.10.8 to include security fixes.", + "cve": "CVE-2020-35490", + "id": "pyup.io-49232", + "more_info_path": "/vulnerabilities/CVE-2020-35490/49232", + "specs": [ + "<3.0.0beta1" + ], + "v": "<3.0.0beta1" + }, { "advisory": "Apache-dolphinscheduler 3.0.0beta2 updates its Maven dependency 'logback-core' to v1.2.11 to include a security fix.", "cve": "PVE-2022-49741", @@ -6681,16 +6811,6 @@ ], "v": "<3.1.0" }, - { - "advisory": "Apache-dolphinscheduler (Python API) 3.1.0 works together with apache-dolphinscheduler (core) 3.1.0, that updates its MAVEN dependency 'h2' to v2.1.210 to include security fixes.", - "cve": "CVE-2022-23221", - "id": "pyup.io-51308", - "more_info_path": "/vulnerabilities/CVE-2022-23221/51308", - "specs": [ - "<3.1.0" - ], - "v": "<3.1.0" - }, { "advisory": "Apache-dolphinscheduler (Python API) 3.1.0 works together with apache-dolphinscheduler (core) 3.1.0, that updates its MAVEN dependency 'cron-utils' to v9.1.6 to include a security fix.", "cve": "CVE-2021-41269", @@ -6711,16 +6831,6 @@ ], "v": "<3.1.0" }, - { - "advisory": "Apache-dolphinscheduler (Python API) 3.1.0 works together with apache-dolphinscheduler (core) 3.1.0, that updates its MAVEN dependency 'h2' to v2.1.210 to include security fixes.", - "cve": "CVE-2021-42392", - "id": "pyup.io-51309", - "more_info_path": "/vulnerabilities/CVE-2021-42392/51309", - "specs": [ - "<3.1.0" - ], - "v": "<3.1.0" - }, { "advisory": "Apache-dolphinscheduler (Python API) 3.1.0 works together with apache-dolphinscheduler (core) 3.1.0, that fixes a vulnerability in LDAP login.\r\nhttps://github.com/apache/dolphinscheduler/commit/17a9dd25fa0e80b048394f79db130f56eb8ef72f", "cve": "PVE-2022-51292", @@ -6731,16 +6841,6 @@ ], "v": "<3.1.0" }, - { - "advisory": "Apache-dolphinscheduler (Python API) 3.1.0 works together with apache-dolphinscheduler (core) 3.1.0, that updates its MAVEN dependency 'hive-jdbc' to v2.3.3 to include a security fix.", - "cve": "CVE-2018-1282", - "id": "pyup.io-51312", - "more_info_path": "/vulnerabilities/CVE-2018-1282/51312", - "specs": [ - "<3.1.0" - ], - "v": "<3.1.0" - }, { "advisory": "Apache-dolphinscheduler (Python API) 3.1.0 works together with apache-dolphinscheduler (core) 3.1.0, that updates its MAVEN dependency 'hadoop' to v2.7.7 to include security fixes.", "cve": "CVE-2017-15718", @@ -6751,16 +6851,6 @@ ], "v": "<3.1.0" }, - { - "advisory": "Apache-dolphinscheduler (Python API) 3.1.0 works together with apache-dolphinscheduler (core) 3.1.0, that adds validations of possible malicious keys.\r\nhttps://github.com/apache/dolphinscheduler/commit/5811b84fcc7cc0ff354cf8e871f36aa3ae61aa2a", - "cve": "PVE-2022-51304", - "id": "pyup.io-51304", - "more_info_path": "/vulnerabilities/PVE-2022-51304/51304", - "specs": [ - "<3.1.0" - ], - "v": "<3.1.0" - }, { "advisory": "Apache-dolphinscheduler (Python API) 3.1.0 works together with apache-dolphinscheduler (core) 3.1.0, that updates its MAVEN dependency 'logback-core' to v 1.2.11 to include security fixes.", "cve": "CVE-2021-42550", @@ -6791,6 +6881,46 @@ ], "v": "<3.1.0" }, + { + "advisory": "Apache-dolphinscheduler (Python API) 3.1.0 works together with apache-dolphinscheduler (core) 3.1.0, that updates its MAVEN dependency 'h2' to v2.1.210 to include security fixes.", + "cve": "CVE-2022-23221", + "id": "pyup.io-51308", + "more_info_path": "/vulnerabilities/CVE-2022-23221/51308", + "specs": [ + "<3.1.0" + ], + "v": "<3.1.0" + }, + { + "advisory": "Apache-dolphinscheduler (Python API) 3.1.0 works together with apache-dolphinscheduler (core) 3.1.0, that updates its MAVEN dependency 'h2' to v2.1.210 to include security fixes.", + "cve": "CVE-2021-42392", + "id": "pyup.io-51309", + "more_info_path": "/vulnerabilities/CVE-2021-42392/51309", + "specs": [ + "<3.1.0" + ], + "v": "<3.1.0" + }, + { + "advisory": "Apache-dolphinscheduler (Python API) 3.1.0 works together with apache-dolphinscheduler (core) 3.1.0, that updates its MAVEN dependency 'hive-jdbc' to v2.3.3 to include a security fix.", + "cve": "CVE-2018-1282", + "id": "pyup.io-51312", + "more_info_path": "/vulnerabilities/CVE-2018-1282/51312", + "specs": [ + "<3.1.0" + ], + "v": "<3.1.0" + }, + { + "advisory": "Apache-dolphinscheduler (Python API) 3.1.0 works together with apache-dolphinscheduler (core) 3.1.0, that adds validations of possible malicious keys.\r\nhttps://github.com/apache/dolphinscheduler/commit/5811b84fcc7cc0ff354cf8e871f36aa3ae61aa2a", + "cve": "PVE-2022-51304", + "id": "pyup.io-51304", + "more_info_path": "/vulnerabilities/PVE-2022-51304/51304", + "specs": [ + "<3.1.0" + ], + "v": "<3.1.0" + }, { "advisory": "Apache DolphinScheduler user registration is vulnerable to Regular express Denial of Service (ReDoS) attacks, Apache DolphinScheduler users should upgrade to version 2.0.5 or higher.", "cve": "CVE-2022-25598", @@ -6804,20 +6934,20 @@ ], "apache-flink": [ { - "advisory": "Apache-flink 1.14.2 updates its dependency 'log4j' to v2.16.0 to include security fixes.\r\nhttps://github.com/apache/flink/commit/361ce6591069b2f7317f1c181cdaf7965615415c", - "cve": "CVE-2021-45046", - "id": "pyup.io-43417", - "more_info_path": "/vulnerabilities/CVE-2021-45046/43417", + "advisory": "Apache-flink 1.14.2 updates its dependency 'log4j' to v2.16.0 to include security fixes.\r\nhttps://github.com/apache/flink/commit/361ce6591069b2f7317f1c181cdaf7965615415c", + "cve": "CVE-2021-44228", + "id": "pyup.io-43416", + "more_info_path": "/vulnerabilities/CVE-2021-44228/43416", "specs": [ "<1.14.2" ], "v": "<1.14.2" }, { - "advisory": "Apache-flink 1.14.2 updates its dependency 'log4j' to v2.16.0 to include security fixes.\r\nhttps://github.com/apache/flink/commit/361ce6591069b2f7317f1c181cdaf7965615415c", - "cve": "CVE-2021-44228", - "id": "pyup.io-43416", - "more_info_path": "/vulnerabilities/CVE-2021-44228/43416", + "advisory": "Apache-flink 1.14.2 updates its dependency 'log4j' to v2.16.0 to include security fixes.\r\nhttps://github.com/apache/flink/commit/361ce6591069b2f7317f1c181cdaf7965615415c", + "cve": "CVE-2021-45046", + "id": "pyup.io-43417", + "more_info_path": "/vulnerabilities/CVE-2021-45046/43417", "specs": [ "<1.14.2" ], @@ -6969,9 +7099,9 @@ }, { "advisory": "Apache-superset 0.34.0 updates its dependency 'jinja2' to v2.10.1 to include a security fix.", - "cve": "CVE-2018-20060", - "id": "pyup.io-45814", - "more_info_path": "/vulnerabilities/CVE-2018-20060/45814", + "cve": "CVE-2019-10906", + "id": "pyup.io-45813", + "more_info_path": "/vulnerabilities/CVE-2019-10906/45813", "specs": [ "<0.34.0" ], @@ -6987,16 +7117,6 @@ ], "v": "<0.34.0" }, - { - "advisory": "Apache-superset 0.34.0 updates its dependency 'jinja2' to v2.10.1 to include a security fix.", - "cve": "CVE-2019-11236", - "id": "pyup.io-45813", - "more_info_path": "/vulnerabilities/CVE-2019-11236/45813", - "specs": [ - "<0.34.0" - ], - "v": "<0.34.0" - }, { "advisory": "Apache-superset 0.34.0 updates its dependency 'jinja2' to v2.10.1 to include a security fix.", "cve": "CVE-2019-10906", @@ -7017,6 +7137,16 @@ ], "v": "<0.34.0" }, + { + "advisory": "Apache-superset 0.34.0 updates its dependency 'jinja2' to v2.10.1 to include a security fix.", + "cve": "CVE-2018-20060", + "id": "pyup.io-45814", + "more_info_path": "/vulnerabilities/CVE-2018-20060/45814", + "specs": [ + "<0.34.0" + ], + "v": "<0.34.0" + }, { "advisory": "Apache-superset 0.35.0 adds security for restricted metrics (#8175).", "cve": "PVE-2021-39478", @@ -7187,6 +7317,26 @@ ], "v": "<2.1.0" }, + { + "advisory": "Apache-superset 3.0.0 updates its dependency 'flask_caching' to v1.11.1 to include a security fix.", + "cve": "CVE-2021-33026", + "id": "pyup.io-61921", + "more_info_path": "/vulnerabilities/CVE-2021-33026/61921", + "specs": [ + "<3.0.0" + ], + "v": "<3.0.0" + }, + { + "advisory": "Apache-superset 3.0.0 updates its NPM dependency 'ansi-regex' to include a security fix.", + "cve": "CVE-2021-3807", + "id": "pyup.io-61908", + "more_info_path": "/vulnerabilities/CVE-2021-3807/61908", + "specs": [ + "<3.0.0" + ], + "v": "<3.0.0" + }, { "advisory": "Upload data forms do not correctly render user input leading to possible XSS attack vectors that can be performed by authenticated users with database connection update permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.", "cve": "CVE-2022-43718", @@ -7199,10 +7349,10 @@ "v": "<=1.5.2,==2.0.0" }, { - "advisory": "When explicitly enabling the feature flag 'DASHBOARD_CACHE' (disabled by default), the system allowed for an unauthenticated user to access dashboard configuration metadata using a REST API Get endpoint. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.", - "cve": "CVE-2022-45438", - "id": "pyup.io-54614", - "more_info_path": "/vulnerabilities/CVE-2022-45438/54614", + "advisory": "An authenticated attacker with write CSS template permissions can create a record with specific HTML tags that will not get properly escaped by the toast message displayed when a user deletes that specific CSS template record. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.", + "cve": "CVE-2022-43720", + "id": "pyup.io-54625", + "more_info_path": "/vulnerabilities/CVE-2022-43720/54625", "specs": [ "<=1.5.2", "==2.0.0" @@ -7210,10 +7360,10 @@ "v": "<=1.5.2,==2.0.0" }, { - "advisory": "An authenticated attacker with write CSS template permissions can create a record with specific HTML tags that will not get properly escaped by the toast message displayed when a user deletes that specific CSS template record. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.", - "cve": "CVE-2022-43720", - "id": "pyup.io-54625", - "more_info_path": "/vulnerabilities/CVE-2022-43720/54625", + "advisory": "When explicitly enabling the feature flag 'DASHBOARD_CACHE' (disabled by default), the system allowed for an unauthenticated user to access dashboard configuration metadata using a REST API Get endpoint. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.", + "cve": "CVE-2022-45438", + "id": "pyup.io-54614", + "more_info_path": "/vulnerabilities/CVE-2022-45438/54614", "specs": [ "<=1.5.2", "==2.0.0" @@ -7232,10 +7382,10 @@ "v": "<=1.5.2,==2.0.0" }, { - "advisory": "Two legacy REST API endpoints for approval and request access are vulnerable to cross site request forgery. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.", - "cve": "CVE-2022-43719", - "id": "pyup.io-54612", - "more_info_path": "/vulnerabilities/CVE-2022-43719/54612", + "advisory": "A vulnerability in the SQL Alchemy connector of Apache Superset allows an authenticated user with read access to a specific database to add subqueries to the WHERE and HAVING fields referencing tables on the same database that the user should not have access to, despite the user having the feature flag \"ALLOW_ADHOC_SUBQUERY\" disabled (default value). This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.", + "cve": "CVE-2022-41703", + "id": "pyup.io-54626", + "more_info_path": "/vulnerabilities/CVE-2022-41703/54626", "specs": [ "<=1.5.2", "==2.0.0" @@ -7243,10 +7393,10 @@ "v": "<=1.5.2,==2.0.0" }, { - "advisory": "A vulnerability in the SQL Alchemy connector of Apache Superset allows an authenticated user with read access to a specific database to add subqueries to the WHERE and HAVING fields referencing tables on the same database that the user should not have access to, despite the user having the feature flag \"ALLOW_ADHOC_SUBQUERY\" disabled (default value). This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.", - "cve": "CVE-2022-41703", - "id": "pyup.io-54626", - "more_info_path": "/vulnerabilities/CVE-2022-41703/54626", + "advisory": "Two legacy REST API endpoints for approval and request access are vulnerable to cross site request forgery. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.", + "cve": "CVE-2022-43719", + "id": "pyup.io-54612", + "more_info_path": "/vulnerabilities/CVE-2022-43719/54612", "specs": [ "<=1.5.2", "==2.0.0" @@ -7429,6 +7579,38 @@ "v": "<0.6" } ], + "aperture-py": [ + { + "advisory": "In versions of Aperture-py prior to 2.20.2, there may be potential security and project specificity concerns related to the 'dynamic-config' command in 'aperturectl'. Earlier versions might have connected to the Aperture Cloud Controller without the use of an API key and project name, which could compromise both security and the specificity of the project being managed.", + "cve": "PVE-2023-62082", + "id": "pyup.io-62082", + "more_info_path": "/vulnerabilities/PVE-2023-62082/62082", + "specs": [ + "<2.20.2" + ], + "v": "<2.20.2" + }, + { + "advisory": "In versions of Aperture-py before 2.20.2rc.1, a potential security concern may exist related to the 'dynamic-config' command in 'aperturectl'. Previous implementations might have connected to the Aperture Cloud Controller without utilizing an API key and project name, which could have implications for security and project specificity.", + "cve": "PVE-2023-62083", + "id": "pyup.io-62083", + "more_info_path": "/vulnerabilities/PVE-2023-62083/62083", + "specs": [ + "<2.20.2rc.1" + ], + "v": "<2.20.2rc.1" + }, + { + "advisory": "In Aperture-py versions prior to 2.21.0, several security and flexibility limitations exist. The Aperture SDKs for Go, Python, JavaScript, and Java did not support configuration using an API key, posing a security risk. Additionally, earlier versions did not offer the option for insecure connections to the Aperture Agent, limiting test and development environment flexibility. The TLS configuration in the Aperture-Go SDK was also updated in 2.21.0, pointing to less secure system communications in previous releases. Furthermore, older versions did not feature a unary interceptor function for logging invoked methods and adding 'apikey' metadata, impacting traceability and security.", + "cve": "PVE-2023-62079", + "id": "pyup.io-62079", + "more_info_path": "/vulnerabilities/PVE-2023-62079/62079", + "specs": [ + "<2.21.0" + ], + "v": "<2.21.0" + } + ], "api-client-pydantic": [ { "advisory": "Api-client-pydantic 1.1.0 updates its dependency 'urllib3' to v1.26.4 to include a security fix.", @@ -7581,26 +7763,6 @@ ], "v": "<2.0.1" }, - { - "advisory": "Appdaemontestframework 2.3.3 updates its dependency 'urllib3' to v1.25.3 to include security fixes.", - "cve": "CVE-2019-11324", - "id": "pyup.io-44968", - "more_info_path": "/vulnerabilities/CVE-2019-11324/44968", - "specs": [ - "<2.3.3" - ], - "v": "<2.3.3" - }, - { - "advisory": "Appdaemontestframework 2.3.3 updates its dependency 'urllib3' to v1.25.3 to include security fixes.", - "cve": "CVE-2019-11236", - "id": "pyup.io-44969", - "more_info_path": "/vulnerabilities/CVE-2019-11236/44969", - "specs": [ - "<2.3.3" - ], - "v": "<2.3.3" - }, { "advisory": "Appdaemontestframework 2.3.3 updates its dependency 'typed-ast ' to v1.4.0 to include security fixes.", "cve": "CVE-2019-19274", @@ -7630,6 +7792,26 @@ "<2.3.3" ], "v": "<2.3.3" + }, + { + "advisory": "Appdaemontestframework 2.3.3 updates its dependency 'urllib3' to v1.25.3 to include security fixes.", + "cve": "CVE-2019-11236", + "id": "pyup.io-44969", + "more_info_path": "/vulnerabilities/CVE-2019-11236/44969", + "specs": [ + "<2.3.3" + ], + "v": "<2.3.3" + }, + { + "advisory": "Appdaemontestframework 2.3.3 updates its dependency 'urllib3' to v1.25.3 to include security fixes.", + "cve": "CVE-2019-11324", + "id": "pyup.io-44968", + "more_info_path": "/vulnerabilities/CVE-2019-11324/44968", + "specs": [ + "<2.3.3" + ], + "v": "<2.3.3" } ], "apphelpers": [ @@ -7722,10 +7904,10 @@ "v": "<2.1.0" }, { - "advisory": "Aqtinstall 2.1.0rc2 uses 'secrets' instead of 'random' module to generate cryptographically safe numbers.\r\nhttps://github.com/miurahr/aqtinstall/commit/745e6a25e46411ff526387615a1db51a6ba968e0", - "cve": "PVE-2022-47013", - "id": "pyup.io-47013", - "more_info_path": "/vulnerabilities/PVE-2022-47013/47013", + "advisory": "Aqtinstall 2.1.0rc2 uses 'defusedxml' instead of 'xml.etree.ElementTree' to avoid XXE attacks.\r\nhttps://github.com/miurahr/aqtinstall/commit/745e6a25e46411ff526387615a1db51a6ba968e0", + "cve": "CVE-2013-1664", + "id": "pyup.io-47852", + "more_info_path": "/vulnerabilities/CVE-2013-1664/47852", "specs": [ "<2.1.0rc2" ], @@ -7742,10 +7924,10 @@ "v": "<2.1.0rc2" }, { - "advisory": "Aqtinstall 2.1.0rc2 uses 'defusedxml' instead of 'xml.etree.ElementTree' to avoid XXE attacks.\r\nhttps://github.com/miurahr/aqtinstall/commit/745e6a25e46411ff526387615a1db51a6ba968e0", - "cve": "CVE-2013-1664", - "id": "pyup.io-47852", - "more_info_path": "/vulnerabilities/CVE-2013-1664/47852", + "advisory": "Aqtinstall 2.1.0rc2 uses 'secrets' instead of 'random' module to generate cryptographically safe numbers.\r\nhttps://github.com/miurahr/aqtinstall/commit/745e6a25e46411ff526387615a1db51a6ba968e0", + "cve": "PVE-2022-47013", + "id": "pyup.io-47013", + "more_info_path": "/vulnerabilities/PVE-2022-47013/47013", "specs": [ "<2.1.0rc2" ], @@ -7877,16 +8059,6 @@ ], "v": "<0.13.0" }, - { - "advisory": "Argilla 0.13.0 stops requiring its NPM dependency 'node-sass' to avoid security issues.", - "cve": "CVE-2018-19839", - "id": "pyup.io-52812", - "more_info_path": "/vulnerabilities/CVE-2018-19839/52812", - "specs": [ - "<0.13.0" - ], - "v": "<0.13.0" - }, { "advisory": "Argilla 0.13.0 stops requiring its NPM dependency 'node-sass' to avoid security issues.", "cve": "CVE-2018-11694", @@ -7907,16 +8079,6 @@ ], "v": "<0.13.0" }, - { - "advisory": "Argilla 0.13.0 stops requiring its NPM dependency 'node-sass' to avoid security issues.", - "cve": "CVE-2019-18797", - "id": "pyup.io-52811", - "more_info_path": "/vulnerabilities/CVE-2019-18797/52811", - "specs": [ - "<0.13.0" - ], - "v": "<0.13.0" - }, { "advisory": "Argilla 0.13.0 stops requiring its NPM dependency 'node-sass' to avoid security issues.", "cve": "CVE-2019-6284", @@ -7946,29 +8108,29 @@ "<0.13.0" ], "v": "<0.13.0" - } - ], - "argo-workflows": [ + }, { - "advisory": "Argo-workflows 5.0.0 (Python SDK) is compatible with Argo-workflows core v3.0.0, which fixes a XSS vulnerability.\r\nhttps://github.com/argoproj/argo-workflows/pull/3975", - "cve": "PVE-2022-46473", - "id": "pyup.io-46473", - "more_info_path": "/vulnerabilities/PVE-2022-46473/46473", + "advisory": "Argilla 0.13.0 stops requiring its NPM dependency 'node-sass' to avoid security issues.", + "cve": "CVE-2019-18797", + "id": "pyup.io-52811", + "more_info_path": "/vulnerabilities/CVE-2019-18797/52811", "specs": [ - "<5.0.0" + "<0.13.0" ], - "v": "<5.0.0" + "v": "<0.13.0" }, { - "advisory": "Argo-workflows 5.0.0 (Python SDK) is compatible with Argo-workflows core v3.0.0, which improves cookie security.\r\nhttps://github.com/argoproj/argo-workflows/issues/2759", - "cve": "PVE-2022-46476", - "id": "pyup.io-46476", - "more_info_path": "/vulnerabilities/PVE-2022-46476/46476", + "advisory": "Argilla 0.13.0 stops requiring its NPM dependency 'node-sass' to avoid security issues.", + "cve": "CVE-2018-19839", + "id": "pyup.io-52812", + "more_info_path": "/vulnerabilities/CVE-2018-19839/52812", "specs": [ - "<5.0.0" + "<0.13.0" ], - "v": "<5.0.0" - }, + "v": "<0.13.0" + } + ], + "argo-workflows": [ { "advisory": "Argo-workflows 5.0.0 (Python SDK) is compatible with Argo-workflows core v3.0.0, which includes a fix for an issue that allowed to list archived workflows that shouldn't be accessible.\r\nhttps://github.com/argoproj/argo-workflows/pull/2079", "cve": "PVE-2022-46479", @@ -7989,6 +8151,26 @@ ], "v": "<5.0.0" }, + { + "advisory": "Argo-workflows 5.0.0 (Python SDK) is compatible with Argo-workflows core v3.0.0, which fixes a XSS vulnerability.\r\nhttps://github.com/argoproj/argo-workflows/pull/3975", + "cve": "PVE-2022-46473", + "id": "pyup.io-46473", + "more_info_path": "/vulnerabilities/PVE-2022-46473/46473", + "specs": [ + "<5.0.0" + ], + "v": "<5.0.0" + }, + { + "advisory": "Argo-workflows 5.0.0 (Python SDK) is compatible with Argo-workflows core v3.0.0, which improves cookie security.\r\nhttps://github.com/argoproj/argo-workflows/issues/2759", + "cve": "PVE-2022-46476", + "id": "pyup.io-46476", + "more_info_path": "/vulnerabilities/PVE-2022-46476/46476", + "specs": [ + "<5.0.0" + ], + "v": "<5.0.0" + }, { "advisory": "Argo-workflows 6.1.0rc1 (Python SDK) is compatible with Argo-workflow core v3.1.0rc1, which enforces TLS version >= 1.2.\r\nhttps://github.com/argoproj/argo-workflows/commit/199016a6bed5284df3ec5caebbef9f2d018a2d43", "cve": "PVE-2022-46465", @@ -8071,16 +8253,6 @@ ], "v": "<6.3.9" }, - { - "advisory": "Argo-workflows 6.3.9 (Python SDK) is compatible with Argo-workflows core v3.3.9, that updates NPM dependencies to include security fixes.\r\nhttps://github.com/argoproj/argo-workflows/commit/d874c1a87b65b300b2a4c93032bd2970d6f91d8f", - "cve": "CVE-2022-24785", - "id": "pyup.io-50683", - "more_info_path": "/vulnerabilities/CVE-2022-24785/50683", - "specs": [ - "<6.3.9" - ], - "v": "<6.3.9" - }, { "advisory": "Argo-workflows 6.3.9 (Python SDK) is compatible with Argo-workflows core v3.3.9, that updates Maven dependencies to include security fixes.\r\nhttps://github.com/argoproj/argo-workflows/commit/481137c259b05c6a5b3c0e3adab1649c2b512364", "cve": "CVE-2021-35515", @@ -8151,6 +8323,16 @@ ], "v": "<6.3.9" }, + { + "advisory": "Argo-workflows 6.3.9 (Python SDK) is compatible with Argo-workflows core v3.3.9, that updates NPM dependencies to include security fixes.\r\nhttps://github.com/argoproj/argo-workflows/commit/d874c1a87b65b300b2a4c93032bd2970d6f91d8f", + "cve": "CVE-2022-24785", + "id": "pyup.io-50683", + "more_info_path": "/vulnerabilities/CVE-2022-24785/50683", + "specs": [ + "<6.3.9" + ], + "v": "<6.3.9" + }, { "advisory": "Argo-workflows 6.4.0rc1 (Python SDK) is compatible with Argo-workflows core v3.4.0rc1, that fixes a potential XSS vulnerability.\r\nhttps://github.com/argoproj/argo-workflows/pull/8289/commits/e78b1c9b840ea89a28e03d8aa0d5f9f1629c0c86", "cve": "PVE-2022-50679", @@ -8172,20 +8354,20 @@ "v": "<6.4.7" }, { - "advisory": "Argo-workflows 6.4.7 (Python SDK) is compatible with Argo-workflows core v3.4.7, which upgrades docker to v20.10.24 to include security fixes.\r\nhttps://github.com/argoproj/argo-workflows/pull/10868\r\nhttps://github.com/gregjacobs/Autolinker.js/issues/377", - "cve": "PVE-2023-54998", - "id": "pyup.io-54998", - "more_info_path": "/vulnerabilities/PVE-2023-54998/54998", + "advisory": "Argo-workflows 6.4.7 (Python SDK) is compatible with Argo-workflows core v3.4.7, which updates UI NPM dependencies to include security fixes.\r\nhttps://github.com/argoproj/argo-workflows/pull/10842", + "cve": "CVE-2021-4279", + "id": "pyup.io-54997", + "more_info_path": "/vulnerabilities/CVE-2021-4279/54997", "specs": [ "<6.4.7" ], "v": "<6.4.7" }, { - "advisory": "Argo-workflows 6.4.7 (Python SDK) is compatible with Argo-workflows core v3.4.7, which updates UI NPM dependencies to include security fixes.\r\nhttps://github.com/argoproj/argo-workflows/pull/10842", - "cve": "CVE-2021-4279", - "id": "pyup.io-54997", - "more_info_path": "/vulnerabilities/CVE-2021-4279/54997", + "advisory": "Argo-workflows 6.4.7 (Python SDK) is compatible with Argo-workflows core v3.4.7, which upgrades docker to v20.10.24 to include security fixes.\r\nhttps://github.com/argoproj/argo-workflows/pull/10868\r\nhttps://github.com/gregjacobs/Autolinker.js/issues/377", + "cve": "PVE-2023-54998", + "id": "pyup.io-54998", + "more_info_path": "/vulnerabilities/PVE-2023-54998/54998", "specs": [ "<6.4.7" ], @@ -8210,6 +8392,16 @@ "<6.4.7" ], "v": "<6.4.7" + }, + { + "advisory": "Argo-workflows 6.5.0 (Python SDK) is compatible with Argo-workflows core v3.5.0, which fixes gRPC and HTTP2 high-severity vulnerabilities.\r\nhttps://github.com/argoproj/argo-workflows/pull/11986", + "cve": "CVE-2023-44487", + "id": "pyup.io-61812", + "more_info_path": "/vulnerabilities/CVE-2023-44487/61812", + "specs": [ + "<6.5.0" + ], + "v": "<6.5.0" } ], "arrayfire": [ @@ -8325,6 +8517,16 @@ "<6.0.0" ], "v": "<6.0.0" + }, + { + "advisory": "Aspeak 6.0.1 updates CARGO dependencies to resolve a vulnerability affecting 'atty'.\r\nhttps://github.com/advisories/GHSA-g98v-hv3f-hcfr\r\nhttps://github.com/kxxt/aspeak/issues/79", + "cve": "PVE-2023-61556", + "id": "pyup.io-61556", + "more_info_path": "/vulnerabilities/PVE-2023-61556/61556", + "specs": [ + "<6.0.1" + ], + "v": "<6.0.1" } ], "aspen": [ @@ -8386,9 +8588,9 @@ "astropy": [ { "advisory": "Astropy 3.0.1 updates the bundled CFITSIO library to 3.430. This is to remedy a critical security vulnerability that was identified by NASA.", - "cve": "CVE-2018-3847", - "id": "pyup.io-48549", - "more_info_path": "/vulnerabilities/CVE-2018-3847/48549", + "cve": "CVE-2018-3849", + "id": "pyup.io-48548", + "more_info_path": "/vulnerabilities/CVE-2018-3849/48548", "specs": [ "<3.0.1" ], @@ -8396,9 +8598,9 @@ }, { "advisory": "Astropy 3.0.1 updates the bundled CFITSIO library to 3.430. This is to remedy a critical security vulnerability that was identified by NASA.", - "cve": "CVE-2018-3846", - "id": "pyup.io-48550", - "more_info_path": "/vulnerabilities/CVE-2018-3846/48550", + "cve": "CVE-2018-3848", + "id": "pyup.io-35810", + "more_info_path": "/vulnerabilities/CVE-2018-3848/35810", "specs": [ "<3.0.1" ], @@ -8406,9 +8608,9 @@ }, { "advisory": "Astropy 3.0.1 updates the bundled CFITSIO library to 3.430. This is to remedy a critical security vulnerability that was identified by NASA.", - "cve": "CVE-2018-3849", - "id": "pyup.io-48548", - "more_info_path": "/vulnerabilities/CVE-2018-3849/48548", + "cve": "CVE-2018-3846", + "id": "pyup.io-48550", + "more_info_path": "/vulnerabilities/CVE-2018-3846/48550", "specs": [ "<3.0.1" ], @@ -8416,9 +8618,9 @@ }, { "advisory": "Astropy 3.0.1 updates the bundled CFITSIO library to 3.430. This is to remedy a critical security vulnerability that was identified by NASA.", - "cve": "CVE-2018-3848", - "id": "pyup.io-35810", - "more_info_path": "/vulnerabilities/CVE-2018-3848/35810", + "cve": "CVE-2018-3847", + "id": "pyup.io-48549", + "more_info_path": "/vulnerabilities/CVE-2018-3847/48549", "specs": [ "<3.0.1" ], @@ -8549,14 +8751,34 @@ ], "asyncua": [ { - "advisory": "All versions of package asyncua are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks (e.g. 2GB each) without sending the Final closing chunk.", + "advisory": "Asyncua 0.9.96 includes a fix for CVE-2022-25304: Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks (e.g. 2GB each) without sending the Final closing chunk.\r\nhttps://github.com/FreeOpcUa/opcua-asyncio/commit/01c7acf047887b62d979cd4373d370e72a4b9057", "cve": "CVE-2022-25304", "id": "pyup.io-50830", "more_info_path": "/vulnerabilities/CVE-2022-25304/50830", "specs": [ - ">0" + "<0.9.96" ], - "v": ">0" + "v": "<0.9.96" + }, + { + "advisory": "Asyncua 0.9.96 includes a fix for CVE-2023-26151: Denial of Service (DoS) such that an attacker can send a malformed packet and as a result, the server will enter into an infinite loop and consume excessive memory.\r\nhttps://github.com/FreeOpcUa/opcua-asyncio/commit/f6603daa34a93a658f0e176cb0b9ee5a6643b262", + "cve": "CVE-2023-26151", + "id": "pyup.io-61571", + "more_info_path": "/vulnerabilities/CVE-2023-26151/61571", + "specs": [ + "<0.9.96" + ], + "v": "<0.9.96" + }, + { + "advisory": "Asyncua 0.9.96 includes a fix for CVE-2023-26150: Improper Authentication such that it is possible to access Address Space without encryption and authentication. **Note:** This issue is a result of missing checks for services that require an active session.\r\nhttps://github.com/FreeOpcUa/opcua-asyncio/issues/1014", + "cve": "CVE-2023-26150", + "id": "pyup.io-61570", + "more_info_path": "/vulnerabilities/CVE-2023-26150/61570", + "specs": [ + "<0.9.96" + ], + "v": "<0.9.96" } ], "atlasapi": [ @@ -9040,9 +9262,9 @@ }, { "advisory": "Autogluon 0.5.3 updates its dependency 'transformers' requirement to \">=4.23.0,<4.24.0\" to include security fixes.", - "cve": "CVE-2022-1941", - "id": "pyup.io-51994", - "more_info_path": "/vulnerabilities/CVE-2022-1941/51994", + "cve": "PVE-2022-51450", + "id": "pyup.io-51940", + "more_info_path": "/vulnerabilities/PVE-2022-51450/51940", "specs": [ "<0.5.3" ], @@ -9050,9 +9272,9 @@ }, { "advisory": "Autogluon 0.5.3 updates its dependency 'transformers' requirement to \">=4.23.0,<4.24.0\" to include security fixes.", - "cve": "PVE-2022-51450", - "id": "pyup.io-51940", - "more_info_path": "/vulnerabilities/PVE-2022-51450/51940", + "cve": "CVE-2022-1941", + "id": "pyup.io-51994", + "more_info_path": "/vulnerabilities/CVE-2022-1941/51994", "specs": [ "<0.5.3" ], @@ -9070,9 +9292,9 @@ }, { "advisory": "Autogluon 0.6.1 updates its dependency 'pillow' requirement to '>=9.3.0' to include security fixes.", - "cve": "CVE-2022-24303", - "id": "pyup.io-52411", - "more_info_path": "/vulnerabilities/CVE-2022-24303/52411", + "cve": "CVE-2022-45198", + "id": "pyup.io-52534", + "more_info_path": "/vulnerabilities/CVE-2022-45198/52534", "specs": [ "<0.6.1" ], @@ -9080,9 +9302,9 @@ }, { "advisory": "Autogluon 0.6.1 updates its dependency 'pillow' requirement to '>=9.3.0' to include security fixes.", - "cve": "CVE-2022-45198", - "id": "pyup.io-52534", - "more_info_path": "/vulnerabilities/CVE-2022-45198/52534", + "cve": "CVE-2022-24303", + "id": "pyup.io-52411", + "more_info_path": "/vulnerabilities/CVE-2022-24303/52411", "specs": [ "<0.6.1" ], @@ -9100,9 +9322,9 @@ }, { "advisory": "Autogluon 0.4.1 updates its dependency 'ray' minimum requirement to v1.10.0 to include security fixes.", - "cve": "CVE-2021-45046", - "id": "pyup.io-48622", - "more_info_path": "/vulnerabilities/CVE-2021-45046/48622", + "cve": "CVE-2021-44228", + "id": "pyup.io-48621", + "more_info_path": "/vulnerabilities/CVE-2021-44228/48621", "specs": [ ">=0.4.0,<0.4.1" ], @@ -9110,9 +9332,9 @@ }, { "advisory": "Autogluon 0.4.1 updates its dependency 'ray' minimum requirement to v1.10.0 to include security fixes.", - "cve": "CVE-2021-45105", - "id": "pyup.io-48623", - "more_info_path": "/vulnerabilities/CVE-2021-45105/48623", + "cve": "CVE-2021-45046", + "id": "pyup.io-48622", + "more_info_path": "/vulnerabilities/CVE-2021-45046/48622", "specs": [ ">=0.4.0,<0.4.1" ], @@ -9120,9 +9342,9 @@ }, { "advisory": "Autogluon 0.4.1 updates its dependency 'ray' minimum requirement to v1.10.0 to include security fixes.", - "cve": "CVE-2021-44228", - "id": "pyup.io-48621", - "more_info_path": "/vulnerabilities/CVE-2021-44228/48621", + "cve": "CVE-2021-45105", + "id": "pyup.io-48623", + "more_info_path": "/vulnerabilities/CVE-2021-45105/48623", "specs": [ ">=0.4.0,<0.4.1" ], @@ -9148,6 +9370,17 @@ ], "v": ">=0.4.0,<0.4.1" }, + { + "advisory": "The autogluon.multimodal module has a vulnerability due to the incorrect neutralization of special elements utilized in an operating system command. This issue is identified as an 'OS Command Injection'.", + "cve": "PVE-2023-99929", + "id": "pyup.io-61945", + "more_info_path": "/vulnerabilities/PVE-2023-99929/61945", + "specs": [ + ">=0.4.0,<0.4.3", + ">=0.5.0,<0.5.2" + ], + "v": ">=0.4.0,<0.4.3,>=0.5.0,<0.5.2" + }, { "advisory": "Autogluon 0.5.2 and 0.4.3 use yaml.safe_load() to prevent a code injection vulnerability.\r\nhttps://github.com/awslabs/autogluon/commit/23a37e74e58d03055c84a1b89c5af6c3db296b5e", "cve": "PVE-2022-50305", @@ -9160,6 +9393,19 @@ "v": ">=0.5.0a0,<0.5.2,<0.4.3" } ], + "autogluon-multimodal": [ + { + "advisory": "The autogluon.multimodal module has a vulnerability due to the incorrect neutralization of special elements utilized in an operating system command. This issue is identified as an 'OS Command Injection'.", + "cve": "PVE-2023-99930", + "id": "pyup.io-61944", + "more_info_path": "/vulnerabilities/PVE-2023-99930/61944", + "specs": [ + ">=0.4.0,<0.4.3", + ">=0.5.0,<0.5.2" + ], + "v": ">=0.4.0,<0.4.3,>=0.5.0,<0.5.2" + } + ], "autogluon.multimodal": [ { "advisory": "Autogluon.multimodal 0.4.3 and 0.5.2 include a security fix: Unsafe yaml deserialization in autogluon.multimodal.\r\nhttps://github.com/autogluon/autogluon/security/advisories/GHSA-6h2x-4gjf-jc5w", @@ -9468,9 +9714,9 @@ }, { "advisory": "Aws-analytics-reference-architecture 1.8.8 updates its dependency 'log4j' and its references to v2.17.0 to fix critical security vulnerabilities.\r\nhttps://github.com/aws-samples/aws-analytics-reference-architecture/commit/c2c18615602c48f19be5a34dde6a8569f2fdfe0d", - "cve": "CVE-2021-45046", - "id": "pyup.io-44479", - "more_info_path": "/vulnerabilities/CVE-2021-45046/44479", + "cve": "CVE-2021-44228", + "id": "pyup.io-43972", + "more_info_path": "/vulnerabilities/CVE-2021-44228/43972", "specs": [ "<1.8.8" ], @@ -9478,9 +9724,9 @@ }, { "advisory": "Aws-analytics-reference-architecture 1.8.8 updates its dependency 'log4j' and its references to v2.17.0 to fix critical security vulnerabilities.\r\nhttps://github.com/aws-samples/aws-analytics-reference-architecture/commit/c2c18615602c48f19be5a34dde6a8569f2fdfe0d", - "cve": "CVE-2021-44228", - "id": "pyup.io-43972", - "more_info_path": "/vulnerabilities/CVE-2021-44228/43972", + "cve": "CVE-2021-45105", + "id": "pyup.io-44480", + "more_info_path": "/vulnerabilities/CVE-2021-45105/44480", "specs": [ "<1.8.8" ], @@ -9488,9 +9734,9 @@ }, { "advisory": "Aws-analytics-reference-architecture 1.8.8 updates its dependency 'log4j' and its references to v2.17.0 to fix critical security vulnerabilities.\r\nhttps://github.com/aws-samples/aws-analytics-reference-architecture/commit/c2c18615602c48f19be5a34dde6a8569f2fdfe0d", - "cve": "CVE-2021-45105", - "id": "pyup.io-44480", - "more_info_path": "/vulnerabilities/CVE-2021-45105/44480", + "cve": "CVE-2021-45046", + "id": "pyup.io-44479", + "more_info_path": "/vulnerabilities/CVE-2021-45046/44479", "specs": [ "<1.8.8" ], @@ -10376,6 +10622,21 @@ "v": "<1.0.18" } ], + "bcfg2": [ + { + "advisory": "The server in Bcfg2 1.1.2 and earlier, and 1.2 prerelease, allows remote attackers to execute arbitrary commands via shell metacharacters in data received from a client.", + "cve": "CVE-2011-3211", + "id": "pyup.io-62023", + "more_info_path": "/vulnerabilities/CVE-2011-3211/62023", + "specs": [ + "<=1.1.2", + "==1.2.0pre1", + "==1.2.0pre2", + "==1.2.0pre3" + ], + "v": "<=1.1.2,==1.2.0pre1,==1.2.0pre2,==1.2.0pre3" + } + ], "beaker": [ { "advisory": "Beaker 0.9.4 removes directory escaping characters properly from the session ID when un-signed sessions are used.\r\nhttps://github.com/bbangert/beaker/commit/ad45a77d199c46ddedf5d1aa54780b95d4bd3279", @@ -10645,9 +10906,9 @@ }, { "advisory": "Bigdl 2.0.0 updates its Maven dependency 'http.version' to v10.1.15 to include security fixes.", - "cve": "CVE-2021-23339", - "id": "pyup.io-45840", - "more_info_path": "/vulnerabilities/CVE-2021-23339/45840", + "cve": "CVE-2021-42697", + "id": "pyup.io-45841", + "more_info_path": "/vulnerabilities/CVE-2021-42697/45841", "specs": [ "<2.0.0" ], @@ -10655,9 +10916,9 @@ }, { "advisory": "Bigdl 2.0.0 updates its Maven dependency 'http.version' to v10.1.15 to include security fixes.", - "cve": "CVE-2021-42697", - "id": "pyup.io-45841", - "more_info_path": "/vulnerabilities/CVE-2021-42697/45841", + "cve": "CVE-2021-23339", + "id": "pyup.io-45840", + "more_info_path": "/vulnerabilities/CVE-2021-23339/45840", "specs": [ "<2.0.0" ], @@ -10674,20 +10935,20 @@ "v": "<2.0.0" }, { - "advisory": "Bigdl 2.1.0 updates its Maven dependency 'akka.http' to v10.1.15 to include a security fix.", - "cve": "CVE-2021-23339", - "id": "pyup.io-51328", - "more_info_path": "/vulnerabilities/CVE-2021-23339/51328", + "advisory": "Bigdl 2.1.0 updates its Maven dependency 'protobuf-java' to v3.19.2 to include a security fix.", + "cve": "CVE-2021-22569", + "id": "pyup.io-51239", + "more_info_path": "/vulnerabilities/CVE-2021-22569/51239", "specs": [ "<2.1.0" ], "v": "<2.1.0" }, { - "advisory": "Bigdl 2.1.0 updates its Maven dependency 'protobuf-java' to v3.19.2 to include a security fix.", - "cve": "CVE-2021-22569", - "id": "pyup.io-51239", - "more_info_path": "/vulnerabilities/CVE-2021-22569/51239", + "advisory": "Bigdl 2.1.0 updates its Maven dependency 'akka.http' to v10.1.15 to include a security fix.", + "cve": "CVE-2021-23339", + "id": "pyup.io-51328", + "more_info_path": "/vulnerabilities/CVE-2021-23339/51328", "specs": [ "<2.1.0" ], @@ -10703,16 +10964,6 @@ ], "v": "<2.3.0" }, - { - "advisory": "Bigdl 2.3.0 replaces part of pickle to json to avoid a security issue.\r\nhttps://github.com/intel-analytics/BigDL/pull/8009", - "cve": "PVE-2023-55137", - "id": "pyup.io-55137", - "more_info_path": "/vulnerabilities/PVE-2023-55137/55137", - "specs": [ - "<2.3.0" - ], - "v": "<2.3.0" - }, { "advisory": "Bigdl 2.3.0 includes a security fix in its 'dlib' library: Reflected XSS All Clients in TorchFile.scala.\r\nhttps://github.com/intel-analytics/BigDL/pull/7731", "cve": "PVE-2023-55131", @@ -10733,16 +10984,6 @@ ], "v": "<2.3.0" }, - { - "advisory": "Bigdl 2.3.0 updates its dependency 'cryptography' to v39.0.1 to include security fixes.\r\nhttps://github.com/intel-analytics/BigDL/pull/7717", - "cve": "CVE-2023-0401", - "id": "pyup.io-55138", - "more_info_path": "/vulnerabilities/CVE-2023-0401/55138", - "specs": [ - "<2.3.0" - ], - "v": "<2.3.0" - }, { "advisory": "Bigdl 2.3.0 updates its dependency 'cryptography' to v39.0.1 to include security fixes.\r\nhttps://github.com/intel-analytics/BigDL/pull/7717", "cve": "CVE-2023-0286", @@ -10762,6 +11003,26 @@ "<2.3.0" ], "v": "<2.3.0" + }, + { + "advisory": "Bigdl 2.3.0 replaces part of pickle to json to avoid a security issue.\r\nhttps://github.com/intel-analytics/BigDL/pull/8009", + "cve": "PVE-2023-55137", + "id": "pyup.io-55137", + "more_info_path": "/vulnerabilities/PVE-2023-55137/55137", + "specs": [ + "<2.3.0" + ], + "v": "<2.3.0" + }, + { + "advisory": "Bigdl 2.3.0 updates its dependency 'cryptography' to v39.0.1 to include security fixes.\r\nhttps://github.com/intel-analytics/BigDL/pull/7717", + "cve": "CVE-2023-0401", + "id": "pyup.io-55138", + "more_info_path": "/vulnerabilities/CVE-2023-0401/55138", + "specs": [ + "<2.3.0" + ], + "v": "<2.3.0" } ], "bigflow": [ @@ -10938,30 +11199,30 @@ "v": "<3.4.3" }, { - "advisory": "Bittensor 5.3.1 updates its dependency 'cryptography' to version '41.0.0' to fix a Denial of Service vulnerability.\r\nhttps://github.com/opentensor/bittensor/commit/91d13b0fa711621cbf823708d4368b1b387e42c4", - "cve": "CVE-2023-0216", - "id": "pyup.io-59613", - "more_info_path": "/vulnerabilities/CVE-2023-0216/59613", + "advisory": "Bittensor 5.3.1 updates its dependency 'cryptography' to version '41.0.0' to fix a Use After Free vulnerability.\r\nhttps://github.com/opentensor/bittensor/commit/91d13b0fa711621cbf823708d4368b1b387e42c4", + "cve": "CVE-2023-0215", + "id": "pyup.io-59610", + "more_info_path": "/vulnerabilities/CVE-2023-0215/59610", "specs": [ "<5.3.1" ], "v": "<5.3.1" }, { - "advisory": "Bittensor 5.3.1 updates its dependency 'cryptography' to version '41.0.0' to fix a Use After Free vulnerability.\r\nhttps://github.com/opentensor/bittensor/commit/91d13b0fa711621cbf823708d4368b1b387e42c4", - "cve": "CVE-2023-0215", - "id": "pyup.io-59610", - "more_info_path": "/vulnerabilities/CVE-2023-0215/59610", + "advisory": "Bittensor 5.3.1 updates its dependency 'cryptography' to version '41.0.0' to fix a Denial of Service vulnerability.\r\nhttps://github.com/opentensor/bittensor/commit/91d13b0fa711621cbf823708d4368b1b387e42c4", + "cve": "CVE-2023-2650", + "id": "pyup.io-59533", + "more_info_path": "/vulnerabilities/CVE-2023-2650/59533", "specs": [ "<5.3.1" ], "v": "<5.3.1" }, { - "advisory": "Bittensor 5.3.1 updates its dependency 'cryptography' to version '41.0.0' to fix a Type Confusion vulnerability.\r\nhttps://github.com/opentensor/bittensor/commit/91d13b0fa711621cbf823708d4368b1b387e42c4", - "cve": "CVE-2023-0286", - "id": "pyup.io-59611", - "more_info_path": "/vulnerabilities/CVE-2023-0286/59611", + "advisory": "Bittensor 5.3.1 updates its dependency 'cryptography' to version '41.0.0' to fix a Denial of Service vulnerability.\r\nhttps://github.com/opentensor/bittensor/commit/91d13b0fa711621cbf823708d4368b1b387e42c4", + "cve": "CVE-2022-4450", + "id": "pyup.io-59615", + "more_info_path": "/vulnerabilities/CVE-2022-4450/59615", "specs": [ "<5.3.1" ], @@ -10969,39 +11230,39 @@ }, { "advisory": "Bittensor 5.3.1 updates its dependency 'cryptography' to version '41.0.0' to fix a Denial of Service vulnerability.\r\nhttps://github.com/opentensor/bittensor/commit/91d13b0fa711621cbf823708d4368b1b387e42c4", - "cve": "CVE-2023-0217", - "id": "pyup.io-59609", - "more_info_path": "/vulnerabilities/CVE-2023-0217/59609", + "cve": "CVE-2023-0401", + "id": "pyup.io-59608", + "more_info_path": "/vulnerabilities/CVE-2023-0401/59608", "specs": [ "<5.3.1" ], "v": "<5.3.1" }, { - "advisory": "Bittensor 5.3.1 updates its dependency 'cryptography' to version '41.0.0' to fix an Expected Behavior Violation vulnerability.\r\nhttps://github.com/opentensor/bittensor/commit/91d13b0fa711621cbf823708d4368b1b387e42c4", - "cve": "CVE-2023-23931", - "id": "pyup.io-59616", - "more_info_path": "/vulnerabilities/CVE-2023-23931/59616", + "advisory": "Bittensor 5.3.1 updates its dependency 'cryptography' to version '41.0.0' to fix a Denial of Service vulnerability.\r\nhttps://github.com/opentensor/bittensor/commit/91d13b0fa711621cbf823708d4368b1b387e42c4", + "cve": "CVE-2022-3996", + "id": "pyup.io-59617", + "more_info_path": "/vulnerabilities/CVE-2022-3996/59617", "specs": [ "<5.3.1" ], "v": "<5.3.1" }, { - "advisory": "Bittensor 5.3.1 updates its dependency 'cryptography' to version '41.0.0' to fix a Denial of Service vulnerability.\r\nhttps://github.com/opentensor/bittensor/commit/91d13b0fa711621cbf823708d4368b1b387e42c4", - "cve": "CVE-2023-2650", - "id": "pyup.io-59533", - "more_info_path": "/vulnerabilities/CVE-2023-2650/59533", + "advisory": "Bittensor 5.3.1 updates its dependency 'cryptography' to version '41.0.0' to fix a Type Confusion vulnerability.\r\nhttps://github.com/opentensor/bittensor/commit/91d13b0fa711621cbf823708d4368b1b387e42c4", + "cve": "CVE-2023-0286", + "id": "pyup.io-59611", + "more_info_path": "/vulnerabilities/CVE-2023-0286/59611", "specs": [ "<5.3.1" ], "v": "<5.3.1" }, { - "advisory": "Bittensor 5.3.1 updates its dependency 'cryptography' to version '41.0.0' to fix a Denial of Service vulnerability.\r\nhttps://github.com/opentensor/bittensor/commit/91d13b0fa711621cbf823708d4368b1b387e42c4", - "cve": "CVE-2022-4450", - "id": "pyup.io-59615", - "more_info_path": "/vulnerabilities/CVE-2022-4450/59615", + "advisory": "Bittensor 5.3.1 updates its dependency 'cryptography' to version '41.0.0' to fix a Timing Attack vulnerability.\r\nhttps://github.com/opentensor/bittensor/commit/91d13b0fa711621cbf823708d4368b1b387e42c4", + "cve": "CVE-2022-4304", + "id": "pyup.io-59612", + "more_info_path": "/vulnerabilities/CVE-2022-4304/59612", "specs": [ "<5.3.1" ], @@ -11019,9 +11280,9 @@ }, { "advisory": "Bittensor 5.3.1 updates its dependency 'cryptography' to version '41.0.0' to fix a Denial of Service vulnerability.\r\nhttps://github.com/opentensor/bittensor/commit/91d13b0fa711621cbf823708d4368b1b387e42c4", - "cve": "CVE-2022-3996", - "id": "pyup.io-59617", - "more_info_path": "/vulnerabilities/CVE-2022-3996/59617", + "cve": "CVE-2023-0216", + "id": "pyup.io-59613", + "more_info_path": "/vulnerabilities/CVE-2023-0216/59613", "specs": [ "<5.3.1" ], @@ -11029,19 +11290,19 @@ }, { "advisory": "Bittensor 5.3.1 updates its dependency 'cryptography' to version '41.0.0' to fix a Denial of Service vulnerability.\r\nhttps://github.com/opentensor/bittensor/commit/91d13b0fa711621cbf823708d4368b1b387e42c4", - "cve": "CVE-2023-0401", - "id": "pyup.io-59608", - "more_info_path": "/vulnerabilities/CVE-2023-0401/59608", + "cve": "CVE-2023-0217", + "id": "pyup.io-59609", + "more_info_path": "/vulnerabilities/CVE-2023-0217/59609", "specs": [ "<5.3.1" ], "v": "<5.3.1" }, { - "advisory": "Bittensor 5.3.1 updates its dependency 'cryptography' to version '41.0.0' to fix a Timing Attack vulnerability.\r\nhttps://github.com/opentensor/bittensor/commit/91d13b0fa711621cbf823708d4368b1b387e42c4", - "cve": "CVE-2022-4304", - "id": "pyup.io-59612", - "more_info_path": "/vulnerabilities/CVE-2022-4304/59612", + "advisory": "Bittensor 5.3.1 updates its dependency 'cryptography' to version '41.0.0' to fix an Expected Behavior Violation vulnerability.\r\nhttps://github.com/opentensor/bittensor/commit/91d13b0fa711621cbf823708d4368b1b387e42c4", + "cve": "CVE-2023-23931", + "id": "pyup.io-59616", + "more_info_path": "/vulnerabilities/CVE-2023-23931/59616", "specs": [ "<5.3.1" ], @@ -11495,9 +11756,9 @@ }, { "advisory": "Bokeh 2.4.2 updates its dependency 'jquery-ui' to v1.13.0 to include security fixes.", - "cve": "CVE-2021-41184", - "id": "pyup.io-42815", - "more_info_path": "/vulnerabilities/CVE-2021-41184/42815", + "cve": "CVE-2021-41183", + "id": "pyup.io-42814", + "more_info_path": "/vulnerabilities/CVE-2021-41183/42814", "specs": [ "<2.4.2" ], @@ -11505,9 +11766,9 @@ }, { "advisory": "Bokeh 2.4.2 updates its dependency 'jquery-ui' to v1.13.0 to include security fixes.", - "cve": "CVE-2021-41183", - "id": "pyup.io-42814", - "more_info_path": "/vulnerabilities/CVE-2021-41183/42814", + "cve": "CVE-2021-41184", + "id": "pyup.io-42815", + "more_info_path": "/vulnerabilities/CVE-2021-41184/42815", "specs": [ "<2.4.2" ], @@ -11986,20 +12247,20 @@ ], "bzip3": [ { - "advisory": "Bzip3 (python client) 0.1.2 includes bzip3 core version 1.3.0, that fixes an overflow in bz3_decode_block.\r\nhttps://github.com/kspalaiologos/bzip3/commit/33b1951f153c3c5dc8ed736b9110437e1a619b7d", - "cve": "PVE-2023-58750", - "id": "pyup.io-58750", - "more_info_path": "/vulnerabilities/PVE-2023-58750/58750", + "advisory": "Bzip3 (python client) 0.1.2 includes bzip3 core version 1.3.0, that fixes a buffer overflow vulnerability in libsais.\r\nhttps://github.com/kspalaiologos/bzip3/commit/bfa5bf82b53715dfedf048e5859a46cf248668ff", + "cve": "PVE-2023-58746", + "id": "pyup.io-58746", + "more_info_path": "/vulnerabilities/PVE-2023-58746/58746", "specs": [ "<0.1.2" ], "v": "<0.1.2" }, { - "advisory": "Bzip3 (python client) 0.1.2 includes bzip3 core version 1.3.0, that fixes a buffer overflow vulnerability in libsais.\r\nhttps://github.com/kspalaiologos/bzip3/commit/bfa5bf82b53715dfedf048e5859a46cf248668ff", - "cve": "PVE-2023-58746", - "id": "pyup.io-58746", - "more_info_path": "/vulnerabilities/PVE-2023-58746/58746", + "advisory": "Bzip3 (python client) 0.1.2 includes bzip3 core version 1.3.0, that fixes an overflow in bz3_decode_block.\r\nhttps://github.com/kspalaiologos/bzip3/commit/33b1951f153c3c5dc8ed736b9110437e1a619b7d", + "cve": "PVE-2023-58750", + "id": "pyup.io-58750", + "more_info_path": "/vulnerabilities/PVE-2023-58750/58750", "specs": [ "<0.1.2" ], @@ -12048,6 +12309,18 @@ "v": "<=1.16.8" } ], + "c2cciutils": [ + { + "advisory": "C2cciutils 1.6.0 updates its 'requests' dependency to v2.31.0 to address CVE-2023-32681.", + "cve": "CVE-2023-32681", + "id": "pyup.io-62110", + "more_info_path": "/vulnerabilities/CVE-2023-32681/62110", + "specs": [ + "<1.6.0" + ], + "v": "<1.6.0" + } + ], "c2cwsgiutils": [ { "advisory": "C2cwsgiutils 4.0.0 updates its dependency 'pipenv' to v2020.5.28 to include security fixes.", @@ -12061,9 +12334,9 @@ }, { "advisory": "C2cwsgiutils 4.0.0 updates its dependency 'pipenv' to v2020.5.28 to include security fixes.", - "cve": "CVE-2019-11324", - "id": "pyup.io-53060", - "more_info_path": "/vulnerabilities/CVE-2019-11324/53060", + "cve": "CVE-2019-11236", + "id": "pyup.io-53059", + "more_info_path": "/vulnerabilities/CVE-2019-11236/53059", "specs": [ "<4.0.0" ], @@ -12071,29 +12344,29 @@ }, { "advisory": "C2cwsgiutils 4.0.0 updates its dependency 'pipenv' to v2020.5.28 to include security fixes.", - "cve": "CVE-2019-11236", - "id": "pyup.io-53059", - "more_info_path": "/vulnerabilities/CVE-2019-11236/53059", + "cve": "CVE-2019-11324", + "id": "pyup.io-53060", + "more_info_path": "/vulnerabilities/CVE-2019-11324/53060", "specs": [ "<4.0.0" ], "v": "<4.0.0" }, { - "advisory": "C2cwsgiutils 4.1.2 updates its dependency 'mako' to v1.2.2 to include a security fix.", - "cve": "CVE-2022-40023", - "id": "pyup.io-53014", - "more_info_path": "/vulnerabilities/CVE-2022-40023/53014", + "advisory": "C2cwsgiutils 4.1.2 updates its dependency 'lxml' to v4.6.3 to include a security fix.", + "cve": "CVE-2021-28957", + "id": "pyup.io-53061", + "more_info_path": "/vulnerabilities/CVE-2021-28957/53061", "specs": [ "<4.1.2" ], "v": "<4.1.2" }, { - "advisory": "C2cwsgiutils 4.1.2 updates its dependency 'lxml' to v4.6.3 to include a security fix.", - "cve": "CVE-2021-28957", - "id": "pyup.io-53061", - "more_info_path": "/vulnerabilities/CVE-2021-28957/53061", + "advisory": "C2cwsgiutils 4.1.2 updates its dependency 'mako' to v1.2.2 to include a security fix.", + "cve": "CVE-2022-40023", + "id": "pyup.io-53014", + "more_info_path": "/vulnerabilities/CVE-2022-40023/53014", "specs": [ "<4.1.2" ], @@ -12212,6 +12485,18 @@ "v": "<1.2.6" } ], + "calendar-view": [ + { + "advisory": "Calendar-view 2.4.0 updates its dependency 'pillow' to include a security fix.", + "cve": "CVE-2023-4863", + "id": "pyup.io-61595", + "more_info_path": "/vulnerabilities/CVE-2023-4863/61595", + "specs": [ + "<2.4.0" + ], + "v": "<2.4.0" + } + ], "calibreweb": [ { "advisory": "Calibre-Web 0.6.7 prevents authentication bypass. Prior versions had a hardcoded secret key.", @@ -12350,20 +12635,20 @@ ], "camply": [ { - "advisory": "Camply 0.24.1 updates its dependency 'requests' to v2.31.0 to include a security fix.\r\nhttps://github.com/juftin/camply/commit/4c6d371", - "cve": "CVE-2023-32681", - "id": "pyup.io-58928", - "more_info_path": "/vulnerabilities/CVE-2023-32681/58928", + "advisory": "Camply 0.24.1 updates its dependency 'pymdown-extensions' to v10.0.1 to include a security fix.\r\nhttps://github.com/juftin/camply/commit/4c6d371", + "cve": "CVE-2023-32309", + "id": "pyup.io-58938", + "more_info_path": "/vulnerabilities/CVE-2023-32309/58938", "specs": [ "<0.24.1" ], "v": "<0.24.1" }, { - "advisory": "Camply 0.24.1 updates its dependency 'pymdown-extensions' to v10.0.1 to include a security fix.\r\nhttps://github.com/juftin/camply/commit/4c6d371", - "cve": "CVE-2023-32309", - "id": "pyup.io-58938", - "more_info_path": "/vulnerabilities/CVE-2023-32309/58938", + "advisory": "Camply 0.24.1 updates its dependency 'requests' to v2.31.0 to include a security fix.\r\nhttps://github.com/juftin/camply/commit/4c6d371", + "cve": "CVE-2023-32681", + "id": "pyup.io-58928", + "more_info_path": "/vulnerabilities/CVE-2023-32681/58928", "specs": [ "<0.24.1" ], @@ -12958,6 +13243,18 @@ "v": ">=1.3.3,<1.3.4" } ], + "cbor2": [ + { + "advisory": "Cbor2 5.4.0 fixes bounds checks in C decoder.\r\nhttps://github.com/agronholm/cbor2/pull/113", + "cve": "PVE-2023-61961", + "id": "pyup.io-61961", + "more_info_path": "/vulnerabilities/PVE-2023-61961/61961", + "specs": [ + "<5.4.0" + ], + "v": "<5.4.0" + } + ], "ccf": [ { "advisory": "Ccf 0.7 fixes a vulnerability to a possible replay attack.", @@ -13787,16 +14084,6 @@ ], "v": "<3.0.3" }, - { - "advisory": "libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc.", - "cve": "CVE-2020-5310", - "id": "pyup.io-43568", - "more_info_path": "/vulnerabilities/CVE-2020-5310/43568", - "specs": [ - "<=3.0.3" - ], - "v": "<=3.0.3" - }, { "advisory": "Chartify 3.0.3 includes a version of 'pillow' (6.2.0) affected by several CVEs.", "cve": "CVE-2020-5311", @@ -13817,6 +14104,16 @@ ], "v": "<=3.0.3" }, + { + "advisory": "libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc.", + "cve": "CVE-2020-5310", + "id": "pyup.io-43568", + "more_info_path": "/vulnerabilities/CVE-2020-5310/43568", + "specs": [ + "<=3.0.3" + ], + "v": "<=3.0.3" + }, { "advisory": "libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow.", "cve": "CVE-2020-5313", @@ -13839,16 +14136,6 @@ } ], "chatbot-ner": [ - { - "advisory": "Chatbot-ner 0.5.8 updates its dependency 'django' to v1.11.26 to include security fixes.", - "cve": "CVE-2019-14232", - "id": "pyup.io-42434", - "more_info_path": "/vulnerabilities/CVE-2019-14232/42434", - "specs": [ - "<0.5.8" - ], - "v": "<0.5.8" - }, { "advisory": "Chatbot-ner 0.5.8 updates its dependency 'django' to v1.11.26 to include security fixes.", "cve": "CVE-2019-14235", @@ -13880,20 +14167,20 @@ "v": "<0.5.8" }, { - "advisory": "Chatbot-ner 0.6.0 updates its dependency 'Django' to v1.11.27 to include security fixes.", - "cve": "CVE-2019-19844", - "id": "pyup.io-43699", - "more_info_path": "/vulnerabilities/CVE-2019-19844/43699", + "advisory": "Chatbot-ner 0.5.8 updates its dependency 'django' to v1.11.26 to include security fixes.", + "cve": "CVE-2019-14232", + "id": "pyup.io-42434", + "more_info_path": "/vulnerabilities/CVE-2019-14232/42434", "specs": [ - "<0.6.0" + "<0.5.8" ], - "v": "<0.6.0" + "v": "<0.5.8" }, { "advisory": "Chatbot-ner 0.6.0 updates its dependency 'Django' to v1.11.27 to include security fixes.", - "cve": "CVE-2019-14232", - "id": "pyup.io-43695", - "more_info_path": "/vulnerabilities/CVE-2019-14232/43695", + "cve": "CVE-2019-19844", + "id": "pyup.io-43699", + "more_info_path": "/vulnerabilities/CVE-2019-19844/43699", "specs": [ "<0.6.0" ], @@ -13938,6 +14225,16 @@ "<0.6.0" ], "v": "<0.6.0" + }, + { + "advisory": "Chatbot-ner 0.6.0 updates its dependency 'Django' to v1.11.27 to include security fixes.", + "cve": "CVE-2019-14232", + "id": "pyup.io-43695", + "more_info_path": "/vulnerabilities/CVE-2019-14232/43695", + "specs": [ + "<0.6.0" + ], + "v": "<0.6.0" } ], "chazz": [ @@ -17261,6 +17558,18 @@ "v": "<0.40.0" } ], + "cif2cell": [ + { + "advisory": "Cif2cell 1.0.12 includes a fix for a code injection vulnerability related to vectors/matrices input from the command line.\r\nhttps://github.com/torbjornbjorkman/cif2cell/commit/53341d96b7967358799f6955643bd3683dbbad9e", + "cve": "PVE-2023-61608", + "id": "pyup.io-61608", + "more_info_path": "/vulnerabilities/PVE-2023-61608/61608", + "specs": [ + "<1.0.12" + ], + "v": "<1.0.12" + } + ], "ciftify": [ { "advisory": "Ciftify 2.3.3 includes a security patch for the function '__read_settings' in 'ciftify/utils.py'. It used the unsafe yaml.load(), that allows instantiation of arbitrary objects. Consider yaml.safe_load().\r\nhttps://github.com/edickie/ciftify/commit/7ac66dc2efc78bae272a0e1e713c81756f780969#diff-d55ace9e33dabdeba89768d93ae8fe97cf6d2ba4936fc5ab472b7bf749270b63", @@ -17797,9 +18106,9 @@ "cloudvision": [ { "advisory": "Cloudvision 1.13.0 updates 'cryptography' minimum version to v41.0.3 to include security fixes in bundled OpenSSL.", - "cve": "CVE-2023-2975", - "id": "pyup.io-61130", - "more_info_path": "/vulnerabilities/CVE-2023-2975/61130", + "cve": "CVE-2023-3817", + "id": "pyup.io-61129", + "more_info_path": "/vulnerabilities/CVE-2023-3817/61129", "specs": [ "<1.13.0" ], @@ -17807,9 +18116,9 @@ }, { "advisory": "Cloudvision 1.13.0 updates 'cryptography' minimum version to v41.0.3 to include security fixes in bundled OpenSSL.", - "cve": "CVE-2023-3446", - "id": "pyup.io-61131", - "more_info_path": "/vulnerabilities/CVE-2023-3446/61131", + "cve": "CVE-2023-2975", + "id": "pyup.io-61130", + "more_info_path": "/vulnerabilities/CVE-2023-2975/61130", "specs": [ "<1.13.0" ], @@ -17817,9 +18126,9 @@ }, { "advisory": "Cloudvision 1.13.0 updates 'cryptography' minimum version to v41.0.3 to include security fixes in bundled OpenSSL.", - "cve": "CVE-2023-3817", - "id": "pyup.io-61129", - "more_info_path": "/vulnerabilities/CVE-2023-3817/61129", + "cve": "CVE-2023-3446", + "id": "pyup.io-61131", + "more_info_path": "/vulnerabilities/CVE-2023-3446/61131", "specs": [ "<1.13.0" ], @@ -17990,6 +18299,16 @@ ], "v": "<1.6.1" }, + { + "advisory": "Cobbler before 2.0.4 uses an incorrect umask value, which allows local users to have an unspecified impact by leveraging world writable permissions for files and directories.", + "cve": "CVE-2010-4512", + "id": "pyup.io-61742", + "more_info_path": "/vulnerabilities/CVE-2010-4512/61742", + "specs": [ + "<2.0.4" + ], + "v": "<2.0.4" + }, { "advisory": "Cobbler 2.0.7 includes a fix for CVE-2010-2235: Template_api.py in Cobbler before 2.0.7, as used in Red Hat Network Satellite Server and other products, does not disable the ability of the Cheetah template engine to execute Python statements contained in templates, which allows remote authenticated administrators to execute arbitrary code via a crafted kickstart template file, a different vulnerability than CVE-2008-6954.", "cve": "CVE-2010-2235", @@ -18000,6 +18319,16 @@ ], "v": "<2.0.7" }, + { + "advisory": "Cobbler v2.1.0 resolves missing CSRF protection in web interface using Django framework.", + "cve": "CVE-2011-4952", + "id": "pyup.io-62096", + "more_info_path": "/vulnerabilities/CVE-2011-4952/62096", + "specs": [ + "<2.1.0" + ], + "v": "<2.1.0" + }, { "advisory": "Cobbler 2.6.0 includes a fix for CVE-2011-4954: Cobbler has local privilege escalation via the use of insecure location for PYTHON_EGG_CACHE.\r\nhttps://github.com/cobbler/cobbler/commit/3c97edff9f8453536ae5adfe930a8b084b5e4346", "cve": "CVE-2011-4954", @@ -18110,6 +18439,16 @@ ], "v": "<3.3.2" }, + { + "advisory": "The set_mgmt_parameters function in item.py in cobbler before 2.2.2 allows context-dependent attackers to execute arbitrary code via vectors related to the use of the yaml.load function instead of the yaml.safe_load function, as demonstrated using Puppet.", + "cve": "CVE-2011-4953", + "id": "pyup.io-62098", + "more_info_path": "/vulnerabilities/CVE-2011-4953/62098", + "specs": [ + "<=2.2.1" + ], + "v": "<=2.2.1" + }, { "advisory": "A Command Injection in action_power.py in Cobbler prior to v2.6.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) username or (2) password fields to the power_system method in the xmlrpc API.", "cve": "CVE-2012-2395", @@ -18273,6 +18612,18 @@ "v": "<2.0.8" } ], + "codeinterpreterapi": [ + { + "advisory": "Codeinterpreterapi 0.0.14 updates its dependency 'langchain' to include a security fix.", + "cve": "PVE-2023-61536", + "id": "pyup.io-61748", + "more_info_path": "/vulnerabilities/PVE-2023-61536/61748", + "specs": [ + "<0.0.14" + ], + "v": "<0.0.14" + } + ], "cohen3": [ { "advisory": "Cohen3 version 0.8.3 updates its dependency \"requests\" to include a security fix.", @@ -18463,6 +18814,16 @@ "<4.1.1" ], "v": "<4.1.1" + }, + { + "advisory": "An attacker can seize control of a user session by leveraging a Cross-site scripting vulnerability. This allows the unauthorized user to modify a legitimate user's password and disrupt their session.", + "cve": "PVE-2023-99913", + "id": "pyup.io-62008", + "more_info_path": "/vulnerabilities/PVE-2023-99913/62008", + "specs": [ + ">=0.0a" + ], + "v": ">=0.0a" } ], "collective-noticeboard": [ @@ -18701,20 +19062,20 @@ "v": "<0.13.0" }, { - "advisory": "Composer 0.13.0 updates its dependency 'certifi' requirement to '>=2022.12.7' in Dockerfile to include a security fix.\r\nhttps://github.com/mosaicml/composer/pull/2007", - "cve": "CVE-2022-23491", - "id": "pyup.io-53695", - "more_info_path": "/vulnerabilities/CVE-2022-23491/53695", + "advisory": "Composer 0.13.0 updates its dependency 'pillow' to v9.0.0 in Dockerfile to include security fixes.\r\nhttps://github.com/mosaicml/composer/pull/2007", + "cve": "CVE-2021-34552", + "id": "pyup.io-53694", + "more_info_path": "/vulnerabilities/CVE-2021-34552/53694", "specs": [ "<0.13.0" ], "v": "<0.13.0" }, { - "advisory": "Composer 0.13.0 updates its dependency 'pillow' to v9.0.0 in Dockerfile to include security fixes.\r\nhttps://github.com/mosaicml/composer/pull/2007", - "cve": "CVE-2021-34552", - "id": "pyup.io-53694", - "more_info_path": "/vulnerabilities/CVE-2021-34552/53694", + "advisory": "Composer 0.13.0 updates its dependency 'certifi' requirement to '>=2022.12.7' in Dockerfile to include a security fix.\r\nhttps://github.com/mosaicml/composer/pull/2007", + "cve": "CVE-2022-23491", + "id": "pyup.io-53695", + "more_info_path": "/vulnerabilities/CVE-2022-23491/53695", "specs": [ "<0.13.0" ], @@ -19035,7 +19396,7 @@ ], "configobj": [ { - "advisory": "All versions of the package configobj are vulnerable to Regular Expression Denial of Service (ReDoS) via the validate function, using (.+?)\\((.*)\\). **Note:** This is only exploitable in the case of a developer, putting the offending value in a server side configuration file.", + "advisory": "All versions of the package configobj are vulnerable to Regular Expression Denial of Service (ReDoS) via the validate function, using (.+?)\\((.*)\\). **Note:** This is only exploitable in the case of a developer putting the offending value in a server side configuration file.", "cve": "CVE-2023-26112", "id": "pyup.io-54843", "more_info_path": "/vulnerabilities/CVE-2023-26112/54843", @@ -19126,9 +19487,9 @@ "connect-sdk-python2": [ { "advisory": "Connect-sdk-python2 3.33.0 updates the minimum 'requests' version from 2.20.0 to 2.25.0, as earlier versions depend on a vulnerable 'urllib3' version.", - "cve": "CVE-2020-26137", - "id": "pyup.io-51386", - "more_info_path": "/vulnerabilities/CVE-2020-26137/51386", + "cve": "CVE-2019-11236", + "id": "pyup.io-51384", + "more_info_path": "/vulnerabilities/CVE-2019-11236/51384", "specs": [ "<3.33.0" ], @@ -19146,9 +19507,9 @@ }, { "advisory": "Connect-sdk-python2 3.33.0 updates the minimum 'requests' version from 2.20.0 to 2.25.0, as earlier versions depend on a vulnerable 'urllib3' version.", - "cve": "CVE-2019-11236", - "id": "pyup.io-51384", - "more_info_path": "/vulnerabilities/CVE-2019-11236/51384", + "cve": "CVE-2021-33503", + "id": "pyup.io-51387", + "more_info_path": "/vulnerabilities/CVE-2021-33503/51387", "specs": [ "<3.33.0" ], @@ -19156,9 +19517,9 @@ }, { "advisory": "Connect-sdk-python2 3.33.0 updates the minimum 'requests' version from 2.20.0 to 2.25.0, as earlier versions depend on a vulnerable 'urllib3' version.", - "cve": "CVE-2021-33503", - "id": "pyup.io-51387", - "more_info_path": "/vulnerabilities/CVE-2021-33503/51387", + "cve": "CVE-2020-26137", + "id": "pyup.io-51386", + "more_info_path": "/vulnerabilities/CVE-2020-26137/51386", "specs": [ "<3.33.0" ], @@ -19208,9 +19569,9 @@ }, { "advisory": "Connect-sdk-python3 3.33.0 updates the minimum 'requests' version from 2.20.0 to 2.25.0, as earlier versions depend on a vulnerable 'urllib3' version.", - "cve": "CVE-2020-26137", - "id": "pyup.io-51380", - "more_info_path": "/vulnerabilities/CVE-2020-26137/51380", + "cve": "CVE-2021-33503", + "id": "pyup.io-51360", + "more_info_path": "/vulnerabilities/CVE-2021-33503/51360", "specs": [ "<3.33.0" ], @@ -19218,9 +19579,9 @@ }, { "advisory": "Connect-sdk-python3 3.33.0 updates the minimum 'requests' version from 2.20.0 to 2.25.0, as earlier versions depend on a vulnerable 'urllib3' version.", - "cve": "CVE-2021-33503", - "id": "pyup.io-51360", - "more_info_path": "/vulnerabilities/CVE-2021-33503/51360", + "cve": "CVE-2020-26137", + "id": "pyup.io-51380", + "more_info_path": "/vulnerabilities/CVE-2020-26137/51380", "specs": [ "<3.33.0" ], @@ -19483,6 +19844,38 @@ "<1.8.7" ], "v": "<1.8.7" + }, + { + "advisory": "Copyparty 1.9.6 updates its dependency 'pillow' to v10.0.1 to include a security fix in Windows wheels (libwebp vulnerability).", + "cve": "CVE-2023-4863", + "id": "pyup.io-61515", + "more_info_path": "/vulnerabilities/CVE-2023-4863/61515", + "specs": [ + "<1.9.6" + ], + "v": "<1.9.6" + } + ], + "cornflow": [ + { + "advisory": "Cornflow 1.0.5 updates its dependency 'flask' to v2.3.2 to include a security fix.", + "cve": "CVE-2023-30861", + "id": "pyup.io-61559", + "more_info_path": "/vulnerabilities/CVE-2023-30861/61559", + "specs": [ + "<1.0.5" + ], + "v": "<1.0.5" + }, + { + "advisory": "Cornflow 1.0.6 updates its dependency 'gevent' to v23.9.0.post1 to include a security fix.", + "cve": "CVE-2023-41419", + "id": "pyup.io-61558", + "more_info_path": "/vulnerabilities/CVE-2023-41419/61558", + "specs": [ + "<1.0.6" + ], + "v": "<1.0.6" } ], "cortex": [ @@ -19592,11 +19985,21 @@ } ], "crate-docs-theme": [ + { + "advisory": "Crate-docs-theme 0.13.0 updates its NPM dependency 'bootstrap' to v4.5.3 to include security fixes.", + "cve": "CVE-2019-8331", + "id": "pyup.io-49063", + "more_info_path": "/vulnerabilities/CVE-2019-8331/49063", + "specs": [ + "<0.13.0" + ], + "v": "<0.13.0" + }, { "advisory": "Crate-docs-theme 0.13.0 updates its NPM dependency 'jquery' to v3.5.1 to include security fixes.", - "cve": "CVE-2011-4969", - "id": "pyup.io-39529", - "more_info_path": "/vulnerabilities/CVE-2011-4969/39529", + "cve": "CVE-2015-9251", + "id": "pyup.io-49058", + "more_info_path": "/vulnerabilities/CVE-2015-9251/49058", "specs": [ "<0.13.0" ], @@ -19614,9 +20017,9 @@ }, { "advisory": "Crate-docs-theme 0.13.0 updates its NPM dependency 'jquery' to v3.5.1 to include security fixes.", - "cve": "CVE-2015-9251", - "id": "pyup.io-49058", - "more_info_path": "/vulnerabilities/CVE-2015-9251/49058", + "cve": "CVE-2011-4969", + "id": "pyup.io-39529", + "more_info_path": "/vulnerabilities/CVE-2011-4969/39529", "specs": [ "<0.13.0" ], @@ -19624,9 +20027,9 @@ }, { "advisory": "Crate-docs-theme 0.13.0 updates its NPM dependency 'bootstrap' to v4.5.3 to include security fixes.", - "cve": "CVE-2019-8331", - "id": "pyup.io-49063", - "more_info_path": "/vulnerabilities/CVE-2019-8331/49063", + "cve": "CVE-2018-20677", + "id": "pyup.io-49064", + "more_info_path": "/vulnerabilities/CVE-2018-20677/49064", "specs": [ "<0.13.0" ], @@ -19634,9 +20037,9 @@ }, { "advisory": "Crate-docs-theme 0.13.0 updates its NPM dependency 'jquery' to v3.5.1 to include security fixes.", - "cve": "CVE-2019-11358", - "id": "pyup.io-49060", - "more_info_path": "/vulnerabilities/CVE-2019-11358/49060", + "cve": "CVE-2020-7656", + "id": "pyup.io-49062", + "more_info_path": "/vulnerabilities/CVE-2020-7656/49062", "specs": [ "<0.13.0" ], @@ -19644,9 +20047,9 @@ }, { "advisory": "Crate-docs-theme 0.13.0 updates its NPM dependency 'jquery' to v3.5.1 to include security fixes.", - "cve": "CVE-2020-7656", - "id": "pyup.io-49062", - "more_info_path": "/vulnerabilities/CVE-2020-7656/49062", + "cve": "CVE-2019-11358", + "id": "pyup.io-49060", + "more_info_path": "/vulnerabilities/CVE-2019-11358/49060", "specs": [ "<0.13.0" ], @@ -19672,16 +20075,6 @@ ], "v": "<0.13.0" }, - { - "advisory": "Crate-docs-theme 0.13.0 updates its NPM dependency 'bootstrap' to v4.5.3 to include security fixes.", - "cve": "CVE-2018-20677", - "id": "pyup.io-49064", - "more_info_path": "/vulnerabilities/CVE-2018-20677/49064", - "specs": [ - "<0.13.0" - ], - "v": "<0.13.0" - }, { "advisory": "Crate-docs-theme 0.13.0 updates its NPM dependency 'jquery' to v3.5.1 to include security fixes.", "cve": "CVE-2012-6708", @@ -19851,16 +20244,6 @@ } ], "cryptacular": [ - { - "advisory": "crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash.", - "cve": "PVE-2021-25677", - "id": "pyup.io-25677", - "more_info_path": "/vulnerabilities/PVE-2021-25677/25677", - "specs": [ - "<1.2" - ], - "v": "<1.2" - }, { "advisory": "crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash.", "cve": "CVE-2011-2483", @@ -20033,16 +20416,6 @@ ], "v": "<39.0.1" }, - { - "advisory": "Cryptography 39.0.1 updates its dependency 'OpenSSL' to v3.0.8 to include security fixes.\r\nhttps://github.com/pyca/cryptography/issues/8229", - "cve": "CVE-2023-0215", - "id": "pyup.io-53305", - "more_info_path": "/vulnerabilities/CVE-2023-0215/53305", - "specs": [ - "<39.0.1" - ], - "v": "<39.0.1" - }, { "advisory": "Cryptography 39.0.1 updates its dependency 'OpenSSL' to v3.0.8 to include security fixes.\r\nhttps://github.com/pyca/cryptography/issues/8229", "cve": "CVE-2022-4203", @@ -20055,9 +20428,9 @@ }, { "advisory": "Cryptography 39.0.1 updates its dependency 'OpenSSL' to v3.0.8 to include security fixes.\r\nhttps://github.com/pyca/cryptography/issues/8229", - "cve": "CVE-2023-0401", - "id": "pyup.io-53307", - "more_info_path": "/vulnerabilities/CVE-2023-0401/53307", + "cve": "CVE-2022-4304", + "id": "pyup.io-53303", + "more_info_path": "/vulnerabilities/CVE-2022-4304/53303", "specs": [ "<39.0.1" ], @@ -20065,9 +20438,9 @@ }, { "advisory": "Cryptography 39.0.1 updates its dependency 'OpenSSL' to v3.0.8 to include security fixes.\r\nhttps://github.com/pyca/cryptography/issues/8229", - "cve": "CVE-2023-0286", - "id": "pyup.io-53304", - "more_info_path": "/vulnerabilities/CVE-2023-0286/53304", + "cve": "CVE-2023-0215", + "id": "pyup.io-53305", + "more_info_path": "/vulnerabilities/CVE-2023-0215/53305", "specs": [ "<39.0.1" ], @@ -20075,9 +20448,9 @@ }, { "advisory": "Cryptography 39.0.1 updates its dependency 'OpenSSL' to v3.0.8 to include security fixes.\r\nhttps://github.com/pyca/cryptography/issues/8229", - "cve": "CVE-2022-4304", - "id": "pyup.io-53303", - "more_info_path": "/vulnerabilities/CVE-2022-4304/53303", + "cve": "CVE-2023-0401", + "id": "pyup.io-53307", + "more_info_path": "/vulnerabilities/CVE-2023-0401/53307", "specs": [ "<39.0.1" ], @@ -20103,6 +20476,16 @@ ], "v": "<39.0.1" }, + { + "advisory": "Cryptography 39.0.1 updates its dependency 'OpenSSL' to v3.0.8 to include security fixes.\r\nhttps://github.com/pyca/cryptography/issues/8229", + "cve": "CVE-2023-0286", + "id": "pyup.io-53304", + "more_info_path": "/vulnerabilities/CVE-2023-0286/53304", + "specs": [ + "<39.0.1" + ], + "v": "<39.0.1" + }, { "advisory": "Cryptography 41.0.0 updates its dependency 'OpenSSL' to v3.1.1 to include a security fix.\r\nhttps://github.com/pyca/cryptography/commit/8708245ccdeaff21d65eea68a4f8d2a7c5949a22", "cve": "CVE-2023-2650", @@ -20333,6 +20716,18 @@ "v": ">=11.0.0a1,<11.5.0,>=12.0.0a1,<12.0.0b3" } ], + "curl-cffi": [ + { + "advisory": "Curl-cffi 0.5.10b2 and prior releases ship with a version of 'libcurl' that has a high-severity vulnerability.\r\nhttps://github.com/lwthiker/curl-impersonate/issues/194", + "cve": "CVE-2023-38545", + "id": "pyup.io-61772", + "more_info_path": "/vulnerabilities/CVE-2023-38545/61772", + "specs": [ + "<=0.5.10b2" + ], + "v": "<=0.5.10b2" + } + ], "curlapi": [ { "advisory": "Curlapi is a malicious package. It triggers the install of W4SP Stealer in your system.", @@ -20497,6 +20892,18 @@ "v": "<0.1.0" } ], + "cyvcf2": [ + { + "advisory": "Cyvcf2 0.30.22 and prior releases ship with a version of 'libcurl' that has a high-severity vulnerability.", + "cve": "CVE-2023-38545", + "id": "pyup.io-61773", + "more_info_path": "/vulnerabilities/CVE-2023-38545/61773", + "specs": [ + "<=0.30.22" + ], + "v": "<=0.30.22" + } + ], "d8s-algorithms": [ { "advisory": "D8s-algorithms 0.1.0 is vulnerable to CVE-2022-42040: It included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-dicts package.", @@ -21136,9 +21543,9 @@ "dagster-cloud": [ { "advisory": "Dagster-cloud 1.1.4 updates 'dagster/dagster-cloud-agent' Docker image\u2019s base to 'python:3.8.15-slim' to include security fixes.", - "cve": "CVE-2021-46828", - "id": "pyup.io-52164", - "more_info_path": "/vulnerabilities/CVE-2021-46828/52164", + "cve": "CVE-2021-3999", + "id": "pyup.io-52160", + "more_info_path": "/vulnerabilities/CVE-2021-3999/52160", "specs": [ "<1.1.4" ], @@ -21146,9 +21553,9 @@ }, { "advisory": "Dagster-cloud 1.1.4 updates 'dagster/dagster-cloud-agent' Docker image\u2019s base to 'python:3.8.15-slim' to include security fixes.", - "cve": "CVE-2021-4209", - "id": "pyup.io-52168", - "more_info_path": "/vulnerabilities/CVE-2021-4209/52168", + "cve": "CVE-2022-1586", + "id": "pyup.io-52158", + "more_info_path": "/vulnerabilities/CVE-2022-1586/52158", "specs": [ "<1.1.4" ], @@ -21156,9 +21563,9 @@ }, { "advisory": "Dagster-cloud 1.1.4 updates 'dagster/dagster-cloud-agent' Docker image\u2019s base to 'python:3.8.15-slim' to include security fixes.", - "cve": "CVE-2021-33574", - "id": "pyup.io-52153", - "more_info_path": "/vulnerabilities/CVE-2021-33574/52153", + "cve": "CVE-2021-46828", + "id": "pyup.io-52164", + "more_info_path": "/vulnerabilities/CVE-2021-46828/52164", "specs": [ "<1.1.4" ], @@ -21166,9 +21573,9 @@ }, { "advisory": "Dagster-cloud 1.1.4 updates 'dagster/dagster-cloud-agent' Docker image\u2019s base to 'python:3.8.15-slim' to include security fixes.", - "cve": "CVE-2022-40674", - "id": "pyup.io-52150", - "more_info_path": "/vulnerabilities/CVE-2022-40674/52150", + "cve": "CVE-2021-3997", + "id": "pyup.io-52170", + "more_info_path": "/vulnerabilities/CVE-2021-3997/52170", "specs": [ "<1.1.4" ], @@ -21176,9 +21583,9 @@ }, { "advisory": "Dagster-cloud 1.1.4 updates 'dagster/dagster-cloud-agent' Docker image\u2019s base to 'python:3.8.15-slim' to include security fixes.", - "cve": "CVE-2022-23219", - "id": "pyup.io-52151", - "more_info_path": "/vulnerabilities/CVE-2022-23219/52151", + "cve": "CVE-2022-23218", + "id": "pyup.io-52152", + "more_info_path": "/vulnerabilities/CVE-2022-23218/52152", "specs": [ "<1.1.4" ], @@ -21186,9 +21593,9 @@ }, { "advisory": "Dagster-cloud 1.1.4 updates 'dagster/dagster-cloud-agent' Docker image\u2019s base to 'python:3.8.15-slim' to include security fixes.", - "cve": "CVE-2022-2509", - "id": "pyup.io-52163", - "more_info_path": "/vulnerabilities/CVE-2022-2509/52163", + "cve": "CVE-2022-1271", + "id": "pyup.io-52159", + "more_info_path": "/vulnerabilities/CVE-2022-1271/52159", "specs": [ "<1.1.4" ], @@ -21196,9 +21603,9 @@ }, { "advisory": "Dagster-cloud 1.1.4 updates 'dagster/dagster-cloud-agent' Docker image\u2019s base to 'python:3.8.15-slim' to include security fixes.", - "cve": "CVE-2022-34903", - "id": "pyup.io-52167", - "more_info_path": "/vulnerabilities/CVE-2022-34903/52167", + "cve": "CVE-2022-1292", + "id": "pyup.io-52154", + "more_info_path": "/vulnerabilities/CVE-2022-1292/52154", "specs": [ "<1.1.4" ], @@ -21206,9 +21613,9 @@ }, { "advisory": "Dagster-cloud 1.1.4 updates 'dagster/dagster-cloud-agent' Docker image\u2019s base to 'python:3.8.15-slim' to include security fixes.", - "cve": "CVE-2022-0778", - "id": "pyup.io-52165", - "more_info_path": "/vulnerabilities/CVE-2022-0778/52165", + "cve": "CVE-2021-4209", + "id": "pyup.io-52168", + "more_info_path": "/vulnerabilities/CVE-2021-4209/52168", "specs": [ "<1.1.4" ], @@ -21216,9 +21623,9 @@ }, { "advisory": "Dagster-cloud 1.1.4 updates 'dagster/dagster-cloud-agent' Docker image\u2019s base to 'python:3.8.15-slim' to include security fixes.", - "cve": "CVE-2022-1586", - "id": "pyup.io-52158", - "more_info_path": "/vulnerabilities/CVE-2022-1586/52158", + "cve": "CVE-2021-33574", + "id": "pyup.io-52153", + "more_info_path": "/vulnerabilities/CVE-2021-33574/52153", "specs": [ "<1.1.4" ], @@ -21226,9 +21633,9 @@ }, { "advisory": "Dagster-cloud 1.1.4 updates 'dagster/dagster-cloud-agent' Docker image\u2019s base to 'python:3.8.15-slim' to include security fixes.", - "cve": "CVE-2022-1271", - "id": "pyup.io-52159", - "more_info_path": "/vulnerabilities/CVE-2022-1271/52159", + "cve": "CVE-2022-34903", + "id": "pyup.io-52167", + "more_info_path": "/vulnerabilities/CVE-2022-34903/52167", "specs": [ "<1.1.4" ], @@ -21236,9 +21643,9 @@ }, { "advisory": "Dagster-cloud 1.1.4 updates 'dagster/dagster-cloud-agent' Docker image\u2019s base to 'python:3.8.15-slim' to include security fixes.", - "cve": "CVE-2022-1292", - "id": "pyup.io-52154", - "more_info_path": "/vulnerabilities/CVE-2022-1292/52154", + "cve": "CVE-2021-4160", + "id": "pyup.io-52169", + "more_info_path": "/vulnerabilities/CVE-2021-4160/52169", "specs": [ "<1.1.4" ], @@ -21266,9 +21673,9 @@ }, { "advisory": "Dagster-cloud 1.1.4 updates 'dagster/dagster-cloud-agent' Docker image\u2019s base to 'python:3.8.15-slim' to include security fixes.", - "cve": "CVE-2021-4160", - "id": "pyup.io-52169", - "more_info_path": "/vulnerabilities/CVE-2021-4160/52169", + "cve": "CVE-2018-25032", + "id": "pyup.io-52166", + "more_info_path": "/vulnerabilities/CVE-2018-25032/52166", "specs": [ "<1.1.4" ], @@ -21276,9 +21683,9 @@ }, { "advisory": "Dagster-cloud 1.1.4 updates 'dagster/dagster-cloud-agent' Docker image\u2019s base to 'python:3.8.15-slim' to include security fixes.", - "cve": "CVE-2022-23218", - "id": "pyup.io-52152", - "more_info_path": "/vulnerabilities/CVE-2022-23218/52152", + "cve": "CVE-2022-37434", + "id": "pyup.io-52156", + "more_info_path": "/vulnerabilities/CVE-2022-37434/52156", "specs": [ "<1.1.4" ], @@ -21286,9 +21693,9 @@ }, { "advisory": "Dagster-cloud 1.1.4 updates 'dagster/dagster-cloud-agent' Docker image\u2019s base to 'python:3.8.15-slim' to include security fixes.", - "cve": "CVE-2022-43680", - "id": "pyup.io-52161", - "more_info_path": "/vulnerabilities/CVE-2022-43680/52161", + "cve": "CVE-2022-23219", + "id": "pyup.io-52151", + "more_info_path": "/vulnerabilities/CVE-2022-23219/52151", "specs": [ "<1.1.4" ], @@ -21296,9 +21703,9 @@ }, { "advisory": "Dagster-cloud 1.1.4 updates 'dagster/dagster-cloud-agent' Docker image\u2019s base to 'python:3.8.15-slim' to include security fixes.", - "cve": "CVE-2022-37434", - "id": "pyup.io-52156", - "more_info_path": "/vulnerabilities/CVE-2022-37434/52156", + "cve": "CVE-2022-2509", + "id": "pyup.io-52163", + "more_info_path": "/vulnerabilities/CVE-2022-2509/52163", "specs": [ "<1.1.4" ], @@ -21306,9 +21713,9 @@ }, { "advisory": "Dagster-cloud 1.1.4 updates 'dagster/dagster-cloud-agent' Docker image\u2019s base to 'python:3.8.15-slim' to include security fixes.", - "cve": "CVE-2018-25032", - "id": "pyup.io-52166", - "more_info_path": "/vulnerabilities/CVE-2018-25032/52166", + "cve": "CVE-2022-1664", + "id": "pyup.io-52146", + "more_info_path": "/vulnerabilities/CVE-2022-1664/52146", "specs": [ "<1.1.4" ], @@ -21316,9 +21723,9 @@ }, { "advisory": "Dagster-cloud 1.1.4 updates 'dagster/dagster-cloud-agent' Docker image\u2019s base to 'python:3.8.15-slim' to include security fixes.", - "cve": "CVE-2021-3997", - "id": "pyup.io-52170", - "more_info_path": "/vulnerabilities/CVE-2021-3997/52170", + "cve": "CVE-2022-40674", + "id": "pyup.io-52150", + "more_info_path": "/vulnerabilities/CVE-2022-40674/52150", "specs": [ "<1.1.4" ], @@ -21326,9 +21733,9 @@ }, { "advisory": "Dagster-cloud 1.1.4 updates 'dagster/dagster-cloud-agent' Docker image\u2019s base to 'python:3.8.15-slim' to include security fixes.", - "cve": "CVE-2021-3999", - "id": "pyup.io-52160", - "more_info_path": "/vulnerabilities/CVE-2021-3999/52160", + "cve": "CVE-2022-43680", + "id": "pyup.io-52161", + "more_info_path": "/vulnerabilities/CVE-2022-43680/52161", "specs": [ "<1.1.4" ], @@ -21336,9 +21743,9 @@ }, { "advisory": "Dagster-cloud 1.1.4 updates 'dagster/dagster-cloud-agent' Docker image\u2019s base to 'python:3.8.15-slim' to include security fixes.", - "cve": "CVE-2022-1664", - "id": "pyup.io-52146", - "more_info_path": "/vulnerabilities/CVE-2022-1664/52146", + "cve": "CVE-2022-0778", + "id": "pyup.io-52165", + "more_info_path": "/vulnerabilities/CVE-2022-0778/52165", "specs": [ "<1.1.4" ], @@ -21602,20 +22009,20 @@ "v": "<0.1.1" }, { - "advisory": "Dash-extensions 0.1.1 updates its NPM dependency 'mermaid' to v9.0.1 to include a security fix.", - "cve": "CVE-2021-43861", - "id": "pyup.io-48567", - "more_info_path": "/vulnerabilities/CVE-2021-43861/48567", + "advisory": "Dash-extensions 0.1.1 updates its NPM dependency 'minimist' to v1.2.6 to include a security fix.", + "cve": "CVE-2021-44906", + "id": "pyup.io-48546", + "more_info_path": "/vulnerabilities/CVE-2021-44906/48546", "specs": [ "<0.1.1" ], "v": "<0.1.1" }, { - "advisory": "Dash-extensions 0.1.1 updates its NPM dependency 'minimist' to v1.2.6 to include a security fix.", - "cve": "CVE-2021-44906", - "id": "pyup.io-48546", - "more_info_path": "/vulnerabilities/CVE-2021-44906/48546", + "advisory": "Dash-extensions 0.1.1 updates its NPM dependency 'mermaid' to v9.0.1 to include a security fix.", + "cve": "CVE-2021-43861", + "id": "pyup.io-48567", + "more_info_path": "/vulnerabilities/CVE-2021-43861/48567", "specs": [ "<0.1.1" ], @@ -21631,16 +22038,6 @@ ], "v": "<0.1.8" }, - { - "advisory": "Dash-extensions 0.1.8 updates its NPM dependency 'minimatch' to v3.1.2 to include a security fix.", - "cve": "CVE-2022-3517", - "id": "pyup.io-52303", - "more_info_path": "/vulnerabilities/CVE-2022-3517/52303", - "specs": [ - "<0.1.8" - ], - "v": "<0.1.8" - }, { "advisory": "Dash-extensions 0.1.8 updates its dependency 'cryptography' to v 38.0.3 to include security fixes.", "cve": "CVE-2022-3786", @@ -21691,6 +22088,16 @@ ], "v": "<0.1.8" }, + { + "advisory": "Dash-extensions 0.1.8 updates its NPM dependency 'minimatch' to v3.1.2 to include a security fix.", + "cve": "CVE-2022-3517", + "id": "pyup.io-52303", + "more_info_path": "/vulnerabilities/CVE-2022-3517/52303", + "specs": [ + "<0.1.8" + ], + "v": "<0.1.8" + }, { "advisory": "Dash-extensions 0.1.9 updates its NPM dependency 'loader-utils' requirement to '>=3.2.1' to include security fixes.", "cve": "CVE-2022-37599", @@ -21746,20 +22153,20 @@ "v": "<1.0.1" }, { - "advisory": "Dash-jbrowse 1.0.1 updates its NPM dependency 'follow-redirects' to v1.14.7 to include a security fix.", - "cve": "CVE-2022-0155", - "id": "pyup.io-44687", - "more_info_path": "/vulnerabilities/CVE-2022-0155/44687", + "advisory": "Dash-jbrowse 1.0.1 updates its NPM dependency 'object-path' to v0.11.8 to include security fixes.", + "cve": "CVE-2021-3805", + "id": "pyup.io-44693", + "more_info_path": "/vulnerabilities/CVE-2021-3805/44693", "specs": [ "<1.0.1" ], "v": "<1.0.1" }, { - "advisory": "Dash-jbrowse 1.0.1 updates its NPM dependency 'object-path' to v0.11.8 to include security fixes.", - "cve": "CVE-2021-3805", - "id": "pyup.io-44693", - "more_info_path": "/vulnerabilities/CVE-2021-3805/44693", + "advisory": "Dash-jbrowse 1.0.1 updates its NPM dependency 'follow-redirects' to v1.14.7 to include a security fix.", + "cve": "CVE-2022-0155", + "id": "pyup.io-44687", + "more_info_path": "/vulnerabilities/CVE-2022-0155/44687", "specs": [ "<1.0.1" ], @@ -23261,12 +23668,36 @@ "v": "<0.8.16" } ], + "dcnnt": [ + { + "advisory": "Dcnnt version 0.9.1 addresses a security vulnerability related to command injection.", + "cve": "PVE-2023-62062", + "id": "pyup.io-62062", + "more_info_path": "/vulnerabilities/PVE-2023-62062/62062", + "specs": [ + "<0.9.1" + ], + "v": "<0.9.1" + } + ], + "dcspy": [ + { + "advisory": "Dcspy 2.3.3 updates its dependency 'pillow' to include a security fix for CVE-2023-4863.", + "cve": "CVE-2023-4863", + "id": "pyup.io-62032", + "more_info_path": "/vulnerabilities/CVE-2023-4863/62032", + "specs": [ + "<2.3.3" + ], + "v": "<2.3.3" + } + ], "ddataflow": [ { "advisory": "Ddataflow 1.1.8 updates its dependency 'urllib3' to v1.26.12 to include security fixes.", - "cve": "CVE-2020-26137", - "id": "pyup.io-53833", - "more_info_path": "/vulnerabilities/CVE-2020-26137/53833", + "cve": "CVE-2018-20060", + "id": "pyup.io-53836", + "more_info_path": "/vulnerabilities/CVE-2018-20060/53836", "specs": [ "<1.1.8" ], @@ -23274,9 +23705,9 @@ }, { "advisory": "Ddataflow 1.1.8 updates its dependency 'urllib3' to v1.26.12 to include security fixes.", - "cve": "CVE-2019-11324", - "id": "pyup.io-53834", - "more_info_path": "/vulnerabilities/CVE-2019-11324/53834", + "cve": "CVE-2021-33503", + "id": "pyup.io-53822", + "more_info_path": "/vulnerabilities/CVE-2021-33503/53822", "specs": [ "<1.1.8" ], @@ -23284,9 +23715,9 @@ }, { "advisory": "Ddataflow 1.1.8 updates its dependency 'urllib3' to v1.26.12 to include security fixes.", - "cve": "CVE-2018-20060", - "id": "pyup.io-53836", - "more_info_path": "/vulnerabilities/CVE-2018-20060/53836", + "cve": "CVE-2019-11236", + "id": "pyup.io-53835", + "more_info_path": "/vulnerabilities/CVE-2019-11236/53835", "specs": [ "<1.1.8" ], @@ -23294,9 +23725,9 @@ }, { "advisory": "Ddataflow 1.1.8 updates its dependency 'urllib3' to v1.26.12 to include security fixes.", - "cve": "CVE-2019-11236", - "id": "pyup.io-53835", - "more_info_path": "/vulnerabilities/CVE-2019-11236/53835", + "cve": "CVE-2019-11324", + "id": "pyup.io-53834", + "more_info_path": "/vulnerabilities/CVE-2019-11324/53834", "specs": [ "<1.1.8" ], @@ -23304,9 +23735,9 @@ }, { "advisory": "Ddataflow 1.1.8 updates its dependency 'urllib3' to v1.26.12 to include security fixes.", - "cve": "CVE-2021-33503", - "id": "pyup.io-53822", - "more_info_path": "/vulnerabilities/CVE-2021-33503/53822", + "cve": "CVE-2020-26137", + "id": "pyup.io-53833", + "more_info_path": "/vulnerabilities/CVE-2020-26137/53833", "specs": [ "<1.1.8" ], @@ -23316,9 +23747,9 @@ "dds-cli": [ { "advisory": "Dds-cli 2.2.2 updates its dependency 'cryptography to v38.0.3 to include security fixes.", - "cve": "CVE-2022-3602", - "id": "pyup.io-61417", - "more_info_path": "/vulnerabilities/CVE-2022-3602/61417", + "cve": "CVE-2022-3786", + "id": "pyup.io-61432", + "more_info_path": "/vulnerabilities/CVE-2022-3786/61432", "specs": [ "<2.2.2" ], @@ -23326,9 +23757,9 @@ }, { "advisory": "Dds-cli 2.2.2 updates its dependency 'cryptography to v38.0.3 to include security fixes.", - "cve": "CVE-2022-3786", - "id": "pyup.io-61432", - "more_info_path": "/vulnerabilities/CVE-2022-3786/61432", + "cve": "CVE-2022-3602", + "id": "pyup.io-61417", + "more_info_path": "/vulnerabilities/CVE-2022-3602/61417", "specs": [ "<2.2.2" ], @@ -26775,20 +27206,20 @@ "v": "<0.5.0" }, { - "advisory": "Deepdataspace 0.5.0 updates its dependency 'django' to version '4.1.10' to include a fix for a ReDoS vulnerability.\r\nhttps://github.com/IDEA-Research/deepdataspace/commit/d1bedf2d3657bfd3ecf1bc42b6bcd6d94047a59d", - "cve": "CVE-2023-36053", - "id": "pyup.io-60633", - "more_info_path": "/vulnerabilities/CVE-2023-36053/60633", + "advisory": "Deepdataspace 0.5.0 updates its dependency 'cryptography' to version '41.0.2' to include a fix for a Denial of Service vulnerability.\r\nhttps://github.com/IDEA-Research/deepdataspace/commit/4ddc986c8d12be1f2d805bc1085b336c40f4a5c1", + "cve": "CVE-2023-2650", + "id": "pyup.io-60650", + "more_info_path": "/vulnerabilities/CVE-2023-2650/60650", "specs": [ "<0.5.0" ], "v": "<0.5.0" }, { - "advisory": "Deepdataspace 0.5.0 updates its dependency 'cryptography' to version '41.0.2' to include a fix for a Denial of Service vulnerability.\r\nhttps://github.com/IDEA-Research/deepdataspace/commit/4ddc986c8d12be1f2d805bc1085b336c40f4a5c1", - "cve": "CVE-2023-2650", - "id": "pyup.io-60650", - "more_info_path": "/vulnerabilities/CVE-2023-2650/60650", + "advisory": "Deepdataspace 0.5.0 updates its dependency 'django' to version '4.1.10' to include a fix for a ReDoS vulnerability.\r\nhttps://github.com/IDEA-Research/deepdataspace/commit/d1bedf2d3657bfd3ecf1bc42b6bcd6d94047a59d", + "cve": "CVE-2023-36053", + "id": "pyup.io-60633", + "more_info_path": "/vulnerabilities/CVE-2023-36053/60633", "specs": [ "<0.5.0" ], @@ -27046,6 +27477,16 @@ } ], "descarteslabs": [ + { + "advisory": "Descarteslabs 0.4.7 includes a fix for a potential race condition vulnerability.\r\nhttps://github.com/descarteslabs/descarteslabs-python/pull/181", + "cve": "PVE-2023-61599", + "id": "pyup.io-61599", + "more_info_path": "/vulnerabilities/PVE-2023-61599/61599", + "specs": [ + "<0.4.7" + ], + "v": "<0.4.7" + }, { "advisory": "Descarteslabs 1.8.1 upgrades the 'requests' dependency (>=2.25.1, <3) to fix a security issue.", "cve": "PVE-2021-40827", @@ -27142,16 +27583,6 @@ ], "v": "<0.16.4" }, - { - "advisory": "Determined 0.17.0rc0 switches from debian:10.3-slim to ubuntu:20.04 and unattended-upgrades, to fix security issues.\r\nhttps://github.com/determined-ai/determined/pull/2914", - "cve": "CVE-2018-12886", - "id": "pyup.io-42148", - "more_info_path": "/vulnerabilities/CVE-2018-12886/42148", - "specs": [ - "<0.17.0rc0" - ], - "v": "<0.17.0rc0" - }, { "advisory": "Determined 0.17.0rc0 switches from debian:10.3-slim to ubuntu:20.04 and unattended-upgrades, to fix security issues.\r\nhttps://github.com/determined-ai/determined/pull/2914", "cve": "CVE-2019-17543", @@ -27163,14 +27594,14 @@ "v": "<0.17.0rc0" }, { - "advisory": "Determined 0.17.4rc0 includes images updates (to Tensorflow v2.4.4, v2.5.2 and v2.6.2) to include security fixes.", - "cve": "CVE-2021-41212", - "id": "pyup.io-43337", - "more_info_path": "/vulnerabilities/CVE-2021-41212/43337", + "advisory": "Determined 0.17.0rc0 switches from debian:10.3-slim to ubuntu:20.04 and unattended-upgrades, to fix security issues.\r\nhttps://github.com/determined-ai/determined/pull/2914", + "cve": "CVE-2018-12886", + "id": "pyup.io-42148", + "more_info_path": "/vulnerabilities/CVE-2018-12886/42148", "specs": [ - "<0.17.4rc0" + "<0.17.0rc0" ], - "v": "<0.17.4rc0" + "v": "<0.17.0rc0" }, { "advisory": "Determined 0.17.4rc0 includes images updates (to Tensorflow v2.4.4, v2.5.2 and v2.6.2) to include security fixes.", @@ -27184,9 +27615,9 @@ }, { "advisory": "Determined 0.17.4rc0 includes images updates (to Tensorflow v2.4.4, v2.5.2 and v2.6.2) to include security fixes.", - "cve": "CVE-2021-41215", - "id": "pyup.io-43333", - "more_info_path": "/vulnerabilities/CVE-2021-41215/43333", + "cve": "CVE-2021-41221", + "id": "pyup.io-43324", + "more_info_path": "/vulnerabilities/CVE-2021-41221/43324", "specs": [ "<0.17.4rc0" ], @@ -27194,9 +27625,9 @@ }, { "advisory": "Determined 0.17.4rc0 includes images updates (to Tensorflow v2.4.4, v2.5.2 and v2.6.2) to include security fixes.", - "cve": "CVE-2021-41218", - "id": "pyup.io-43331", - "more_info_path": "/vulnerabilities/CVE-2021-41218/43331", + "cve": "CVE-2021-41222", + "id": "pyup.io-43329", + "more_info_path": "/vulnerabilities/CVE-2021-41222/43329", "specs": [ "<0.17.4rc0" ], @@ -27204,9 +27635,9 @@ }, { "advisory": "Determined 0.17.4rc0 includes images updates (to Tensorflow v2.4.4, v2.5.2 and v2.6.2) to include security fixes.", - "cve": "CVE-2021-41196", - "id": "pyup.io-43315", - "more_info_path": "/vulnerabilities/CVE-2021-41196/43315", + "cve": "CVE-2021-41228", + "id": "pyup.io-43328", + "more_info_path": "/vulnerabilities/CVE-2021-41228/43328", "specs": [ "<0.17.4rc0" ], @@ -27214,9 +27645,9 @@ }, { "advisory": "Determined 0.17.4rc0 includes images updates (to Tensorflow v2.4.4, v2.5.2 and v2.6.2) to include security fixes.", - "cve": "CVE-2021-41206", - "id": "pyup.io-43335", - "more_info_path": "/vulnerabilities/CVE-2021-41206/43335", + "cve": "CVE-2021-41200", + "id": "pyup.io-43317", + "more_info_path": "/vulnerabilities/CVE-2021-41200/43317", "specs": [ "<0.17.4rc0" ], @@ -27224,9 +27655,9 @@ }, { "advisory": "Determined 0.17.4rc0 includes images updates (to Tensorflow v2.4.4, v2.5.2 and v2.6.2) to include security fixes.", - "cve": "CVE-2021-41197", - "id": "pyup.io-43342", - "more_info_path": "/vulnerabilities/CVE-2021-41197/43342", + "cve": "CVE-2021-41226", + "id": "pyup.io-43322", + "more_info_path": "/vulnerabilities/CVE-2021-41226/43322", "specs": [ "<0.17.4rc0" ], @@ -27234,9 +27665,9 @@ }, { "advisory": "Determined 0.17.4rc0 includes images updates (to Tensorflow v2.4.4, v2.5.2 and v2.6.2) to include security fixes.", - "cve": "CVE-2021-41207", - "id": "pyup.io-43339", - "more_info_path": "/vulnerabilities/CVE-2021-41207/43339", + "cve": "CVE-2021-41206", + "id": "pyup.io-43335", + "more_info_path": "/vulnerabilities/CVE-2021-41206/43335", "specs": [ "<0.17.4rc0" ], @@ -27244,9 +27675,9 @@ }, { "advisory": "Determined 0.17.4rc0 includes images updates (to Tensorflow v2.4.4, v2.5.2 and v2.6.2) to include security fixes.", - "cve": "CVE-2021-41221", - "id": "pyup.io-43324", - "more_info_path": "/vulnerabilities/CVE-2021-41221/43324", + "cve": "CVE-2021-41212", + "id": "pyup.io-43337", + "more_info_path": "/vulnerabilities/CVE-2021-41212/43337", "specs": [ "<0.17.4rc0" ], @@ -27254,9 +27685,9 @@ }, { "advisory": "Determined 0.17.4rc0 includes images updates (to Tensorflow v2.4.4, v2.5.2 and v2.6.2) to include security fixes.", - "cve": "CVE-2021-41222", - "id": "pyup.io-43329", - "more_info_path": "/vulnerabilities/CVE-2021-41222/43329", + "cve": "CVE-2021-41218", + "id": "pyup.io-43331", + "more_info_path": "/vulnerabilities/CVE-2021-41218/43331", "specs": [ "<0.17.4rc0" ], @@ -27264,9 +27695,9 @@ }, { "advisory": "Determined 0.17.4rc0 includes images updates (to Tensorflow v2.4.4, v2.5.2 and v2.6.2) to include security fixes.", - "cve": "CVE-2021-41201", - "id": "pyup.io-43341", - "more_info_path": "/vulnerabilities/CVE-2021-41201/43341", + "cve": "CVE-2021-41219", + "id": "pyup.io-43320", + "more_info_path": "/vulnerabilities/CVE-2021-41219/43320", "specs": [ "<0.17.4rc0" ], @@ -27274,9 +27705,9 @@ }, { "advisory": "Determined 0.17.4rc0 includes images updates (to Tensorflow v2.4.4, v2.5.2 and v2.6.2) to include security fixes.", - "cve": "CVE-2021-41213", - "id": "pyup.io-43326", - "more_info_path": "/vulnerabilities/CVE-2021-41213/43326", + "cve": "CVE-2021-41215", + "id": "pyup.io-43333", + "more_info_path": "/vulnerabilities/CVE-2021-41215/43333", "specs": [ "<0.17.4rc0" ], @@ -27284,9 +27715,9 @@ }, { "advisory": "Determined 0.17.4rc0 includes images updates (to Tensorflow v2.4.4, v2.5.2 and v2.6.2) to include security fixes.", - "cve": "CVE-2021-41195", - "id": "pyup.io-43343", - "more_info_path": "/vulnerabilities/CVE-2021-41195/43343", + "cve": "CVE-2021-41213", + "id": "pyup.io-43326", + "more_info_path": "/vulnerabilities/CVE-2021-41213/43326", "specs": [ "<0.17.4rc0" ], @@ -27304,9 +27735,9 @@ }, { "advisory": "Determined 0.17.4rc0 includes images updates (to Tensorflow v2.4.4, v2.5.2 and v2.6.2) to include security fixes.", - "cve": "CVE-2021-41199", - "id": "pyup.io-42944", - "more_info_path": "/vulnerabilities/CVE-2021-41199/42944", + "cve": "CVE-2021-41205", + "id": "pyup.io-43336", + "more_info_path": "/vulnerabilities/CVE-2021-41205/43336", "specs": [ "<0.17.4rc0" ], @@ -27314,9 +27745,9 @@ }, { "advisory": "Determined 0.17.4rc0 includes images updates (to Tensorflow v2.4.4, v2.5.2 and v2.6.2) to include security fixes.", - "cve": "CVE-2021-41204", - "id": "pyup.io-43327", - "more_info_path": "/vulnerabilities/CVE-2021-41204/43327", + "cve": "CVE-2021-41227", + "id": "pyup.io-43323", + "more_info_path": "/vulnerabilities/CVE-2021-41227/43323", "specs": [ "<0.17.4rc0" ], @@ -27344,9 +27775,9 @@ }, { "advisory": "Determined 0.17.4rc0 includes images updates (to Tensorflow v2.4.4, v2.5.2 and v2.6.2) to include security fixes.", - "cve": "CVE-2021-41228", - "id": "pyup.io-43328", - "more_info_path": "/vulnerabilities/CVE-2021-41228/43328", + "cve": "CVE-2021-41207", + "id": "pyup.io-43339", + "more_info_path": "/vulnerabilities/CVE-2021-41207/43339", "specs": [ "<0.17.4rc0" ], @@ -27354,9 +27785,9 @@ }, { "advisory": "Determined 0.17.4rc0 includes images updates (to Tensorflow v2.4.4, v2.5.2 and v2.6.2) to include security fixes.", - "cve": "CVE-2021-41226", - "id": "pyup.io-43322", - "more_info_path": "/vulnerabilities/CVE-2021-41226/43322", + "cve": "CVE-2021-41195", + "id": "pyup.io-43343", + "more_info_path": "/vulnerabilities/CVE-2021-41195/43343", "specs": [ "<0.17.4rc0" ], @@ -27364,9 +27795,9 @@ }, { "advisory": "Determined 0.17.4rc0 includes images updates (to Tensorflow v2.4.4, v2.5.2 and v2.6.2) to include security fixes.", - "cve": "CVE-2021-41202", - "id": "pyup.io-43340", - "more_info_path": "/vulnerabilities/CVE-2021-41202/43340", + "cve": "CVE-2021-41204", + "id": "pyup.io-43327", + "more_info_path": "/vulnerabilities/CVE-2021-41204/43327", "specs": [ "<0.17.4rc0" ], @@ -27374,9 +27805,9 @@ }, { "advisory": "Determined 0.17.4rc0 includes images updates (to Tensorflow v2.4.4, v2.5.2 and v2.6.2) to include security fixes.", - "cve": "CVE-2021-41227", - "id": "pyup.io-43323", - "more_info_path": "/vulnerabilities/CVE-2021-41227/43323", + "cve": "CVE-2021-41196", + "id": "pyup.io-43315", + "more_info_path": "/vulnerabilities/CVE-2021-41196/43315", "specs": [ "<0.17.4rc0" ], @@ -27384,9 +27815,9 @@ }, { "advisory": "Determined 0.17.4rc0 includes images updates (to Tensorflow v2.4.4, v2.5.2 and v2.6.2) to include security fixes.", - "cve": "CVE-2021-41219", - "id": "pyup.io-43320", - "more_info_path": "/vulnerabilities/CVE-2021-41219/43320", + "cve": "CVE-2021-41197", + "id": "pyup.io-43342", + "more_info_path": "/vulnerabilities/CVE-2021-41197/43342", "specs": [ "<0.17.4rc0" ], @@ -27394,9 +27825,9 @@ }, { "advisory": "Determined 0.17.4rc0 includes images updates (to Tensorflow v2.4.4, v2.5.2 and v2.6.2) to include security fixes.", - "cve": "CVE-2021-41210", - "id": "pyup.io-43338", - "more_info_path": "/vulnerabilities/CVE-2021-41210/43338", + "cve": "CVE-2021-41201", + "id": "pyup.io-43341", + "more_info_path": "/vulnerabilities/CVE-2021-41201/43341", "specs": [ "<0.17.4rc0" ], @@ -27404,9 +27835,9 @@ }, { "advisory": "Determined 0.17.4rc0 includes images updates (to Tensorflow v2.4.4, v2.5.2 and v2.6.2) to include security fixes.", - "cve": "CVE-2021-41203", - "id": "pyup.io-43316", - "more_info_path": "/vulnerabilities/CVE-2021-41203/43316", + "cve": "CVE-2021-41202", + "id": "pyup.io-43340", + "more_info_path": "/vulnerabilities/CVE-2021-41202/43340", "specs": [ "<0.17.4rc0" ], @@ -27414,9 +27845,9 @@ }, { "advisory": "Determined 0.17.4rc0 includes images updates (to Tensorflow v2.4.4, v2.5.2 and v2.6.2) to include security fixes.", - "cve": "CVE-2021-41198", - "id": "pyup.io-43344", - "more_info_path": "/vulnerabilities/CVE-2021-41198/43344", + "cve": "CVE-2021-41199", + "id": "pyup.io-42944", + "more_info_path": "/vulnerabilities/CVE-2021-41199/42944", "specs": [ "<0.17.4rc0" ], @@ -27424,9 +27855,9 @@ }, { "advisory": "Determined 0.17.4rc0 includes images updates (to Tensorflow v2.4.4, v2.5.2 and v2.6.2) to include security fixes.", - "cve": "CVE-2021-41224", - "id": "pyup.io-43330", - "more_info_path": "/vulnerabilities/CVE-2021-41224/43330", + "cve": "CVE-2021-41210", + "id": "pyup.io-43338", + "more_info_path": "/vulnerabilities/CVE-2021-41210/43338", "specs": [ "<0.17.4rc0" ], @@ -27434,9 +27865,19 @@ }, { "advisory": "Determined 0.17.4rc0 includes images updates (to Tensorflow v2.4.4, v2.5.2 and v2.6.2) to include security fixes.", - "cve": "CVE-2021-41205", - "id": "pyup.io-43336", - "more_info_path": "/vulnerabilities/CVE-2021-41205/43336", + "cve": "CVE-2021-41203", + "id": "pyup.io-43316", + "more_info_path": "/vulnerabilities/CVE-2021-41203/43316", + "specs": [ + "<0.17.4rc0" + ], + "v": "<0.17.4rc0" + }, + { + "advisory": "Determined 0.17.4rc0 includes images updates (to Tensorflow v2.4.4, v2.5.2 and v2.6.2) to include security fixes.", + "cve": "CVE-2021-41198", + "id": "pyup.io-43344", + "more_info_path": "/vulnerabilities/CVE-2021-41198/43344", "specs": [ "<0.17.4rc0" ], @@ -27454,9 +27895,9 @@ }, { "advisory": "Determined 0.17.4rc0 includes images updates (to Tensorflow v2.4.4, v2.5.2 and v2.6.2) to include security fixes.", - "cve": "CVE-2021-41200", - "id": "pyup.io-43317", - "more_info_path": "/vulnerabilities/CVE-2021-41200/43317", + "cve": "CVE-2021-41224", + "id": "pyup.io-43330", + "more_info_path": "/vulnerabilities/CVE-2021-41224/43330", "specs": [ "<0.17.4rc0" ], @@ -27484,9 +27925,9 @@ }, { "advisory": "Determined 0.17.6 updates env images to include security fixes.\r\nhttps://github.com/determined-ai/determined/pull/3415/commits/18fc5278cd589089dd753f687ec606499117029d", - "cve": "CVE-2019-14234", - "id": "pyup.io-54970", - "more_info_path": "/vulnerabilities/CVE-2019-14234/54970", + "cve": "CVE-2020-10109", + "id": "pyup.io-54967", + "more_info_path": "/vulnerabilities/CVE-2020-10109/54967", "specs": [ "<0.17.6" ], @@ -27494,9 +27935,9 @@ }, { "advisory": "Determined 0.17.6 updates env images to include security fixes.\r\nhttps://github.com/determined-ai/determined/pull/3415/commits/18fc5278cd589089dd753f687ec606499117029d", - "cve": "CVE-2019-9512", - "id": "pyup.io-54969", - "more_info_path": "/vulnerabilities/CVE-2019-9512/54969", + "cve": "CVE-2020-10108", + "id": "pyup.io-44642", + "more_info_path": "/vulnerabilities/CVE-2020-10108/44642", "specs": [ "<0.17.6" ], @@ -27504,9 +27945,9 @@ }, { "advisory": "Determined 0.17.6 updates env images to include security fixes.\r\nhttps://github.com/determined-ai/determined/pull/3415/commits/18fc5278cd589089dd753f687ec606499117029d", - "cve": "CVE-2019-19844", - "id": "pyup.io-54966", - "more_info_path": "/vulnerabilities/CVE-2019-19844/54966", + "cve": "CVE-2019-14234", + "id": "pyup.io-54970", + "more_info_path": "/vulnerabilities/CVE-2019-14234/54970", "specs": [ "<0.17.6" ], @@ -27514,9 +27955,9 @@ }, { "advisory": "Determined 0.17.6 updates env images to include security fixes.\r\nhttps://github.com/determined-ai/determined/pull/3415/commits/18fc5278cd589089dd753f687ec606499117029d", - "cve": "CVE-2020-7471", - "id": "pyup.io-54968", - "more_info_path": "/vulnerabilities/CVE-2020-7471/54968", + "cve": "CVE-2019-9512", + "id": "pyup.io-54969", + "more_info_path": "/vulnerabilities/CVE-2019-9512/54969", "specs": [ "<0.17.6" ], @@ -27524,9 +27965,9 @@ }, { "advisory": "Determined 0.17.6 updates env images to include security fixes.\r\nhttps://github.com/determined-ai/determined/pull/3415/commits/18fc5278cd589089dd753f687ec606499117029d", - "cve": "CVE-2020-10109", - "id": "pyup.io-54967", - "more_info_path": "/vulnerabilities/CVE-2020-10109/54967", + "cve": "CVE-2019-19844", + "id": "pyup.io-54966", + "more_info_path": "/vulnerabilities/CVE-2019-19844/54966", "specs": [ "<0.17.6" ], @@ -27534,9 +27975,9 @@ }, { "advisory": "Determined 0.17.6 updates env images to include security fixes.\r\nhttps://github.com/determined-ai/determined/pull/3415/commits/18fc5278cd589089dd753f687ec606499117029d", - "cve": "CVE-2020-10108", - "id": "pyup.io-44642", - "more_info_path": "/vulnerabilities/CVE-2020-10108/44642", + "cve": "CVE-2020-7471", + "id": "pyup.io-54968", + "more_info_path": "/vulnerabilities/CVE-2020-7471/54968", "specs": [ "<0.17.6" ], @@ -27544,29 +27985,9 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-29212", - "id": "pyup.io-49558", - "more_info_path": "/vulnerabilities/CVE-2022-29212/49558", - "specs": [ - "<0.18.2" - ], - "v": "<0.18.2" - }, - { - "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-29193", - "id": "pyup.io-49540", - "more_info_path": "/vulnerabilities/CVE-2022-29193/49540", - "specs": [ - "<0.18.2" - ], - "v": "<0.18.2" - }, - { - "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-29211", - "id": "pyup.io-49557", - "more_info_path": "/vulnerabilities/CVE-2022-29211/49557", + "cve": "CVE-2022-27775", + "id": "pyup.io-49531", + "more_info_path": "/vulnerabilities/CVE-2022-27775/49531", "specs": [ "<0.18.2" ], @@ -27574,9 +27995,9 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-29200", - "id": "pyup.io-49547", - "more_info_path": "/vulnerabilities/CVE-2022-29200/49547", + "cve": "CVE-2018-25032", + "id": "pyup.io-49422", + "more_info_path": "/vulnerabilities/CVE-2018-25032/49422", "specs": [ "<0.18.2" ], @@ -27584,9 +28005,9 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-29191", - "id": "pyup.io-49538", - "more_info_path": "/vulnerabilities/CVE-2022-29191/49538", + "cve": "CVE-2022-29204", + "id": "pyup.io-49551", + "more_info_path": "/vulnerabilities/CVE-2022-29204/49551", "specs": [ "<0.18.2" ], @@ -27594,9 +28015,9 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-27779", - "id": "pyup.io-49535", - "more_info_path": "/vulnerabilities/CVE-2022-27779/49535", + "cve": "CVE-2022-29201", + "id": "pyup.io-49548", + "more_info_path": "/vulnerabilities/CVE-2022-29201/49548", "specs": [ "<0.18.2" ], @@ -27604,9 +28025,9 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-29208", - "id": "pyup.io-49555", - "more_info_path": "/vulnerabilities/CVE-2022-29208/49555", + "cve": "CVE-2022-29196", + "id": "pyup.io-49543", + "more_info_path": "/vulnerabilities/CVE-2022-29196/49543", "specs": [ "<0.18.2" ], @@ -27614,9 +28035,9 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-22576", - "id": "pyup.io-49529", - "more_info_path": "/vulnerabilities/CVE-2022-22576/49529", + "cve": "CVE-2022-27777", + "id": "pyup.io-49533", + "more_info_path": "/vulnerabilities/CVE-2022-27777/49533", "specs": [ "<0.18.2" ], @@ -27624,9 +28045,9 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-29199", - "id": "pyup.io-49546", - "more_info_path": "/vulnerabilities/CVE-2022-29199/49546", + "cve": "CVE-2022-29213", + "id": "pyup.io-49559", + "more_info_path": "/vulnerabilities/CVE-2022-29213/49559", "specs": [ "<0.18.2" ], @@ -27634,9 +28055,9 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-29206", - "id": "pyup.io-49553", - "more_info_path": "/vulnerabilities/CVE-2022-29206/49553", + "cve": "CVE-2022-29209", + "id": "pyup.io-49556", + "more_info_path": "/vulnerabilities/CVE-2022-29209/49556", "specs": [ "<0.18.2" ], @@ -27654,9 +28075,9 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-30115", - "id": "pyup.io-49561", - "more_info_path": "/vulnerabilities/CVE-2022-30115/49561", + "cve": "CVE-2022-29212", + "id": "pyup.io-49558", + "more_info_path": "/vulnerabilities/CVE-2022-29212/49558", "specs": [ "<0.18.2" ], @@ -27664,9 +28085,9 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-29197", - "id": "pyup.io-49544", - "more_info_path": "/vulnerabilities/CVE-2022-29197/49544", + "cve": "CVE-2022-29198", + "id": "pyup.io-49545", + "more_info_path": "/vulnerabilities/CVE-2022-29198/49545", "specs": [ "<0.18.2" ], @@ -27674,9 +28095,9 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-29213", - "id": "pyup.io-49559", - "more_info_path": "/vulnerabilities/CVE-2022-29213/49559", + "cve": "CVE-2022-29193", + "id": "pyup.io-49540", + "more_info_path": "/vulnerabilities/CVE-2022-29193/49540", "specs": [ "<0.18.2" ], @@ -27694,9 +28115,9 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-29201", - "id": "pyup.io-49548", - "more_info_path": "/vulnerabilities/CVE-2022-29201/49548", + "cve": "CVE-2022-27779", + "id": "pyup.io-49535", + "more_info_path": "/vulnerabilities/CVE-2022-27779/49535", "specs": [ "<0.18.2" ], @@ -27704,9 +28125,9 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-29205", - "id": "pyup.io-49552", - "more_info_path": "/vulnerabilities/CVE-2022-29205/49552", + "cve": "CVE-2022-29211", + "id": "pyup.io-49557", + "more_info_path": "/vulnerabilities/CVE-2022-29211/49557", "specs": [ "<0.18.2" ], @@ -27714,9 +28135,9 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-27776", - "id": "pyup.io-49532", - "more_info_path": "/vulnerabilities/CVE-2022-27776/49532", + "cve": "CVE-2022-22576", + "id": "pyup.io-49529", + "more_info_path": "/vulnerabilities/CVE-2022-22576/49529", "specs": [ "<0.18.2" ], @@ -27724,9 +28145,9 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2018-25032", - "id": "pyup.io-49422", - "more_info_path": "/vulnerabilities/CVE-2018-25032/49422", + "cve": "CVE-2022-27776", + "id": "pyup.io-49532", + "more_info_path": "/vulnerabilities/CVE-2022-27776/49532", "specs": [ "<0.18.2" ], @@ -27734,9 +28155,9 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-27777", - "id": "pyup.io-49533", - "more_info_path": "/vulnerabilities/CVE-2022-27777/49533", + "cve": "CVE-2022-29200", + "id": "pyup.io-49547", + "more_info_path": "/vulnerabilities/CVE-2022-29200/49547", "specs": [ "<0.18.2" ], @@ -27754,9 +28175,9 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-27780", - "id": "pyup.io-49536", - "more_info_path": "/vulnerabilities/CVE-2022-27780/49536", + "cve": "CVE-2022-29194", + "id": "pyup.io-49541", + "more_info_path": "/vulnerabilities/CVE-2022-29194/49541", "specs": [ "<0.18.2" ], @@ -27764,9 +28185,9 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-27775", - "id": "pyup.io-49531", - "more_info_path": "/vulnerabilities/CVE-2022-27775/49531", + "cve": "CVE-2022-27781", + "id": "pyup.io-49537", + "more_info_path": "/vulnerabilities/CVE-2022-27781/49537", "specs": [ "<0.18.2" ], @@ -27774,9 +28195,9 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-29203", - "id": "pyup.io-49550", - "more_info_path": "/vulnerabilities/CVE-2022-29203/49550", + "cve": "CVE-2022-29202", + "id": "pyup.io-49549", + "more_info_path": "/vulnerabilities/CVE-2022-29202/49549", "specs": [ "<0.18.2" ], @@ -27784,9 +28205,9 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-29207", - "id": "pyup.io-49554", - "more_info_path": "/vulnerabilities/CVE-2022-29207/49554", + "cve": "CVE-2022-29199", + "id": "pyup.io-49546", + "more_info_path": "/vulnerabilities/CVE-2022-29199/49546", "specs": [ "<0.18.2" ], @@ -27794,9 +28215,9 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-29196", - "id": "pyup.io-49543", - "more_info_path": "/vulnerabilities/CVE-2022-29196/49543", + "cve": "CVE-2022-29197", + "id": "pyup.io-49544", + "more_info_path": "/vulnerabilities/CVE-2022-29197/49544", "specs": [ "<0.18.2" ], @@ -27804,9 +28225,9 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-29194", - "id": "pyup.io-49541", - "more_info_path": "/vulnerabilities/CVE-2022-29194/49541", + "cve": "CVE-2022-29205", + "id": "pyup.io-49552", + "more_info_path": "/vulnerabilities/CVE-2022-29205/49552", "specs": [ "<0.18.2" ], @@ -27814,9 +28235,9 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-29198", - "id": "pyup.io-49545", - "more_info_path": "/vulnerabilities/CVE-2022-29198/49545", + "cve": "CVE-2022-29207", + "id": "pyup.io-49554", + "more_info_path": "/vulnerabilities/CVE-2022-29207/49554", "specs": [ "<0.18.2" ], @@ -27824,9 +28245,9 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-27778", - "id": "pyup.io-49534", - "more_info_path": "/vulnerabilities/CVE-2022-27778/49534", + "cve": "CVE-2022-29195", + "id": "pyup.io-49542", + "more_info_path": "/vulnerabilities/CVE-2022-29195/49542", "specs": [ "<0.18.2" ], @@ -27834,9 +28255,9 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-29209", - "id": "pyup.io-49556", - "more_info_path": "/vulnerabilities/CVE-2022-29209/49556", + "cve": "CVE-2022-29206", + "id": "pyup.io-49553", + "more_info_path": "/vulnerabilities/CVE-2022-29206/49553", "specs": [ "<0.18.2" ], @@ -27844,9 +28265,9 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-29204", - "id": "pyup.io-49551", - "more_info_path": "/vulnerabilities/CVE-2022-29204/49551", + "cve": "CVE-2022-30115", + "id": "pyup.io-49561", + "more_info_path": "/vulnerabilities/CVE-2022-30115/49561", "specs": [ "<0.18.2" ], @@ -27854,9 +28275,9 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-29195", - "id": "pyup.io-49542", - "more_info_path": "/vulnerabilities/CVE-2022-29195/49542", + "cve": "CVE-2022-29191", + "id": "pyup.io-49538", + "more_info_path": "/vulnerabilities/CVE-2022-29191/49538", "specs": [ "<0.18.2" ], @@ -27864,9 +28285,9 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-27781", - "id": "pyup.io-49537", - "more_info_path": "/vulnerabilities/CVE-2022-27781/49537", + "cve": "CVE-2022-29208", + "id": "pyup.io-49555", + "more_info_path": "/vulnerabilities/CVE-2022-29208/49555", "specs": [ "<0.18.2" ], @@ -27874,69 +28295,69 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-29202", - "id": "pyup.io-49549", - "more_info_path": "/vulnerabilities/CVE-2022-29202/49549", + "cve": "CVE-2022-29203", + "id": "pyup.io-49550", + "more_info_path": "/vulnerabilities/CVE-2022-29203/49550", "specs": [ "<0.18.2" ], "v": "<0.18.2" }, { - "advisory": "Determined 0.19.3 updates its NPM dependency 'url-parse' to v1.5.10 to include security fixes.", - "cve": "CVE-2022-0639", - "id": "pyup.io-50979", - "more_info_path": "/vulnerabilities/CVE-2022-0639/50979", + "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", + "cve": "CVE-2022-27778", + "id": "pyup.io-49534", + "more_info_path": "/vulnerabilities/CVE-2022-27778/49534", "specs": [ - "<0.19.3" + "<0.18.2" ], - "v": "<0.19.3" + "v": "<0.18.2" }, { - "advisory": "Determined 0.19.3 updates its NPM dependency 'follow-redirects' to v1.15.1 to include security fixes.", - "cve": "CVE-2022-0536", - "id": "pyup.io-50974", - "more_info_path": "/vulnerabilities/CVE-2022-0536/50974", + "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", + "cve": "CVE-2022-27780", + "id": "pyup.io-49536", + "more_info_path": "/vulnerabilities/CVE-2022-27780/49536", "specs": [ - "<0.19.3" + "<0.18.2" ], - "v": "<0.19.3" + "v": "<0.18.2" }, { - "advisory": "Determined 0.19.3 updates its NPM dependency 'moment' to v2.29.4 to include a security fix.", - "cve": "CVE-2022-31129", - "id": "pyup.io-50976", - "more_info_path": "/vulnerabilities/CVE-2022-31129/50976", + "advisory": "Determined 0.19.3 stops using the NPM package 'trim-newlines', preventing a security issue.", + "cve": "CVE-2021-33623", + "id": "pyup.io-50978", + "more_info_path": "/vulnerabilities/CVE-2021-33623/50978", "specs": [ "<0.19.3" ], "v": "<0.19.3" }, { - "advisory": "Determined 0.19.3 stops using the NPM package 'trim-newlines', preventing a security issue.", - "cve": "CVE-2021-33623", - "id": "pyup.io-50978", - "more_info_path": "/vulnerabilities/CVE-2021-33623/50978", + "advisory": "Determined 0.19.3 updates its NPM dependency 'url-parse' to v1.5.10 to include security fixes.", + "cve": "CVE-2022-0512", + "id": "pyup.io-50982", + "more_info_path": "/vulnerabilities/CVE-2022-0512/50982", "specs": [ "<0.19.3" ], "v": "<0.19.3" }, { - "advisory": "Determined 0.19.3 updates its NPM dependency 'follow-redirects' to v1.15.1 to include security fixes.", - "cve": "CVE-2022-0155", - "id": "pyup.io-50975", - "more_info_path": "/vulnerabilities/CVE-2022-0155/50975", + "advisory": "Determined 0.19.3 updates its NPM dependency 'eventsource' to v1.1.2 to include a security fix.", + "cve": "CVE-2022-1650", + "id": "pyup.io-50973", + "more_info_path": "/vulnerabilities/CVE-2022-1650/50973", "specs": [ "<0.19.3" ], "v": "<0.19.3" }, { - "advisory": "Determined 0.19.3 updates its NPM dependency 'async' to v2.6.4 to include a security fix.", - "cve": "CVE-2021-43138", - "id": "pyup.io-50972", - "more_info_path": "/vulnerabilities/CVE-2021-43138/50972", + "advisory": "Determined 0.19.3 updates its NPM dependency 'terser' to v4.8.1 to include a security fix.", + "cve": "CVE-2022-25858", + "id": "pyup.io-50977", + "more_info_path": "/vulnerabilities/CVE-2022-25858/50977", "specs": [ "<0.19.3" ], @@ -27954,19 +28375,19 @@ }, { "advisory": "Determined 0.19.3 updates its NPM dependency 'url-parse' to v1.5.10 to include security fixes.", - "cve": "CVE-2022-0512", - "id": "pyup.io-50982", - "more_info_path": "/vulnerabilities/CVE-2022-0512/50982", + "cve": "CVE-2022-0639", + "id": "pyup.io-50979", + "more_info_path": "/vulnerabilities/CVE-2022-0639/50979", "specs": [ "<0.19.3" ], "v": "<0.19.3" }, { - "advisory": "Determined 0.19.3 updates its NPM dependency 'eventsource' to v1.1.2 to include a security fix.", - "cve": "CVE-2022-1650", - "id": "pyup.io-50973", - "more_info_path": "/vulnerabilities/CVE-2022-1650/50973", + "advisory": "Determined 0.19.3 updates its NPM dependency 'follow-redirects' to v1.15.1 to include security fixes.", + "cve": "CVE-2022-0536", + "id": "pyup.io-50974", + "more_info_path": "/vulnerabilities/CVE-2022-0536/50974", "specs": [ "<0.19.3" ], @@ -27983,20 +28404,40 @@ "v": "<0.19.3" }, { - "advisory": "Determined 0.19.3 updates its NPM dependency 'terser' to v4.8.1 to include a security fix.", - "cve": "CVE-2022-25858", - "id": "pyup.io-50977", - "more_info_path": "/vulnerabilities/CVE-2022-25858/50977", + "advisory": "Determined 0.19.3 updates its NPM dependency 'url-parse' to v1.5.10 to include security fixes.", + "cve": "CVE-2022-0691", + "id": "pyup.io-50981", + "more_info_path": "/vulnerabilities/CVE-2022-0691/50981", "specs": [ "<0.19.3" ], "v": "<0.19.3" }, { - "advisory": "Determined 0.19.3 updates its NPM dependency 'url-parse' to v1.5.10 to include security fixes.", - "cve": "CVE-2022-0691", - "id": "pyup.io-50981", - "more_info_path": "/vulnerabilities/CVE-2022-0691/50981", + "advisory": "Determined 0.19.3 updates its NPM dependency 'follow-redirects' to v1.15.1 to include security fixes.", + "cve": "CVE-2022-0155", + "id": "pyup.io-50975", + "more_info_path": "/vulnerabilities/CVE-2022-0155/50975", + "specs": [ + "<0.19.3" + ], + "v": "<0.19.3" + }, + { + "advisory": "Determined 0.19.3 updates its NPM dependency 'async' to v2.6.4 to include a security fix.", + "cve": "CVE-2021-43138", + "id": "pyup.io-50972", + "more_info_path": "/vulnerabilities/CVE-2021-43138/50972", + "specs": [ + "<0.19.3" + ], + "v": "<0.19.3" + }, + { + "advisory": "Determined 0.19.3 updates its NPM dependency 'moment' to v2.29.4 to include a security fix.", + "cve": "CVE-2022-31129", + "id": "pyup.io-50976", + "more_info_path": "/vulnerabilities/CVE-2022-31129/50976", "specs": [ "<0.19.3" ], @@ -28671,10 +29112,10 @@ "v": "<1.0.4,>=1.1a1,<1.1.1" }, { - "advisory": "The password reset functionality in django.contrib.auth in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not validate the length of a string representing a base36 timestamp, which allows remote attackers to cause a denial of service (resource consumption) via a URL that specifies a large base36 integer.", - "cve": "CVE-2010-4535", - "id": "pyup.io-33059", - "more_info_path": "/vulnerabilities/CVE-2010-4535/33059", + "advisory": "The administrative interface in django.contrib.admin in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not properly restrict use of the query string to perform certain object filtering, which allows remote authenticated users to obtain sensitive information via a series of requests containing regular expressions, as demonstrated by a created_by__password__regex parameter.", + "cve": "CVE-2010-4534", + "id": "pyup.io-33058", + "more_info_path": "/vulnerabilities/CVE-2010-4534/33058", "specs": [ "<1.1.3", ">=1.2a1,<1.2.4" @@ -28682,10 +29123,10 @@ "v": "<1.1.3,>=1.2a1,<1.2.4" }, { - "advisory": "The administrative interface in django.contrib.admin in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not properly restrict use of the query string to perform certain object filtering, which allows remote authenticated users to obtain sensitive information via a series of requests containing regular expressions, as demonstrated by a created_by__password__regex parameter.", - "cve": "CVE-2010-4534", - "id": "pyup.io-33058", - "more_info_path": "/vulnerabilities/CVE-2010-4534/33058", + "advisory": "The password reset functionality in django.contrib.auth in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not validate the length of a string representing a base36 timestamp, which allows remote attackers to cause a denial of service (resource consumption) via a URL that specifies a large base36 integer.", + "cve": "CVE-2010-4535", + "id": "pyup.io-33059", + "more_info_path": "/vulnerabilities/CVE-2010-4535/33059", "specs": [ "<1.1.3", ">=1.2a1,<1.2.4" @@ -28703,10 +29144,10 @@ "v": "<1.1.4" }, { - "advisory": "Directory traversal vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 on Windows might allow remote attackers to read or execute files via a / (slash) character in a key in a session cookie, related to session replays.", - "cve": "CVE-2011-0698", - "id": "pyup.io-33062", - "more_info_path": "/vulnerabilities/CVE-2011-0698/33062", + "advisory": "Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via forged AJAX requests that leverage a \"combination of browser plugins and redirects,\" a related issue to CVE-2011-0447.", + "cve": "CVE-2011-0696", + "id": "pyup.io-33060", + "more_info_path": "/vulnerabilities/CVE-2011-0696/33060", "specs": [ "<1.1.4", ">=1.2a1,<1.2.5" @@ -28714,10 +29155,10 @@ "v": "<1.1.4,>=1.2a1,<1.2.5" }, { - "advisory": "Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via forged AJAX requests that leverage a \"combination of browser plugins and redirects,\" a related issue to CVE-2011-0447.", - "cve": "CVE-2011-0696", - "id": "pyup.io-33060", - "more_info_path": "/vulnerabilities/CVE-2011-0696/33060", + "advisory": "Directory traversal vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 on Windows might allow remote attackers to read or execute files via a / (slash) character in a key in a session cookie, related to session replays.", + "cve": "CVE-2011-0698", + "id": "pyup.io-33062", + "more_info_path": "/vulnerabilities/CVE-2011-0698/33062", "specs": [ "<1.1.4", ">=1.2a1,<1.2.5" @@ -28746,10 +29187,10 @@ "v": "<1.2.2" }, { - "advisory": "django.contrib.sessions in Django before 1.2.7 and 1.3.x before 1.3.1, when session data is stored in the cache, uses the root namespace for both session identifiers and application-data keys, which allows remote attackers to modify a session by triggering use of a key that is equal to that session's identifier.", - "cve": "CVE-2011-4136", - "id": "pyup.io-33063", - "more_info_path": "/vulnerabilities/CVE-2011-4136/33063", + "advisory": "The verify_exists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 originally tests a URL's validity through a HEAD request, but then uses a GET request for the new target URL in the case of a redirect, which might allow remote attackers to trigger arbitrary GET requests with an unintended source IP address via a crafted Location header.", + "cve": "CVE-2011-4138", + "id": "pyup.io-33065", + "more_info_path": "/vulnerabilities/CVE-2011-4138/33065", "specs": [ "<1.2.7", ">=1.3a1,<1.3.1" @@ -28757,10 +29198,10 @@ "v": "<1.2.7,>=1.3a1,<1.3.1" }, { - "advisory": "The verify_exists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 originally tests a URL's validity through a HEAD request, but then uses a GET request for the new target URL in the case of a redirect, which might allow remote attackers to trigger arbitrary GET requests with an unintended source IP address via a crafted Location header.", - "cve": "CVE-2011-4138", - "id": "pyup.io-33065", - "more_info_path": "/vulnerabilities/CVE-2011-4138/33065", + "advisory": "The verify_exists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 relies on Python libraries that attempt access to an arbitrary URL with no timeout, which allows remote attackers to cause a denial of service (resource consumption) via a URL associated with (1) a slow response, (2) a completed TCP connection with no application data sent, or (3) a large amount of application data, a related issue to CVE-2011-1521.", + "cve": "CVE-2011-4137", + "id": "pyup.io-33064", + "more_info_path": "/vulnerabilities/CVE-2011-4137/33064", "specs": [ "<1.2.7", ">=1.3a1,<1.3.1" @@ -28768,10 +29209,10 @@ "v": "<1.2.7,>=1.3a1,<1.3.1" }, { - "advisory": "The CSRF protection mechanism in Django through 1.2.7 and 1.3.x through 1.3.1 does not properly handle web-server configurations supporting arbitrary HTTP Host headers, which allows remote attackers to trigger unauthenticated forged requests via vectors involving a DNS CNAME record and a web page containing JavaScript code.", - "cve": "CVE-2011-4140", - "id": "pyup.io-33066", - "more_info_path": "/vulnerabilities/CVE-2011-4140/33066", + "advisory": "Django 1.2.7 and 1.3.1 include a fix for CVE-2011-4139: Django before 1.2.7 and 1.3.x before 1.3.1 uses a request's HTTP Host header to construct a full URL in certain circumstances, which allows remote attackers to conduct cache poisoning attacks via a crafted request.\r\nhttps://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued", + "cve": "CVE-2011-4139", + "id": "pyup.io-35348", + "more_info_path": "/vulnerabilities/CVE-2011-4139/35348", "specs": [ "<1.2.7", ">=1.3a1,<1.3.1" @@ -28779,10 +29220,10 @@ "v": "<1.2.7,>=1.3a1,<1.3.1" }, { - "advisory": "The verify_exists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 relies on Python libraries that attempt access to an arbitrary URL with no timeout, which allows remote attackers to cause a denial of service (resource consumption) via a URL associated with (1) a slow response, (2) a completed TCP connection with no application data sent, or (3) a large amount of application data, a related issue to CVE-2011-1521.", - "cve": "CVE-2011-4137", - "id": "pyup.io-33064", - "more_info_path": "/vulnerabilities/CVE-2011-4137/33064", + "advisory": "django.contrib.sessions in Django before 1.2.7 and 1.3.x before 1.3.1, when session data is stored in the cache, uses the root namespace for both session identifiers and application-data keys, which allows remote attackers to modify a session by triggering use of a key that is equal to that session's identifier.", + "cve": "CVE-2011-4136", + "id": "pyup.io-33063", + "more_info_path": "/vulnerabilities/CVE-2011-4136/33063", "specs": [ "<1.2.7", ">=1.3a1,<1.3.1" @@ -28790,16 +29231,27 @@ "v": "<1.2.7,>=1.3a1,<1.3.1" }, { - "advisory": "Django 1.2.7 and 1.3.1 include a fix for CVE-2011-4139: Django before 1.2.7 and 1.3.x before 1.3.1 uses a request's HTTP Host header to construct a full URL in certain circumstances, which allows remote attackers to conduct cache poisoning attacks via a crafted request.\r\nhttps://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued", - "cve": "CVE-2011-4139", - "id": "pyup.io-35348", - "more_info_path": "/vulnerabilities/CVE-2011-4139/35348", + "advisory": "The CSRF protection mechanism in Django through 1.2.7 and 1.3.x through 1.3.1 does not properly handle web-server configurations supporting arbitrary HTTP Host headers, which allows remote attackers to trigger unauthenticated forged requests via vectors involving a DNS CNAME record and a web page containing JavaScript code.", + "cve": "CVE-2011-4140", + "id": "pyup.io-33066", + "more_info_path": "/vulnerabilities/CVE-2011-4140/33066", "specs": [ "<1.2.7", ">=1.3a1,<1.3.1" ], "v": "<1.2.7,>=1.3a1,<1.3.1" }, + { + "advisory": "The get_image_dimensions function in the image-handling functionality in Django before 1.3.2 and 1.4.x before 1.4.1 uses a constant chunk size in all attempts to determine dimensions, which allows remote attackers to cause a denial of service (process or thread consumption) via a large TIFF image.", + "cve": "CVE-2012-3444", + "id": "pyup.io-33069", + "more_info_path": "/vulnerabilities/CVE-2012-3444/33069", + "specs": [ + "<1.3.2", + ">=1.4a1,<1.4.1" + ], + "v": "<1.3.2,>=1.4a1,<1.4.1" + }, { "advisory": "The django.forms.ImageField class in the form system in Django before 1.3.2 and 1.4.x before 1.4.1 completely decompresses image data during image validation, which allows remote attackers to cause a denial of service (memory consumption) by uploading an image file.", "cve": "CVE-2012-3443", @@ -28822,17 +29274,6 @@ ], "v": "<1.3.2,>=1.4a1,<1.4.1" }, - { - "advisory": "The get_image_dimensions function in the image-handling functionality in Django before 1.3.2 and 1.4.x before 1.4.1 uses a constant chunk size in all attempts to determine dimensions, which allows remote attackers to cause a denial of service (process or thread consumption) via a large TIFF image.", - "cve": "CVE-2012-3444", - "id": "pyup.io-33069", - "more_info_path": "/vulnerabilities/CVE-2012-3444/33069", - "specs": [ - "<1.3.2", - ">=1.4a1,<1.4.1" - ], - "v": "<1.3.2,>=1.4a1,<1.4.1" - }, { "advisory": "The django.http.HttpRequest.get_host function in Django 1.3.x before 1.3.4 and 1.4.x before 1.4.2 allows remote attackers to generate and display arbitrary URLs via crafted username and password Host header values.", "cve": "CVE-2012-4520", @@ -28936,10 +29377,10 @@ "v": "<1.4.14,>=1.5a1,<1.5.9,>=1.6a1,<1.6.6,>=1.7a1,<1.7rc3" }, { - "advisory": "The django.views.static.serve view in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 reads files an entire line at a time, which allows remote attackers to cause a denial of service (memory consumption) via a long line in a file.", - "cve": "CVE-2015-0221", - "id": "pyup.io-33072", - "more_info_path": "/vulnerabilities/CVE-2015-0221/33072", + "advisory": "Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 allows remote attackers to spoof WSGI headers by using an _ (underscore) character instead of a - (dash) character in an HTTP header, as demonstrated by an X-Auth_User header.", + "cve": "CVE-2015-0219", + "id": "pyup.io-33070", + "more_info_path": "/vulnerabilities/CVE-2015-0219/33070", "specs": [ "<1.4.18", ">=1.6a1,<1.6.10", @@ -28948,10 +29389,10 @@ "v": "<1.4.18,>=1.6a1,<1.6.10,>=1.7a1,<1.7.3" }, { - "advisory": "Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 allows remote attackers to spoof WSGI headers by using an _ (underscore) character instead of a - (dash) character in an HTTP header, as demonstrated by an X-Auth_User header.", - "cve": "CVE-2015-0219", - "id": "pyup.io-33070", - "more_info_path": "/vulnerabilities/CVE-2015-0219/33070", + "advisory": "The django.views.static.serve view in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 reads files an entire line at a time, which allows remote attackers to cause a denial of service (memory consumption) via a long line in a file.", + "cve": "CVE-2015-0221", + "id": "pyup.io-33072", + "more_info_path": "/vulnerabilities/CVE-2015-0221/33072", "specs": [ "<1.4.18", ">=1.6a1,<1.6.10", @@ -29100,10 +29541,10 @@ "v": "<2.1.9,>=2.2a1,<2.2.2" }, { - "advisory": "An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading files. It was also not applied to intermediate-level collected static directories when using the collectstatic management command.", - "cve": "CVE-2020-24583", - "id": "pyup.io-38749", - "more_info_path": "/vulnerabilities/CVE-2020-24583/38749", + "advisory": "An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). The intermediate-level directories of the filesystem cache had the system's standard umask rather than 0o077.", + "cve": "CVE-2020-24584", + "id": "pyup.io-38752", + "more_info_path": "/vulnerabilities/CVE-2020-24584/38752", "specs": [ "<2.2.16", ">=3.0a1,<3.0.10", @@ -29112,10 +29553,10 @@ "v": "<2.2.16,>=3.0a1,<3.0.10,>=3.1a1,<3.1.1" }, { - "advisory": "An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). The intermediate-level directories of the filesystem cache had the system's standard umask rather than 0o077.", - "cve": "CVE-2020-24584", - "id": "pyup.io-38752", - "more_info_path": "/vulnerabilities/CVE-2020-24584/38752", + "advisory": "An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading files. It was also not applied to intermediate-level collected static directories when using the collectstatic management command.", + "cve": "CVE-2020-24583", + "id": "pyup.io-38749", + "more_info_path": "/vulnerabilities/CVE-2020-24583/38749", "specs": [ "<2.2.16", ">=3.0a1,<3.0.10", @@ -29208,10 +29649,10 @@ "v": "<2.2.27,>=3.0a1,<3.2.12,>=4.0a1,<4.0.2" }, { - "advisory": "Django 2.2.28, 3.2.13 and 4.0.4 include a fix for CVE-2022-28346: An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs.\r\nhttps://www.djangoproject.com/weblog/2022/apr/11/security-releases", - "cve": "CVE-2022-28346", - "id": "pyup.io-48041", - "more_info_path": "/vulnerabilities/CVE-2022-28346/48041", + "advisory": "Django 2.2.28, 3.2.13 and 4.0.4 include a fix for CVE-2022-28347: A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary (with dictionary expansion) as the **options argument, and placing the injection payload in an option name.\r\nhttps://www.djangoproject.com/weblog/2022/apr/11/security-releases", + "cve": "CVE-2022-28347", + "id": "pyup.io-48040", + "more_info_path": "/vulnerabilities/CVE-2022-28347/48040", "specs": [ "<2.2.28", ">=3.0a1,<3.2.13", @@ -29220,10 +29661,10 @@ "v": "<2.2.28,>=3.0a1,<3.2.13,>=4.0a1,<4.0.4" }, { - "advisory": "Django 2.2.28, 3.2.13 and 4.0.4 include a fix for CVE-2022-28347: A SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary (with dictionary expansion) as the **options argument, and placing the injection payload in an option name.\r\nhttps://www.djangoproject.com/weblog/2022/apr/11/security-releases", - "cve": "CVE-2022-28347", - "id": "pyup.io-48040", - "more_info_path": "/vulnerabilities/CVE-2022-28347/48040", + "advisory": "Django 2.2.28, 3.2.13 and 4.0.4 include a fix for CVE-2022-28346: An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs.\r\nhttps://www.djangoproject.com/weblog/2022/apr/11/security-releases", + "cve": "CVE-2022-28346", + "id": "pyup.io-48041", + "more_info_path": "/vulnerabilities/CVE-2022-28346/48041", "specs": [ "<2.2.28", ">=3.0a1,<3.2.13", @@ -29301,18 +29742,6 @@ ], "v": "<3.2.19,>=4.0a1,<4.1.9,>=4.2a1,<4.2.1" }, - { - "advisory": "In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs.", - "cve": "CVE-2023-36053", - "id": "pyup.io-59293", - "more_info_path": "/vulnerabilities/CVE-2023-36053/59293", - "specs": [ - "<3.2.20", - ">=4.0a1,<4.1.10", - ">=4.2a1,<4.2.3" - ], - "v": "<3.2.20,>=4.0a1,<4.1.10,>=4.2a1,<4.2.3" - }, { "advisory": "Django 3.2.21, 4.1.11 and 4.2.5 include a fix for CVE-2023-41164: Potential denial of service vulnerability in django.utils.encoding.uri_to_iri().\r\nhttps://www.djangoproject.com/weblog/2023/sep/04/security-releases", "cve": "CVE-2023-41164", @@ -29325,6 +29754,18 @@ ], "v": "<3.2.21,>=4.0a1,<4.1.11,>=4.2a1,<4.2.5" }, + { + "advisory": "Django 4.2.6, 4.1.12 and 3.2.22 include a fix for CVE-2023-43665: Denial-of-service possibility in django.utils.text.Truncator.\r\nhttps://www.djangoproject.com/weblog/2023/oct/04/security-releases", + "cve": "CVE-2023-43665", + "id": "pyup.io-61586", + "more_info_path": "/vulnerabilities/CVE-2023-43665/61586", + "specs": [ + "<3.2.22", + ">=4.0a1,<4.1.12", + ">=4.2a1,<4.2.6" + ], + "v": "<3.2.22,>=4.0a1,<4.1.12,>=4.2a1,<4.2.6" + }, { "advisory": "bin/compile-messages.py in Django 0.95 does not quote argument strings before invoking the msgfmt program through the os.system function, which allows attackers to execute arbitrary commands via shell metacharacters in a (1) .po or (2) .mo file.", "cve": "CVE-2007-0404", @@ -29534,6 +29975,16 @@ ], "v": ">=1.4a1,<1.4.6,>=1.5a1,<1.5.2,>=1.6a1,<1.6b2" }, + { + "advisory": "The Django administrative tool, known as django.contrib.admin, presumes the value of a URLField to be secure. As a result, it doesn't utilize an escape function when presenting it, which could potentially permit a malefactor to conduct a cross-site scripting (XSS) attack within the administrative interface.", + "cve": "PVE-2023-99933", + "id": "pyup.io-61888", + "more_info_path": "/vulnerabilities/PVE-2023-99933/61888", + "specs": [ + ">=1.5,<1.5.2" + ], + "v": ">=1.5,<1.5.2" + }, { "advisory": "The administrative interface for Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 does not check permissions for the history view, which allows remote authenticated administrators to obtain sensitive object history information.", "cve": "CVE-2013-0305", @@ -29619,10 +30070,10 @@ "v": ">=1.8.0a1,<1.8.18,>=1.9.0a1,<1.9.13,>=1.10.0a1,<1.10.7" }, { - "advisory": "Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWED_HOSTS.", - "cve": "CVE-2016-9014", - "id": "pyup.io-33075", - "more_info_path": "/vulnerabilities/CVE-2016-9014/33075", + "advisory": "Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3 use a hardcoded password for a temporary database user created when running tests with an Oracle database, which makes it easier for remote attackers to obtain access to the database server by leveraging failure to manually specify a password in the database settings TEST dictionary.", + "cve": "CVE-2016-9013", + "id": "pyup.io-33076", + "more_info_path": "/vulnerabilities/CVE-2016-9013/33076", "specs": [ ">=1.8a1,<1.8.16", ">=1.9a1,<1.9.11", @@ -29631,10 +30082,10 @@ "v": ">=1.8a1,<1.8.16,>=1.9a1,<1.9.11,>=1.10a1,<1.10.3" }, { - "advisory": "Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3 use a hardcoded password for a temporary database user created when running tests with an Oracle database, which makes it easier for remote attackers to obtain access to the database server by leveraging failure to manually specify a password in the database settings TEST dictionary.", - "cve": "CVE-2016-9013", - "id": "pyup.io-33076", - "more_info_path": "/vulnerabilities/CVE-2016-9013/33076", + "advisory": "Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWED_HOSTS.", + "cve": "CVE-2016-9014", + "id": "pyup.io-33075", + "more_info_path": "/vulnerabilities/CVE-2016-9014/33075", "specs": [ ">=1.8a1,<1.8.16", ">=1.9a1,<1.9.11", @@ -29824,10 +30275,10 @@ "v": ">=3.0a1,<3.0.13,>=3.1a1,<3.1.7,<2.2.19" }, { - "advisory": "An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack.", - "cve": "CVE-2020-13596", - "id": "pyup.io-38372", - "more_info_path": "/vulnerabilities/CVE-2020-13596/38372", + "advisory": "An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage.", + "cve": "CVE-2020-13254", + "id": "pyup.io-38373", + "more_info_path": "/vulnerabilities/CVE-2020-13254/38373", "specs": [ ">=3.0a1,<3.0.7", ">=2.2a1,<2.2.13" @@ -29835,10 +30286,10 @@ "v": ">=3.0a1,<3.0.7,>=2.2a1,<2.2.13" }, { - "advisory": "An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage.", - "cve": "CVE-2020-13254", - "id": "pyup.io-38373", - "more_info_path": "/vulnerabilities/CVE-2020-13254/38373", + "advisory": "An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack.", + "cve": "CVE-2020-13596", + "id": "pyup.io-38372", + "more_info_path": "/vulnerabilities/CVE-2020-13596/38372", "specs": [ ">=3.0a1,<3.0.7", ">=2.2a1,<2.2.13" @@ -29879,6 +30330,18 @@ ">=3.2a1,<3.2.1" ], "v": ">=3.1a1,<3.1.9,>=2.2a1,<2.2.21,>=3.2a1,<3.2.1" + }, + { + "advisory": "Django 3.2.20, 4.1.10 and 4.2.3 include a fix for CVE-2023-36053: EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs.\r\nhttps://www.djangoproject.com/weblog/2023/jul/03/security-releases", + "cve": "CVE-2023-36053", + "id": "pyup.io-59293", + "more_info_path": "/vulnerabilities/CVE-2023-36053/59293", + "specs": [ + ">=4.0a1,<4.1.10", + ">=4.2a1,<4.2.3", + ">=3.2a1,<3.2.20" + ], + "v": ">=4.0a1,<4.1.10,>=4.2a1,<4.2.3,>=3.2a1,<3.2.20" } ], "django-access-tokens": [ @@ -30415,6 +30878,18 @@ "v": "<1.9.0" } ], + "django-cacheops": [ + { + "advisory": "Django-cacheops 4.0.6 includes a security fix: Catastrophic backtracking in template extensions.\r\nhttps://github.com/Suor/django-cacheops/commit/adba2dc9908c50157d417fd7564669c11ed23b2a", + "cve": "PVE-2023-61998", + "id": "pyup.io-61998", + "more_info_path": "/vulnerabilities/PVE-2023-61998/61998", + "specs": [ + "<4.0.6" + ], + "v": "<4.0.6" + } + ], "django-cas-server": [ { "advisory": "Django-cas-server 0.9.0 fixes a XSS vulnerability.\r\nhttps://github.com/nitmir/django-cas-server/commit/971cde093ce5af5aac9ced93c85b92c40e6e5665", @@ -30618,6 +31093,16 @@ "<1.1.4" ], "v": "<1.1.4" + }, + { + "advisory": "This package has a vulnerability that can lead to the unintentional disclosure of information in multithreaded WSGI servers. This vulnerability can occur between requests.", + "cve": "PVE-2023-99935", + "id": "pyup.io-61880", + "more_info_path": "/vulnerabilities/PVE-2023-99935/61880", + "specs": [ + "<1.1.4" + ], + "v": "<1.1.4" } ], "django-crm": [ @@ -30668,6 +31153,18 @@ "v": "<1.11.1,>2,<2.2.1,>3,<3.2.1" } ], + "django-descope": [ + { + "advisory": "Django-descope 1.3.0 updates its dependency 'django' to v4.2.3 to include a security fix.", + "cve": "CVE-2023-36053", + "id": "pyup.io-61641", + "more_info_path": "/vulnerabilities/CVE-2023-36053/61641", + "specs": [ + "<1.3.0" + ], + "v": "<1.3.0" + } + ], "django-discord-bind": [ { "advisory": "django-discord-bind 0.2.0 added state validation to prevent CSRF attacks.", @@ -30766,6 +31263,16 @@ "<0.3" ], "v": "<0.3" + }, + { + "advisory": "This package is susceptible to Open Redirect attacks as it lacks the mechanism for detecting counterfeit URLs.", + "cve": "PVE-2023-99934", + "id": "pyup.io-61885", + "more_info_path": "/vulnerabilities/PVE-2023-99934/61885", + "specs": [ + "<0.3" + ], + "v": "<0.3" } ], "django-envelope": [ @@ -30864,20 +31371,20 @@ ], "django-filer": [ { - "advisory": "Django-filer 3.0.0rc1 includes a fix for a XSS vulnerability.\r\nhttps://github.com/django-cms/django-filer/pull/1364", - "cve": "PVE-2023-59208", - "id": "pyup.io-59208", - "more_info_path": "/vulnerabilities/PVE-2023-59208/59208", + "advisory": "Django-filer 3.0.0rc1 includes a fix for a Broken Access Control vulnerability. The staff user without proper permissions cannot browse the filer's folder structure, list files in a folder, add files, and move files and folders by this fix. Also, non-root users only see their own files in unsorted uploads and it shows uncategorized files to the owner or superuser if permissions are active.\r\nhttps://github.com/django-cms/django-filer/pull/1352\r\nhttps://github.com/django-cms/django-filer/commit/43434f7c60320dcfa719742ab84fbe2cfcffb6f1", + "cve": "PVE-2023-59514", + "id": "pyup.io-59514", + "more_info_path": "/vulnerabilities/PVE-2023-59514/59514", "specs": [ "<3.0.0rc1" ], "v": "<3.0.0rc1" }, { - "advisory": "Django-filer 3.0.0rc1 includes a fix for a Broken Access Control vulnerability. The staff user without proper permissions cannot browse the filer's folder structure, list files in a folder, add files, and move files and folders by this fix. Also, non-root users only see their own files in unsorted uploads and it shows uncategorized files to the owner or superuser if permissions are active.\r\nhttps://github.com/django-cms/django-filer/pull/1352\r\nhttps://github.com/django-cms/django-filer/commit/43434f7c60320dcfa719742ab84fbe2cfcffb6f1", - "cve": "PVE-2023-59514", - "id": "pyup.io-59514", - "more_info_path": "/vulnerabilities/PVE-2023-59514/59514", + "advisory": "Django-filer 3.0.0rc1 includes a fix for a XSS vulnerability.\r\nhttps://github.com/django-cms/django-filer/pull/1364", + "cve": "PVE-2023-59208", + "id": "pyup.io-59208", + "more_info_path": "/vulnerabilities/PVE-2023-59208/59208", "specs": [ "<3.0.0rc1" ], @@ -30940,6 +31447,28 @@ "<4.0.8" ], "v": "<4.0.8" + }, + { + "advisory": "Django-froala-editor 4.1.3 fixes a vulnerability in the link textrea.", + "cve": "PVE-2023-61962", + "id": "pyup.io-61962", + "more_info_path": "/vulnerabilities/PVE-2023-61962/61962", + "specs": [ + "<4.1.3" + ], + "v": "<4.1.3" + } + ], + "django-grappelli": [ + { + "advisory": "Django-grappelli 2.15.2 includes a fix for CVE-2021-46898: views/switch.py in django-grappelli before 2.15.2 attempts to prevent external redirection with startswith(\"/\") but this does not consider a protocol-relative URL (e.g., //example.com) attack.\r\nhttps://github.com/sehmaschine/django-grappelli/issues/975", + "cve": "CVE-2021-46898", + "id": "pyup.io-61968", + "more_info_path": "/vulnerabilities/CVE-2021-46898/61968", + "specs": [ + "<2.15.2" + ], + "v": "<2.15.2" } ], "django-guts": [ @@ -31024,20 +31553,20 @@ ], "django-helpdesk": [ { - "advisory": "Django-helpdesk 0.3.1 includes a fix for CVE-2021-3950: Django-helpdesk is vulnerable to improper neutralization of input during web page generation ('Cross-site Scripting').\r\nhttps://huntr.dev/bounties/4d7a5fdd-b2de-467a-ade0-3f2fb386638e\r\nhttps://github.com/django-helpdesk/django-helpdesk/commit/04483bdac3b5196737516398b5ce0383875a5c60", - "cve": "CVE-2021-3950", - "id": "pyup.io-42743", - "more_info_path": "/vulnerabilities/CVE-2021-3950/42743", + "advisory": "Django-helpdesk 0.3.1 includes a fix for CVE-2021-3945: Django-helpdesk is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting').\r\nhttps://github.com/django-helpdesk/django-helpdesk/commit/2c7065e0c4296e0c692fb4a7ee19c7357583af30\r\nhttps://huntr.dev/bounties/745f483c-70ed-441f-ab2e-7ac1305439a4", + "cve": "CVE-2021-3945", + "id": "pyup.io-42683", + "more_info_path": "/vulnerabilities/CVE-2021-3945/42683", "specs": [ "<0.3.1" ], "v": "<0.3.1" }, { - "advisory": "Django-helpdesk 0.3.1 includes a fix for CVE-2021-3945: Django-helpdesk is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting').\r\nhttps://github.com/django-helpdesk/django-helpdesk/commit/2c7065e0c4296e0c692fb4a7ee19c7357583af30\r\nhttps://huntr.dev/bounties/745f483c-70ed-441f-ab2e-7ac1305439a4", - "cve": "CVE-2021-3945", - "id": "pyup.io-42683", - "more_info_path": "/vulnerabilities/CVE-2021-3945/42683", + "advisory": "Django-helpdesk 0.3.1 includes a fix for CVE-2021-3950: Django-helpdesk is vulnerable to improper neutralization of input during web page generation ('Cross-site Scripting').\r\nhttps://huntr.dev/bounties/4d7a5fdd-b2de-467a-ade0-3f2fb386638e\r\nhttps://github.com/django-helpdesk/django-helpdesk/commit/04483bdac3b5196737516398b5ce0383875a5c60", + "cve": "CVE-2021-3950", + "id": "pyup.io-42743", + "more_info_path": "/vulnerabilities/CVE-2021-3950/42743", "specs": [ "<0.3.1" ], @@ -31077,6 +31606,16 @@ ], "v": "<1.0.4" }, + { + "advisory": "Django-howl 1.0.5 updates its dependency 'Django' to v2.2.11 to include security fixes.", + "cve": "CVE-2019-14232", + "id": "pyup.io-43656", + "more_info_path": "/vulnerabilities/CVE-2019-14232/43656", + "specs": [ + "<1.0.5" + ], + "v": "<1.0.5" + }, { "advisory": "Django-howl 1.0.5 updates its dependency 'urllib3' to v1.25.8 to include a security fix.", "cve": "CVE-2020-7212", @@ -31157,16 +31696,6 @@ ], "v": "<1.0.5" }, - { - "advisory": "Django-howl 1.0.5 updates its dependency 'Django' to v2.2.11 to include security fixes.", - "cve": "CVE-2019-14232", - "id": "pyup.io-43656", - "more_info_path": "/vulnerabilities/CVE-2019-14232/43656", - "specs": [ - "<1.0.5" - ], - "v": "<1.0.5" - }, { "advisory": "Django-howl 1.0.5 updates its dependency 'Django' to v2.2.11 to include security fixes.", "cve": "CVE-2020-9402", @@ -31251,16 +31780,6 @@ ], "v": "<1.1.0" }, - { - "advisory": "Django-idempotency-key 1.1.0 drops support for Django 1.x as it arrived to end of life.", - "cve": "CVE-2019-14232", - "id": "pyup.io-42978", - "more_info_path": "/vulnerabilities/CVE-2019-14232/42978", - "specs": [ - "<1.1.0" - ], - "v": "<1.1.0" - }, { "advisory": "Django-idempotency-key 1.1.0 drops support for Django 1.x as it arrived to end of life.", "cve": "CVE-2020-7471", @@ -31271,16 +31790,6 @@ ], "v": "<1.1.0" }, - { - "advisory": "Django-idempotency-key 1.1.0 updates the minimum version of its dependency 'urllib3' to v1.24.2 to include a security fix.", - "cve": "CVE-2019-11324", - "id": "pyup.io-42976", - "more_info_path": "/vulnerabilities/CVE-2019-11324/42976", - "specs": [ - "<1.1.0" - ], - "v": "<1.1.0" - }, { "advisory": "Django-idempotency-key 1.1.0 drops support for Django 1.x as it arrived to end of life.", "cve": "CVE-2020-9402", @@ -31310,6 +31819,26 @@ "<1.1.0" ], "v": "<1.1.0" + }, + { + "advisory": "Django-idempotency-key 1.1.0 updates the minimum version of its dependency 'urllib3' to v1.24.2 to include a security fix.", + "cve": "CVE-2019-11324", + "id": "pyup.io-42976", + "more_info_path": "/vulnerabilities/CVE-2019-11324/42976", + "specs": [ + "<1.1.0" + ], + "v": "<1.1.0" + }, + { + "advisory": "Django-idempotency-key 1.1.0 drops support for Django 1.x as it arrived to end of life.", + "cve": "CVE-2019-14232", + "id": "pyup.io-42978", + "more_info_path": "/vulnerabilities/CVE-2019-14232/42978", + "specs": [ + "<1.1.0" + ], + "v": "<1.1.0" } ], "django-idom": [ @@ -31490,20 +32019,20 @@ "v": "<0.15.0" }, { - "advisory": "Django-kaio 0.15.0 updates its dependency 'urllib3' to v1.26.5 to include security fixes.", - "cve": "CVE-2020-26137", - "id": "pyup.io-48418", - "more_info_path": "/vulnerabilities/CVE-2020-26137/48418", + "advisory": "Django-kaio 0.15.0 updates its dependency 'pyyaml' to v5.4 to include security fixes.", + "cve": "CVE-2020-14343", + "id": "pyup.io-48412", + "more_info_path": "/vulnerabilities/CVE-2020-14343/48412", "specs": [ "<0.15.0" ], "v": "<0.15.0" }, { - "advisory": "Django-kaio 0.15.0 updates its dependency 'pyyaml' to v5.4 to include security fixes.", - "cve": "CVE-2020-14343", - "id": "pyup.io-48412", - "more_info_path": "/vulnerabilities/CVE-2020-14343/48412", + "advisory": "Django-kaio 0.15.0 updates its dependency 'urllib3' to v1.26.5 to include security fixes.", + "cve": "CVE-2020-26137", + "id": "pyup.io-48418", + "more_info_path": "/vulnerabilities/CVE-2020-26137/48418", "specs": [ "<0.15.0" ], @@ -31974,9 +32503,9 @@ }, { "advisory": "Django-nameko-standalone 1.3.2 updates its Django version to 1.11.27 to include security fixes.", - "cve": "CVE-2018-7537", - "id": "pyup.io-38565", - "more_info_path": "/vulnerabilities/CVE-2018-7537/38565", + "cve": "CVE-2019-14232", + "id": "pyup.io-43701", + "more_info_path": "/vulnerabilities/CVE-2019-14232/43701", "specs": [ "<1.3.2" ], @@ -31984,9 +32513,9 @@ }, { "advisory": "Django-nameko-standalone 1.3.2 updates its Django version to 1.11.27 to include security fixes.", - "cve": "CVE-2019-14232", - "id": "pyup.io-43701", - "more_info_path": "/vulnerabilities/CVE-2019-14232/43701", + "cve": "CVE-2018-7537", + "id": "pyup.io-38565", + "more_info_path": "/vulnerabilities/CVE-2018-7537/38565", "specs": [ "<1.3.2" ], @@ -32106,16 +32635,6 @@ ], "v": "<0.9b1" }, - { - "advisory": "Django-newsletter 0.9b1 updates its dependency 'django' to v3.0.2 to include security fixes.", - "cve": "CVE-2019-14232", - "id": "pyup.io-43684", - "more_info_path": "/vulnerabilities/CVE-2019-14232/43684", - "specs": [ - "<0.9b1" - ], - "v": "<0.9b1" - }, { "advisory": "Django-newsletter 0.9b1 updates its dependency 'waitress' to v1.4.2 to include security fixes.", "cve": "CVE-2019-16786", @@ -32146,6 +32665,16 @@ ], "v": "<0.9b1" }, + { + "advisory": "Django-newsletter 0.9b1 updates its dependency 'django' to v3.0.2 to include security fixes.", + "cve": "CVE-2019-14232", + "id": "pyup.io-43684", + "more_info_path": "/vulnerabilities/CVE-2019-14232/43684", + "specs": [ + "<0.9b1" + ], + "v": "<0.9b1" + }, { "advisory": "Django-newsletter 0.9b1 updates its dependency 'django' to v3.0.2 to include security fixes.", "cve": "CVE-2019-3498", @@ -32354,6 +32883,18 @@ "v": "<0.0.4" } ], + "django-pgbulk": [ + { + "advisory": "Django-pgbulk 2.0.0 updates 'pgbulk.upsert' to no longer support the 'return_untouched` argument, as it had race conditions.", + "cve": "PVE-2023-61662", + "id": "pyup.io-61662", + "more_info_path": "/vulnerabilities/PVE-2023-61662/61662", + "specs": [ + "<2.0.0" + ], + "v": "<2.0.0" + } + ], "django-pghistory": [ { "advisory": "Django-pghistory 2.6.0 escapes all context data to avoid SQL injection attacks.\r\nhttps://github.com/Opus10/django-pghistory/commit/a5380fa85745731c6bc749f0e453ab66314c0bc7", @@ -33124,16 +33665,6 @@ ], "v": "<2.0.11" }, - { - "advisory": "Django-termsandconditions 2.0.9 updates its dependency 'poetry' to v1.1.11 to include a security fix.", - "cve": "CVE-2022-26184", - "id": "pyup.io-49666", - "more_info_path": "/vulnerabilities/CVE-2022-26184/49666", - "specs": [ - "<2.0.9" - ], - "v": "<2.0.9" - }, { "advisory": "Django-termsandconditions 2.0.9 updates its dependency 'pylint' to v2.11.1 to include security fixes.", "cve": "PVE-2021-39621", @@ -33154,6 +33685,16 @@ ], "v": "<2.0.9" }, + { + "advisory": "Django-termsandconditions 2.0.9 updates its dependency 'poetry' to v1.1.11 to include a security fix.", + "cve": "CVE-2022-26184", + "id": "pyup.io-49666", + "more_info_path": "/vulnerabilities/CVE-2022-26184/49666", + "specs": [ + "<2.0.9" + ], + "v": "<2.0.9" + }, { "advisory": "Django-termsandconditions 2.0.9 updates its dependency 'django' to v3.2.8 to include security fixes.", "cve": "CVE-2021-3281", @@ -33325,20 +33866,20 @@ ], "django-ucamlookup": [ { - "advisory": "Django-ucamlookup 1.9.2 includes a fix for CVE-2016-15010: Affected by this vulnerability is an unknown functionality of the component Lookup Handler. The manipulation leads to cross site scripting. The attack can be launched remotely.\r\nhttps://github.com/uisautomation/django-ucamlookup/commit/5e25e4765637ea4b9e0bf5fcd5e9a922abee7eb3", - "cve": "CVE-2016-15010", - "id": "pyup.io-52672", - "more_info_path": "/vulnerabilities/CVE-2016-15010/52672", + "advisory": "Django-ucamlookup 1.9.2 fixes lack of escaping in select2 calls.\r\nhttps://github.com/uisautomation/django-ucamlookup/commit/5e25e4765637ea4b9e0bf5fcd5e9a922abee7eb3", + "cve": "PVE-2021-36744", + "id": "pyup.io-36744", + "more_info_path": "/vulnerabilities/PVE-2021-36744/36744", "specs": [ "<1.9.2" ], "v": "<1.9.2" }, { - "advisory": "Django-ucamlookup 1.9.2 fixes lack of escaping in select2 calls.\r\nhttps://github.com/uisautomation/django-ucamlookup/commit/5e25e4765637ea4b9e0bf5fcd5e9a922abee7eb3", - "cve": "PVE-2021-36744", - "id": "pyup.io-36744", - "more_info_path": "/vulnerabilities/PVE-2021-36744/36744", + "advisory": "Django-ucamlookup 1.9.2 includes a fix for CVE-2016-15010: Affected by this vulnerability is an unknown functionality of the component Lookup Handler. The manipulation leads to cross site scripting. The attack can be launched remotely.\r\nhttps://github.com/uisautomation/django-ucamlookup/commit/5e25e4765637ea4b9e0bf5fcd5e9a922abee7eb3", + "cve": "CVE-2016-15010", + "id": "pyup.io-52672", + "more_info_path": "/vulnerabilities/CVE-2016-15010/52672", "specs": [ "<1.9.2" ], @@ -34444,6 +34985,18 @@ "v": "<0.0.13" } ], + "doubt": [ + { + "advisory": "Doubt 4.5.1 updates its dependency 'urllib3' to include a security fix.", + "cve": "CVE-2023-45803", + "id": "pyup.io-62029", + "more_info_path": "/vulnerabilities/CVE-2023-45803/62029", + "specs": [ + "<4.5.1" + ], + "v": "<4.5.1" + } + ], "dovesnap": [ { "advisory": "Dovesnap 1.0.7 updates 'containerd' to include a security fix.", @@ -34716,6 +35269,18 @@ "v": "<0.2.2" } ], + "dtale": [ + { + "advisory": "D-Tale 3.7.0 includes a fix for CVE-2023-46134: Prior to version 3.7.0, users hosting D-Tale publicly can be vulnerable to remote code execution, allowing attackers to run malicious code on the server. This issue has been patched in version 3.7.0 by turning off \"Custom Filter\" input by default. The only workaround for versions earlier than 3.7.0 is to only host D-Tale to trusted users.\r\nhttps://github.com/man-group/dtale/security/advisories/GHSA-jq6c-r9xf-qxjm", + "cve": "CVE-2023-46134", + "id": "pyup.io-62043", + "more_info_path": "/vulnerabilities/CVE-2023-46134/62043", + "specs": [ + "<3.7.0" + ], + "v": "<3.7.0" + } + ], "duckdb": [ { "advisory": "Duckdb 0.6.0 fixes overflow when using substrings.\r\nhttps://github.com/duckdb/duckdb/pull/5273", @@ -35177,20 +35742,20 @@ "v": "<2.3.0b0" }, { - "advisory": "Elyra 3.0.0 updates its dependency 'urllib3' to v1.26.5 to include a security fix.", - "cve": "CVE-2019-11236", - "id": "pyup.io-42729", - "more_info_path": "/vulnerabilities/CVE-2019-11236/42729", + "advisory": "Elyra 3.0.0 updates its dependency 'requests' to v2.25.1 to include a security fix.", + "cve": "CVE-2018-18074", + "id": "pyup.io-42730", + "more_info_path": "/vulnerabilities/CVE-2018-18074/42730", "specs": [ "<3.0.0" ], "v": "<3.0.0" }, { - "advisory": "Elyra 3.0.0 updates its dependency 'requests' to v2.25.1 to include a security fix.", - "cve": "CVE-2018-18074", - "id": "pyup.io-42730", - "more_info_path": "/vulnerabilities/CVE-2018-18074/42730", + "advisory": "Elyra 3.0.0 updates its dependency 'urllib3' to v1.26.5 to include a security fix.", + "cve": "CVE-2021-33503", + "id": "pyup.io-41074", + "more_info_path": "/vulnerabilities/CVE-2021-33503/41074", "specs": [ "<3.0.0" ], @@ -35198,9 +35763,9 @@ }, { "advisory": "Elyra 3.0.0 updates its dependency 'urllib3' to v1.26.5 to include a security fix.", - "cve": "CVE-2020-26137", - "id": "pyup.io-42728", - "more_info_path": "/vulnerabilities/CVE-2020-26137/42728", + "cve": "CVE-2019-11236", + "id": "pyup.io-42729", + "more_info_path": "/vulnerabilities/CVE-2019-11236/42729", "specs": [ "<3.0.0" ], @@ -35208,9 +35773,9 @@ }, { "advisory": "Elyra 3.0.0 updates its dependency 'urllib3' to v1.26.5 to include a security fix.", - "cve": "CVE-2021-33503", - "id": "pyup.io-41074", - "more_info_path": "/vulnerabilities/CVE-2021-33503/41074", + "cve": "CVE-2020-26137", + "id": "pyup.io-42728", + "more_info_path": "/vulnerabilities/CVE-2020-26137/42728", "specs": [ "<3.0.0" ], @@ -35519,20 +36084,20 @@ ], "encapsia-api": [ { - "advisory": "Encapsia-api 0.2.9 updates its dependency 'py' to v1.10.0 to include a security fix.", - "cve": "CVE-2020-29651", - "id": "pyup.io-44972", - "more_info_path": "/vulnerabilities/CVE-2020-29651/44972", + "advisory": "Encapsia-api 0.2.9 updates its dependency 'cryptography' to v3.4.6 to include a security fix.", + "cve": "CVE-2020-36242", + "id": "pyup.io-39689", + "more_info_path": "/vulnerabilities/CVE-2020-36242/39689", "specs": [ "<0.2.9" ], "v": "<0.2.9" }, { - "advisory": "Encapsia-api 0.2.9 updates its dependency 'cryptography' to v3.4.6 to include a security fix.", - "cve": "CVE-2020-36242", - "id": "pyup.io-39689", - "more_info_path": "/vulnerabilities/CVE-2020-36242/39689", + "advisory": "Encapsia-api 0.2.9 updates its dependency 'py' to v1.10.0 to include a security fix.", + "cve": "CVE-2020-29651", + "id": "pyup.io-44972", + "more_info_path": "/vulnerabilities/CVE-2020-29651/44972", "specs": [ "<0.2.9" ], @@ -35541,10 +36106,10 @@ ], "encapsia-cli": [ { - "advisory": "Encapsia-cli 0.5.2 updates its dependency 'httpie' requirement to ^3.1.0 to include security fixes.", - "cve": "CVE-2022-0430", - "id": "pyup.io-52523", - "more_info_path": "/vulnerabilities/CVE-2022-0430/52523", + "advisory": "Encapsia-cli 0.5.2 includes a fix for CVE-2007-4559: Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", + "cve": "CVE-2007-4559", + "id": "pyup.io-52524", + "more_info_path": "/vulnerabilities/CVE-2007-4559/52524", "specs": [ "<0.5.2" ], @@ -35561,20 +36126,20 @@ "v": "<0.5.2" }, { - "advisory": "Encapsia-cli 0.5.2 updates its dependency 'certifi' to v2022.12.7 to include a security fix.", - "cve": "CVE-2022-23491", - "id": "pyup.io-52430", - "more_info_path": "/vulnerabilities/CVE-2022-23491/52430", + "advisory": "Encapsia-cli 0.5.2 updates its dependency 'httpie' requirement to ^3.1.0 to include security fixes.", + "cve": "CVE-2022-0430", + "id": "pyup.io-52523", + "more_info_path": "/vulnerabilities/CVE-2022-0430/52523", "specs": [ "<0.5.2" ], "v": "<0.5.2" }, { - "advisory": "Encapsia-cli 0.5.2 includes a fix for CVE-2007-4559: Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", - "cve": "CVE-2007-4559", - "id": "pyup.io-52524", - "more_info_path": "/vulnerabilities/CVE-2007-4559/52524", + "advisory": "Encapsia-cli 0.5.2 updates its dependency 'certifi' to v2022.12.7 to include a security fix.", + "cve": "CVE-2022-23491", + "id": "pyup.io-52430", + "more_info_path": "/vulnerabilities/CVE-2022-23491/52430", "specs": [ "<0.5.2" ], @@ -35805,6 +36370,18 @@ "v": "<=2021.9.1" } ], + "esrapgra": [ + { + "advisory": "Esrapgra 0.1.1 escapes strings using 'shlex' to prevent shell-escape attacks.\r\nhttps://github.com/audy/esrapgra/commit/6ac83acd895d864bfbcaa1f26020615c9fa9610f", + "cve": "PVE-2023-61963", + "id": "pyup.io-61963", + "more_info_path": "/vulnerabilities/PVE-2023-61963/61963", + "specs": [ + "<0.1.1" + ], + "v": "<0.1.1" + } + ], "eth-account": [ { "advisory": "An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the eth-account PyPI package, when an attacker is able to supply arbitrary input to the encode_structured_data method", @@ -36453,6 +37030,18 @@ "v": "<0.1a2" } ], + "exonetapi": [ + { + "advisory": "Exonetapi 3.0.2 updates its dependency 'urllib3' to v1.26.6 to include a security fix.", + "cve": "CVE-2021-33503", + "id": "pyup.io-61638", + "more_info_path": "/vulnerabilities/CVE-2021-33503/61638", + "specs": [ + "<3.0.2" + ], + "v": "<3.0.2" + } + ], "exoskeleton": [ { "advisory": "Exoskeleton 1.2.1 requires lxml version >= 4.6.2 (released 2020-11-26) as it fixes a vulnerability.", @@ -36674,6 +37263,16 @@ } ], "fabric": [ + { + "advisory": "Fabric before 1.1.0 allows local users to overwrite arbitrary files via a symlink attack on (1) a /tmp/fab.*.tar file or (2) certain other files in the top level of /tmp/.", + "cve": "CVE-2011-2185", + "id": "pyup.io-61887", + "more_info_path": "/vulnerabilities/CVE-2011-2185/61887", + "specs": [ + "<1.1.0" + ], + "v": "<1.1.0" + }, { "advisory": "The function upload_template() within Fabric, specifically in versions 0.9.0 up to but not including 1.13.2, contains a vulnerability. It requires cleaning up a temporary file with sudo uploads if the destination path is found to be invalid.", "cve": "PVE-2023-99977", @@ -36745,20 +37344,30 @@ "v": "<0.2.0" }, { - "advisory": "Fafi 0.2.1 updates its dependency 'urllib3' to version '1.26.4' to include a security fix.\r\nhttps://github.com/svandragt/fafi/pull/39/files", - "cve": "CVE-2021-28363", - "id": "pyup.io-59097", - "more_info_path": "/vulnerabilities/CVE-2021-28363/59097", + "advisory": "Fafi 0.2.1 updates its dependency 'pillow' to version '8.1.1' to include a security fix.\r\nhttps://github.com/svandragt/fafi/pull/42", + "cve": "CVE-2021-25292", + "id": "pyup.io-59155", + "more_info_path": "/vulnerabilities/CVE-2021-25292/59155", "specs": [ "<0.2.1" ], "v": "<0.2.1" }, { - "advisory": "Fafi 0.2.1 updates its dependency 'lxml' to version '4.6.3' to include a security fix.\r\nhttps://github.com/svandragt/fafi/pull/36", - "cve": "CVE-2021-28957", - "id": "pyup.io-59098", - "more_info_path": "/vulnerabilities/CVE-2021-28957/59098", + "advisory": "Fafi 0.2.1 updates its dependency 'pillow' to version '8.1.1' to include a security fix.\r\nhttps://github.com/svandragt/fafi/pull/42", + "cve": "CVE-2021-25291", + "id": "pyup.io-59156", + "more_info_path": "/vulnerabilities/CVE-2021-25291/59156", + "specs": [ + "<0.2.1" + ], + "v": "<0.2.1" + }, + { + "advisory": "Fafi 0.2.1 updates its dependency 'pillow' to version '8.1.1' to include a security fix.\r\nhttps://github.com/svandragt/fafi/pull/42", + "cve": "CVE-2021-25921", + "id": "pyup.io-59153", + "more_info_path": "/vulnerabilities/CVE-2021-25921/59153", "specs": [ "<0.2.1" ], @@ -36775,10 +37384,20 @@ "v": "<0.2.1" }, { - "advisory": "Fafi 0.2.1 updates its dependency 'pillow' to version '8.1.1' to include a security fix.\r\nhttps://github.com/svandragt/fafi/pull/42", - "cve": "CVE-2021-25921", - "id": "pyup.io-59153", - "more_info_path": "/vulnerabilities/CVE-2021-25921/59153", + "advisory": "Fafi 0.2.1 updates its dependency 'lxml' to version '4.6.3' to include a security fix.\r\nhttps://github.com/svandragt/fafi/pull/36", + "cve": "CVE-2021-28957", + "id": "pyup.io-59098", + "more_info_path": "/vulnerabilities/CVE-2021-28957/59098", + "specs": [ + "<0.2.1" + ], + "v": "<0.2.1" + }, + { + "advisory": "Fafi 0.2.1 updates its dependency 'urllib3' to version '1.26.4' to include a security fix.\r\nhttps://github.com/svandragt/fafi/pull/39/files", + "cve": "CVE-2021-28363", + "id": "pyup.io-59097", + "more_info_path": "/vulnerabilities/CVE-2021-28363/59097", "specs": [ "<0.2.1" ], @@ -36804,16 +37423,6 @@ ], "v": "<0.2.1" }, - { - "advisory": "Fafi 0.2.1 updates its dependency 'pillow' to version '8.1.1' to include a security fix.\r\nhttps://github.com/svandragt/fafi/pull/42", - "cve": "CVE-2021-25291", - "id": "pyup.io-59156", - "more_info_path": "/vulnerabilities/CVE-2021-25291/59156", - "specs": [ - "<0.2.1" - ], - "v": "<0.2.1" - }, { "advisory": "Fafi 0.2.1 updates its dependency 'pillow' to version '8.1.1' to include a security fix.\r\nhttps://github.com/svandragt/fafi/pull/42", "cve": "CVE-2021-25289", @@ -36823,16 +37432,6 @@ "<0.2.1" ], "v": "<0.2.1" - }, - { - "advisory": "Fafi 0.2.1 updates its dependency 'pillow' to version '8.1.1' to include a security fix.\r\nhttps://github.com/svandragt/fafi/pull/42", - "cve": "CVE-2021-25292", - "id": "pyup.io-59155", - "more_info_path": "/vulnerabilities/CVE-2021-25292/59155", - "specs": [ - "<0.2.1" - ], - "v": "<0.2.1" } ], "faker": [ @@ -36911,6 +37510,26 @@ "<4.4.4" ], "v": "<4.4.4" + }, + { + "advisory": "Falocalrepo 4.4.7 updates its dependency 'falocalrepo-server' to v3.3.5 to include a security fix.", + "cve": "CVE-2023-29159", + "id": "pyup.io-61808", + "more_info_path": "/vulnerabilities/CVE-2023-29159/61808", + "specs": [ + "<4.4.7" + ], + "v": "<4.4.7" + }, + { + "advisory": "Falocalrepo 4.4.7 updates its dependency 'falocalrepo-server' to v3.3.5 to include a security fix.", + "cve": "CVE-2023-4863", + "id": "pyup.io-61800", + "more_info_path": "/vulnerabilities/CVE-2023-4863/61800", + "specs": [ + "<4.4.7" + ], + "v": "<4.4.7" } ], "falocalrepo-server": [ @@ -36933,6 +37552,36 @@ "<3.2.7" ], "v": "<3.2.7" + }, + { + "advisory": "Falocalrepo-server 3.3.4 updates its dependency 'fastapi' to v0.103.2 to include a security fix.", + "cve": "CVE-2023-29159", + "id": "pyup.io-61806", + "more_info_path": "/vulnerabilities/CVE-2023-29159/61806", + "specs": [ + "<3.3.4" + ], + "v": "<3.3.4" + }, + { + "advisory": "Falocalrepo-server 3.3.4 updates its dependency 'fastapi' to v0.103.2 to include a security fix.", + "cve": "CVE-2023-30798", + "id": "pyup.io-61807", + "more_info_path": "/vulnerabilities/CVE-2023-30798/61807", + "specs": [ + "<3.3.4" + ], + "v": "<3.3.4" + }, + { + "advisory": "Falocalrepo-server 3.3.4 updates its dependency 'pillow' to v10.0.1 to include a security fix.", + "cve": "CVE-2023-4863", + "id": "pyup.io-61801", + "more_info_path": "/vulnerabilities/CVE-2023-4863/61801", + "specs": [ + "<3.3.4" + ], + "v": "<3.3.4" } ], "faq": [ @@ -37034,6 +37683,16 @@ ], "v": "<0.65.2" }, + { + "advisory": "Fastapi 0.75.2 updates its NPM dependency 'swagger-ui' to include security fixes.", + "cve": "CVE-2021-46708", + "id": "pyup.io-48161", + "more_info_path": "/vulnerabilities/CVE-2021-46708/48161", + "specs": [ + "<0.75.2" + ], + "v": "<0.75.2" + }, { "advisory": "Fastapi 0.75.2 updates its dependency 'ujson' ranges to include a security fix.", "cve": "CVE-2021-45958", @@ -37054,16 +37713,6 @@ ], "v": "<0.75.2" }, - { - "advisory": "Fastapi 0.75.2 updates its NPM dependency 'swagger-ui' to include security fixes.", - "cve": "CVE-2021-46708", - "id": "pyup.io-48161", - "more_info_path": "/vulnerabilities/CVE-2021-46708/48161", - "specs": [ - "<0.75.2" - ], - "v": "<0.75.2" - }, { "advisory": "Fastapi 0.92.0 updates its dependency 'Starlette' to v0.25.0 to include a security fix.", "cve": "CVE-2023-30798", @@ -37391,6 +38040,28 @@ "v": ">0" } ], + "faucet": [ + { + "advisory": "Faucet 1.10.1 includes a fix for a potential path traversal vulnerability.\r\nhttps://github.com/faucetsdn/faucet/pull/3876", + "cve": "PVE-2023-62037", + "id": "pyup.io-62037", + "more_info_path": "/vulnerabilities/PVE-2023-62037/62037", + "specs": [ + "<1.10.1" + ], + "v": "<1.10.1" + }, + { + "advisory": "Faucet 1.9.54 includes a fix for a potential race condition vulnerability.\r\nhttps://github.com/faucetsdn/faucet/commit/e8c3dfbf8fcb16696a84ba61d22c0ca65a403332", + "cve": "PVE-2023-62038", + "id": "pyup.io-62038", + "more_info_path": "/vulnerabilities/PVE-2023-62038/62038", + "specs": [ + "<1.9.54" + ], + "v": "<1.9.54" + } + ], "fava": [ { "advisory": "The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim.", @@ -37433,6 +38104,16 @@ "<0.2.2" ], "v": "<0.2.2" + }, + { + "advisory": "Fbpcp 0.6.1 updates its dependency 'urllib3' to v1.26.17 to include a security fix.", + "cve": "CVE-2023-43804", + "id": "pyup.io-61597", + "more_info_path": "/vulnerabilities/CVE-2023-43804/61597", + "specs": [ + "<0.6.1" + ], + "v": "<0.6.1" } ], "feast": [ @@ -37879,6 +38560,18 @@ "v": "<0.38.0" } ], + "fiona": [ + { + "advisory": "Fiona 1.9.4.post1 and prior releases ship with a version of 'libcurl' that has a high-severity vulnerability.\r\nhttps://github.com/sgillies/fiona-wheels/issues/39", + "cve": "CVE-2023-38545", + "id": "pyup.io-61771", + "more_info_path": "/vulnerabilities/CVE-2023-38545/61771", + "specs": [ + "<=1.9.4.post1" + ], + "v": "<=1.9.4.post1" + } + ], "firepit": [ { "advisory": "Firepit 1.3.0 adds SQL injection protection in query classes.\r\nhttps://github.com/opencybersecurityalliance/firepit/commit/20e4debe54c9999e9b96eb923c1b0f0f878491c9", @@ -38537,9 +39230,9 @@ }, { "advisory": "Flask-restx 1.1.0 updates its NPM dependency 'swagger-ui-dist' to v4.15.0 to include security fixes.", - "cve": "CVE-2021-46708", - "id": "pyup.io-53551", - "more_info_path": "/vulnerabilities/CVE-2021-46708/53551", + "cve": "CVE-2018-25031", + "id": "pyup.io-53555", + "more_info_path": "/vulnerabilities/CVE-2018-25031/53555", "specs": [ "<1.1.0" ], @@ -38547,9 +39240,9 @@ }, { "advisory": "Flask-restx 1.1.0 updates its NPM dependency 'swagger-ui-dist' to v4.15.0 to include security fixes.", - "cve": "CVE-2018-25031", - "id": "pyup.io-53555", - "more_info_path": "/vulnerabilities/CVE-2018-25031/53555", + "cve": "CVE-2021-46708", + "id": "pyup.io-53551", + "more_info_path": "/vulnerabilities/CVE-2021-46708/53551", "specs": [ "<1.1.0" ], @@ -38970,20 +39663,20 @@ "v": "<1.2.0" }, { - "advisory": "Flytekit 1.2.0 updates its dependency 'protobuf' to v3.20.2 to include a security fix.", - "cve": "CVE-2022-1941", - "id": "pyup.io-51334", - "more_info_path": "/vulnerabilities/CVE-2022-1941/51334", + "advisory": "Flytekit 1.2.0 updates its dependency 'mistune' to v2.0.3 to include a security fix.", + "cve": "CVE-2022-34749", + "id": "pyup.io-51329", + "more_info_path": "/vulnerabilities/CVE-2022-34749/51329", "specs": [ "<1.2.0" ], "v": "<1.2.0" }, { - "advisory": "Flytekit 1.2.0 updates its dependency 'mistune' to v2.0.3 to include a security fix.", - "cve": "CVE-2022-34749", - "id": "pyup.io-51329", - "more_info_path": "/vulnerabilities/CVE-2022-34749/51329", + "advisory": "Flytekit 1.2.0 updates its dependency 'protobuf' to v3.20.2 to include a security fix.", + "cve": "CVE-2022-1941", + "id": "pyup.io-51334", + "more_info_path": "/vulnerabilities/CVE-2022-1941/51334", "specs": [ "<1.2.0" ], @@ -39042,6 +39735,18 @@ "v": "<1.1.7" } ], + "fondant": [ + { + "advisory": "Fondant 0.6.1 updates its dependency 'Pillow' to v10.0.1 to include a security fix.", + "cve": "CVE-2023-4863", + "id": "pyup.io-61934", + "more_info_path": "/vulnerabilities/CVE-2023-4863/61934", + "specs": [ + "<0.6.1" + ], + "v": "<0.6.1" + } + ], "fonttools": [ { "advisory": "Fonttools 4.43.0 includes a fix for a XXE vulnerability.\r\nhttps://github.com/fonttools/fonttools/commit/9f61271dc1ca82ed91f529b130fe5dc5c9bf1f4c", @@ -39114,6 +39819,30 @@ "v": "<1.0" } ], + "fosslight-android": [ + { + "advisory": "A vulnerability patch has been integrated into Fosslight-android version 4.1.15. Earlier versions may have hard-coded sensitive credentials and lacked measures to counter potential SQL injection vulnerabilities.", + "cve": "PVE-2023-62077", + "id": "pyup.io-62077", + "more_info_path": "/vulnerabilities/PVE-2023-62077/62077", + "specs": [ + "<4.1.15" + ], + "v": "<4.1.15" + } + ], + "fosslight-dependency": [ + { + "advisory": "Fosslight-dependency 3.13.5 includes a fix for a XXE vulnerability.\r\nhttps://github.com/fosslight/fosslight_dependency_scanner/pull/171", + "cve": "PVE-2023-61797", + "id": "pyup.io-61797", + "more_info_path": "/vulnerabilities/PVE-2023-61797/61797", + "specs": [ + "<3.13.5" + ], + "v": "<3.13.5" + } + ], "fosslight-scanner": [ { "advisory": "Fosslight-scanner 1.7.16 includes a fix for a Command Injection vulnerability.\r\nhttps://github.com/fosslight/fosslight_scanner/pull/69", @@ -39162,6 +39891,18 @@ "v": "<3.1.23" } ], + "fotoobo": [ + { + "advisory": "Fotoobo 1.1.0 updates its dependency 'urlllib3' to include a security fix.", + "cve": "CVE-2023-45803", + "id": "pyup.io-61906", + "more_info_path": "/vulnerabilities/CVE-2023-45803/61906", + "specs": [ + "<1.1.0" + ], + "v": "<1.1.0" + } + ], "fpdf2": [ { "advisory": "Fpdf2 2.5.1 deprecates its font caching mechanism that used the 'pickle' module for security reasons.\r\nhttps://github.com/PyFPDF/fpdf2/issues/345", @@ -39176,20 +39917,20 @@ ], "fractal-server": [ { - "advisory": "Fractal-server 1.3.0a3 updates its dependency 'cryptography' to version '41.0.1' to include a security fix.\r\nhttps://github.com/fractal-analytics-platform/fractal-server/pull/739/commits/ec5bbd57acabf5a1fc357cfb96c21e059c619475", - "cve": "CVE-2023-2650", - "id": "pyup.io-59002", - "more_info_path": "/vulnerabilities/CVE-2023-2650/59002", + "advisory": "Fractal-server 1.3.0a3 updates its dependency 'pymdown-extensions' to version '10.0.1' to include a security fix.\r\nhttps://github.com/fractal-analytics-platform/fractal-server/pull/723", + "cve": "CVE-2023-32309", + "id": "pyup.io-58995", + "more_info_path": "/vulnerabilities/CVE-2023-32309/58995", "specs": [ "<1.3.0a3" ], "v": "<1.3.0a3" }, { - "advisory": "Fractal-server 1.3.0a3 updates its dependency 'pymdown-extensions' to version '10.0.1' to include a security fix.\r\nhttps://github.com/fractal-analytics-platform/fractal-server/pull/723", - "cve": "CVE-2023-32309", - "id": "pyup.io-58995", - "more_info_path": "/vulnerabilities/CVE-2023-32309/58995", + "advisory": "Fractal-server 1.3.0a3 updates its dependency 'cryptography' to version '41.0.1' to include a security fix.\r\nhttps://github.com/fractal-analytics-platform/fractal-server/pull/739/commits/ec5bbd57acabf5a1fc357cfb96c21e059c619475", + "cve": "CVE-2023-2650", + "id": "pyup.io-59002", + "more_info_path": "/vulnerabilities/CVE-2023-2650/59002", "specs": [ "<1.3.0a3" ], @@ -39216,6 +39957,18 @@ "v": "<1.3.0a3" } ], + "frappe": [ + { + "advisory": "Frappe 14.49.0 includes a fix for CVE-2023-46127: A malicious Frappe user with desk access could create documents containing HTML payloads allowing HTML Injection.\r\nhttps://github.com/frappe/frappe/security/advisories/GHSA-j2w9-8xrr-7g98", + "cve": "CVE-2023-46127", + "id": "pyup.io-61995", + "more_info_path": "/vulnerabilities/CVE-2023-46127/61995", + "specs": [ + "<14.49.0" + ], + "v": "<14.49.0" + } + ], "freeipa": [ { "advisory": "The default configuration of Red Hat Enterprise IPA 1.0.0 and FreeIPA before 1.1.1 places ldap:///anyone on the read ACL for the krbMKey attribute, which allows remote attackers to obtain the Kerberos master key via an anonymous LDAP query.", @@ -39509,9 +40262,9 @@ }, { "advisory": "Ftw.recipe.solr 1.3.6 fixes a system property for Log4j configuration file to be compatible with secure versions of this package.", - "cve": "CVE-2021-45046", - "id": "pyup.io-43396", - "more_info_path": "/vulnerabilities/CVE-2021-45046/43396", + "cve": "CVE-2021-45105", + "id": "pyup.io-43440", + "more_info_path": "/vulnerabilities/CVE-2021-45105/43440", "specs": [ "<1.3.6" ], @@ -39519,9 +40272,9 @@ }, { "advisory": "Ftw.recipe.solr 1.3.6 fixes a system property for Log4j configuration file to be compatible with secure versions of this package.", - "cve": "CVE-2021-45105", - "id": "pyup.io-43440", - "more_info_path": "/vulnerabilities/CVE-2021-45105/43440", + "cve": "CVE-2021-45046", + "id": "pyup.io-43396", + "more_info_path": "/vulnerabilities/CVE-2021-45046/43396", "specs": [ "<1.3.6" ], @@ -40053,20 +40806,20 @@ "v": "<2.10" }, { - "advisory": "Geonode 2.10 updates 'urllib3' to v1.24.2 to include security fixes.", - "cve": "CVE-2019-11324", - "id": "pyup.io-42968", - "more_info_path": "/vulnerabilities/CVE-2019-11324/42968", + "advisory": "Geonode 2.10 updates 'twisted' to v19.2.1 to include security fixes.", + "cve": "PVE-2021-37040", + "id": "pyup.io-42971", + "more_info_path": "/vulnerabilities/PVE-2021-37040/42971", "specs": [ "<2.10" ], "v": "<2.10" }, { - "advisory": "Geonode 2.10 updates 'twisted' to v19.2.1 to include security fixes.", - "cve": "PVE-2021-37040", - "id": "pyup.io-42971", - "more_info_path": "/vulnerabilities/PVE-2021-37040/42971", + "advisory": "Geonode 2.10 updates 'urllib3' to v1.24.2 to include security fixes.", + "cve": "CVE-2019-11324", + "id": "pyup.io-42968", + "more_info_path": "/vulnerabilities/CVE-2019-11324/42968", "specs": [ "<2.10" ], @@ -40171,6 +40924,18 @@ "v": ">=0,<0.9.9" } ], + "getgauge": [ + { + "advisory": "Getgauge 0.4.1 updates its dependency 'urllib3' to v2.0.7 to include a security fix.", + "cve": "CVE-2023-45803", + "id": "pyup.io-61929", + "more_info_path": "/vulnerabilities/CVE-2023-45803/61929", + "specs": [ + "<0.4.1" + ], + "v": "<0.4.1" + } + ], "geti-sdk": [ { "advisory": "Geti-sdk 1.0.0 enables SSL certificate validation by default.\r\nhttps://github.com/openvinotoolkit/geti-sdk/pull/77", @@ -40251,16 +41016,6 @@ } ], "ggshield": [ - { - "advisory": "Ggshield 1.18.0 updates its dependency 'cryptography' to version '41.0.3' to include a fix for an Insufficient Verification of Data Authenticity vulnerability.\r\nhttps://github.com/GitGuardian/ggshield/commit/3c67771a4d66accede14fa23dfce9ea51571e082", - "cve": "CVE-2023-3446", - "id": "pyup.io-60487", - "more_info_path": "/vulnerabilities/CVE-2023-3446/60487", - "specs": [ - "<1.18.0" - ], - "v": "<1.18.0" - }, { "advisory": "Ggshield 1.18.0 updates its dependency 'cryptography' to version '41.0.3' to include a fix for a Denial of Service vulnerability.\r\nhttps://github.com/GitGuardian/ggshield/commit/3c67771a4d66accede14fa23dfce9ea51571e082", "cve": "CVE-2023-2975", @@ -40280,6 +41035,16 @@ "<1.18.0" ], "v": "<1.18.0" + }, + { + "advisory": "Ggshield 1.18.0 updates its dependency 'cryptography' to version '41.0.3' to include a fix for an Insufficient Verification of Data Authenticity vulnerability.\r\nhttps://github.com/GitGuardian/ggshield/commit/3c67771a4d66accede14fa23dfce9ea51571e082", + "cve": "CVE-2023-3446", + "id": "pyup.io-60487", + "more_info_path": "/vulnerabilities/CVE-2023-3446/60487", + "specs": [ + "<1.18.0" + ], + "v": "<1.18.0" } ], "ghga-service-commons": [ @@ -40381,9 +41146,9 @@ "giosgapps-bindings": [ { "advisory": "Giosgapps-bindings 0.0.19 updates its dependency Django to v2.2.8 to include security fixes.", - "cve": "CVE-2019-14234", - "id": "pyup.io-43727", - "more_info_path": "/vulnerabilities/CVE-2019-14234/43727", + "cve": "CVE-2019-14232", + "id": "pyup.io-43725", + "more_info_path": "/vulnerabilities/CVE-2019-14232/43725", "specs": [ "<0.0.19" ], @@ -40391,9 +41156,9 @@ }, { "advisory": "Giosgapps-bindings 0.0.19 updates its dependency Django to v2.2.8 to include security fixes.", - "cve": "CVE-2019-14235", - "id": "pyup.io-43728", - "more_info_path": "/vulnerabilities/CVE-2019-14235/43728", + "cve": "CVE-2019-14234", + "id": "pyup.io-43727", + "more_info_path": "/vulnerabilities/CVE-2019-14234/43727", "specs": [ "<0.0.19" ], @@ -40401,9 +41166,9 @@ }, { "advisory": "Giosgapps-bindings 0.0.19 updates its dependency Django to v2.2.8 to include security fixes.", - "cve": "CVE-2019-14232", - "id": "pyup.io-43725", - "more_info_path": "/vulnerabilities/CVE-2019-14232/43725", + "cve": "CVE-2019-14235", + "id": "pyup.io-43728", + "more_info_path": "/vulnerabilities/CVE-2019-14235/43728", "specs": [ "<0.0.19" ], @@ -40472,6 +41237,18 @@ "v": "<2.5.0" } ], + "giskard": [ + { + "advisory": "Giskard 2.0.0b25 secures Giskard readonly demo space at Hugging Face Space.\r\nhttps://github.com/Giskard-AI/giskard/pull/1355", + "cve": "PVE-2023-61784", + "id": "pyup.io-61784", + "more_info_path": "/vulnerabilities/PVE-2023-61784/61784", + "specs": [ + "<2.0.0b25" + ], + "v": "<2.0.0b25" + } + ], "git-batch": [ { "advisory": "Git-batch 2.0.16 updates its dependency 'gitpython' to v3.1.35 to include a security fix.", @@ -40886,6 +41663,18 @@ "v": ">=1.4.1rc5,<2.0.4" } ], + "globox": [ + { + "advisory": "Globox 2.4.1 updates its dependency 'pillow' to include a security fix.", + "cve": "CVE-2023-4863", + "id": "pyup.io-61689", + "more_info_path": "/vulnerabilities/CVE-2023-4863/61689", + "specs": [ + "<2.4.1" + ], + "v": "<2.4.1" + } + ], "globus-automate-client": [ { "advisory": "Globus-automate-client 0.15.0 updates its dependency 'click' to v8.0.4 to include a security fix.", @@ -41241,6 +42030,26 @@ ], "v": "<1.12.0" }, + { + "advisory": "Gordo 1.12.0 updates its dependency \"numpy\" to v1.21.0 to include a security fix.", + "cve": "CVE-2021-33430", + "id": "pyup.io-51152", + "more_info_path": "/vulnerabilities/CVE-2021-33430/51152", + "specs": [ + "<1.12.0" + ], + "v": "<1.12.0" + }, + { + "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", + "cve": "CVE-2022-21741", + "id": "pyup.io-51196", + "more_info_path": "/vulnerabilities/CVE-2022-21741/51196", + "specs": [ + "<1.12.0" + ], + "v": "<1.12.0" + }, { "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", "cve": "CVE-2022-23564", @@ -41281,16 +42090,6 @@ ], "v": "<1.12.0" }, - { - "advisory": "Gordo 1.12.0 updates its dependency \"numpy\" to v1.21.0 to include a security fix.", - "cve": "CVE-2021-33430", - "id": "pyup.io-51152", - "more_info_path": "/vulnerabilities/CVE-2021-33430/51152", - "specs": [ - "<1.12.0" - ], - "v": "<1.12.0" - }, { "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", "cve": "CVE-2022-23584", @@ -41323,9 +42122,9 @@ }, { "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2022-21741", - "id": "pyup.io-51196", - "more_info_path": "/vulnerabilities/CVE-2022-21741/51196", + "cve": "CVE-2022-23575", + "id": "pyup.io-51216", + "more_info_path": "/vulnerabilities/CVE-2022-23575/51216", "specs": [ "<1.12.0" ], @@ -41333,9 +42132,9 @@ }, { "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2022-23575", - "id": "pyup.io-51216", - "more_info_path": "/vulnerabilities/CVE-2022-23575/51216", + "cve": "CVE-2022-23557", + "id": "pyup.io-51198", + "more_info_path": "/vulnerabilities/CVE-2022-23557/51198", "specs": [ "<1.12.0" ], @@ -41343,9 +42142,59 @@ }, { "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2022-23557", - "id": "pyup.io-51198", - "more_info_path": "/vulnerabilities/CVE-2022-23557/51198", + "cve": "CVE-2022-21736", + "id": "pyup.io-51191", + "more_info_path": "/vulnerabilities/CVE-2022-21736/51191", + "specs": [ + "<1.12.0" + ], + "v": "<1.12.0" + }, + { + "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", + "cve": "CVE-2022-23587", + "id": "pyup.io-51227", + "more_info_path": "/vulnerabilities/CVE-2022-23587/51227", + "specs": [ + "<1.12.0" + ], + "v": "<1.12.0" + }, + { + "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", + "cve": "CVE-2022-23573", + "id": "pyup.io-51214", + "more_info_path": "/vulnerabilities/CVE-2022-23573/51214", + "specs": [ + "<1.12.0" + ], + "v": "<1.12.0" + }, + { + "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", + "cve": "CVE-2022-21740", + "id": "pyup.io-51195", + "more_info_path": "/vulnerabilities/CVE-2022-21740/51195", + "specs": [ + "<1.12.0" + ], + "v": "<1.12.0" + }, + { + "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", + "cve": "CVE-2022-21730", + "id": "pyup.io-51185", + "more_info_path": "/vulnerabilities/CVE-2022-21730/51185", + "specs": [ + "<1.12.0" + ], + "v": "<1.12.0" + }, + { + "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", + "cve": "CVE-2022-23562", + "id": "pyup.io-51203", + "more_info_path": "/vulnerabilities/CVE-2022-23562/51203", "specs": [ "<1.12.0" ], @@ -41363,9 +42212,9 @@ }, { "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2022-23563", - "id": "pyup.io-51204", - "more_info_path": "/vulnerabilities/CVE-2022-23563/51204", + "cve": "CVE-2022-23572", + "id": "pyup.io-51213", + "more_info_path": "/vulnerabilities/CVE-2022-23572/51213", "specs": [ "<1.12.0" ], @@ -41373,9 +42222,9 @@ }, { "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2022-21736", - "id": "pyup.io-51191", - "more_info_path": "/vulnerabilities/CVE-2022-21736/51191", + "cve": "CVE-2022-21734", + "id": "pyup.io-51189", + "more_info_path": "/vulnerabilities/CVE-2022-21734/51189", "specs": [ "<1.12.0" ], @@ -41383,9 +42232,9 @@ }, { "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2022-21728", - "id": "pyup.io-51183", - "more_info_path": "/vulnerabilities/CVE-2022-21728/51183", + "cve": "CVE-2022-23578", + "id": "pyup.io-51219", + "more_info_path": "/vulnerabilities/CVE-2022-23578/51219", "specs": [ "<1.12.0" ], @@ -41393,9 +42242,9 @@ }, { "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2022-23587", - "id": "pyup.io-51227", - "more_info_path": "/vulnerabilities/CVE-2022-23587/51227", + "cve": "CVE-2022-21727", + "id": "pyup.io-51182", + "more_info_path": "/vulnerabilities/CVE-2022-21727/51182", "specs": [ "<1.12.0" ], @@ -41403,9 +42252,9 @@ }, { "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2022-23581", - "id": "pyup.io-51221", - "more_info_path": "/vulnerabilities/CVE-2022-23581/51221", + "cve": "CVE-2022-23571", + "id": "pyup.io-51212", + "more_info_path": "/vulnerabilities/CVE-2022-23571/51212", "specs": [ "<1.12.0" ], @@ -41413,9 +42262,9 @@ }, { "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2022-23577", - "id": "pyup.io-51218", - "more_info_path": "/vulnerabilities/CVE-2022-23577/51218", + "cve": "CVE-2022-23558", + "id": "pyup.io-51199", + "more_info_path": "/vulnerabilities/CVE-2022-23558/51199", "specs": [ "<1.12.0" ], @@ -41423,9 +42272,9 @@ }, { "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2022-23573", - "id": "pyup.io-51214", - "more_info_path": "/vulnerabilities/CVE-2022-23573/51214", + "cve": "CVE-2022-23588", + "id": "pyup.io-51228", + "more_info_path": "/vulnerabilities/CVE-2022-23588/51228", "specs": [ "<1.12.0" ], @@ -41433,9 +42282,9 @@ }, { "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2022-23559", - "id": "pyup.io-51200", - "more_info_path": "/vulnerabilities/CVE-2022-23559/51200", + "cve": "CVE-2022-23585", + "id": "pyup.io-51225", + "more_info_path": "/vulnerabilities/CVE-2022-23585/51225", "specs": [ "<1.12.0" ], @@ -41443,9 +42292,9 @@ }, { "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2022-21740", - "id": "pyup.io-51195", - "more_info_path": "/vulnerabilities/CVE-2022-21740/51195", + "cve": "CVE-2022-23563", + "id": "pyup.io-51204", + "more_info_path": "/vulnerabilities/CVE-2022-23563/51204", "specs": [ "<1.12.0" ], @@ -41453,9 +42302,9 @@ }, { "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2022-21729", - "id": "pyup.io-51184", - "more_info_path": "/vulnerabilities/CVE-2022-21729/51184", + "cve": "CVE-2022-21728", + "id": "pyup.io-51183", + "more_info_path": "/vulnerabilities/CVE-2022-21728/51183", "specs": [ "<1.12.0" ], @@ -41463,9 +42312,9 @@ }, { "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2022-21730", - "id": "pyup.io-51185", - "more_info_path": "/vulnerabilities/CVE-2022-21730/51185", + "cve": "CVE-2022-23581", + "id": "pyup.io-51221", + "more_info_path": "/vulnerabilities/CVE-2022-23581/51221", "specs": [ "<1.12.0" ], @@ -41473,9 +42322,9 @@ }, { "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2022-23562", - "id": "pyup.io-51203", - "more_info_path": "/vulnerabilities/CVE-2022-23562/51203", + "cve": "CVE-2022-23577", + "id": "pyup.io-51218", + "more_info_path": "/vulnerabilities/CVE-2022-23577/51218", "specs": [ "<1.12.0" ], @@ -41483,9 +42332,9 @@ }, { "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2022-23572", - "id": "pyup.io-51213", - "more_info_path": "/vulnerabilities/CVE-2022-23572/51213", + "cve": "CVE-2022-23559", + "id": "pyup.io-51200", + "more_info_path": "/vulnerabilities/CVE-2022-23559/51200", "specs": [ "<1.12.0" ], @@ -41493,9 +42342,9 @@ }, { "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2022-22576", - "id": "pyup.io-51197", - "more_info_path": "/vulnerabilities/CVE-2022-22576/51197", + "cve": "CVE-2022-21729", + "id": "pyup.io-51184", + "more_info_path": "/vulnerabilities/CVE-2022-21729/51184", "specs": [ "<1.12.0" ], @@ -41503,9 +42352,9 @@ }, { "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2022-21734", - "id": "pyup.io-51189", - "more_info_path": "/vulnerabilities/CVE-2022-21734/51189", + "cve": "CVE-2022-22576", + "id": "pyup.io-51197", + "more_info_path": "/vulnerabilities/CVE-2022-22576/51197", "specs": [ "<1.12.0" ], @@ -41541,16 +42390,6 @@ ], "v": "<1.12.0" }, - { - "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2022-23578", - "id": "pyup.io-51219", - "more_info_path": "/vulnerabilities/CVE-2022-23578/51219", - "specs": [ - "<1.12.0" - ], - "v": "<1.12.0" - }, { "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", "cve": "CVE-2022-23582", @@ -41581,16 +42420,6 @@ ], "v": "<1.12.0" }, - { - "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2022-21727", - "id": "pyup.io-51182", - "more_info_path": "/vulnerabilities/CVE-2022-21727/51182", - "specs": [ - "<1.12.0" - ], - "v": "<1.12.0" - }, { "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", "cve": "CVE-2022-23586", @@ -41621,16 +42450,6 @@ ], "v": "<1.12.0" }, - { - "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2022-23571", - "id": "pyup.io-51212", - "more_info_path": "/vulnerabilities/CVE-2022-23571/51212", - "specs": [ - "<1.12.0" - ], - "v": "<1.12.0" - }, { "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", "cve": "CVE-2022-23561", @@ -41661,16 +42480,6 @@ ], "v": "<1.12.0" }, - { - "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2022-23558", - "id": "pyup.io-51199", - "more_info_path": "/vulnerabilities/CVE-2022-23558/51199", - "specs": [ - "<1.12.0" - ], - "v": "<1.12.0" - }, { "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", "cve": "CVE-2022-23565", @@ -41691,16 +42500,6 @@ ], "v": "<1.12.0" }, - { - "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2022-23588", - "id": "pyup.io-51228", - "more_info_path": "/vulnerabilities/CVE-2022-23588/51228", - "specs": [ - "<1.12.0" - ], - "v": "<1.12.0" - }, { "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", "cve": "CVE-2022-21731", @@ -41731,16 +42530,6 @@ ], "v": "<1.12.0" }, - { - "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2022-23585", - "id": "pyup.io-51225", - "more_info_path": "/vulnerabilities/CVE-2022-23585/51225", - "specs": [ - "<1.12.0" - ], - "v": "<1.12.0" - }, { "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", "cve": "CVE-2022-21726", @@ -41856,7 +42645,7 @@ ], "gordo-components": [ { - "advisory": "Gordo-components 0.15.1 includes a fix for CVE-2019-11324: The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to use of the ssl_context, ca_certs, or ca_certs_dir argument.", + "advisory": "Gordo-components 0.15.1 updates its dependency 'urllib3' to include a security fix.", "cve": "CVE-2019-11324", "id": "pyup.io-37545", "more_info_path": "/vulnerabilities/CVE-2019-11324/37545", @@ -42226,6 +43015,18 @@ "v": "<0.16.5" } ], + "griptape": [ + { + "advisory": "Griptape 0.18.0 includes a fix for a prompt injection vulnerability.\r\nhttps://github.com/griptape-ai/griptape/issues/280", + "cve": "PVE-2023-61648", + "id": "pyup.io-61648", + "more_info_path": "/vulnerabilities/PVE-2023-61648/61648", + "specs": [ + "<0.18.0" + ], + "v": "<0.18.0" + } + ], "grpcio": [ { "advisory": "Grpcio 1.2.0 includes a fix for CVE-2017-7860: Google gRPC before 2017-02-22 has an out-of-bounds write caused by a heap-based buffer overflow related to the parse_unix function in core/ext/client_channel/parse_address.c.\r\nhttps://github.com/grpc/grpc/pull/9833/commits/bcd5f12e4bca2ed2c00cddb5ffd046aef6f4fb31", @@ -42314,9 +43115,9 @@ "grpcio-tools": [ { "advisory": "Grpcio-tools 1.2.0 depends on 'grpcio' v1.2.0, which includes security fixes.", - "cve": "CVE-2017-7861", - "id": "pyup.io-47167", - "more_info_path": "/vulnerabilities/CVE-2017-7861/47167", + "cve": "CVE-2017-7860", + "id": "pyup.io-47166", + "more_info_path": "/vulnerabilities/CVE-2017-7860/47166", "specs": [ "<1.2.0" ], @@ -42324,9 +43125,9 @@ }, { "advisory": "Grpcio-tools 1.2.0 depends on 'grpcio' v1.2.0, which includes security fixes.", - "cve": "CVE-2017-7860", - "id": "pyup.io-47166", - "more_info_path": "/vulnerabilities/CVE-2017-7860/47166", + "cve": "CVE-2017-7861", + "id": "pyup.io-47167", + "more_info_path": "/vulnerabilities/CVE-2017-7861/47167", "specs": [ "<1.2.0" ], @@ -42555,9 +43356,9 @@ "gyver": [ { "advisory": "Gyver 2.8.3 updates its dependency 'cryptography' to versions ^41.0.4 to include security fixes.", - "cve": "CVE-2023-38325", - "id": "pyup.io-61403", - "more_info_path": "/vulnerabilities/CVE-2023-38325/61403", + "cve": "CVE-2023-3446", + "id": "pyup.io-61396", + "more_info_path": "/vulnerabilities/CVE-2023-3446/61396", "specs": [ "<2.8.3" ], @@ -42565,9 +43366,9 @@ }, { "advisory": "Gyver 2.8.3 updates its dependency 'cryptography' to versions ^41.0.4 to include security fixes.", - "cve": "CVE-2023-3446", - "id": "pyup.io-61396", - "more_info_path": "/vulnerabilities/CVE-2023-3446/61396", + "cve": "CVE-2023-38325", + "id": "pyup.io-61403", + "more_info_path": "/vulnerabilities/CVE-2023-38325/61403", "specs": [ "<2.8.3" ], @@ -42597,9 +43398,9 @@ "h2o": [ { "advisory": "H2o 3.34.0.7 updates its dependency 'log4j' to v2.17.0 to fix critical and severe vulnerabilities.\r\nhttps://github.com/h2oai/h2o-3/commit/85dc8a3fdbfef002919d15764b1ad99b3c39f851", - "cve": "CVE-2021-45105", - "id": "pyup.io-43439", - "more_info_path": "/vulnerabilities/CVE-2021-45105/43439", + "cve": "CVE-2021-45046", + "id": "pyup.io-43398", + "more_info_path": "/vulnerabilities/CVE-2021-45046/43398", "specs": [ "<3.34.0.7" ], @@ -42617,9 +43418,9 @@ }, { "advisory": "H2o 3.34.0.7 updates its dependency 'log4j' to v2.17.0 to fix critical and severe vulnerabilities.\r\nhttps://github.com/h2oai/h2o-3/commit/85dc8a3fdbfef002919d15764b1ad99b3c39f851", - "cve": "CVE-2021-45046", - "id": "pyup.io-43398", - "more_info_path": "/vulnerabilities/CVE-2021-45046/43398", + "cve": "CVE-2021-45105", + "id": "pyup.io-43439", + "more_info_path": "/vulnerabilities/CVE-2021-45105/43439", "specs": [ "<3.34.0.7" ], @@ -42716,70 +43517,70 @@ "v": "<3.40.0.4" }, { - "advisory": "H2o 3.42.0.1 updates its dependency 'guava' to '32.0.1-jre' to fix CVE-2023-2976.\r\nhttps://github.com/h2oai/h2o-3/pull/15593", - "cve": "CVE-2023-2976", - "id": "pyup.io-59320", - "more_info_path": "/vulnerabilities/CVE-2023-2976/59320", + "advisory": "H2o 3.42.0.1 updates its dependency 'jettison' to '1.5.4' to fix CVE-2023-1436.\r\nhttps://github.com/h2oai/h2o-3/pull/6826", + "cve": "CVE-2023-1436", + "id": "pyup.io-59331", + "more_info_path": "/vulnerabilities/CVE-2023-1436/59331", "specs": [ "<3.42.0.1" ], "v": "<3.42.0.1" }, { - "advisory": "H2o 3.42.0.1 updates its dependency 'jetty' to '9.4.51.v20230217' to fix CVE-2023-26049.\r\nhttps://github.com/h2oai/h2o-3/pull/15547", - "cve": "CVE-2023-26049", - "id": "pyup.io-59330", - "more_info_path": "/vulnerabilities/CVE-2023-26049/59330", + "advisory": "H2o 3.42.0.1 updates its dependency 'jettison' to '1.5.4' to fix CVE-2022-45693.\r\nhttps://github.com/h2oai/h2o-3/pull/6826", + "cve": "CVE-2022-45693", + "id": "pyup.io-59332", + "more_info_path": "/vulnerabilities/CVE-2022-45693/59332", "specs": [ "<3.42.0.1" ], "v": "<3.42.0.1" }, { - "advisory": "H2o 3.42.0.1 updates its dependency 'jetty' to '9.4.51.v20230217' to fix CVE-2023-26048.\r\nhttps://github.com/h2oai/h2o-3/pull/15547", - "cve": "CVE-2023-26048", - "id": "pyup.io-59329", - "more_info_path": "/vulnerabilities/CVE-2023-26048/59329", + "advisory": "H2o 3.42.0.1 updates its dependency 'kotlin-stdlib' to '1.4.32' to fix CVE-2020-29582.\r\nhttps://github.com/h2oai/h2o-3/pull/15549", + "cve": "CVE-2020-29582", + "id": "pyup.io-59328", + "more_info_path": "/vulnerabilities/CVE-2020-29582/59328", "specs": [ "<3.42.0.1" ], "v": "<3.42.0.1" }, { - "advisory": "H2o 3.42.0.1 updates its dependency 'kotlin-stdlib' to '1.4.32' to fix CVE-2020-29582.\r\nhttps://github.com/h2oai/h2o-3/pull/15549", - "cve": "CVE-2020-29582", - "id": "pyup.io-59328", - "more_info_path": "/vulnerabilities/CVE-2020-29582/59328", + "advisory": "H2o 3.42.0.1 updates its dependency 'jetty' to '9.4.51.v20230217' to fix CVE-2023-26049.\r\nhttps://github.com/h2oai/h2o-3/pull/15547", + "cve": "CVE-2023-26049", + "id": "pyup.io-59330", + "more_info_path": "/vulnerabilities/CVE-2023-26049/59330", "specs": [ "<3.42.0.1" ], "v": "<3.42.0.1" }, { - "advisory": "H2o 3.42.0.1 updates its dependency 'jettison' to '1.5.4' to fix CVE-2022-45685.\r\nhttps://github.com/h2oai/h2o-3/pull/6826", - "cve": "CVE-2022-45685", - "id": "pyup.io-59333", - "more_info_path": "/vulnerabilities/CVE-2022-45685/59333", + "advisory": "H2o 3.42.0.1 updates its dependency 'jetty' to '9.4.51.v20230217' to fix CVE-2023-26048.\r\nhttps://github.com/h2oai/h2o-3/pull/15547", + "cve": "CVE-2023-26048", + "id": "pyup.io-59329", + "more_info_path": "/vulnerabilities/CVE-2023-26048/59329", "specs": [ "<3.42.0.1" ], "v": "<3.42.0.1" }, { - "advisory": "H2o 3.42.0.1 updates its dependency 'jettison' to '1.5.4' to fix CVE-2022-45693.\r\nhttps://github.com/h2oai/h2o-3/pull/6826", - "cve": "CVE-2022-45693", - "id": "pyup.io-59332", - "more_info_path": "/vulnerabilities/CVE-2022-45693/59332", + "advisory": "H2o 3.42.0.1 updates its dependency 'jettison' to '1.5.4' to fix CVE-2022-45685.\r\nhttps://github.com/h2oai/h2o-3/pull/6826", + "cve": "CVE-2022-45685", + "id": "pyup.io-59333", + "more_info_path": "/vulnerabilities/CVE-2022-45685/59333", "specs": [ "<3.42.0.1" ], "v": "<3.42.0.1" }, { - "advisory": "H2o 3.42.0.1 updates its dependency 'jettison' to '1.5.4' to fix CVE-2023-1436.\r\nhttps://github.com/h2oai/h2o-3/pull/6826", - "cve": "CVE-2023-1436", - "id": "pyup.io-59331", - "more_info_path": "/vulnerabilities/CVE-2023-1436/59331", + "advisory": "H2o 3.42.0.1 updates its dependency 'guava' to '32.0.1-jre' to fix CVE-2023-2976.\r\nhttps://github.com/h2oai/h2o-3/pull/15593", + "cve": "CVE-2023-2976", + "id": "pyup.io-59320", + "more_info_path": "/vulnerabilities/CVE-2023-2976/59320", "specs": [ "<3.42.0.1" ], @@ -42982,6 +43783,18 @@ "v": "<0.10.0" } ], + "healpy": [ + { + "advisory": "Healpy 1.16.6 and prior releases ship with a version of 'libcurl' that has a high-severity vulnerability.", + "cve": "CVE-2023-38545", + "id": "pyup.io-61774", + "more_info_path": "/vulnerabilities/CVE-2023-38545/61774", + "specs": [ + "<=1.16.6" + ], + "v": "<=1.16.6" + } + ], "heedy": [ { "advisory": "Heedy 0.3.0a1 reports it its changelog: There might [...] be security issues. Use at your own risk.", @@ -43307,9 +44120,9 @@ }, { "advisory": "Homeassistant 2023.8.1 updates its dependency 'cryptography' to version '41.0.3' to include a fix for a Denial of Service vulnerability.\r\nhttps://github.com/home-assistant/core/pull/97611", - "cve": "CVE-2023-3446", - "id": "pyup.io-60229", - "more_info_path": "/vulnerabilities/CVE-2023-3446/60229", + "cve": "CVE-2023-3817", + "id": "pyup.io-60215", + "more_info_path": "/vulnerabilities/CVE-2023-3817/60215", "specs": [ "<2023.8.1" ], @@ -43317,9 +44130,9 @@ }, { "advisory": "Homeassistant 2023.8.1 updates its dependency 'cryptography' to version '41.0.3' to include a fix for a Denial of Service vulnerability.\r\nhttps://github.com/home-assistant/core/pull/97611", - "cve": "CVE-2023-3817", - "id": "pyup.io-60215", - "more_info_path": "/vulnerabilities/CVE-2023-3817/60215", + "cve": "CVE-2023-3446", + "id": "pyup.io-60229", + "more_info_path": "/vulnerabilities/CVE-2023-3446/60229", "specs": [ "<2023.8.1" ], @@ -43392,20 +44205,20 @@ ], "honeybee-radiance-postprocess": [ { - "advisory": "Honeybee-radiance-postprocess 0.4.166 updates its dependency 'wheel' to v0.38.1 to include a security fix.", - "cve": "CVE-2022-40898", - "id": "pyup.io-53615", - "more_info_path": "/vulnerabilities/CVE-2022-40898/53615", + "advisory": "Honeybee-radiance-postprocess 0.4.166 updates its dependency 'setuptools' to v65.5.1 to include a security fix.", + "cve": "CVE-2022-40897", + "id": "pyup.io-53623", + "more_info_path": "/vulnerabilities/CVE-2022-40897/53623", "specs": [ "<0.4.166" ], "v": "<0.4.166" }, { - "advisory": "Honeybee-radiance-postprocess 0.4.166 updates its dependency 'setuptools' to v65.5.1 to include a security fix.", - "cve": "CVE-2022-40897", - "id": "pyup.io-53623", - "more_info_path": "/vulnerabilities/CVE-2022-40897/53623", + "advisory": "Honeybee-radiance-postprocess 0.4.166 updates its dependency 'wheel' to v0.38.1 to include a security fix.", + "cve": "CVE-2022-40898", + "id": "pyup.io-53615", + "more_info_path": "/vulnerabilities/CVE-2022-40898/53615", "specs": [ "<0.4.166" ], @@ -46145,6 +46958,18 @@ "v": "<1.4" } ], + "hrflow-connectors": [ + { + "advisory": "In versions of hrflow-connectors before 4.1.0, there exists a potential vulnerability related to backend tests in CI environments. The vulnerability appears to arise when multiple CI runs occur simultaneously, leading to race conditions. These conditions may cause one test to inadvertently find the result of another test running at the same time, thereby compromising the integrity of the tests.", + "cve": "PVE-2023-62084", + "id": "pyup.io-62084", + "more_info_path": "/vulnerabilities/PVE-2023-62084/62084", + "specs": [ + "<4.1.0" + ], + "v": "<4.1.0" + } + ], "htbulma": [ { "advisory": "Htbulma 0.1.1 limits 'FileSelect' to the path to avoid directory transversal attacks.", @@ -46443,6 +47268,38 @@ "v": ">0" } ], + "httptools": [ + { + "advisory": "Httptools 0.5.0 updates the bundled 'llhttp' library to v6.0.9 to include security fixes.", + "cve": "CVE-2022-32213", + "id": "pyup.io-61865", + "more_info_path": "/vulnerabilities/CVE-2022-32213/61865", + "specs": [ + "<0.5.0" + ], + "v": "<0.5.0" + }, + { + "advisory": "Httptools 0.5.0 updates the bundled 'llhttp' library to v6.0.9 to include security fixes.", + "cve": "CVE-2022-32214", + "id": "pyup.io-61883", + "more_info_path": "/vulnerabilities/CVE-2022-32214/61883", + "specs": [ + "<0.5.0" + ], + "v": "<0.5.0" + }, + { + "advisory": "Httptools 0.5.0 updates the bundled 'llhttp' library to v6.0.9 to include security fixes.", + "cve": "CVE-2022-32215", + "id": "pyup.io-61884", + "more_info_path": "/vulnerabilities/CVE-2022-32215/61884", + "specs": [ + "<0.5.0" + ], + "v": "<0.5.0" + } + ], "httpx": [ { "advisory": "Httpx 0.23.0 includes a fix for CVE-2021-41945: Encode OSS httpx < 0.23.0 is affected by improper input validation in 'httpx.URL', 'httpx.Client' and some functions using 'httpx.URL.copy_with'.", @@ -46709,20 +47566,20 @@ "v": "<0.3.0" }, { - "advisory": "Hypercorn 0.6.0 adds an SSL handshake timeout, fixing a potential DOS weakness.", - "cve": "PVE-2022-50842", - "id": "pyup.io-50842", - "more_info_path": "/vulnerabilities/PVE-2022-50842/50842", + "advisory": "Hypercorn 0.6.0 pauses reading during h11 pipelining, fixing a potential DOS weakness.", + "cve": "PVE-2022-50866", + "id": "pyup.io-50866", + "more_info_path": "/vulnerabilities/PVE-2022-50866/50866", "specs": [ "<0.6.0" ], "v": "<0.6.0" }, { - "advisory": "Hypercorn 0.6.0 pauses reading during h11 pipelining, fixing a potential DOS weakness.", - "cve": "PVE-2022-50866", - "id": "pyup.io-50866", - "more_info_path": "/vulnerabilities/PVE-2022-50866/50866", + "advisory": "Hypercorn 0.6.0 adds an SSL handshake timeout, fixing a potential DOS weakness.", + "cve": "PVE-2022-50842", + "id": "pyup.io-50842", + "more_info_path": "/vulnerabilities/PVE-2022-50842/50842", "specs": [ "<0.6.0" ], @@ -46857,20 +47714,20 @@ "v": "<5.0.0" }, { - "advisory": "Ihatemoney before 6.0.0 is vulnerable to Cross-site Scripting (XSS) attacks. This vulnerability could potentially allow attackers to modify websites, gain unauthorized access to user accounts, and execute harmful code on web pages. Ultimately, this could result in the user's devices being compromised.", - "cve": "PVE-2023-99960", - "id": "pyup.io-60884", - "more_info_path": "/vulnerabilities/PVE-2023-99960/60884", + "advisory": "Ihatemoney 6.0.0 includes a fix for a Cross-Site Request Forgery (CSRF) vulnerability.", + "cve": "PVE-2023-99959", + "id": "pyup.io-60890", + "more_info_path": "/vulnerabilities/PVE-2023-99959/60890", "specs": [ "<6.0.0" ], "v": "<6.0.0" }, { - "advisory": "Ihatemoney 6.0.0 includes a fix for a Cross-Site Request Forgery (CSRF) vulnerability.", - "cve": "PVE-2023-99959", - "id": "pyup.io-60890", - "more_info_path": "/vulnerabilities/PVE-2023-99959/60890", + "advisory": "Ihatemoney before 6.0.0 is vulnerable to Cross-site Scripting (XSS) attacks. This vulnerability could potentially allow attackers to modify websites, gain unauthorized access to user accounts, and execute harmful code on web pages. Ultimately, this could result in the user's devices being compromised.", + "cve": "PVE-2023-99960", + "id": "pyup.io-60884", + "more_info_path": "/vulnerabilities/PVE-2023-99960/60884", "specs": [ "<6.0.0" ], @@ -46889,9 +47746,21 @@ "v": "<1.5.0" } ], + "image-sorting-tool": [ + { + "advisory": "Image-sorting-tool 1.0.0 updates its dependency 'pillow' to include a security fix.\r\nhttps://github.com/ThorpeJosh/image-sorting-tool/pull/36", + "cve": "CVE-2023-4863", + "id": "pyup.io-61974", + "more_info_path": "/vulnerabilities/CVE-2023-4863/61974", + "specs": [ + "<1.0.0" + ], + "v": "<1.0.0" + } + ], "imagecodecs": [ { - "advisory": "Imagecodecs 2023.9.18 updates its C dependency 'libwebp' to v1.3.2 to include a fix for a high risk vulnerability.\r\nhttps://github.com/cgohlke/imagecodecs/commit/3d0dca35e7848ab6a50e157a78a074e6d3e96e7f\r\nhttps://github.com/cgohlke/imagecodecs/blob/v2023.9.18/CHANGES.rst", + "advisory": "Imagecodecs 2023.9.18 updates its C dependency 'libwebp' to v1.3.2 to include a fix for a high-risk vulnerability.\r\nhttps://github.com/cgohlke/imagecodecs/commit/3d0dca35e7848ab6a50e157a78a074e6d3e96e7f\r\nhttps://github.com/cgohlke/imagecodecs/blob/v2023.9.18/CHANGES.rst", "cve": "CVE-2023-4863", "id": "pyup.io-61496", "more_info_path": "/vulnerabilities/CVE-2023-4863/61496", @@ -46987,6 +47856,30 @@ "v": "<1.0.0" } ], + "img2table": [ + { + "advisory": "Img2table 1.2.3 updates its dependency 'pillow' to versions '>=10.0.1' to include a security fix.", + "cve": "CVE-2023-4863", + "id": "pyup.io-61919", + "more_info_path": "/vulnerabilities/CVE-2023-4863/61919", + "specs": [ + "<1.2.3" + ], + "v": "<1.2.3" + } + ], + "img2texture": [ + { + "advisory": "Img2texture 1.1.2 updates its dependency 'pillow' to include a security fix.", + "cve": "CVE-2023-4863", + "id": "pyup.io-61649", + "more_info_path": "/vulnerabilities/CVE-2023-4863/61649", + "specs": [ + "<1.1.2" + ], + "v": "<1.1.2" + } + ], "imgstore": [ { "advisory": "Imgstore 0.2.9 includes a security patch for the function 'new_for_filename' in 'imgstore/stores.py'. It used the unsafe yaml.load(), that allows instantiation of arbitrary objects. Consider yaml.safe_load().\r\nhttps://github.com/loopbio/imgstore/commit/06b49a519b687ff3cd20b06c4c797818df812d06#diff-9e38eed8462f9c72f080c6c96c054a06d828dbd0ebca39f3738471d4557c704a", @@ -47203,29 +48096,29 @@ }, { "advisory": "Indico 2.2.8 updates its dependency 'pillow' to v6.2.2 to include security fixes.", - "cve": "CVE-2020-5312", - "id": "pyup.io-43463", - "more_info_path": "/vulnerabilities/CVE-2020-5312/43463", + "cve": "CVE-2020-5310", + "id": "pyup.io-38163", + "more_info_path": "/vulnerabilities/CVE-2020-5310/38163", "specs": [ "<2.2.8" ], "v": "<2.2.8" }, { - "advisory": "Indico 2.2.8 updates its dependency 'bleach' to v3.1.4 to include security fixes.", - "cve": "CVE-2020-6816", - "id": "pyup.io-43467", - "more_info_path": "/vulnerabilities/CVE-2020-6816/43467", + "advisory": "Indico 2.2.8 updates its dependency 'pillow' to v6.2.2 to include security fixes.", + "cve": "CVE-2019-19911", + "id": "pyup.io-43465", + "more_info_path": "/vulnerabilities/CVE-2019-19911/43465", "specs": [ "<2.2.8" ], "v": "<2.2.8" }, { - "advisory": "Indico 2.2.8 updates its dependency 'pillow' to v6.2.2 to include security fixes.", - "cve": "CVE-2019-19911", - "id": "pyup.io-43465", - "more_info_path": "/vulnerabilities/CVE-2019-19911/43465", + "advisory": "Indico 2.2.8 updates its dependency 'bleach' to v3.1.4 to include security fixes.", + "cve": "CVE-2020-6816", + "id": "pyup.io-43467", + "more_info_path": "/vulnerabilities/CVE-2020-6816/43467", "specs": [ "<2.2.8" ], @@ -47233,9 +48126,9 @@ }, { "advisory": "Indico 2.2.8 updates its dependency 'pillow' to v6.2.2 to include security fixes.", - "cve": "CVE-2020-5310", - "id": "pyup.io-38163", - "more_info_path": "/vulnerabilities/CVE-2020-5310/38163", + "cve": "CVE-2020-5312", + "id": "pyup.io-43463", + "more_info_path": "/vulnerabilities/CVE-2020-5312/43463", "specs": [ "<2.2.8" ], @@ -47331,16 +48224,6 @@ ], "v": "<3.0rc1" }, - { - "advisory": "Indico 3.2.3 updates its dependency 'werkzeug' to include a security fix.", - "cve": "CVE-2023-25577", - "id": "pyup.io-53451", - "more_info_path": "/vulnerabilities/CVE-2023-25577/53451", - "specs": [ - "<3.2.3" - ], - "v": "<3.2.3" - }, { "advisory": "Indico 3.2.3 updates its dependency 'cryptography ' to include a security fix.", "cve": "CVE-2023-0286", @@ -47361,6 +48244,16 @@ ], "v": "<3.2.3" }, + { + "advisory": "Indico 3.2.3 updates its dependency 'werkzeug' to include a security fix.", + "cve": "CVE-2023-25577", + "id": "pyup.io-53451", + "more_info_path": "/vulnerabilities/CVE-2023-25577/53451", + "specs": [ + "<3.2.3" + ], + "v": "<3.2.3" + }, { "advisory": "Indico 3.2.5 includes a fix for a XSS vulnerability.\r\nhttps://github.com/indico/indico/pull/5818", "cve": "PVE-2023-59202", @@ -47381,6 +48274,16 @@ ], "v": "<3.2.6" }, + { + "advisory": "Indico 3.2.8 updates its dependency 'pillow' to include a fix for a high-risk vulnerability in libwebp.", + "cve": "CVE-2023-4863", + "id": "pyup.io-61766", + "more_info_path": "/vulnerabilities/CVE-2023-4863/61766", + "specs": [ + "<3.2.8" + ], + "v": "<3.2.8" + }, { "advisory": "Indico 2.0.3 no longer shows contribution information (metadata including title, speakers and a partial description) in the contribution list unless the user has access to a contribution.", "cve": "PVE-2021-37568", @@ -60326,20 +61229,20 @@ "v": "<3.2.1" }, { - "advisory": "The editor in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to execute arbitrary JavaScript code via a crafted file, which triggers a redirect to files/, related to MIME types.", - "cve": "CVE-2015-7337", - "id": "pyup.io-33133", - "more_info_path": "/vulnerabilities/CVE-2015-7337/33133", + "advisory": "Cross-site scripting (XSS) vulnerability in the file browser in notebook/notebookapp.py in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via a folder name. NOTE: this was originally reported as a cross-site request forgery (CSRF) vulnerability, but this may be inaccurate.", + "cve": "CVE-2015-6938", + "id": "pyup.io-33132", + "more_info_path": "/vulnerabilities/CVE-2015-6938/33132", "specs": [ "<3.2.2" ], "v": "<3.2.2" }, { - "advisory": "Cross-site scripting (XSS) vulnerability in the file browser in notebook/notebookapp.py in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via a folder name. NOTE: this was originally reported as a cross-site request forgery (CSRF) vulnerability, but this may be inaccurate.", - "cve": "CVE-2015-6938", - "id": "pyup.io-33132", - "more_info_path": "/vulnerabilities/CVE-2015-6938/33132", + "advisory": "The editor in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to execute arbitrary JavaScript code via a crafted file, which triggers a redirect to files/, related to MIME types.", + "cve": "CVE-2015-7337", + "id": "pyup.io-33133", + "more_info_path": "/vulnerabilities/CVE-2015-7337/33133", "specs": [ "<3.2.2" ], @@ -60864,9 +61767,9 @@ "iso6709": [ { "advisory": "Iso6709 0.1.4 updates its dependency 'urllib3' to v1.25.3 to include security fixes.", - "cve": "CVE-2018-20060", - "id": "pyup.io-37250", - "more_info_path": "/vulnerabilities/CVE-2018-20060/37250", + "cve": "CVE-2019-11236", + "id": "pyup.io-49130", + "more_info_path": "/vulnerabilities/CVE-2019-11236/49130", "specs": [ "<0.1.4" ], @@ -60874,9 +61777,9 @@ }, { "advisory": "Iso6709 0.1.4 updates its dependency 'urllib3' to v1.25.3 to include security fixes.", - "cve": "CVE-2019-11324", - "id": "pyup.io-49131", - "more_info_path": "/vulnerabilities/CVE-2019-11324/49131", + "cve": "CVE-2018-20060", + "id": "pyup.io-37250", + "more_info_path": "/vulnerabilities/CVE-2018-20060/37250", "specs": [ "<0.1.4" ], @@ -60884,9 +61787,9 @@ }, { "advisory": "Iso6709 0.1.4 updates its dependency 'urllib3' to v1.25.3 to include security fixes.", - "cve": "CVE-2019-11236", - "id": "pyup.io-49130", - "more_info_path": "/vulnerabilities/CVE-2019-11236/49130", + "cve": "CVE-2019-11324", + "id": "pyup.io-49131", + "more_info_path": "/vulnerabilities/CVE-2019-11324/49131", "specs": [ "<0.1.4" ], @@ -60971,6 +61874,16 @@ "<2.0.2" ], "v": "<2.0.2" + }, + { + "advisory": "Jageocoder 2.1.1 updated several versions of dependent packages that have been identified as vulnerable.", + "cve": "PVE-2023-62100", + "id": "pyup.io-62100", + "more_info_path": "/vulnerabilities/PVE-2023-62100/62100", + "specs": [ + "<2.1.1" + ], + "v": "<2.1.1" } ], "jake": [ @@ -61153,16 +62066,6 @@ ], "v": "<2.0.0" }, - { - "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29526", - "id": "pyup.io-44157", - "more_info_path": "/vulnerabilities/CVE-2021-29526/44157", - "specs": [ - "<2.0.0" - ], - "v": "<2.0.0" - }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", "cve": "CVE-2021-29549", @@ -61215,19 +62118,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29588", - "id": "pyup.io-44108", - "more_info_path": "/vulnerabilities/CVE-2021-29588/44108", - "specs": [ - "<2.0.0" - ], - "v": "<2.0.0" - }, - { - "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29562", - "id": "pyup.io-44163", - "more_info_path": "/vulnerabilities/CVE-2021-29562/44163", + "cve": "CVE-2021-29541", + "id": "pyup.io-44130", + "more_info_path": "/vulnerabilities/CVE-2021-29541/44130", "specs": [ "<2.0.0" ], @@ -61235,9 +62128,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29543", - "id": "pyup.io-44072", - "more_info_path": "/vulnerabilities/CVE-2021-29543/44072", + "cve": "CVE-2021-29598", + "id": "pyup.io-44122", + "more_info_path": "/vulnerabilities/CVE-2021-29598/44122", "specs": [ "<2.0.0" ], @@ -61245,9 +62138,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29598", - "id": "pyup.io-44122", - "more_info_path": "/vulnerabilities/CVE-2021-29598/44122", + "cve": "CVE-2021-29556", + "id": "pyup.io-44151", + "more_info_path": "/vulnerabilities/CVE-2021-29556/44151", "specs": [ "<2.0.0" ], @@ -61255,9 +62148,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29551", - "id": "pyup.io-44096", - "more_info_path": "/vulnerabilities/CVE-2021-29551/44096", + "cve": "CVE-2021-29562", + "id": "pyup.io-44163", + "more_info_path": "/vulnerabilities/CVE-2021-29562/44163", "specs": [ "<2.0.0" ], @@ -61265,9 +62158,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29556", - "id": "pyup.io-44151", - "more_info_path": "/vulnerabilities/CVE-2021-29556/44151", + "cve": "CVE-2021-29543", + "id": "pyup.io-44072", + "more_info_path": "/vulnerabilities/CVE-2021-29543/44072", "specs": [ "<2.0.0" ], @@ -61275,9 +62168,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29541", - "id": "pyup.io-44130", - "more_info_path": "/vulnerabilities/CVE-2021-29541/44130", + "cve": "CVE-2021-29551", + "id": "pyup.io-44096", + "more_info_path": "/vulnerabilities/CVE-2021-29551/44096", "specs": [ "<2.0.0" ], @@ -61305,9 +62198,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29525", - "id": "pyup.io-44061", - "more_info_path": "/vulnerabilities/CVE-2021-29525/44061", + "cve": "CVE-2021-29531", + "id": "pyup.io-44121", + "more_info_path": "/vulnerabilities/CVE-2021-29531/44121", "specs": [ "<2.0.0" ], @@ -61375,9 +62268,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29585", - "id": "pyup.io-44106", - "more_info_path": "/vulnerabilities/CVE-2021-29585/44106", + "cve": "CVE-2021-29520", + "id": "pyup.io-44065", + "more_info_path": "/vulnerabilities/CVE-2021-29520/44065", "specs": [ "<2.0.0" ], @@ -61385,9 +62278,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29520", - "id": "pyup.io-44065", - "more_info_path": "/vulnerabilities/CVE-2021-29520/44065", + "cve": "CVE-2021-29585", + "id": "pyup.io-44106", + "more_info_path": "/vulnerabilities/CVE-2021-29585/44106", "specs": [ "<2.0.0" ], @@ -61455,9 +62348,19 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29579", - "id": "pyup.io-44101", - "more_info_path": "/vulnerabilities/CVE-2021-29579/44101", + "cve": "CVE-2021-29583", + "id": "pyup.io-44104", + "more_info_path": "/vulnerabilities/CVE-2021-29583/44104", + "specs": [ + "<2.0.0" + ], + "v": "<2.0.0" + }, + { + "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", + "cve": "CVE-2021-29574", + "id": "pyup.io-44168", + "more_info_path": "/vulnerabilities/CVE-2021-29574/44168", "specs": [ "<2.0.0" ], @@ -61475,9 +62378,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29583", - "id": "pyup.io-44104", - "more_info_path": "/vulnerabilities/CVE-2021-29583/44104", + "cve": "CVE-2021-29586", + "id": "pyup.io-44107", + "more_info_path": "/vulnerabilities/CVE-2021-29586/44107", "specs": [ "<2.0.0" ], @@ -61485,9 +62388,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29574", - "id": "pyup.io-44168", - "more_info_path": "/vulnerabilities/CVE-2021-29574/44168", + "cve": "CVE-2021-29526", + "id": "pyup.io-44157", + "more_info_path": "/vulnerabilities/CVE-2021-29526/44157", "specs": [ "<2.0.0" ], @@ -61495,9 +62398,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29586", - "id": "pyup.io-44107", - "more_info_path": "/vulnerabilities/CVE-2021-29586/44107", + "cve": "CVE-2021-29523", + "id": "pyup.io-44068", + "more_info_path": "/vulnerabilities/CVE-2021-29523/44068", "specs": [ "<2.0.0" ], @@ -61505,9 +62408,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29559", - "id": "pyup.io-44153", - "more_info_path": "/vulnerabilities/CVE-2021-29559/44153", + "cve": "CVE-2021-29561", + "id": "pyup.io-44162", + "more_info_path": "/vulnerabilities/CVE-2021-29561/44162", "specs": [ "<2.0.0" ], @@ -61515,9 +62418,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29522", - "id": "pyup.io-44063", - "more_info_path": "/vulnerabilities/CVE-2021-29522/44063", + "cve": "CVE-2021-29568", + "id": "pyup.io-44078", + "more_info_path": "/vulnerabilities/CVE-2021-29568/44078", "specs": [ "<2.0.0" ], @@ -61525,9 +62428,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29617", - "id": "pyup.io-44139", - "more_info_path": "/vulnerabilities/CVE-2021-29617/44139", + "cve": "CVE-2021-29559", + "id": "pyup.io-44153", + "more_info_path": "/vulnerabilities/CVE-2021-29559/44153", "specs": [ "<2.0.0" ], @@ -61553,6 +62456,16 @@ ], "v": "<2.0.0" }, + { + "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", + "cve": "CVE-2021-29617", + "id": "pyup.io-44139", + "more_info_path": "/vulnerabilities/CVE-2021-29617/44139", + "specs": [ + "<2.0.0" + ], + "v": "<2.0.0" + }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", "cve": "CVE-2021-29570", @@ -61563,6 +62476,96 @@ ], "v": "<2.0.0" }, + { + "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", + "cve": "CVE-2021-29588", + "id": "pyup.io-44108", + "more_info_path": "/vulnerabilities/CVE-2021-29588/44108", + "specs": [ + "<2.0.0" + ], + "v": "<2.0.0" + }, + { + "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", + "cve": "CVE-2021-29525", + "id": "pyup.io-44061", + "more_info_path": "/vulnerabilities/CVE-2021-29525/44061", + "specs": [ + "<2.0.0" + ], + "v": "<2.0.0" + }, + { + "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", + "cve": "CVE-2021-29557", + "id": "pyup.io-44149", + "more_info_path": "/vulnerabilities/CVE-2021-29557/44149", + "specs": [ + "<2.0.0" + ], + "v": "<2.0.0" + }, + { + "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", + "cve": "CVE-2021-29589", + "id": "pyup.io-44087", + "more_info_path": "/vulnerabilities/CVE-2021-29589/44087", + "specs": [ + "<2.0.0" + ], + "v": "<2.0.0" + }, + { + "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", + "cve": "CVE-2021-29579", + "id": "pyup.io-44101", + "more_info_path": "/vulnerabilities/CVE-2021-29579/44101", + "specs": [ + "<2.0.0" + ], + "v": "<2.0.0" + }, + { + "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", + "cve": "CVE-2021-29522", + "id": "pyup.io-44063", + "more_info_path": "/vulnerabilities/CVE-2021-29522/44063", + "specs": [ + "<2.0.0" + ], + "v": "<2.0.0" + }, + { + "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", + "cve": "CVE-2021-29542", + "id": "pyup.io-44129", + "more_info_path": "/vulnerabilities/CVE-2021-29542/44129", + "specs": [ + "<2.0.0" + ], + "v": "<2.0.0" + }, + { + "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", + "cve": "CVE-2021-29603", + "id": "pyup.io-44126", + "more_info_path": "/vulnerabilities/CVE-2021-29603/44126", + "specs": [ + "<2.0.0" + ], + "v": "<2.0.0" + }, + { + "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", + "cve": "CVE-2021-29538", + "id": "pyup.io-44093", + "more_info_path": "/vulnerabilities/CVE-2021-29538/44093", + "specs": [ + "<2.0.0" + ], + "v": "<2.0.0" + }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", "cve": "CVE-2021-29572", @@ -61595,9 +62598,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29554", - "id": "pyup.io-44145", - "more_info_path": "/vulnerabilities/CVE-2021-29554/44145", + "cve": "CVE-2021-29546", + "id": "pyup.io-44135", + "more_info_path": "/vulnerabilities/CVE-2021-29546/44135", "specs": [ "<2.0.0" ], @@ -61605,9 +62608,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29546", - "id": "pyup.io-44135", - "more_info_path": "/vulnerabilities/CVE-2021-29546/44135", + "cve": "CVE-2021-29554", + "id": "pyup.io-44145", + "more_info_path": "/vulnerabilities/CVE-2021-29554/44145", "specs": [ "<2.0.0" ], @@ -61625,9 +62628,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2020-8169", - "id": "pyup.io-44069", - "more_info_path": "/vulnerabilities/CVE-2020-8169/44069", + "cve": "CVE-2021-29521", + "id": "pyup.io-44067", + "more_info_path": "/vulnerabilities/CVE-2021-29521/44067", "specs": [ "<2.0.0" ], @@ -61635,9 +62638,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29521", - "id": "pyup.io-44067", - "more_info_path": "/vulnerabilities/CVE-2021-29521/44067", + "cve": "CVE-2020-8169", + "id": "pyup.io-44069", + "more_info_path": "/vulnerabilities/CVE-2020-8169/44069", "specs": [ "<2.0.0" ], @@ -61655,9 +62658,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29584", - "id": "pyup.io-44105", - "more_info_path": "/vulnerabilities/CVE-2021-29584/44105", + "cve": "CVE-2021-29518", + "id": "pyup.io-44156", + "more_info_path": "/vulnerabilities/CVE-2021-29518/44156", "specs": [ "<2.0.0" ], @@ -61665,9 +62668,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29530", - "id": "pyup.io-44118", - "more_info_path": "/vulnerabilities/CVE-2021-29530/44118", + "cve": "CVE-2021-29614", + "id": "pyup.io-44173", + "more_info_path": "/vulnerabilities/CVE-2021-29614/44173", "specs": [ "<2.0.0" ], @@ -61675,9 +62678,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29518", - "id": "pyup.io-44156", - "more_info_path": "/vulnerabilities/CVE-2021-29518/44156", + "cve": "CVE-2021-29584", + "id": "pyup.io-44105", + "more_info_path": "/vulnerabilities/CVE-2021-29584/44105", "specs": [ "<2.0.0" ], @@ -61685,9 +62688,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29614", - "id": "pyup.io-44173", - "more_info_path": "/vulnerabilities/CVE-2021-29614/44173", + "cve": "CVE-2021-29530", + "id": "pyup.io-44118", + "more_info_path": "/vulnerabilities/CVE-2021-29530/44118", "specs": [ "<2.0.0" ], @@ -61695,9 +62698,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29524", - "id": "pyup.io-44064", - "more_info_path": "/vulnerabilities/CVE-2021-29524/44064", + "cve": "CVE-2021-29544", + "id": "pyup.io-44074", + "more_info_path": "/vulnerabilities/CVE-2021-29544/44074", "specs": [ "<2.0.0" ], @@ -61705,9 +62708,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29619", - "id": "pyup.io-44143", - "more_info_path": "/vulnerabilities/CVE-2021-29619/44143", + "cve": "CVE-2021-29569", + "id": "pyup.io-44161", + "more_info_path": "/vulnerabilities/CVE-2021-29569/44161", "specs": [ "<2.0.0" ], @@ -61715,9 +62718,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29569", - "id": "pyup.io-44161", - "more_info_path": "/vulnerabilities/CVE-2021-29569/44161", + "cve": "CVE-2021-29524", + "id": "pyup.io-44064", + "more_info_path": "/vulnerabilities/CVE-2021-29524/44064", "specs": [ "<2.0.0" ], @@ -61725,9 +62728,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29544", - "id": "pyup.io-44074", - "more_info_path": "/vulnerabilities/CVE-2021-29544/44074", + "cve": "CVE-2021-29552", + "id": "pyup.io-44142", + "more_info_path": "/vulnerabilities/CVE-2021-29552/44142", "specs": [ "<2.0.0" ], @@ -61735,9 +62738,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29532", - "id": "pyup.io-44070", - "more_info_path": "/vulnerabilities/CVE-2021-29532/44070", + "cve": "CVE-2021-29619", + "id": "pyup.io-44143", + "more_info_path": "/vulnerabilities/CVE-2021-29619/44143", "specs": [ "<2.0.0" ], @@ -61755,9 +62758,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29552", - "id": "pyup.io-44142", - "more_info_path": "/vulnerabilities/CVE-2021-29552/44142", + "cve": "CVE-2021-29532", + "id": "pyup.io-44070", + "more_info_path": "/vulnerabilities/CVE-2021-29532/44070", "specs": [ "<2.0.0" ], @@ -61773,16 +62776,6 @@ ], "v": "<2.0.0" }, - { - "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29519", - "id": "pyup.io-44062", - "more_info_path": "/vulnerabilities/CVE-2021-29519/44062", - "specs": [ - "<2.0.0" - ], - "v": "<2.0.0" - }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", "cve": "CVE-2021-29515", @@ -61803,16 +62796,6 @@ ], "v": "<2.0.0" }, - { - "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29567", - "id": "pyup.io-44086", - "more_info_path": "/vulnerabilities/CVE-2021-29567/44086", - "specs": [ - "<2.0.0" - ], - "v": "<2.0.0" - }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", "cve": "CVE-2021-29577", @@ -61845,9 +62828,19 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29557", - "id": "pyup.io-44149", - "more_info_path": "/vulnerabilities/CVE-2021-29557/44149", + "cve": "CVE-2021-29567", + "id": "pyup.io-44086", + "more_info_path": "/vulnerabilities/CVE-2021-29567/44086", + "specs": [ + "<2.0.0" + ], + "v": "<2.0.0" + }, + { + "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", + "cve": "CVE-2021-29517", + "id": "pyup.io-44160", + "more_info_path": "/vulnerabilities/CVE-2021-29517/44160", "specs": [ "<2.0.0" ], @@ -61875,9 +62868,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29517", - "id": "pyup.io-44160", - "more_info_path": "/vulnerabilities/CVE-2021-29517/44160", + "cve": "CVE-2021-29576", + "id": "pyup.io-44169", + "more_info_path": "/vulnerabilities/CVE-2021-29576/44169", "specs": [ "<2.0.0" ], @@ -61893,16 +62886,6 @@ ], "v": "<2.0.0" }, - { - "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29540", - "id": "pyup.io-44094", - "more_info_path": "/vulnerabilities/CVE-2021-29540/44094", - "specs": [ - "<2.0.0" - ], - "v": "<2.0.0" - }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", "cve": "CVE-2021-29601", @@ -61913,16 +62896,6 @@ ], "v": "<2.0.0" }, - { - "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29593", - "id": "pyup.io-44114", - "more_info_path": "/vulnerabilities/CVE-2021-29593/44114", - "specs": [ - "<2.0.0" - ], - "v": "<2.0.0" - }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", "cve": "CVE-2020-8285", @@ -61935,19 +62908,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29576", - "id": "pyup.io-44169", - "more_info_path": "/vulnerabilities/CVE-2021-29576/44169", - "specs": [ - "<2.0.0" - ], - "v": "<2.0.0" - }, - { - "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29531", - "id": "pyup.io-44121", - "more_info_path": "/vulnerabilities/CVE-2021-29531/44121", + "cve": "CVE-2021-29540", + "id": "pyup.io-44094", + "more_info_path": "/vulnerabilities/CVE-2021-29540/44094", "specs": [ "<2.0.0" ], @@ -61955,9 +62918,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29523", - "id": "pyup.io-44068", - "more_info_path": "/vulnerabilities/CVE-2021-29523/44068", + "cve": "CVE-2021-29593", + "id": "pyup.io-44114", + "more_info_path": "/vulnerabilities/CVE-2021-29593/44114", "specs": [ "<2.0.0" ], @@ -61973,16 +62936,6 @@ ], "v": "<2.0.0" }, - { - "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29542", - "id": "pyup.io-44129", - "more_info_path": "/vulnerabilities/CVE-2021-29542/44129", - "specs": [ - "<2.0.0" - ], - "v": "<2.0.0" - }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", "cve": "CVE-2021-29571", @@ -61995,9 +62948,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2020-8231", - "id": "pyup.io-44148", - "more_info_path": "/vulnerabilities/CVE-2020-8231/44148", + "cve": "CVE-2021-29600", + "id": "pyup.io-44124", + "more_info_path": "/vulnerabilities/CVE-2021-29600/44124", "specs": [ "<2.0.0" ], @@ -62005,9 +62958,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29600", - "id": "pyup.io-44124", - "more_info_path": "/vulnerabilities/CVE-2021-29600/44124", + "cve": "CVE-2020-8231", + "id": "pyup.io-44148", + "more_info_path": "/vulnerabilities/CVE-2020-8231/44148", "specs": [ "<2.0.0" ], @@ -62033,16 +62986,6 @@ ], "v": "<2.0.0" }, - { - "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29609", - "id": "pyup.io-44132", - "more_info_path": "/vulnerabilities/CVE-2021-29609/44132", - "specs": [ - "<2.0.0" - ], - "v": "<2.0.0" - }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", "cve": "CVE-2021-29547", @@ -62055,9 +62998,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29603", - "id": "pyup.io-44126", - "more_info_path": "/vulnerabilities/CVE-2021-29603/44126", + "cve": "CVE-2021-29609", + "id": "pyup.io-44132", + "more_info_path": "/vulnerabilities/CVE-2021-29609/44132", "specs": [ "<2.0.0" ], @@ -62085,19 +63028,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29561", - "id": "pyup.io-44162", - "more_info_path": "/vulnerabilities/CVE-2021-29561/44162", - "specs": [ - "<2.0.0" - ], - "v": "<2.0.0" - }, - { - "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2020-8284", - "id": "pyup.io-44150", - "more_info_path": "/vulnerabilities/CVE-2020-8284/44150", + "cve": "CVE-2021-29548", + "id": "pyup.io-44091", + "more_info_path": "/vulnerabilities/CVE-2021-29548/44091", "specs": [ "<2.0.0" ], @@ -62105,9 +63038,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29568", - "id": "pyup.io-44078", - "more_info_path": "/vulnerabilities/CVE-2021-29568/44078", + "cve": "CVE-2021-29607", + "id": "pyup.io-44131", + "more_info_path": "/vulnerabilities/CVE-2021-29607/44131", "specs": [ "<2.0.0" ], @@ -62115,9 +63048,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29548", - "id": "pyup.io-44091", - "more_info_path": "/vulnerabilities/CVE-2021-29548/44091", + "cve": "CVE-2021-29599", + "id": "pyup.io-44123", + "more_info_path": "/vulnerabilities/CVE-2021-29599/44123", "specs": [ "<2.0.0" ], @@ -62125,9 +63058,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29607", - "id": "pyup.io-44131", - "more_info_path": "/vulnerabilities/CVE-2021-29607/44131", + "cve": "CVE-2020-8284", + "id": "pyup.io-44150", + "more_info_path": "/vulnerabilities/CVE-2020-8284/44150", "specs": [ "<2.0.0" ], @@ -62143,16 +63076,6 @@ ], "v": "<2.0.0" }, - { - "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29599", - "id": "pyup.io-44123", - "more_info_path": "/vulnerabilities/CVE-2021-29599/44123", - "specs": [ - "<2.0.0" - ], - "v": "<2.0.0" - }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", "cve": "CVE-2021-29575", @@ -62175,9 +63098,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29553", - "id": "pyup.io-44141", - "more_info_path": "/vulnerabilities/CVE-2021-29553/44141", + "cve": "CVE-2021-29582", + "id": "pyup.io-44103", + "more_info_path": "/vulnerabilities/CVE-2021-29582/44103", "specs": [ "<2.0.0" ], @@ -62185,9 +63108,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29582", - "id": "pyup.io-44103", - "more_info_path": "/vulnerabilities/CVE-2021-29582/44103", + "cve": "CVE-2021-29553", + "id": "pyup.io-44141", + "more_info_path": "/vulnerabilities/CVE-2021-29553/44141", "specs": [ "<2.0.0" ], @@ -62213,16 +63136,6 @@ ], "v": "<2.0.0" }, - { - "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29538", - "id": "pyup.io-44093", - "more_info_path": "/vulnerabilities/CVE-2021-29538/44093", - "specs": [ - "<2.0.0" - ], - "v": "<2.0.0" - }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", "cve": "CVE-2021-29555", @@ -62245,9 +63158,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29589", - "id": "pyup.io-44087", - "more_info_path": "/vulnerabilities/CVE-2021-29589/44087", + "cve": "CVE-2021-29519", + "id": "pyup.io-44062", + "more_info_path": "/vulnerabilities/CVE-2021-29519/44062", "specs": [ "<2.0.0" ], @@ -62590,6 +63503,18 @@ "v": "<=1.0.0" } ], + "js-jquery-datatables": [ + { + "advisory": "A security flaw with Cross-site scripting could potentially enable an attacker to take over a user's session. Essentially, this may allow the unauthorized individual to alter the user's password and invalidate the victim's session, all while maintaining access themselves.", + "cve": "PVE-2023-99917", + "id": "pyup.io-62002", + "more_info_path": "/vulnerabilities/PVE-2023-99917/62002", + "specs": [ + ">0.0a" + ], + "v": ">0.0a" + } + ], "js-mocha": [ { "advisory": "Js.mocha 2.2.5 (Fanstatic packaging of Mocha) has NPM dependencies with known vulnerabilities (glob).", @@ -63099,6 +64024,16 @@ "<0.7.2" ], "v": "<0.7.2" + }, + { + "advisory": "Jupyter-matlab-proxy 0.8.0 includes a fix for an authentication bypass vulnerability on multi-user-systems.\r\nhttps://github.com/mathworks/jupyter-matlab-proxy/issues/63", + "cve": "PVE-2023-61606", + "id": "pyup.io-61606", + "more_info_path": "/vulnerabilities/PVE-2023-61606/61606", + "specs": [ + "<0.8.0" + ], + "v": "<0.8.0" } ], "jupyter-nbrequirements": [ @@ -64128,17 +65063,6 @@ ], "v": "<15.0.1,>=16.0.0.0rc1,<=16.0.0" }, - { - "advisory": "An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope (trust/oauth/application credential) can create an EC2 credential with an escalated permission, such as obtaining admin while the user is on a limited viewer role. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges.", - "cve": "CVE-2020-12689", - "id": "pyup.io-38587", - "more_info_path": "/vulnerabilities/CVE-2020-12689/38587", - "specs": [ - "<15.0.1", - ">=16.0.0.0rc1,<=16.0.0" - ], - "v": "<15.0.1,>=16.0.0.0rc1,<=16.0.0" - }, { "advisory": "An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any authenticated user can create an EC2 credential for themselves for a project that they have a specified role on, and then perform an update to the credential user and project, allowing them to masquerade as another user. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges.", "cve": "CVE-2020-12691", @@ -64161,6 +65085,17 @@ ], "v": "<15.0.1,>=16.0.0.0rc1,<=16.0.0" }, + { + "advisory": "An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope (trust/oauth/application credential) can create an EC2 credential with an escalated permission, such as obtaining admin while the user is on a limited viewer role. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges.", + "cve": "CVE-2020-12689", + "id": "pyup.io-38587", + "more_info_path": "/vulnerabilities/CVE-2020-12689/38587", + "specs": [ + "<15.0.1", + ">=16.0.0.0rc1,<=16.0.0" + ], + "v": "<15.0.1,>=16.0.0.0rc1,<=16.0.0" + }, { "advisory": "In Keystone versions prior to 8.0.0, It is possible to remotely trigger a crash in Keystone by sending an extremely long password. When Keystone is validating the password, glibc allocates space on the stack for the entire password. If the password is long enough, stack space can be exhausted, resulting in a crash. This vulnerability is mitigated by a patch to impose a reasonable limit on password length (4 kB). See also: CVE-2012-1572 and https://security.openstack.org/ossa/OSSA-2012-002.html.\r\nhttps://github.com/openstack/keystone/commit/239e4f64c2134338b32ffd6d42c0b6ff70cd040c", "cve": "CVE-2012-1572", @@ -64370,6 +65305,26 @@ "<1.6.5" ], "v": "<1.6.5" + }, + { + "advisory": "Kfp-tekton 1.8.1 updates its GO dependency 'golang.org/x/net' to 0.17.0 to include a security fix.\r\nhttps://github.com/kubeflow/kfp-tekton/pull/1377", + "cve": "CVE-2023-39325", + "id": "pyup.io-61882", + "more_info_path": "/vulnerabilities/CVE-2023-39325/61882", + "specs": [ + "<1.8.1" + ], + "v": "<1.8.1" + }, + { + "advisory": "Kfp-tekton 1.8.1 updates its GO dependency 'tektoncd/pipeline' to 0.50.2 to include a security fix.\r\nhttps://github.com/kubeflow/kfp-tekton/pull/1382", + "cve": "CVE-2023-44487", + "id": "pyup.io-61881", + "more_info_path": "/vulnerabilities/CVE-2023-44487/61881", + "specs": [ + "<1.8.1" + ], + "v": "<1.8.1" } ], "kglab": [ @@ -64509,9 +65464,9 @@ }, { "advisory": "Khorosjx 3.0.0 updates its dependency \"urllib3\" to v1.26.6 to include security fixes.", - "cve": "CVE-2020-26137", - "id": "pyup.io-49043", - "more_info_path": "/vulnerabilities/CVE-2020-26137/49043", + "cve": "CVE-2021-33503", + "id": "pyup.io-49044", + "more_info_path": "/vulnerabilities/CVE-2021-33503/49044", "specs": [ "<3.0.0" ], @@ -64519,9 +65474,9 @@ }, { "advisory": "Khorosjx 3.0.0 updates its dependency \"urllib3\" to v1.26.6 to include security fixes.", - "cve": "CVE-2021-33503", - "id": "pyup.io-49044", - "more_info_path": "/vulnerabilities/CVE-2021-33503/49044", + "cve": "CVE-2020-26137", + "id": "pyup.io-49043", + "more_info_path": "/vulnerabilities/CVE-2020-26137/49043", "specs": [ "<3.0.0" ], @@ -64670,7 +65625,7 @@ ], "kivy-deps.sdl2": [ { - "advisory": "Kivy-deps.sdl2 0.6.0 and prior versions (wheels for Windows) include a version of 'libwebp-7.dll', which is affected by a high risk vulnerability.", + "advisory": "Kivy-deps.sdl2 0.6.0 and prior versions (wheels for Windows) include a version of 'libwebp-7.dll', which is affected by a high-risk vulnerability.", "cve": "CVE-2023-4863", "id": "pyup.io-61495", "more_info_path": "/vulnerabilities/CVE-2023-4863/61495", @@ -64871,6 +65826,16 @@ ], "v": "<6.10" }, + { + "advisory": "Kiwi TCMS 6.11 updates its dependency 'Django' to v2.2.4 to include security fixes.", + "cve": "CVE-2019-14232", + "id": "pyup.io-43690", + "more_info_path": "/vulnerabilities/CVE-2019-14232/43690", + "specs": [ + "<6.11" + ], + "v": "<6.11" + }, { "advisory": "Kiwi TCMS 6.11 updates its NPM dependency 'Marked' to v0.7.0 to include a security fix.\r\nhttps://github.com/kiwitcms/Kiwi/commit/e5e90133973d1e46ff50718b180e84bd8217db1e\r\nhttps://github.com/advisories/GHSA-ch52-vgq2-943f", "cve": "PVE-2021-43694", @@ -64901,16 +65866,6 @@ ], "v": "<6.11" }, - { - "advisory": "Kiwi TCMS 6.11 updates its dependency 'Django' to v2.2.4 to include security fixes.", - "cve": "CVE-2019-14232", - "id": "pyup.io-43690", - "more_info_path": "/vulnerabilities/CVE-2019-14232/43690", - "specs": [ - "<6.11" - ], - "v": "<6.11" - }, { "advisory": "Kiwi TCMS 6.11 updates its dependency 'Django' to v2.2.4 to include security fixes.", "cve": "CVE-2019-14235", @@ -65072,6 +66027,16 @@ "<0.27.6" ], "v": "<0.27.6" + }, + { + "advisory": "Klayout 0.28.12 and prior releases ship with a version of 'libcurl' that has a high-severity vulnerability.", + "cve": "CVE-2023-38545", + "id": "pyup.io-61776", + "more_info_path": "/vulnerabilities/CVE-2023-38545/61776", + "specs": [ + "<=0.28.12" + ], + "v": "<=0.28.12" } ], "klocmod": [ @@ -65584,40 +66549,40 @@ "v": "<0.10.0rc0" }, { - "advisory": "Kserve 0.10.0rc0 updates 'aix-explainer' Dockerfile to resolve several critical CVEs.\r\nhttps://github.com/kserve/kserve/pull/2364", - "cve": "CVE-2022-3970", - "id": "pyup.io-52023", - "more_info_path": "/vulnerabilities/CVE-2022-3970/52023", + "advisory": "Kserve 0.10.0rc0 updates 'alibi-explainer' Dockerfile to resolve several critical CVEs.\r\nhttps://github.com/kserve/kserve/pull/2270", + "cve": "CVE-2022-27444", + "id": "pyup.io-52011", + "more_info_path": "/vulnerabilities/CVE-2022-27444/52011", "specs": [ "<0.10.0rc0" ], "v": "<0.10.0rc0" }, { - "advisory": "Kserve 0.10.0rc0 updates 'alibi-explainer' Dockerfile to resolve several critical CVEs.\r\nhttps://github.com/kserve/kserve/pull/2270", - "cve": "CVE-2022-3970", - "id": "pyup.io-52018", - "more_info_path": "/vulnerabilities/CVE-2022-3970/52018", + "advisory": "Kserve 0.10.0rc0 updates 'art-explainer' Dockerfile to resolve several critical CVEs.\r\nhttps://github.com/kserve/kserve/pull/2272", + "cve": "CVE-2021-30473", + "id": "pyup.io-52001", + "more_info_path": "/vulnerabilities/CVE-2021-30473/52001", "specs": [ "<0.10.0rc0" ], "v": "<0.10.0rc0" }, { - "advisory": "Kserve 0.10.0rc0 updates 'alibi-explainer' Dockerfile to resolve several critical CVEs.\r\nhttps://github.com/kserve/kserve/pull/2270", - "cve": "CVE-2022-27444", - "id": "pyup.io-52011", - "more_info_path": "/vulnerabilities/CVE-2022-27444/52011", + "advisory": "Kserve 0.10.0rc0 updates 'aix-explainer' Dockerfile to resolve several critical CVEs.\r\nhttps://github.com/kserve/kserve/pull/2364", + "cve": "CVE-2022-3970", + "id": "pyup.io-52023", + "more_info_path": "/vulnerabilities/CVE-2022-3970/52023", "specs": [ "<0.10.0rc0" ], "v": "<0.10.0rc0" }, { - "advisory": "Kserve 0.10.0rc0 updates 'art-explainer' Dockerfile to resolve several critical CVEs.\r\nhttps://github.com/kserve/kserve/pull/2272", - "cve": "CVE-2021-30473", - "id": "pyup.io-52001", - "more_info_path": "/vulnerabilities/CVE-2021-30473/52001", + "advisory": "Kserve 0.10.0rc0 updates 'alibi-explainer' Dockerfile to resolve several critical CVEs.\r\nhttps://github.com/kserve/kserve/pull/2270", + "cve": "CVE-2022-3970", + "id": "pyup.io-52018", + "more_info_path": "/vulnerabilities/CVE-2022-3970/52018", "specs": [ "<0.10.0rc0" ], @@ -65674,7 +66639,79 @@ "v": "<0.9.0rc0" } ], + "kube-copilot": [ + { + "advisory": "Kube-copilot 0.1.21 updates its dependency 'langchain' to v0.0.278 to include a security fix.", + "cve": "CVE-2023-34541", + "id": "pyup.io-61670", + "more_info_path": "/vulnerabilities/CVE-2023-34541/61670", + "specs": [ + "<0.1.21" + ], + "v": "<0.1.21" + }, + { + "advisory": "Kube-copilot 0.1.21 updates its dependency 'langchain' to v0.0.278 to include a security fix.", + "cve": "CVE-2023-36188", + "id": "pyup.io-61671", + "more_info_path": "/vulnerabilities/CVE-2023-36188/61671", + "specs": [ + "<0.1.21" + ], + "v": "<0.1.21" + }, + { + "advisory": "Kube-copilot 0.1.21 updates its dependency 'langchain' to v0.0.278 to include a security fix.", + "cve": "CVE-2023-36189", + "id": "pyup.io-61672", + "more_info_path": "/vulnerabilities/CVE-2023-36189/61672", + "specs": [ + "<0.1.21" + ], + "v": "<0.1.21" + }, + { + "advisory": "Kube-copilot 0.1.21 updates its dependency 'langchain' to v0.0.278 to include a security fix.", + "cve": "CVE-2023-36258", + "id": "pyup.io-61665", + "more_info_path": "/vulnerabilities/CVE-2023-36258/61665", + "specs": [ + "<0.1.21" + ], + "v": "<0.1.21" + }, + { + "advisory": "Kube-copilot 0.1.21 updates its dependency 'langchain' to v0.0.278 to include a security fix.", + "cve": "CVE-2023-36095", + "id": "pyup.io-61673", + "more_info_path": "/vulnerabilities/CVE-2023-36095/61673", + "specs": [ + "<0.1.21" + ], + "v": "<0.1.21" + }, + { + "advisory": "Kube-copilot 0.1.22 updates its dependency 'aiohttp' to v3.8.6 to include a security fix.", + "cve": "PVE-2023-61657", + "id": "pyup.io-61664", + "more_info_path": "/vulnerabilities/PVE-2023-61657/61664", + "specs": [ + "<0.1.22" + ], + "v": "<0.1.22" + } + ], "kubernetes": [ + { + "advisory": "Kubernetes 10.0.1 updates its dependency 'urllib3' to include a security fix.\r\nhttps://github.com/kubernetes-client/python/pull/897", + "cve": "CVE-2019-11324", + "id": "pyup.io-38036", + "more_info_path": "/vulnerabilities/CVE-2019-11324/38036", + "specs": [ + "<10.0.1" + ], + "v": "<10.0.1" + }, { "advisory": "Kubernetes (python client) 25.3.0 uses Kubernetes API v1.25.3, which includes a fix for CVE-2021-29923: Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation. This affects net.ParseIP and net.ParseCIDR. Kubernetes interprets leading zeros on IPv4 addresses as decimal to keep backwards compatibility, but users relying on parser alignment will be impacted by this CVE.\r\nhttps://github.com/kubernetes/kubernetes/pull/104368\r\nhttps://github.com/kubernetes/kubernetes/issues/108074", "cve": "CVE-2021-29923", @@ -65696,16 +66733,6 @@ ">=9.0,<9.0.0a1" ], "v": "<7.0.1,>=8.0,<8.0.1,>=9.0,<9.0.0a1" - }, - { - "advisory": "Kubernetes 10.0.1 includes a fix for CVE-2019-11324: The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to use of the ssl_context, ca_certs, or ca_certs_dir argument.", - "cve": "CVE-2019-11324", - "id": "pyup.io-38036", - "more_info_path": "/vulnerabilities/CVE-2019-11324/38036", - "specs": [ - ">=10.0,<10.0.1" - ], - "v": ">=10.0,<10.0.1" } ], "kubernetes-asyncio": [ @@ -65841,16 +66868,6 @@ } ], "label-sleuth": [ - { - "advisory": "Label-sleuth 0.11.6 updates its dependency 'werkzeug' to v2.3.4 to include security fixes.", - "cve": "CVE-2023-25577", - "id": "pyup.io-58765", - "more_info_path": "/vulnerabilities/CVE-2023-25577/58765", - "specs": [ - "<0.11.6" - ], - "v": "<0.11.6" - }, { "advisory": "Label-sleuth 0.11.6 updates its dependency 'GitPython' to v3.1.31 to include a security fix.", "cve": "CVE-2022-24439", @@ -65892,20 +66909,30 @@ "v": "<0.11.6" }, { - "advisory": "Label-sleuth 0.11.6 updates its dependency 'waitress' to v2.1.2 to include a security fix.", - "cve": "CVE-2022-31015", - "id": "pyup.io-58767", - "more_info_path": "/vulnerabilities/CVE-2022-31015/58767", + "advisory": "Label-sleuth 0.11.6 updates its NPM dependency 'webpack' to v5.82.1 to include a security fix.", + "cve": "CVE-2023-28154", + "id": "pyup.io-58769", + "more_info_path": "/vulnerabilities/CVE-2023-28154/58769", "specs": [ "<0.11.6" ], "v": "<0.11.6" }, { - "advisory": "Label-sleuth 0.11.6 updates its NPM dependency 'webpack' to v5.82.1 to include a security fix.", - "cve": "CVE-2023-28154", - "id": "pyup.io-58769", - "more_info_path": "/vulnerabilities/CVE-2023-28154/58769", + "advisory": "Label-sleuth 0.11.6 updates its dependency 'werkzeug' to v2.3.4 to include security fixes.", + "cve": "CVE-2023-25577", + "id": "pyup.io-58765", + "more_info_path": "/vulnerabilities/CVE-2023-25577/58765", + "specs": [ + "<0.11.6" + ], + "v": "<0.11.6" + }, + { + "advisory": "Label-sleuth 0.11.6 updates its dependency 'waitress' to v2.1.2 to include a security fix.", + "cve": "CVE-2022-31015", + "id": "pyup.io-58767", + "more_info_path": "/vulnerabilities/CVE-2022-31015/58767", "specs": [ "<0.11.6" ], @@ -65947,9 +66974,9 @@ }, { "advisory": "Label-studio-converter 0.0.43 updates its dependency 'pillow' to v8.3.1 to include security fixes.", - "cve": "CVE-2021-25287", - "id": "pyup.io-50646", - "more_info_path": "/vulnerabilities/CVE-2021-25287/50646", + "cve": "CVE-2021-25289", + "id": "pyup.io-50648", + "more_info_path": "/vulnerabilities/CVE-2021-25289/50648", "specs": [ "<0.0.43" ], @@ -65957,9 +66984,9 @@ }, { "advisory": "Label-studio-converter 0.0.43 updates its dependency 'pillow' to v8.3.1 to include security fixes.", - "cve": "CVE-2021-28677", - "id": "pyup.io-50645", - "more_info_path": "/vulnerabilities/CVE-2021-28677/50645", + "cve": "CVE-2021-25290", + "id": "pyup.io-50649", + "more_info_path": "/vulnerabilities/CVE-2021-25290/50649", "specs": [ "<0.0.43" ], @@ -65967,9 +66994,9 @@ }, { "advisory": "Label-studio-converter 0.0.43 updates its dependency 'pillow' to v8.3.1 to include security fixes.", - "cve": "CVE-2021-28676", - "id": "pyup.io-50644", - "more_info_path": "/vulnerabilities/CVE-2021-28676/50644", + "cve": "CVE-2021-25291", + "id": "pyup.io-50650", + "more_info_path": "/vulnerabilities/CVE-2021-25291/50650", "specs": [ "<0.0.43" ], @@ -65977,9 +67004,9 @@ }, { "advisory": "Label-studio-converter 0.0.43 updates its dependency 'pillow' to v8.3.1 to include security fixes.", - "cve": "CVE-2021-25289", - "id": "pyup.io-50648", - "more_info_path": "/vulnerabilities/CVE-2021-25289/50648", + "cve": "CVE-2021-25293", + "id": "pyup.io-50652", + "more_info_path": "/vulnerabilities/CVE-2021-25293/50652", "specs": [ "<0.0.43" ], @@ -65987,9 +67014,9 @@ }, { "advisory": "Label-studio-converter 0.0.43 updates its dependency 'pillow' to v8.3.1 to include security fixes.", - "cve": "CVE-2021-25290", - "id": "pyup.io-50649", - "more_info_path": "/vulnerabilities/CVE-2021-25290/50649", + "cve": "CVE-2021-34552", + "id": "pyup.io-50641", + "more_info_path": "/vulnerabilities/CVE-2021-34552/50641", "specs": [ "<0.0.43" ], @@ -66007,9 +67034,9 @@ }, { "advisory": "Label-studio-converter 0.0.43 updates its dependency 'pillow' to v8.3.1 to include security fixes.", - "cve": "CVE-2021-25291", - "id": "pyup.io-50650", - "more_info_path": "/vulnerabilities/CVE-2021-25291/50650", + "cve": "CVE-2021-28676", + "id": "pyup.io-50644", + "more_info_path": "/vulnerabilities/CVE-2021-28676/50644", "specs": [ "<0.0.43" ], @@ -66017,9 +67044,9 @@ }, { "advisory": "Label-studio-converter 0.0.43 updates its dependency 'pillow' to v8.3.1 to include security fixes.", - "cve": "CVE-2021-25293", - "id": "pyup.io-50652", - "more_info_path": "/vulnerabilities/CVE-2021-25293/50652", + "cve": "CVE-2021-28677", + "id": "pyup.io-50645", + "more_info_path": "/vulnerabilities/CVE-2021-28677/50645", "specs": [ "<0.0.43" ], @@ -66027,9 +67054,9 @@ }, { "advisory": "Label-studio-converter 0.0.43 updates its dependency 'pillow' to v8.3.1 to include security fixes.", - "cve": "CVE-2021-34552", - "id": "pyup.io-50641", - "more_info_path": "/vulnerabilities/CVE-2021-34552/50641", + "cve": "CVE-2021-25287", + "id": "pyup.io-50646", + "more_info_path": "/vulnerabilities/CVE-2021-25287/50646", "specs": [ "<0.0.43" ], @@ -66324,10 +67351,10 @@ "v": "<0.0.225" }, { - "advisory": "Langchain 0.0.236 includes a fix for CVE-2023-36258: Versions before 0.0.236 allow an attacker to execute arbitrary code via the PALChain in the python exec method.\r\nhttps://github.com/langchain-ai/langchain/issues/5872\r\nhttps://github.com/langchain-ai/langchain/commit/e294ba475a355feb95003ed8f1a2b99942509a9e", - "cve": "CVE-2023-36258", - "id": "pyup.io-59294", - "more_info_path": "/vulnerabilities/CVE-2023-36258/59294", + "advisory": "Langchain 0.0.236 includes a fix for an Arbitrary Code Execution vulnerability. In affected versions, the vulnerability allows an attacker to execute arbitrary code via the Python exec calls in the PALChain.\r\nhttps://github.com/langchain-ai/langchain/commit/8ba9835b925473655914f63822775679e03ea137\r\nhttps://github.com/langchain-ai/langchain/commit/e294ba475a355feb95003ed8f1a2b99942509a9e", + "cve": "CVE-2023-36095", + "id": "pyup.io-60218", + "more_info_path": "/vulnerabilities/CVE-2023-36095/60218", "specs": [ "<0.0.236" ], @@ -66344,15 +67371,25 @@ "v": "<0.0.236" }, { - "advisory": "Langchain 0.0.236 includes a fix for an Arbitrary Code Execution vulnerability. In affected versions, the vulnerability allows an attacker to execute arbitrary code via the Python exec calls in the PALChain.\r\nhttps://github.com/langchain-ai/langchain/commit/8ba9835b925473655914f63822775679e03ea137\r\nhttps://github.com/langchain-ai/langchain/commit/e294ba475a355feb95003ed8f1a2b99942509a9e", - "cve": "CVE-2023-36095", - "id": "pyup.io-60218", - "more_info_path": "/vulnerabilities/CVE-2023-36095/60218", + "advisory": "Langchain 0.0.236 includes a fix for CVE-2023-36258: Versions before 0.0.236 allow an attacker to execute arbitrary code via the PALChain in the python exec method.\r\nhttps://github.com/langchain-ai/langchain/issues/5872\r\nhttps://github.com/langchain-ai/langchain/commit/e294ba475a355feb95003ed8f1a2b99942509a9e", + "cve": "CVE-2023-36258", + "id": "pyup.io-59294", + "more_info_path": "/vulnerabilities/CVE-2023-36258/59294", "specs": [ "<0.0.236" ], "v": "<0.0.236" }, + { + "advisory": "Langchain 0.0.247 includes a fix for CVE-2023-36189: SQL injection vulnerability allows a remote attacker to obtain sensitive information via the SQLDatabaseChain component.\r\nhttps://github.com/langchain-ai/langchain/issues/5923", + "cve": "CVE-2023-36189", + "id": "pyup.io-60080", + "more_info_path": "/vulnerabilities/CVE-2023-36189/60080", + "specs": [ + "<0.0.247" + ], + "v": "<0.0.247" + }, { "advisory": "Langchain 0.0.247 includes a fix for CVE-2023-34541: Arbitrary code execution in load_prompt.\r\nhttps://github.com/hwchase17/langchain/issues/4849\r\nhttps://github.com/langchain-ai/langchain/pull/8425", "cve": "CVE-2023-34541", @@ -66364,17 +67401,17 @@ "v": "<0.0.247" }, { - "advisory": "Langchain 0.0.247 and prior versions are vulnerable to CVE-2023-36189: SQL injection vulnerability allows a remote attacker to obtain sensitive information via the SQLDatabaseChain component.\r\nhttps://github.com/langchain-ai/langchain/issues/5923", - "cve": "CVE-2023-36189", - "id": "pyup.io-60080", - "more_info_path": "/vulnerabilities/CVE-2023-36189/60080", + "advisory": "Langchain 0.0.306 includes a fix for a code injection vulnerability.\r\nhttps://github.com/langchain-ai/langchain/pull/11233", + "cve": "PVE-2023-61536", + "id": "pyup.io-61536", + "more_info_path": "/vulnerabilities/PVE-2023-61536/61536", "specs": [ - "<=0.0.247" + "<0.0.306" ], - "v": "<=0.0.247" + "v": "<0.0.306" }, { - "advisory": "Langchain 0.0.300 and prior versions are affected by CVE-2023-39659: Arbitrary Code Execution vulnerability via a crafted script to the PythonAstREPLTool._run component.\r\nhttps://github.com/langchain-ai/langchain/issues/7700\t\r\nhttps://github.com/langchain-ai/langchain/pull/5640", + "advisory": "Langchain is vulnerable to CVE-2023-39659: An issue in langchain-ai/ langchain allows a remote attacker to execute arbitrary code via a crafted script to the PythonAstREPLTool._run component.\r\nNOTE: The advisory posted by the NVD indicated that versions up to and including 0.0.232 were affected. However, research by Safety CLI Cybersecurity confirms that the vulnerability remains unaddressed in all versions up to and including 0.0.316.\r\nhttps://github.com/langchain-ai/langchain/issues/7700\t\r\nhttps://github.com/langchain-ai/langchain/pull/5640\r\nhttps://inspector.pypi.io/project/langchain/0.0.316/packages/cb/58/27830eb8bdcfabc2ec9ce2fef4e9d4fda5ce7c886f6b5be18d2ee365e603/langchain-0.0.316-py3-none-any.whl/langchain/utilities/python.py#line.36", "cve": "CVE-2023-39659", "id": "pyup.io-60433", "more_info_path": "/vulnerabilities/CVE-2023-39659/60433", @@ -66384,6 +67421,18 @@ "v": ">=0" } ], + "langchain-experimental": [ + { + "advisory": "Langchain_experimental allows an attacker to bypass the CVE-2023-36258 fix and execute arbitrary code via the PALChain in the python exec method.\r\nhttps://github.com/langchain-ai/langchain/commit/4c97a10bd0d9385cfee234a63b5bd826a295e483\r\nhttps://github.com/pypa/advisory-database/blob/main/vulns/langchain-experimental/PYSEC-2023-194.yaml", + "cve": "CVE-2023-44467", + "id": "pyup.io-61692", + "more_info_path": "/vulnerabilities/CVE-2023-44467/61692", + "specs": [ + "<=0.0.29" + ], + "v": "<=0.0.29" + } + ], "language-formatters-pre-commit-hooks": [ { "advisory": "Language-formatters-pre-commit-hooks 1.6.0 enhances its security in commands execution to prevent shell-injection.\r\nhttps://github.com/macisamuele/language-formatters-pre-commit-hooks/pull/38/files", @@ -67390,6 +68439,16 @@ ], "v": "<2.0.4" }, + { + "advisory": "Lightning 2.0.4 updates its dependency 'vite' to version '2.9.16' to include a security fix.\r\nhttps://github.com/Lightning-AI/lightning/commit/7d2a46efa9834c3bb0bc1069df0a2e3a6e855d01", + "cve": "CVE-2022-35204", + "id": "pyup.io-59185", + "more_info_path": "/vulnerabilities/CVE-2022-35204/59185", + "specs": [ + "<2.0.4" + ], + "v": "<2.0.4" + }, { "advisory": "Lightning 2.0.4 updates its dependency 'requests' to '2.31.0' to include a security fix.\r\nhttps://github.com/Lightning-AI/lightning/commit/37be44d2a3804dad52f0d4e4dcc5419bcb48391f", "cve": "CVE-2023-32681", @@ -67410,16 +68469,6 @@ ], "v": "<2.0.4" }, - { - "advisory": "Lightning 2.0.4 updates its dependency 'vite' to version '2.9.16' to include a security fix.\r\nhttps://github.com/Lightning-AI/lightning/commit/7d2a46efa9834c3bb0bc1069df0a2e3a6e855d01", - "cve": "CVE-2022-35204", - "id": "pyup.io-59185", - "more_info_path": "/vulnerabilities/CVE-2022-35204/59185", - "specs": [ - "<2.0.4" - ], - "v": "<2.0.4" - }, { "advisory": "Lightning 2.0.4 updates its dependency 'vite' to version '2.9.16' to include a security fix.\r\nhttps://github.com/Lightning-AI/lightning/commit/7d2a46efa9834c3bb0bc1069df0a2e3a6e855d01", "cve": "CVE-2023-34092", @@ -67787,7 +68836,7 @@ "v": "<0.13.2" }, { - "advisory": "Localstack 1.0.2 removes its MAVEN dependency 'maven-shared-utils' in the Docker image to include a security fix.", + "advisory": "Localstack 1.0.2 removes its MAVEN dependency 'maven-shared-utils' in the Docker image to include a security fix.\r\nhttps://github.com/localstack/localstack/pull/6496", "cve": "CVE-2022-29599", "id": "pyup.io-52517", "more_info_path": "/vulnerabilities/CVE-2022-29599/52517", @@ -67807,10 +68856,10 @@ "v": "<1.0.2" }, { - "advisory": "Localstack is vulnerable to Denial of Service via regular expressions (ReDoS). After disclosure, vendor said that these threats \"are not considered a key concern since LocalStack is executed on a local machine\". There's no information about patches for these vulnerabilities.\r\nhttps://blog.sonarsource.com/hack-the-stack-with-localstack", - "cve": "PVE-2021-42837", - "id": "pyup.io-42837", - "more_info_path": "/vulnerabilities/PVE-2021-42837/42837", + "advisory": "Localstack is vulnerable to CVE-2021-32091: A Cross-site scripting (XSS) vulnerability exists in StackLift LocalStack 0.12.6. After disclosure, vendor said that these threats \"are not considered a key concern since LocalStack is executed on a local machine\". There's no information about patches for these vulnerabilities.\r\nhttps://blog.sonarsource.com/hack-the-stack-with-localstack", + "cve": "CVE-2021-32091", + "id": "pyup.io-42836", + "more_info_path": "/vulnerabilities/CVE-2021-32091/42836", "specs": [ ">0" ], @@ -67827,10 +68876,10 @@ "v": ">0" }, { - "advisory": "Localstack is vulnerable to CVE-2021-32091: A Cross-site scripting (XSS) vulnerability exists in StackLift LocalStack 0.12.6. After disclosure, vendor said that these threats \"are not considered a key concern since LocalStack is executed on a local machine\". There's no information about patches for these vulnerabilities.\r\nhttps://blog.sonarsource.com/hack-the-stack-with-localstack", - "cve": "CVE-2021-32091", - "id": "pyup.io-42836", - "more_info_path": "/vulnerabilities/CVE-2021-32091/42836", + "advisory": "Localstack is vulnerable to Denial of Service via regular expressions (ReDoS). After disclosure, vendor said that these threats \"are not considered a key concern since LocalStack is executed on a local machine\". There's no information about patches for these vulnerabilities.\r\nhttps://blog.sonarsource.com/hack-the-stack-with-localstack", + "cve": "PVE-2021-42837", + "id": "pyup.io-42837", + "more_info_path": "/vulnerabilities/PVE-2021-42837/42837", "specs": [ ">0" ], @@ -68317,6 +69366,38 @@ "v": "<0.61.0" } ], + "logprep": [ + { + "advisory": "Logprep 7.0.0 updates its dependency 'certifi' to include a security fix.", + "cve": "CVE-2023-37920", + "id": "pyup.io-61802", + "more_info_path": "/vulnerabilities/CVE-2023-37920/61802", + "specs": [ + "<7.0.0" + ], + "v": "<7.0.0" + }, + { + "advisory": "Logprep 7.0.0 updates its dependency 'urllib3' to include a security fix.", + "cve": "CVE-2023-43804", + "id": "pyup.io-61804", + "more_info_path": "/vulnerabilities/CVE-2023-43804/61804", + "specs": [ + "<7.0.0" + ], + "v": "<7.0.0" + }, + { + "advisory": "Logprep 7.0.0 updates its dependency 'aiohttp' to include a security fix.", + "cve": "CVE-2023-37276", + "id": "pyup.io-61805", + "more_info_path": "/vulnerabilities/CVE-2023-37276/61805", + "specs": [ + "<7.0.0" + ], + "v": "<7.0.0" + } + ], "loguru": [ { "advisory": "Insertion of Sensitive Information into Log File in Conda loguru prior to 0.5.3.", @@ -68530,9 +69611,9 @@ "machado": [ { "advisory": "Machado 0.4.0 updates its dependency 'Django' to v3.2.14 to include security fixes.", - "cve": "CVE-2021-31542", - "id": "pyup.io-50694", - "more_info_path": "/vulnerabilities/CVE-2021-31542/50694", + "cve": "CVE-2021-45452", + "id": "pyup.io-50700", + "more_info_path": "/vulnerabilities/CVE-2021-45452/50700", "specs": [ "<0.4.0" ], @@ -68540,9 +69621,9 @@ }, { "advisory": "Machado 0.4.0 updates its dependency 'Django' to v3.2.14 to include security fixes.", - "cve": "CVE-2021-44420", - "id": "pyup.io-50697", - "more_info_path": "/vulnerabilities/CVE-2021-44420/50697", + "cve": "CVE-2021-31542", + "id": "pyup.io-50694", + "more_info_path": "/vulnerabilities/CVE-2021-31542/50694", "specs": [ "<0.4.0" ], @@ -68550,9 +69631,9 @@ }, { "advisory": "Machado 0.4.0 updates its dependency 'Django' to v3.2.14 to include security fixes.", - "cve": "CVE-2021-45452", - "id": "pyup.io-50700", - "more_info_path": "/vulnerabilities/CVE-2021-45452/50700", + "cve": "CVE-2021-44420", + "id": "pyup.io-50697", + "more_info_path": "/vulnerabilities/CVE-2021-44420/50697", "specs": [ "<0.4.0" ], @@ -68990,6 +70071,28 @@ ], "v": "<=2.1.8" }, + { + "advisory": "Cross-site scripting (XSS) vulnerability in mmsearch/design in the Mailman/htdig integration patch for Mailman allows remote attackers to inject arbitrary web script or HTML via the config parameter.", + "cve": "CVE-2011-5024", + "id": "pyup.io-62099", + "more_info_path": "/vulnerabilities/CVE-2011-5024/62099", + "specs": [ + "==2.0.13", + "==2.1", + "==2.1.1", + "==2.1.10", + "==2.1.11", + "==2.1.12", + "==2.1.2", + "==2.1.3", + "==2.1.4", + "==2.1.6", + "==2.1.7", + "==2.1.8", + "==2.1.9" + ], + "v": "==2.0.13,==2.1,==2.1.1,==2.1.10,==2.1.11,==2.1.12,==2.1.2,==2.1.3,==2.1.4,==2.1.6,==2.1.7,==2.1.8,==2.1.9" + }, { "advisory": "Cross-site scripting (XSS) vulnerability in the private archive script (private.py) in GNU Mailman 2.1.7 allows remote attackers to inject arbitrary web script or HTML via the action argument.", "cve": "CVE-2006-1712", @@ -69134,16 +70237,6 @@ } ], "mapchete": [ - { - "advisory": "Mapchete 2022.11.0 updates its dependency 'rasterio' requirement to '>1.2.10' to include security fixes.", - "cve": "CVE-2020-10810", - "id": "pyup.io-51990", - "more_info_path": "/vulnerabilities/CVE-2020-10810/51990", - "specs": [ - "<2022.11.0" - ], - "v": "<2022.11.0" - }, { "advisory": "Mapchete 2022.11.0 updates its dependency 'rasterio' requirement to '>1.2.10' to include security fixes.", "cve": "CVE-2020-10811", @@ -69174,6 +70267,16 @@ ], "v": "<2022.11.0" }, + { + "advisory": "Mapchete 2022.11.0 updates its dependency 'rasterio' requirement to '>1.2.10' to include security fixes.", + "cve": "CVE-2020-10810", + "id": "pyup.io-51990", + "more_info_path": "/vulnerabilities/CVE-2020-10810/51990", + "specs": [ + "<2022.11.0" + ], + "v": "<2022.11.0" + }, { "advisory": "Mapchete 2022.11.0 updates its dependency 'rasterio' requirement to '>1.2.10' to include security fixes.", "cve": "CVE-2020-10809", @@ -69186,6 +70289,17 @@ } ], "mapscript": [ + { + "advisory": "Buffer overflow in the msTmpFile function in maputil.c in mapserv in MapServer before 4.10.6 and 5.x before 5.6.4 allows local users to cause a denial of service via vectors involving names of temporary files.", + "cve": "CVE-2010-2539", + "id": "pyup.io-61704", + "more_info_path": "/vulnerabilities/CVE-2010-2539/61704", + "specs": [ + "<4.10.6", + ">5.0,<5.6.4" + ], + "v": "<4.10.6,>5.0,<5.6.4" + }, { "advisory": "Buffer overflow in the msTmpFile function in maputil.c in mapserv in MapServer before 4.10.6 and 5.x before 5.6.4 allows local users to cause a denial of service via vectors involving names of temporary files.", "cve": "CVE-2010-2539", @@ -69207,6 +70321,112 @@ ">5.0,<5.6.4" ], "v": "<4.10.6,>5.0,<5.6.4" + }, + { + "advisory": "Stack-based buffer overflow in MapServer before 4.10.7 and 5.x before 5.6.7 allows remote attackers to execute arbitrary code via vectors related to OGC filter encoding.", + "cve": "CVE-2011-2704", + "id": "pyup.io-62102", + "more_info_path": "/vulnerabilities/CVE-2011-2704/62102", + "specs": [ + "<=4.10.6", + "==4.10.0", + "==4.10.1", + "==4.10.2", + "==4.10.3", + "==4.10.4", + "==4.10.5", + "==4.2.0", + "==4.4.0", + "==4.6.0", + "==4.8.0", + "==5.0.0", + "==5.2.0", + "==5.2.1", + "==5.4.0", + "==5.4.1", + "==5.4.2", + "==5.6.0", + "==5.6.1", + "==5.6.3", + "==5.2.2", + "==5.2.3", + "==5.6.4", + "==5.6.5", + "==5.6.6" + ], + "v": "<=4.10.6,==4.10.0,==4.10.1,==4.10.2,==4.10.3,==4.10.4,==4.10.5,==4.2.0,==4.4.0,==4.6.0,==4.8.0,==5.0.0,==5.2.0,==5.2.1,==5.4.0,==5.4.1,==5.4.2,==5.6.0,==5.6.1,==5.6.3,==5.2.2,==5.2.3,==5.6.4,==5.6.5,==5.6.6" + }, + { + "advisory": "Multiple SQL injection vulnerabilities in MapServer before 4.10.7, 5.x before 5.6.7, and 6.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) OGC filter encoding or (2) WMS time support.", + "cve": "CVE-2011-2703", + "id": "pyup.io-62101", + "more_info_path": "/vulnerabilities/CVE-2011-2703/62101", + "specs": [ + "<=4.10.6", + "==4.10.0", + "==4.10.1", + "==4.10.2", + "==4.10.3", + "==4.10.4", + "==4.10.5", + "==4.2.0", + "==4.4.0", + "==4.6.0", + "==4.8.0", + "==5.0.0", + "==5.2.0", + "==5.2.1", + "==5.4.0", + "==5.4.1", + "==5.4.2", + "==5.6.0", + "==5.6.1", + "==5.6.3", + "==5.2.2", + "==5.2.3", + "==5.6.4", + "==5.6.5", + "==5.6.6", + "==6.0.0" + ], + "v": "<=4.10.6,==4.10.0,==4.10.1,==4.10.2,==4.10.3,==4.10.4,==4.10.5,==4.2.0,==4.4.0,==4.6.0,==4.8.0,==5.0.0,==5.2.0,==5.2.1,==5.4.0,==5.4.1,==5.4.2,==5.6.0,==5.6.1,==5.6.3,==5.2.2,==5.2.3,==5.6.4,==5.6.5,==5.6.6,==6.0.0" + }, + { + "advisory": "Double free vulnerability in the msAddImageSymbol function in mapsymbol.c in MapServer before 6.0.1 might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact via crafted mapfile data.", + "cve": "CVE-2011-2975", + "id": "pyup.io-62117", + "more_info_path": "/vulnerabilities/CVE-2011-2975/62117", + "specs": [ + "==4.10.7", + "==5.2.2", + "==5.2.3", + "==5.6.4", + "==5.6.5", + "==5.6.6", + "==5.6.7", + "==6.0.0", + "<=6.0.0", + "==4.10.0", + "==4.10.1", + "==4.10.2", + "==4.10.3", + "==4.10.4", + "==4.10.5", + "==4.2.0", + "==4.4.0", + "==4.6.0", + "==4.8.0", + "==5.0.0", + "==5.2.0", + "==5.2.1", + "==5.4.0", + "==5.4.1", + "==5.4.2", + "==5.6.0", + "==5.6.1", + "==5.6.3" + ], + "v": "==4.10.7,==5.2.2,==5.2.3,==5.6.4,==5.6.5,==5.6.6,==5.6.7,==6.0.0,<=6.0.0,==4.10.0,==4.10.1,==4.10.2,==4.10.3,==4.10.4,==4.10.5,==4.2.0,==4.4.0,==4.6.0,==4.8.0,==5.0.0,==5.2.0,==5.2.1,==5.4.0,==5.4.1,==5.4.2,==5.6.0,==5.6.1,==5.6.3" } ], "maptasker": [ @@ -69473,9 +70693,9 @@ }, { "advisory": "Masonite 4.10.0 updates its dependency 'waitress' requirements to '>=2.1,<2.2' to include security fixes.", - "cve": "CVE-2019-16785", - "id": "pyup.io-48140", - "more_info_path": "/vulnerabilities/CVE-2019-16785/48140", + "cve": "CVE-2020-5236", + "id": "pyup.io-48118", + "more_info_path": "/vulnerabilities/CVE-2020-5236/48118", "specs": [ "<4.10.0" ], @@ -69483,9 +70703,9 @@ }, { "advisory": "Masonite 4.10.0 updates its dependency 'waitress' requirements to '>=2.1,<2.2' to include security fixes.", - "cve": "CVE-2019-16786", - "id": "pyup.io-48141", - "more_info_path": "/vulnerabilities/CVE-2019-16786/48141", + "cve": "CVE-2019-16785", + "id": "pyup.io-48140", + "more_info_path": "/vulnerabilities/CVE-2019-16785/48140", "specs": [ "<4.10.0" ], @@ -69493,9 +70713,9 @@ }, { "advisory": "Masonite 4.10.0 updates its dependency 'waitress' requirements to '>=2.1,<2.2' to include security fixes.", - "cve": "CVE-2020-5236", - "id": "pyup.io-48118", - "more_info_path": "/vulnerabilities/CVE-2020-5236/48118", + "cve": "CVE-2019-16786", + "id": "pyup.io-48141", + "more_info_path": "/vulnerabilities/CVE-2019-16786/48141", "specs": [ "<4.10.0" ], @@ -70091,20 +71311,20 @@ ], "mayan-edms": [ { - "advisory": "Mayan-edms versions before 3.0.2 are affected by CVE-2018-16405:\r\nThe Appearance app sets window.location directly, leading to XSS.\r\nhttps://gitlab.com/mayan-edms/mayan-edms/blob/master/HISTORY.rst\r\nhttps://gitlab.com/mayan-edms/mayan-edms/commit/9ebe80595afe4fdd1e2c74358d6a9421f4ce130e\r\nhttps://gitlab.com/mayan-edms/mayan-edms/issues/494", - "cve": "CVE-2018-16405", - "id": "pyup.io-41709", - "more_info_path": "/vulnerabilities/CVE-2018-16405/41709", + "advisory": "Mayan-edms versions before 3.0.2 are affected by CVE-2018-16406:\r\nThe Cabinets app has XSS via a crafted cabinet label.\r\nhttps://gitlab.com/mayan-edms/mayan-edms/blob/master/HISTORY.rst\r\nhttps://gitlab.com/mayan-edms/mayan-edms/commit/48dfc06e49c7f773749e063f8cc69c95509d1c32\r\nhttps://gitlab.com/mayan-edms/mayan-edms/issues/495", + "cve": "CVE-2018-16406", + "id": "pyup.io-41710", + "more_info_path": "/vulnerabilities/CVE-2018-16406/41710", "specs": [ "<3.0.2" ], "v": "<3.0.2" }, { - "advisory": "Mayan-edms versions before 3.0.2 are affected by CVE-2018-16406:\r\nThe Cabinets app has XSS via a crafted cabinet label.\r\nhttps://gitlab.com/mayan-edms/mayan-edms/blob/master/HISTORY.rst\r\nhttps://gitlab.com/mayan-edms/mayan-edms/commit/48dfc06e49c7f773749e063f8cc69c95509d1c32\r\nhttps://gitlab.com/mayan-edms/mayan-edms/issues/495", - "cve": "CVE-2018-16406", - "id": "pyup.io-41710", - "more_info_path": "/vulnerabilities/CVE-2018-16406/41710", + "advisory": "Mayan-edms versions before 3.0.2 are affected by CVE-2018-16405:\r\nThe Appearance app sets window.location directly, leading to XSS.\r\nhttps://gitlab.com/mayan-edms/mayan-edms/blob/master/HISTORY.rst\r\nhttps://gitlab.com/mayan-edms/mayan-edms/commit/9ebe80595afe4fdd1e2c74358d6a9421f4ce130e\r\nhttps://gitlab.com/mayan-edms/mayan-edms/issues/494", + "cve": "CVE-2018-16405", + "id": "pyup.io-41709", + "more_info_path": "/vulnerabilities/CVE-2018-16405/41709", "specs": [ "<3.0.2" ], @@ -70304,6 +71524,16 @@ } ], "mercurial": [ + { + "advisory": "Mercurial before 1.6.4 fails to verify the Common Name field of SSL certificates which allows remote attackers who acquire a certificate signed by a Certificate Authority to perform a man-in-the-middle attack.", + "cve": "CVE-2010-4237", + "id": "pyup.io-61706", + "more_info_path": "/vulnerabilities/CVE-2010-4237/61706", + "specs": [ + "<1.6.4" + ], + "v": "<1.6.4" + }, { "advisory": "In Mercurial before 4.1.3, \"hg serve --stdio\" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name.", "cve": "CVE-2017-9462", @@ -70535,20 +71765,20 @@ ], "metricflow": [ { - "advisory": "Metricflow 0.100.0 updates its dependency 'numpy' to v1.22.2 to include a security fix.", - "cve": "CVE-2021-41495", - "id": "pyup.io-50258", - "more_info_path": "/vulnerabilities/CVE-2021-41495/50258", + "advisory": "Metricflow 0.100.0 updates its dependency 'snowflake-connector-python' to 2.7.8 to include a security fix.", + "cve": "CVE-2022-29217", + "id": "pyup.io-50267", + "more_info_path": "/vulnerabilities/CVE-2022-29217/50267", "specs": [ "<0.100.0" ], "v": "<0.100.0" }, { - "advisory": "Metricflow 0.100.0 updates its dependency 'snowflake-connector-python' to 2.7.8 to include a security fix.", - "cve": "CVE-2022-29217", - "id": "pyup.io-50267", - "more_info_path": "/vulnerabilities/CVE-2022-29217/50267", + "advisory": "Metricflow 0.100.0 updates its dependency 'numpy' to v1.22.2 to include a security fix.", + "cve": "CVE-2021-41495", + "id": "pyup.io-50258", + "more_info_path": "/vulnerabilities/CVE-2021-41495/50258", "specs": [ "<0.100.0" ], @@ -70747,6 +71977,16 @@ "<1.5.4" ], "v": "<1.5.4" + }, + { + "advisory": "Microstructpy 1.5.9 requires setuptools versions '>=65.5.1' to include a security fix.", + "cve": "CVE-2022-40897", + "id": "pyup.io-61627", + "more_info_path": "/vulnerabilities/CVE-2022-40897/61627", + "specs": [ + "<1.5.9" + ], + "v": "<1.5.9" } ], "mihifepe": [ @@ -70901,10 +72141,10 @@ "v": "<0.5.0beta" }, { - "advisory": "Mindspore 0.5.0beta upgrades the 'SQLite' dependency to 3.32.2 to handle CVE-2020-13435.", - "cve": "CVE-2020-13435", - "id": "pyup.io-40841", - "more_info_path": "/vulnerabilities/CVE-2020-13435/40841", + "advisory": "Mindspore 0.5.0beta upgrades its dependency 'SQLite' to handle CVE-2020-13871.", + "cve": "CVE-2020-13871", + "id": "pyup.io-40833", + "more_info_path": "/vulnerabilities/CVE-2020-13871/40833", "specs": [ "<0.5.0beta" ], @@ -70921,10 +72161,10 @@ "v": "<0.5.0beta" }, { - "advisory": "Mindspore 0.5.0beta upgrades its dependency 'SQLite' to handle CVE-2020-13871.", - "cve": "CVE-2020-13871", - "id": "pyup.io-40833", - "more_info_path": "/vulnerabilities/CVE-2020-13871/40833", + "advisory": "Mindspore 0.5.0beta upgrades the 'SQLite' dependency to 3.32.2 to handle CVE-2020-13435.", + "cve": "CVE-2020-13435", + "id": "pyup.io-40841", + "more_info_path": "/vulnerabilities/CVE-2020-13435/40841", "specs": [ "<0.5.0beta" ], @@ -71532,10 +72772,10 @@ "v": "<0.9.0rc7" }, { - "advisory": "Mlrun 1.0.3rc1 adds \"notebook~=6.4\" to requirements to tackle vulnerabilities.", - "cve": "CVE-2021-32798", - "id": "pyup.io-49216", - "more_info_path": "/vulnerabilities/CVE-2021-32798/49216", + "advisory": "Mlrun 1.0.3rc1 adds command to install security fixes in Docker base image.\r\nhttps://github.com/mlrun/mlrun/pull/1997/commits/de4c87f478f8d76dd8e46942588c81ef0d0b481e", + "cve": "CVE-2021-33910", + "id": "pyup.io-49202", + "more_info_path": "/vulnerabilities/CVE-2021-33910/49202", "specs": [ "<1.0.3rc1" ], @@ -71543,9 +72783,9 @@ }, { "advisory": "Mlrun 1.0.3rc1 adds command to install security fixes in Docker base image.\r\nhttps://github.com/mlrun/mlrun/pull/1997/commits/de4c87f478f8d76dd8e46942588c81ef0d0b481e", - "cve": "CVE-2021-3918", - "id": "pyup.io-49171", - "more_info_path": "/vulnerabilities/CVE-2021-3918/49171", + "cve": "CVE-2020-27618", + "id": "pyup.io-49176", + "more_info_path": "/vulnerabilities/CVE-2020-27618/49176", "specs": [ "<1.0.3rc1" ], @@ -71553,9 +72793,9 @@ }, { "advisory": "Mlrun 1.0.3rc1 adds command to install security fixes in Docker base image.\r\nhttps://github.com/mlrun/mlrun/pull/1997/commits/de4c87f478f8d76dd8e46942588c81ef0d0b481e", - "cve": "CVE-2022-21699", - "id": "pyup.io-49170", - "more_info_path": "/vulnerabilities/CVE-2022-21699/49170", + "cve": "CVE-2020-29562", + "id": "pyup.io-49184", + "more_info_path": "/vulnerabilities/CVE-2020-29562/49184", "specs": [ "<1.0.3rc1" ], @@ -71563,19 +72803,19 @@ }, { "advisory": "Mlrun 1.0.3rc1 adds command to install security fixes in Docker base image.\r\nhttps://github.com/mlrun/mlrun/pull/1997/commits/de4c87f478f8d76dd8e46942588c81ef0d0b481e", - "cve": "CVE-2021-3326", - "id": "pyup.io-49179", - "more_info_path": "/vulnerabilities/CVE-2021-3326/49179", + "cve": "CVE-2021-41247", + "id": "pyup.io-49173", + "more_info_path": "/vulnerabilities/CVE-2021-41247/49173", "specs": [ "<1.0.3rc1" ], "v": "<1.0.3rc1" }, { - "advisory": "Mlrun 1.0.3rc1 adds command to install security fixes in Docker base image.\r\nhttps://github.com/mlrun/mlrun/pull/1997/commits/de4c87f478f8d76dd8e46942588c81ef0d0b481e", - "cve": "CVE-2022-23219", - "id": "pyup.io-49178", - "more_info_path": "/vulnerabilities/CVE-2022-23219/49178", + "advisory": "Mlrun 1.0.3rc1 adds \"pillow~=9.0\" to requirements to tackle vulnerabilities.", + "cve": "CVE-2022-22815", + "id": "pyup.io-49219", + "more_info_path": "/vulnerabilities/CVE-2022-22815/49219", "specs": [ "<1.0.3rc1" ], @@ -71583,9 +72823,9 @@ }, { "advisory": "Mlrun 1.0.3rc1 adds command to install security fixes in Docker base image.\r\nhttps://github.com/mlrun/mlrun/pull/1997/commits/de4c87f478f8d76dd8e46942588c81ef0d0b481e", - "cve": "CVE-2022-24757", - "id": "pyup.io-49172", - "more_info_path": "/vulnerabilities/CVE-2022-24757/49172", + "cve": "CVE-2021-43138", + "id": "pyup.io-49167", + "more_info_path": "/vulnerabilities/CVE-2021-43138/49167", "specs": [ "<1.0.3rc1" ], @@ -71593,9 +72833,9 @@ }, { "advisory": "Mlrun 1.0.3rc1 adds command to install security fixes in Docker base image.\r\nhttps://github.com/mlrun/mlrun/pull/1997/commits/de4c87f478f8d76dd8e46942588c81ef0d0b481e", - "cve": "CVE-2019-25013", - "id": "pyup.io-49185", - "more_info_path": "/vulnerabilities/CVE-2019-25013/49185", + "cve": "CVE-2021-39134", + "id": "pyup.io-49164", + "more_info_path": "/vulnerabilities/CVE-2021-39134/49164", "specs": [ "<1.0.3rc1" ], @@ -71603,19 +72843,19 @@ }, { "advisory": "Mlrun 1.0.3rc1 adds command to install security fixes in Docker base image.\r\nhttps://github.com/mlrun/mlrun/pull/1997/commits/de4c87f478f8d76dd8e46942588c81ef0d0b481e", - "cve": "CVE-2021-39135", - "id": "pyup.io-49161", - "more_info_path": "/vulnerabilities/CVE-2021-39135/49161", + "cve": "CVE-2021-32797", + "id": "pyup.io-49174", + "more_info_path": "/vulnerabilities/CVE-2021-32797/49174", "specs": [ "<1.0.3rc1" ], "v": "<1.0.3rc1" }, { - "advisory": "Mlrun 1.0.3rc1 adds \"notebook~=6.4\" to requirements to tackle vulnerabilities.", - "cve": "CVE-2022-24758", - "id": "pyup.io-49215", - "more_info_path": "/vulnerabilities/CVE-2022-24758/49215", + "advisory": "Mlrun 1.0.3rc1 adds \"pillow~=9.0\" to requirements to tackle vulnerabilities.", + "cve": "CVE-2022-22817", + "id": "pyup.io-49220", + "more_info_path": "/vulnerabilities/CVE-2022-22817/49220", "specs": [ "<1.0.3rc1" ], @@ -71623,9 +72863,9 @@ }, { "advisory": "Mlrun 1.0.3rc1 adds command to install security fixes in Docker base image.\r\nhttps://github.com/mlrun/mlrun/pull/1997/commits/de4c87f478f8d76dd8e46942588c81ef0d0b481e", - "cve": "CVE-2021-3997", - "id": "pyup.io-49204", - "more_info_path": "/vulnerabilities/CVE-2021-3997/49204", + "cve": "CVE-2020-13529", + "id": "pyup.io-49203", + "more_info_path": "/vulnerabilities/CVE-2020-13529/49203", "specs": [ "<1.0.3rc1" ], @@ -71633,9 +72873,9 @@ }, { "advisory": "Mlrun 1.0.3rc1 adds command to install security fixes in Docker base image.\r\nhttps://github.com/mlrun/mlrun/pull/1997/commits/de4c87f478f8d76dd8e46942588c81ef0d0b481e", - "cve": "CVE-2021-32804", - "id": "pyup.io-49208", - "more_info_path": "/vulnerabilities/CVE-2021-32804/49208", + "cve": "CVE-2021-27645", + "id": "pyup.io-49177", + "more_info_path": "/vulnerabilities/CVE-2021-27645/49177", "specs": [ "<1.0.3rc1" ], @@ -71643,9 +72883,9 @@ }, { "advisory": "Mlrun 1.0.3rc1 adds command to install security fixes in Docker base image.\r\nhttps://github.com/mlrun/mlrun/pull/1997/commits/de4c87f478f8d76dd8e46942588c81ef0d0b481e", - "cve": "CVE-2022-23218", - "id": "pyup.io-49180", - "more_info_path": "/vulnerabilities/CVE-2022-23218/49180", + "cve": "CVE-2021-35942", + "id": "pyup.io-49175", + "more_info_path": "/vulnerabilities/CVE-2021-35942/49175", "specs": [ "<1.0.3rc1" ], @@ -71653,9 +72893,9 @@ }, { "advisory": "Mlrun 1.0.3rc1 adds command to install security fixes in Docker base image.\r\nhttps://github.com/mlrun/mlrun/pull/1997/commits/de4c87f478f8d76dd8e46942588c81ef0d0b481e", - "cve": "CVE-2021-41247", - "id": "pyup.io-49173", - "more_info_path": "/vulnerabilities/CVE-2021-41247/49173", + "cve": "CVE-2021-32803", + "id": "pyup.io-49210", + "more_info_path": "/vulnerabilities/CVE-2021-32803/49210", "specs": [ "<1.0.3rc1" ], @@ -71663,9 +72903,9 @@ }, { "advisory": "Mlrun 1.0.3rc1 adds command to install security fixes in Docker base image.\r\nhttps://github.com/mlrun/mlrun/pull/1997/commits/de4c87f478f8d76dd8e46942588c81ef0d0b481e", - "cve": "CVE-2022-0536", - "id": "pyup.io-49168", - "more_info_path": "/vulnerabilities/CVE-2022-0536/49168", + "cve": "CVE-2021-3807", + "id": "pyup.io-49166", + "more_info_path": "/vulnerabilities/CVE-2021-3807/49166", "specs": [ "<1.0.3rc1" ], @@ -71673,9 +72913,9 @@ }, { "advisory": "Mlrun 1.0.3rc1 adds command to install security fixes in Docker base image.\r\nhttps://github.com/mlrun/mlrun/pull/1997/commits/de4c87f478f8d76dd8e46942588c81ef0d0b481e", - "cve": "CVE-2021-27645", - "id": "pyup.io-49177", - "more_info_path": "/vulnerabilities/CVE-2021-27645/49177", + "cve": "CVE-2021-39135", + "id": "pyup.io-49161", + "more_info_path": "/vulnerabilities/CVE-2021-39135/49161", "specs": [ "<1.0.3rc1" ], @@ -71683,9 +72923,9 @@ }, { "advisory": "Mlrun 1.0.3rc1 adds command to install security fixes in Docker base image.\r\nhttps://github.com/mlrun/mlrun/pull/1997/commits/de4c87f478f8d76dd8e46942588c81ef0d0b481e", - "cve": "CVE-2021-33910", - "id": "pyup.io-49202", - "more_info_path": "/vulnerabilities/CVE-2021-33910/49202", + "cve": "CVE-2021-33503", + "id": "pyup.io-49213", + "more_info_path": "/vulnerabilities/CVE-2021-33503/49213", "specs": [ "<1.0.3rc1" ], @@ -71703,9 +72943,9 @@ }, { "advisory": "Mlrun 1.0.3rc1 adds command to install security fixes in Docker base image.\r\nhttps://github.com/mlrun/mlrun/pull/1997/commits/de4c87f478f8d76dd8e46942588c81ef0d0b481e", - "cve": "CVE-2020-13529", - "id": "pyup.io-49203", - "more_info_path": "/vulnerabilities/CVE-2020-13529/49203", + "cve": "CVE-2022-23218", + "id": "pyup.io-49180", + "more_info_path": "/vulnerabilities/CVE-2022-23218/49180", "specs": [ "<1.0.3rc1" ], @@ -71713,9 +72953,9 @@ }, { "advisory": "Mlrun 1.0.3rc1 adds \"pillow~=9.0\" to requirements to tackle vulnerabilities.", - "cve": "CVE-2022-22815", - "id": "pyup.io-49219", - "more_info_path": "/vulnerabilities/CVE-2022-22815/49219", + "cve": "CVE-2022-24303", + "id": "pyup.io-49217", + "more_info_path": "/vulnerabilities/CVE-2022-24303/49217", "specs": [ "<1.0.3rc1" ], @@ -71723,9 +72963,9 @@ }, { "advisory": "Mlrun 1.0.3rc1 adds command to install security fixes in Docker base image.\r\nhttps://github.com/mlrun/mlrun/pull/1997/commits/de4c87f478f8d76dd8e46942588c81ef0d0b481e", - "cve": "CVE-2021-35942", - "id": "pyup.io-49175", - "more_info_path": "/vulnerabilities/CVE-2021-35942/49175", + "cve": "CVE-2021-37701", + "id": "pyup.io-49211", + "more_info_path": "/vulnerabilities/CVE-2021-37701/49211", "specs": [ "<1.0.3rc1" ], @@ -71733,9 +72973,9 @@ }, { "advisory": "Mlrun 1.0.3rc1 adds command to install security fixes in Docker base image.\r\nhttps://github.com/mlrun/mlrun/pull/1997/commits/de4c87f478f8d76dd8e46942588c81ef0d0b481e", - "cve": "CVE-2021-32797", - "id": "pyup.io-49174", - "more_info_path": "/vulnerabilities/CVE-2021-32797/49174", + "cve": "CVE-2021-3918", + "id": "pyup.io-49171", + "more_info_path": "/vulnerabilities/CVE-2021-3918/49171", "specs": [ "<1.0.3rc1" ], @@ -71743,19 +72983,19 @@ }, { "advisory": "Mlrun 1.0.3rc1 adds command to install security fixes in Docker base image.\r\nhttps://github.com/mlrun/mlrun/pull/1997/commits/de4c87f478f8d76dd8e46942588c81ef0d0b481e", - "cve": "CVE-2020-6096", - "id": "pyup.io-49182", - "more_info_path": "/vulnerabilities/CVE-2020-6096/49182", + "cve": "CVE-2019-25013", + "id": "pyup.io-49185", + "more_info_path": "/vulnerabilities/CVE-2019-25013/49185", "specs": [ "<1.0.3rc1" ], "v": "<1.0.3rc1" }, { - "advisory": "Mlrun 1.0.3rc1 adds \"pillow~=9.0\" to requirements to tackle vulnerabilities.", - "cve": "CVE-2022-22816", - "id": "pyup.io-49218", - "more_info_path": "/vulnerabilities/CVE-2022-22816/49218", + "advisory": "Mlrun 1.0.3rc1 adds command to install security fixes in Docker base image.\r\nhttps://github.com/mlrun/mlrun/pull/1997/commits/de4c87f478f8d76dd8e46942588c81ef0d0b481e", + "cve": "CVE-2022-0536", + "id": "pyup.io-49168", + "more_info_path": "/vulnerabilities/CVE-2022-0536/49168", "specs": [ "<1.0.3rc1" ], @@ -71763,9 +73003,9 @@ }, { "advisory": "Mlrun 1.0.3rc1 adds command to install security fixes in Docker base image.\r\nhttps://github.com/mlrun/mlrun/pull/1997/commits/de4c87f478f8d76dd8e46942588c81ef0d0b481e", - "cve": "CVE-2021-33430", - "id": "pyup.io-49206", - "more_info_path": "/vulnerabilities/CVE-2021-33430/49206", + "cve": "CVE-2022-24757", + "id": "pyup.io-49172", + "more_info_path": "/vulnerabilities/CVE-2022-24757/49172", "specs": [ "<1.0.3rc1" ], @@ -71773,29 +73013,29 @@ }, { "advisory": "Mlrun 1.0.3rc1 adds command to install security fixes in Docker base image.\r\nhttps://github.com/mlrun/mlrun/pull/1997/commits/de4c87f478f8d76dd8e46942588c81ef0d0b481e", - "cve": "CVE-2021-23343", - "id": "pyup.io-49207", - "more_info_path": "/vulnerabilities/CVE-2021-23343/49207", + "cve": "CVE-2016-10228", + "id": "pyup.io-49200", + "more_info_path": "/vulnerabilities/CVE-2016-10228/49200", "specs": [ "<1.0.3rc1" ], "v": "<1.0.3rc1" }, { - "advisory": "Mlrun 1.0.3rc1 adds command to install security fixes in Docker base image.\r\nhttps://github.com/mlrun/mlrun/pull/1997/commits/de4c87f478f8d76dd8e46942588c81ef0d0b481e\r\nhttps://github.com/advisories/GHSA-hxwm-x553-x359", - "cve": "PVE-2022-49161", - "id": "pyup.io-49165", - "more_info_path": "/vulnerabilities/PVE-2022-49161/49165", + "advisory": "Mlrun 1.0.3rc1 adds \"notebook~=6.4\" to requirements to tackle vulnerabilities.", + "cve": "CVE-2021-32798", + "id": "pyup.io-49216", + "more_info_path": "/vulnerabilities/CVE-2021-32798/49216", "specs": [ "<1.0.3rc1" ], "v": "<1.0.3rc1" }, { - "advisory": "Mlrun 1.0.3rc1 adds command to install security fixes in Docker base image.\r\nhttps://github.com/mlrun/mlrun/pull/1997/commits/de4c87f478f8d76dd8e46942588c81ef0d0b481e", - "cve": "CVE-2021-33503", - "id": "pyup.io-49213", - "more_info_path": "/vulnerabilities/CVE-2021-33503/49213", + "advisory": "Mlrun 1.0.3rc1 adds \"notebook~=6.4\" to requirements to tackle vulnerabilities.", + "cve": "CVE-2022-24758", + "id": "pyup.io-49215", + "more_info_path": "/vulnerabilities/CVE-2022-24758/49215", "specs": [ "<1.0.3rc1" ], @@ -71803,19 +73043,19 @@ }, { "advisory": "Mlrun 1.0.3rc1 adds command to install security fixes in Docker base image.\r\nhttps://github.com/mlrun/mlrun/pull/1997/commits/de4c87f478f8d76dd8e46942588c81ef0d0b481e", - "cve": "CVE-2021-43138", - "id": "pyup.io-49167", - "more_info_path": "/vulnerabilities/CVE-2021-43138/49167", + "cve": "CVE-2021-37712", + "id": "pyup.io-49212", + "more_info_path": "/vulnerabilities/CVE-2021-37712/49212", "specs": [ "<1.0.3rc1" ], "v": "<1.0.3rc1" }, { - "advisory": "Mlrun 1.0.3rc1 adds \"pillow~=9.0\" to requirements to tackle vulnerabilities.", - "cve": "CVE-2022-22817", - "id": "pyup.io-49220", - "more_info_path": "/vulnerabilities/CVE-2022-22817/49220", + "advisory": "Mlrun 1.0.3rc1 adds command to install security fixes in Docker base image.\r\nhttps://github.com/mlrun/mlrun/pull/1997/commits/de4c87f478f8d76dd8e46942588c81ef0d0b481e", + "cve": "CVE-2022-23219", + "id": "pyup.io-49178", + "more_info_path": "/vulnerabilities/CVE-2022-23219/49178", "specs": [ "<1.0.3rc1" ], @@ -71823,9 +73063,9 @@ }, { "advisory": "Mlrun 1.0.3rc1 adds command to install security fixes in Docker base image.\r\nhttps://github.com/mlrun/mlrun/pull/1997/commits/de4c87f478f8d76dd8e46942588c81ef0d0b481e", - "cve": "CVE-2020-29562", - "id": "pyup.io-49184", - "more_info_path": "/vulnerabilities/CVE-2020-29562/49184", + "cve": "CVE-2021-3999", + "id": "pyup.io-49188", + "more_info_path": "/vulnerabilities/CVE-2021-3999/49188", "specs": [ "<1.0.3rc1" ], @@ -71833,29 +73073,29 @@ }, { "advisory": "Mlrun 1.0.3rc1 adds command to install security fixes in Docker base image.\r\nhttps://github.com/mlrun/mlrun/pull/1997/commits/de4c87f478f8d76dd8e46942588c81ef0d0b481e", - "cve": "CVE-2022-24785", - "id": "pyup.io-49205", - "more_info_path": "/vulnerabilities/CVE-2022-24785/49205", + "cve": "CVE-2020-6096", + "id": "pyup.io-49182", + "more_info_path": "/vulnerabilities/CVE-2020-6096/49182", "specs": [ "<1.0.3rc1" ], "v": "<1.0.3rc1" }, { - "advisory": "Mlrun 1.0.3rc1 adds command to install security fixes in Docker base image.\r\nhttps://github.com/mlrun/mlrun/pull/1997/commits/de4c87f478f8d76dd8e46942588c81ef0d0b481e", - "cve": "CVE-2021-32803", - "id": "pyup.io-49210", - "more_info_path": "/vulnerabilities/CVE-2021-32803/49210", + "advisory": "Mlrun 1.0.3rc1 adds command to install security fixes in Docker base image.\r\nhttps://github.com/mlrun/mlrun/pull/1997/commits/de4c87f478f8d76dd8e46942588c81ef0d0b481e\r\nhttps://github.com/advisories/GHSA-hxwm-x553-x359", + "cve": "PVE-2022-49161", + "id": "pyup.io-49165", + "more_info_path": "/vulnerabilities/PVE-2022-49161/49165", "specs": [ "<1.0.3rc1" ], "v": "<1.0.3rc1" }, { - "advisory": "Mlrun 1.0.3rc1 adds \"pillow~=9.0\" to requirements to tackle vulnerabilities.", - "cve": "CVE-2022-24303", - "id": "pyup.io-49217", - "more_info_path": "/vulnerabilities/CVE-2022-24303/49217", + "advisory": "Mlrun 1.0.3rc1 adds command to install security fixes in Docker base image.\r\nhttps://github.com/mlrun/mlrun/pull/1997/commits/de4c87f478f8d76dd8e46942588c81ef0d0b481e", + "cve": "CVE-2021-3997", + "id": "pyup.io-49204", + "more_info_path": "/vulnerabilities/CVE-2021-3997/49204", "specs": [ "<1.0.3rc1" ], @@ -71863,9 +73103,9 @@ }, { "advisory": "Mlrun 1.0.3rc1 adds command to install security fixes in Docker base image.\r\nhttps://github.com/mlrun/mlrun/pull/1997/commits/de4c87f478f8d76dd8e46942588c81ef0d0b481e", - "cve": "CVE-2021-39134", - "id": "pyup.io-49164", - "more_info_path": "/vulnerabilities/CVE-2021-39134/49164", + "cve": "CVE-2022-0155", + "id": "pyup.io-49169", + "more_info_path": "/vulnerabilities/CVE-2022-0155/49169", "specs": [ "<1.0.3rc1" ], @@ -71873,9 +73113,9 @@ }, { "advisory": "Mlrun 1.0.3rc1 adds command to install security fixes in Docker base image.\r\nhttps://github.com/mlrun/mlrun/pull/1997/commits/de4c87f478f8d76dd8e46942588c81ef0d0b481e", - "cve": "CVE-2021-3999", - "id": "pyup.io-49188", - "more_info_path": "/vulnerabilities/CVE-2021-3999/49188", + "cve": "CVE-2021-3326", + "id": "pyup.io-49179", + "more_info_path": "/vulnerabilities/CVE-2021-3326/49179", "specs": [ "<1.0.3rc1" ], @@ -71883,9 +73123,9 @@ }, { "advisory": "Mlrun 1.0.3rc1 adds command to install security fixes in Docker base image.\r\nhttps://github.com/mlrun/mlrun/pull/1997/commits/de4c87f478f8d76dd8e46942588c81ef0d0b481e", - "cve": "CVE-2021-3807", - "id": "pyup.io-49166", - "more_info_path": "/vulnerabilities/CVE-2021-3807/49166", + "cve": "CVE-2021-23343", + "id": "pyup.io-49207", + "more_info_path": "/vulnerabilities/CVE-2021-23343/49207", "specs": [ "<1.0.3rc1" ], @@ -71893,9 +73133,9 @@ }, { "advisory": "Mlrun 1.0.3rc1 adds command to install security fixes in Docker base image.\r\nhttps://github.com/mlrun/mlrun/pull/1997/commits/de4c87f478f8d76dd8e46942588c81ef0d0b481e", - "cve": "CVE-2020-27618", - "id": "pyup.io-49176", - "more_info_path": "/vulnerabilities/CVE-2020-27618/49176", + "cve": "CVE-2021-33430", + "id": "pyup.io-49206", + "more_info_path": "/vulnerabilities/CVE-2021-33430/49206", "specs": [ "<1.0.3rc1" ], @@ -71903,19 +73143,19 @@ }, { "advisory": "Mlrun 1.0.3rc1 adds command to install security fixes in Docker base image.\r\nhttps://github.com/mlrun/mlrun/pull/1997/commits/de4c87f478f8d76dd8e46942588c81ef0d0b481e", - "cve": "CVE-2016-10228", - "id": "pyup.io-49200", - "more_info_path": "/vulnerabilities/CVE-2016-10228/49200", + "cve": "CVE-2022-21699", + "id": "pyup.io-49170", + "more_info_path": "/vulnerabilities/CVE-2022-21699/49170", "specs": [ "<1.0.3rc1" ], "v": "<1.0.3rc1" }, { - "advisory": "Mlrun 1.0.3rc1 adds command to install security fixes in Docker base image.\r\nhttps://github.com/mlrun/mlrun/pull/1997/commits/de4c87f478f8d76dd8e46942588c81ef0d0b481e", - "cve": "CVE-2022-0155", - "id": "pyup.io-49169", - "more_info_path": "/vulnerabilities/CVE-2022-0155/49169", + "advisory": "Mlrun 1.0.3rc1 adds \"pillow~=9.0\" to requirements to tackle vulnerabilities.", + "cve": "CVE-2022-22816", + "id": "pyup.io-49218", + "more_info_path": "/vulnerabilities/CVE-2022-22816/49218", "specs": [ "<1.0.3rc1" ], @@ -71923,9 +73163,9 @@ }, { "advisory": "Mlrun 1.0.3rc1 adds command to install security fixes in Docker base image.\r\nhttps://github.com/mlrun/mlrun/pull/1997/commits/de4c87f478f8d76dd8e46942588c81ef0d0b481e", - "cve": "CVE-2021-37701", - "id": "pyup.io-49211", - "more_info_path": "/vulnerabilities/CVE-2021-37701/49211", + "cve": "CVE-2021-32804", + "id": "pyup.io-49208", + "more_info_path": "/vulnerabilities/CVE-2021-32804/49208", "specs": [ "<1.0.3rc1" ], @@ -71933,9 +73173,9 @@ }, { "advisory": "Mlrun 1.0.3rc1 adds command to install security fixes in Docker base image.\r\nhttps://github.com/mlrun/mlrun/pull/1997/commits/de4c87f478f8d76dd8e46942588c81ef0d0b481e", - "cve": "CVE-2021-37712", - "id": "pyup.io-49212", - "more_info_path": "/vulnerabilities/CVE-2021-37712/49212", + "cve": "CVE-2022-24785", + "id": "pyup.io-49205", + "more_info_path": "/vulnerabilities/CVE-2022-24785/49205", "specs": [ "<1.0.3rc1" ], @@ -71943,9 +73183,19 @@ }, { "advisory": "Mlrun 1.0.4rc1 updates its dependency 'storey' to v1.0.5 to fix transitive vulnerabilities related to NumPy.", - "cve": "CVE-2021-41496", - "id": "pyup.io-49352", - "more_info_path": "/vulnerabilities/CVE-2021-41496/49352", + "cve": "CVE-2021-41495", + "id": "pyup.io-49372", + "more_info_path": "/vulnerabilities/CVE-2021-41495/49372", + "specs": [ + "<1.0.4rc1" + ], + "v": "<1.0.4rc1" + }, + { + "advisory": "Mlrun 1.0.4rc1 updates its dependency 'Fastapi' to v0.78.0 to fix a transitive vulnerability related to 'ujson'.", + "cve": "CVE-2021-45958", + "id": "pyup.io-49374", + "more_info_path": "/vulnerabilities/CVE-2021-45958/49374", "specs": [ "<1.0.4rc1" ], @@ -71962,40 +73212,50 @@ "v": "<1.0.4rc1" }, { - "advisory": "Mlrun 1.0.4rc1 updates its dependency 'Fastapi' to v0.78.0 to fix a transitive vulnerability related to 'ujson'.", - "cve": "CVE-2021-45958", - "id": "pyup.io-49374", - "more_info_path": "/vulnerabilities/CVE-2021-45958/49374", + "advisory": "Mlrun 1.0.4rc1 updates its dependency 'storey' to v1.0.5 to fix transitive vulnerabilities related to NumPy.", + "cve": "CVE-2021-41496", + "id": "pyup.io-49352", + "more_info_path": "/vulnerabilities/CVE-2021-41496/49352", "specs": [ "<1.0.4rc1" ], "v": "<1.0.4rc1" }, { - "advisory": "Mlrun 1.0.4rc1 updates its dependency 'storey' to v1.0.5 to fix transitive vulnerabilities related to NumPy.", - "cve": "CVE-2021-41495", - "id": "pyup.io-49372", - "more_info_path": "/vulnerabilities/CVE-2021-41495/49372", + "advisory": "Mlrun 1.1.0 updates the NPM package '@npmcli/git' in its base image to include a security fix.\r\nhttps://github.com/advisories/GHSA-hxwm-x553-x359", + "cve": "PVE-2022-50919", + "id": "pyup.io-50986", + "more_info_path": "/vulnerabilities/PVE-2022-50919/50986", "specs": [ - "<1.0.4rc1" + "<1.1.0" ], - "v": "<1.0.4rc1" + "v": "<1.1.0" }, { - "advisory": "Mlrun 1.1.0 updates the Python package 'jupyter-server' in its base image to include a security fix.\r\nhttps://github.com/mlrun/mlrun/pull/1997", - "cve": "CVE-2022-24757", - "id": "pyup.io-51001", - "more_info_path": "/vulnerabilities/CVE-2022-24757/51001", + "advisory": "Mlrun 1.1.0 updates the NPM package 'tar' in its base image to include security fixes.\r\nhttps://github.com/mlrun/mlrun/pull/1997", + "cve": "CVE-2021-37713", + "id": "pyup.io-50995", + "more_info_path": "/vulnerabilities/CVE-2021-37713/50995", "specs": [ "<1.1.0" ], "v": "<1.1.0" }, { - "advisory": "Mlrun 1.1.0 updates the Python package 'numpy' in its base image to include a security fix.\r\nhttps://github.com/mlrun/mlrun/pull/1997", - "cve": "CVE-2021-33430", - "id": "pyup.io-51005", - "more_info_path": "/vulnerabilities/CVE-2021-33430/51005", + "advisory": "Mlrun 1.1.0 updates the NPM package '@npmcli/arborist' in its base image to include security fixes.", + "cve": "CVE-2021-39135", + "id": "pyup.io-50919", + "more_info_path": "/vulnerabilities/CVE-2021-39135/50919", + "specs": [ + "<1.1.0" + ], + "v": "<1.1.0" + }, + { + "advisory": "Mlrun 1.1.0 updates the NPM package '@npmcli/arborist' in its base image to include security fixes.", + "cve": "CVE-2021-39134", + "id": "pyup.io-50985", + "more_info_path": "/vulnerabilities/CVE-2021-39134/50985", "specs": [ "<1.1.0" ], @@ -72003,59 +73263,79 @@ }, { "advisory": "Mlrun 1.1.0 updates the packages 'libc-bin', 'libc-dev-bin', 'libc6', 'libc6-dev' and 'locales' in its base image to include security fixes.\r\nhttps://github.com/mlrun/mlrun/pull/1997", - "cve": "CVE-2021-35942", - "id": "pyup.io-51007", - "more_info_path": "/vulnerabilities/CVE-2021-35942/51007", + "cve": "CVE-2020-27618", + "id": "pyup.io-51008", + "more_info_path": "/vulnerabilities/CVE-2020-27618/51008", "specs": [ "<1.1.0" ], "v": "<1.1.0" }, { - "advisory": "Mlrun 1.1.0 updates the NPM package 'tar' in its base image to include security fixes.\r\nhttps://github.com/mlrun/mlrun/pull/1997", - "cve": "CVE-2021-32804", - "id": "pyup.io-50994", - "more_info_path": "/vulnerabilities/CVE-2021-32804/50994", + "advisory": "Mlrun 1.1.0 updates the NPM package 'json-schema' in its base image to include a security fix.\r\nhttps://github.com/mlrun/mlrun/pull/1997", + "cve": "CVE-2021-3918", + "id": "pyup.io-50991", + "more_info_path": "/vulnerabilities/CVE-2021-3918/50991", "specs": [ "<1.1.0" ], "v": "<1.1.0" }, { - "advisory": "Mlrun 1.1.0 updates the NPM package 'follow-redirects' in its base image to include a security fix.\r\nhttps://github.com/mlrun/mlrun/pull/1997", - "cve": "CVE-2022-0536", - "id": "pyup.io-50989", - "more_info_path": "/vulnerabilities/CVE-2022-0536/50989", + "advisory": "Mlrun 1.1.0 updates the packages 'libc-bin', 'libc-dev-bin', 'libc6', 'libc6-dev' and 'locales' in its base image to include security fixes.\r\nhttps://github.com/mlrun/mlrun/pull/1997", + "cve": "CVE-2022-23218", + "id": "pyup.io-51012", + "more_info_path": "/vulnerabilities/CVE-2022-23218/51012", "specs": [ "<1.1.0" ], "v": "<1.1.0" }, { - "advisory": "Mlrun 1.1.0 updates the NPM package 'ansi-regex' in its base image to include a security fix.\r\nhttps://github.com/mlrun/mlrun/pull/1997", - "cve": "CVE-2021-3807", - "id": "pyup.io-50987", - "more_info_path": "/vulnerabilities/CVE-2021-3807/50987", + "advisory": "Mlrun 1.1.0 updates the packages 'libsystemd0' and 'libudev1' in its base image to include security fixes.\r\nhttps://github.com/mlrun/mlrun/pull/1997", + "cve": "CVE-2020-13529", + "id": "pyup.io-51019", + "more_info_path": "/vulnerabilities/CVE-2020-13529/51019", "specs": [ "<1.1.0" ], "v": "<1.1.0" }, { - "advisory": "Mlrun 1.1.0 updates the NPM package 'json-schema' in its base image to include a security fix.\r\nhttps://github.com/mlrun/mlrun/pull/1997", - "cve": "CVE-2021-3918", - "id": "pyup.io-50991", - "more_info_path": "/vulnerabilities/CVE-2021-3918/50991", + "advisory": "Mlrun 1.1.0 updates the packages 'libc-bin', 'libc-dev-bin', 'libc6', 'libc6-dev' and 'locales' in its base image to include security fixes.\r\nhttps://github.com/mlrun/mlrun/pull/1997", + "cve": "CVE-2021-3326", + "id": "pyup.io-51011", + "more_info_path": "/vulnerabilities/CVE-2021-3326/51011", "specs": [ "<1.1.0" ], "v": "<1.1.0" }, { - "advisory": "Mlrun 1.1.0 updates the NPM package '@npmcli/git' in its base image to include a security fix.\r\nhttps://github.com/advisories/GHSA-hxwm-x553-x359", - "cve": "PVE-2022-50919", - "id": "pyup.io-50986", - "more_info_path": "/vulnerabilities/PVE-2022-50919/50986", + "advisory": "Mlrun 1.1.0 updates the NPM package 'path-parse' in its base image to include a security fix.\r\nhttps://github.com/mlrun/mlrun/pull/1997", + "cve": "CVE-2021-23343", + "id": "pyup.io-50993", + "more_info_path": "/vulnerabilities/CVE-2021-23343/50993", + "specs": [ + "<1.1.0" + ], + "v": "<1.1.0" + }, + { + "advisory": "Mlrun 1.1.0 updates the NPM package 'ansi-regex' in its base image to include a security fix.\r\nhttps://github.com/mlrun/mlrun/pull/1997", + "cve": "CVE-2021-3807", + "id": "pyup.io-50987", + "more_info_path": "/vulnerabilities/CVE-2021-3807/50987", + "specs": [ + "<1.1.0" + ], + "v": "<1.1.0" + }, + { + "advisory": "Mlrun 1.1.0 updates the packages 'libc-bin', 'libc-dev-bin', 'libc6', 'libc6-dev' and 'locales' in its base image to include security fixes.\r\nhttps://github.com/mlrun/mlrun/pull/1997", + "cve": "CVE-2020-29562", + "id": "pyup.io-51016", + "more_info_path": "/vulnerabilities/CVE-2020-29562/51016", "specs": [ "<1.1.0" ], @@ -72072,70 +73352,70 @@ "v": "<1.1.0" }, { - "advisory": "Mlrun 1.1.0 updates the NPM package 'follow-redirects' in its base image to include security fixes.\r\nhttps://github.com/mlrun/mlrun/pull/1997", - "cve": "CVE-2022-0155", - "id": "pyup.io-50990", - "more_info_path": "/vulnerabilities/CVE-2022-0155/50990", + "advisory": "Mlrun 1.1.0 updates the NPM package 'tar' in its base image to include security fixes.\r\nhttps://github.com/mlrun/mlrun/pull/1997", + "cve": "CVE-2021-37701", + "id": "pyup.io-50997", + "more_info_path": "/vulnerabilities/CVE-2021-37701/50997", "specs": [ "<1.1.0" ], "v": "<1.1.0" }, { - "advisory": "Mlrun 1.1.0 updates the packages 'libsystemd0' and 'libudev1' in its base image to include security fixes.\r\nhttps://github.com/mlrun/mlrun/pull/1997", - "cve": "CVE-2020-13529", - "id": "pyup.io-51019", - "more_info_path": "/vulnerabilities/CVE-2020-13529/51019", + "advisory": "Mlrun 1.1.0 updates the packages 'libc-bin', 'libc-dev-bin', 'libc6', 'libc6-dev' and 'locales' in its base image to include security fixes.\r\nhttps://github.com/mlrun/mlrun/pull/1997", + "cve": "CVE-2019-25013", + "id": "pyup.io-51017", + "more_info_path": "/vulnerabilities/CVE-2019-25013/51017", "specs": [ "<1.1.0" ], "v": "<1.1.0" }, { - "advisory": "Mlrun 1.1.0 updates the NPM package '@npmcli/arborist' in its base image to include security fixes.", - "cve": "CVE-2021-39135", - "id": "pyup.io-50919", - "more_info_path": "/vulnerabilities/CVE-2021-39135/50919", + "advisory": "Mlrun 1.1.0 updates the NPM package 'moment' in its base image to include a security fix.\r\nhttps://github.com/mlrun/mlrun/pull/1997", + "cve": "CVE-2022-24785", + "id": "pyup.io-50992", + "more_info_path": "/vulnerabilities/CVE-2022-24785/50992", "specs": [ "<1.1.0" ], "v": "<1.1.0" }, { - "advisory": "Mlrun 1.1.0 updates the Python package 'ipython' in its base image to include a security fix.\r\nhttps://github.com/mlrun/mlrun/pull/1997", - "cve": "CVE-2022-21699", - "id": "pyup.io-51004", - "more_info_path": "/vulnerabilities/CVE-2022-21699/51004", + "advisory": "Mlrun 1.1.0 updates the packages 'libc-bin', 'libc-dev-bin', 'libc6', 'libc6-dev' and 'locales' in its base image to include security fixes.\r\nhttps://github.com/mlrun/mlrun/pull/1997", + "cve": "CVE-2021-35942", + "id": "pyup.io-51007", + "more_info_path": "/vulnerabilities/CVE-2021-35942/51007", "specs": [ "<1.1.0" ], "v": "<1.1.0" }, { - "advisory": "Mlrun 1.1.0 updates the packages 'libc-bin', 'libc-dev-bin', 'libc6', 'libc6-dev' and 'locales' in its base image to include security fixes.\r\nhttps://github.com/mlrun/mlrun/pull/1997", - "cve": "CVE-2022-23218", - "id": "pyup.io-51012", - "more_info_path": "/vulnerabilities/CVE-2022-23218/51012", + "advisory": "Mlrun 1.1.0 updates the NPM package 'follow-redirects' in its base image to include security fixes.\r\nhttps://github.com/mlrun/mlrun/pull/1997", + "cve": "CVE-2022-0155", + "id": "pyup.io-50990", + "more_info_path": "/vulnerabilities/CVE-2022-0155/50990", "specs": [ "<1.1.0" ], "v": "<1.1.0" }, { - "advisory": "Mlrun 1.1.0 updates the packages 'libc-bin', 'libc-dev-bin', 'libc6', 'libc6-dev' and 'locales' in its base image to include security fixes.\r\nhttps://github.com/mlrun/mlrun/pull/1997", - "cve": "CVE-2021-3999", - "id": "pyup.io-51013", - "more_info_path": "/vulnerabilities/CVE-2021-3999/51013", + "advisory": "Mlrun 1.1.0 updates the NPM package 'tar' in its base image to include security fixes.\r\nhttps://github.com/mlrun/mlrun/pull/1997", + "cve": "CVE-2021-37712", + "id": "pyup.io-51000", + "more_info_path": "/vulnerabilities/CVE-2021-37712/51000", "specs": [ "<1.1.0" ], "v": "<1.1.0" }, { - "advisory": "Mlrun 1.1.0 updates the packages 'libsystemd0' and 'libudev1' in its base image to include security fixes.\r\nhttps://github.com/mlrun/mlrun/pull/1997", - "cve": "CVE-2021-3997", - "id": "pyup.io-51020", - "more_info_path": "/vulnerabilities/CVE-2021-3997/51020", + "advisory": "Mlrun 1.1.0 updates the Python package 'jupyterhub' in its base image to include a security fix.\r\nhttps://github.com/mlrun/mlrun/pull/1997", + "cve": "CVE-2021-41247", + "id": "pyup.io-51002", + "more_info_path": "/vulnerabilities/CVE-2021-41247/51002", "specs": [ "<1.1.0" ], @@ -72161,41 +73441,11 @@ ], "v": "<1.1.0" }, - { - "advisory": "Mlrun 1.1.0 updates the Python package 'urllib3' in its base image to include a security fix.\r\nhttps://github.com/mlrun/mlrun/pull/1997", - "cve": "CVE-2021-33503", - "id": "pyup.io-51006", - "more_info_path": "/vulnerabilities/CVE-2021-33503/51006", - "specs": [ - "<1.1.0" - ], - "v": "<1.1.0" - }, - { - "advisory": "Mlrun 1.1.0 updates the NPM package 'moment' in its base image to include a security fix.\r\nhttps://github.com/mlrun/mlrun/pull/1997", - "cve": "CVE-2022-24785", - "id": "pyup.io-50992", - "more_info_path": "/vulnerabilities/CVE-2022-24785/50992", - "specs": [ - "<1.1.0" - ], - "v": "<1.1.0" - }, - { - "advisory": "Mlrun 1.1.0 updates the NPM package 'tar' in its base image to include security fixes.\r\nhttps://github.com/mlrun/mlrun/pull/1997", - "cve": "CVE-2021-37713", - "id": "pyup.io-50995", - "more_info_path": "/vulnerabilities/CVE-2021-37713/50995", - "specs": [ - "<1.1.0" - ], - "v": "<1.1.0" - }, { "advisory": "Mlrun 1.1.0 updates the packages 'libc-bin', 'libc-dev-bin', 'libc6', 'libc6-dev' and 'locales' in its base image to include security fixes.\r\nhttps://github.com/mlrun/mlrun/pull/1997", - "cve": "CVE-2020-6096", - "id": "pyup.io-51014", - "more_info_path": "/vulnerabilities/CVE-2020-6096/51014", + "cve": "CVE-2021-27645", + "id": "pyup.io-51009", + "more_info_path": "/vulnerabilities/CVE-2021-27645/51009", "specs": [ "<1.1.0" ], @@ -72203,19 +73453,19 @@ }, { "advisory": "Mlrun 1.1.0 updates the NPM package 'tar' in its base image to include security fixes.\r\nhttps://github.com/mlrun/mlrun/pull/1997", - "cve": "CVE-2021-32803", - "id": "pyup.io-50996", - "more_info_path": "/vulnerabilities/CVE-2021-32803/50996", + "cve": "CVE-2021-32804", + "id": "pyup.io-50994", + "more_info_path": "/vulnerabilities/CVE-2021-32804/50994", "specs": [ "<1.1.0" ], "v": "<1.1.0" }, { - "advisory": "Mlrun 1.1.0 updates the Python package 'jupyterhub' in its base image to include a security fix.\r\nhttps://github.com/mlrun/mlrun/pull/1997", - "cve": "CVE-2021-41247", - "id": "pyup.io-51002", - "more_info_path": "/vulnerabilities/CVE-2021-41247/51002", + "advisory": "Mlrun 1.1.0 updates the NPM package 'follow-redirects' in its base image to include a security fix.\r\nhttps://github.com/mlrun/mlrun/pull/1997", + "cve": "CVE-2022-0536", + "id": "pyup.io-50989", + "more_info_path": "/vulnerabilities/CVE-2022-0536/50989", "specs": [ "<1.1.0" ], @@ -72223,29 +73473,29 @@ }, { "advisory": "Mlrun 1.1.0 updates the packages 'libsystemd0' and 'libudev1' in its base image to include security fixes.\r\nhttps://github.com/mlrun/mlrun/pull/1997", - "cve": "CVE-2021-33910", - "id": "pyup.io-51018", - "more_info_path": "/vulnerabilities/CVE-2021-33910/51018", + "cve": "CVE-2021-3997", + "id": "pyup.io-51020", + "more_info_path": "/vulnerabilities/CVE-2021-3997/51020", "specs": [ "<1.1.0" ], "v": "<1.1.0" }, { - "advisory": "Mlrun 1.1.0 updates the NPM package '@npmcli/arborist' in its base image to include security fixes.", - "cve": "CVE-2021-39134", - "id": "pyup.io-50985", - "more_info_path": "/vulnerabilities/CVE-2021-39134/50985", + "advisory": "Mlrun 1.1.0 updates the Python package 'urllib3' in its base image to include a security fix.\r\nhttps://github.com/mlrun/mlrun/pull/1997", + "cve": "CVE-2021-33503", + "id": "pyup.io-51006", + "more_info_path": "/vulnerabilities/CVE-2021-33503/51006", "specs": [ "<1.1.0" ], "v": "<1.1.0" }, { - "advisory": "Mlrun 1.1.0 updates the packages 'libc-bin', 'libc-dev-bin', 'libc6', 'libc6-dev' and 'locales' in its base image to include security fixes.\r\nhttps://github.com/mlrun/mlrun/pull/1997", - "cve": "CVE-2020-27618", - "id": "pyup.io-51008", - "more_info_path": "/vulnerabilities/CVE-2020-27618/51008", + "advisory": "Mlrun 1.1.0 updates the Python package 'ipython' in its base image to include a security fix.\r\nhttps://github.com/mlrun/mlrun/pull/1997", + "cve": "CVE-2022-21699", + "id": "pyup.io-51004", + "more_info_path": "/vulnerabilities/CVE-2022-21699/51004", "specs": [ "<1.1.0" ], @@ -72253,19 +73503,9 @@ }, { "advisory": "Mlrun 1.1.0 updates the packages 'libc-bin', 'libc-dev-bin', 'libc6', 'libc6-dev' and 'locales' in its base image to include security fixes.\r\nhttps://github.com/mlrun/mlrun/pull/1997", - "cve": "CVE-2020-29562", - "id": "pyup.io-51016", - "more_info_path": "/vulnerabilities/CVE-2020-29562/51016", - "specs": [ - "<1.1.0" - ], - "v": "<1.1.0" - }, - { - "advisory": "Mlrun 1.1.0 updates the NPM package 'tar' in its base image to include security fixes.\r\nhttps://github.com/mlrun/mlrun/pull/1997", - "cve": "CVE-2021-37701", - "id": "pyup.io-50997", - "more_info_path": "/vulnerabilities/CVE-2021-37701/50997", + "cve": "CVE-2020-6096", + "id": "pyup.io-51014", + "more_info_path": "/vulnerabilities/CVE-2020-6096/51014", "specs": [ "<1.1.0" ], @@ -72273,29 +73513,29 @@ }, { "advisory": "Mlrun 1.1.0 updates the packages 'libc-bin', 'libc-dev-bin', 'libc6', 'libc6-dev' and 'locales' in its base image to include security fixes.\r\nhttps://github.com/mlrun/mlrun/pull/1997", - "cve": "CVE-2021-3326", - "id": "pyup.io-51011", - "more_info_path": "/vulnerabilities/CVE-2021-3326/51011", + "cve": "CVE-2021-3999", + "id": "pyup.io-51013", + "more_info_path": "/vulnerabilities/CVE-2021-3999/51013", "specs": [ "<1.1.0" ], "v": "<1.1.0" }, { - "advisory": "Mlrun 1.1.0 updates the NPM package 'tar' in its base image to include security fixes.\r\nhttps://github.com/mlrun/mlrun/pull/1997", - "cve": "CVE-2021-37712", - "id": "pyup.io-51000", - "more_info_path": "/vulnerabilities/CVE-2021-37712/51000", + "advisory": "Mlrun 1.1.0 updates the Python package 'jupyter-server' in its base image to include a security fix.\r\nhttps://github.com/mlrun/mlrun/pull/1997", + "cve": "CVE-2022-24757", + "id": "pyup.io-51001", + "more_info_path": "/vulnerabilities/CVE-2022-24757/51001", "specs": [ "<1.1.0" ], "v": "<1.1.0" }, { - "advisory": "Mlrun 1.1.0 updates the packages 'libc-bin', 'libc-dev-bin', 'libc6', 'libc6-dev' and 'locales' in its base image to include security fixes.\r\nhttps://github.com/mlrun/mlrun/pull/1997", - "cve": "CVE-2021-27645", - "id": "pyup.io-51009", - "more_info_path": "/vulnerabilities/CVE-2021-27645/51009", + "advisory": "Mlrun 1.1.0 updates the packages 'libsystemd0' and 'libudev1' in its base image to include security fixes.\r\nhttps://github.com/mlrun/mlrun/pull/1997", + "cve": "CVE-2021-33910", + "id": "pyup.io-51018", + "more_info_path": "/vulnerabilities/CVE-2021-33910/51018", "specs": [ "<1.1.0" ], @@ -72303,29 +73543,29 @@ }, { "advisory": "Mlrun 1.1.0 updates the packages 'libc-bin', 'libc-dev-bin', 'libc6', 'libc6-dev' and 'locales' in its base image to include security fixes.\r\nhttps://github.com/mlrun/mlrun/pull/1997", - "cve": "CVE-2019-25013", - "id": "pyup.io-51017", - "more_info_path": "/vulnerabilities/CVE-2019-25013/51017", + "cve": "CVE-2016-10228", + "id": "pyup.io-51015", + "more_info_path": "/vulnerabilities/CVE-2016-10228/51015", "specs": [ "<1.1.0" ], "v": "<1.1.0" }, { - "advisory": "Mlrun 1.1.0 updates the NPM package 'path-parse' in its base image to include a security fix.\r\nhttps://github.com/mlrun/mlrun/pull/1997", - "cve": "CVE-2021-23343", - "id": "pyup.io-50993", - "more_info_path": "/vulnerabilities/CVE-2021-23343/50993", + "advisory": "Mlrun 1.1.0 updates the Python package 'numpy' in its base image to include a security fix.\r\nhttps://github.com/mlrun/mlrun/pull/1997", + "cve": "CVE-2021-33430", + "id": "pyup.io-51005", + "more_info_path": "/vulnerabilities/CVE-2021-33430/51005", "specs": [ "<1.1.0" ], "v": "<1.1.0" }, { - "advisory": "Mlrun 1.1.0 updates the packages 'libc-bin', 'libc-dev-bin', 'libc6', 'libc6-dev' and 'locales' in its base image to include security fixes.\r\nhttps://github.com/mlrun/mlrun/pull/1997", - "cve": "CVE-2016-10228", - "id": "pyup.io-51015", - "more_info_path": "/vulnerabilities/CVE-2016-10228/51015", + "advisory": "Mlrun 1.1.0 updates the NPM package 'tar' in its base image to include security fixes.\r\nhttps://github.com/mlrun/mlrun/pull/1997", + "cve": "CVE-2021-32803", + "id": "pyup.io-50996", + "more_info_path": "/vulnerabilities/CVE-2021-32803/50996", "specs": [ "<1.1.0" ], @@ -72647,16 +73887,6 @@ ], "v": "<2.13" }, - { - "advisory": "Mmpm 2.13 updates its NPM dependency 'tar' to v4.4.19 to include security fixes.", - "cve": "CVE-2021-37712", - "id": "pyup.io-48425", - "more_info_path": "/vulnerabilities/CVE-2021-37712/48425", - "specs": [ - "<2.13" - ], - "v": "<2.13" - }, { "advisory": "Mmpm 2.13 updates its NPM dependency 'tar' to v4.4.19 to include security fixes.", "cve": "CVE-2021-37713", @@ -72766,6 +73996,16 @@ "<2.13" ], "v": "<2.13" + }, + { + "advisory": "Mmpm 2.13 updates its NPM dependency 'tar' to v4.4.19 to include security fixes.", + "cve": "CVE-2021-37712", + "id": "pyup.io-48425", + "more_info_path": "/vulnerabilities/CVE-2021-37712/48425", + "specs": [ + "<2.13" + ], + "v": "<2.13" } ], "mobsf": [ @@ -72815,6 +74055,16 @@ } ], "mod-wsgi": [ + { + "advisory": "Mod-wsgi 3.5 includes a fix for CVE-2014-0240: Local privilege escalation when using daemon mode.\r\nhttps://github.com/GrahamDumpleton/mod_wsgi/commit/d9d5fea585b23991f76532a9b07de7fcd3b649f4", + "cve": "CVE-2014-0240", + "id": "pyup.io-61532", + "more_info_path": "/vulnerabilities/CVE-2014-0240/61532", + "specs": [ + "<3.5" + ], + "v": "<3.5" + }, { "advisory": "A vulnerability was found in mod_wsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing.", "cve": "CVE-2022-2255", @@ -72933,16 +74183,6 @@ ], "v": ">=0" }, - { - "advisory": "Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4.", - "cve": "CVE-2023-0406", - "id": "pyup.io-54618", - "more_info_path": "/vulnerabilities/CVE-2023-0406/54618", - "specs": [ - ">=0,<2.0.4" - ], - "v": ">=0,<2.0.4" - }, { "advisory": "Improper Restriction of Excessive Authentication Attempts in GitHub repository modoboa/modoboa-installer prior to 2.0.4.", "cve": "CVE-2023-0860", @@ -72963,6 +74203,16 @@ ], "v": ">=0,<2.0.4" }, + { + "advisory": "Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4.", + "cve": "CVE-2023-0406", + "id": "pyup.io-54618", + "more_info_path": "/vulnerabilities/CVE-2023-0406/54618", + "specs": [ + ">=0,<2.0.4" + ], + "v": ">=0,<2.0.4" + }, { "advisory": "Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4.", "cve": "CVE-2023-0438", @@ -73206,6 +74456,16 @@ ], "v": "<=1.5.8" }, + { + "advisory": "MoinMoin 1.7.1 allows remote attackers to bypass the textcha protection mechanism by modifying the textcha-question and textcha-answer fields to have empty values.", + "cve": "CVE-2010-1238", + "id": "pyup.io-61690", + "more_info_path": "/vulnerabilities/CVE-2010-1238/61690", + "specs": [ + "==1.7.1" + ], + "v": "==1.7.1" + }, { "advisory": "Moin 1.9.9 includes a fix for CVE-2016-7148: MoinMoin 1.9.8 allows remote attackers to conduct \"JavaScript injection\" attacks by using the \"page creation\" approach, related to a \"Cross Site Scripting (XSS)\" issue affecting the action=AttachFile (via page name) component.", "cve": "CVE-2016-7148", @@ -73632,20 +74892,20 @@ "v": "<0.13.0" }, { - "advisory": "Mosaicml 0.13.0 updates its dependency 'ipython' to v8.11.0 in Dockerfile to include a security fix.\r\nhttps://github.com/mosaicml/composer/pull/2007", - "cve": "CVE-2023-24816", - "id": "pyup.io-53698", - "more_info_path": "/vulnerabilities/CVE-2023-24816/53698", + "advisory": "Mosaicml 0.13.0 updates its dependency 'pillow' to v9.0.0 in Dockerfile to include security fixes.\r\nhttps://github.com/mosaicml/composer/pull/2007", + "cve": "PVE-2021-44525", + "id": "pyup.io-53702", + "more_info_path": "/vulnerabilities/PVE-2021-44525/53702", "specs": [ "<0.13.0" ], "v": "<0.13.0" }, { - "advisory": "Mosaicml 0.13.0 updates its dependency 'pillow' to v9.0.0 in Dockerfile to include security fixes.\r\nhttps://github.com/mosaicml/composer/pull/2007", - "cve": "PVE-2021-44525", - "id": "pyup.io-53702", - "more_info_path": "/vulnerabilities/PVE-2021-44525/53702", + "advisory": "Mosaicml 0.13.0 updates its dependency 'urllib3' requirement to '>=1.26.5,<2'' in Dockerfile to include a security fix.\r\nhttps://github.com/mosaicml/composer/pull/2007", + "cve": "CVE-2021-33503", + "id": "pyup.io-53699", + "more_info_path": "/vulnerabilities/CVE-2021-33503/53699", "specs": [ "<0.13.0" ], @@ -73653,29 +74913,29 @@ }, { "advisory": "Mosaicml 0.13.0 updates its dependency 'pillow' to v9.0.0 in Dockerfile to include security fixes.\r\nhttps://github.com/mosaicml/composer/pull/2007", - "cve": "CVE-2022-22816", - "id": "pyup.io-53704", - "more_info_path": "/vulnerabilities/CVE-2022-22816/53704", + "cve": "PVE-2022-44524", + "id": "pyup.io-53703", + "more_info_path": "/vulnerabilities/PVE-2022-44524/53703", "specs": [ "<0.13.0" ], "v": "<0.13.0" }, { - "advisory": "Mosaicml 0.13.0 updates its dependency 'urllib3' requirement to '>=1.26.5,<2'' in Dockerfile to include a security fix.\r\nhttps://github.com/mosaicml/composer/pull/2007", - "cve": "CVE-2021-33503", - "id": "pyup.io-53699", - "more_info_path": "/vulnerabilities/CVE-2021-33503/53699", + "advisory": "Mosaicml 0.13.0 updates its dependency 'pillow' to v9.0.0 in Dockerfile to include security fixes.\r\nhttps://github.com/mosaicml/composer/pull/2007", + "cve": "CVE-2022-22816", + "id": "pyup.io-53704", + "more_info_path": "/vulnerabilities/CVE-2022-22816/53704", "specs": [ "<0.13.0" ], "v": "<0.13.0" }, { - "advisory": "Mosaicml 0.13.0 updates its dependency 'pillow' to v9.0.0 in Dockerfile to include security fixes.\r\nhttps://github.com/mosaicml/composer/pull/2007", - "cve": "PVE-2022-44524", - "id": "pyup.io-53703", - "more_info_path": "/vulnerabilities/PVE-2022-44524/53703", + "advisory": "Mosaicml 0.13.0 updates its dependency 'ipython' to v8.11.0 in Dockerfile to include a security fix.\r\nhttps://github.com/mosaicml/composer/pull/2007", + "cve": "CVE-2023-24816", + "id": "pyup.io-53698", + "more_info_path": "/vulnerabilities/CVE-2023-24816/53698", "specs": [ "<0.13.0" ], @@ -74088,16 +75348,6 @@ } ], "msticpy": [ - { - "advisory": "Msticpy 1.1.0 updates its dependency 'lxml' to v4.6.3 to include security fixes.", - "cve": "CVE-2020-27783", - "id": "pyup.io-43646", - "more_info_path": "/vulnerabilities/CVE-2020-27783/43646", - "specs": [ - "<1.1.0" - ], - "v": "<1.1.0" - }, { "advisory": "Msticpy 1.1.0 updates its dependency 'lxml' to v4.6.3 to include security fixes.", "cve": "CVE-2021-28957", @@ -74110,9 +75360,9 @@ }, { "advisory": "Msticpy 1.1.0 updates its dependency 'lxml' to v4.6.3 to include security fixes.", - "cve": "PVE-2021-39195", - "id": "pyup.io-43645", - "more_info_path": "/vulnerabilities/PVE-2021-39195/43645", + "cve": "CVE-2020-27783", + "id": "pyup.io-43646", + "more_info_path": "/vulnerabilities/CVE-2020-27783/43646", "specs": [ "<1.1.0" ], @@ -74138,6 +75388,16 @@ ], "v": "<1.1.0" }, + { + "advisory": "Msticpy 1.1.0 updates its dependency 'lxml' to v4.6.3 to include security fixes.", + "cve": "PVE-2021-39195", + "id": "pyup.io-43645", + "more_info_path": "/vulnerabilities/PVE-2021-39195/43645", + "specs": [ + "<1.1.0" + ], + "v": "<1.1.0" + }, { "advisory": "Msticpy 1.8.2 removes ability to use plaintext token cache because of security concerns.\r\nhttps://github.com/microsoft/msticpy/pull/413", "cve": "PVE-2022-48630", @@ -74160,16 +75420,6 @@ } ], "mstr-rest-requests": [ - { - "advisory": "Mstr-rest-requests 0.12.4 updates its dependency 'urllib3' to v1.26.7 to include security fixes.", - "cve": "CVE-2019-11236", - "id": "pyup.io-45305", - "more_info_path": "/vulnerabilities/CVE-2019-11236/45305", - "specs": [ - "<0.12.4" - ], - "v": "<0.12.4" - }, { "advisory": "Mstr-rest-requests 0.12.4 updates its dependency 'babel' to v2.9.1 to include security fixes.", "cve": "CVE-2021-42771", @@ -74180,16 +75430,6 @@ ], "v": "<0.12.4" }, - { - "advisory": "Mstr-rest-requests 0.12.4 updates its dependency 'urllib3' to v1.26.7 to include security fixes.", - "cve": "CVE-2019-11324", - "id": "pyup.io-45304", - "more_info_path": "/vulnerabilities/CVE-2019-11324/45304", - "specs": [ - "<0.12.4" - ], - "v": "<0.12.4" - }, { "advisory": "Mstr-rest-requests 0.12.4 updates its dependency 'jinja2' to v2.11.3 to include a security fix.", "cve": "CVE-2020-28493", @@ -74210,6 +75450,16 @@ ], "v": "<0.12.4" }, + { + "advisory": "Mstr-rest-requests 0.12.4 updates its dependency 'urllib3' to v1.26.7 to include security fixes.", + "cve": "CVE-2018-20060", + "id": "pyup.io-45306", + "more_info_path": "/vulnerabilities/CVE-2018-20060/45306", + "specs": [ + "<0.12.4" + ], + "v": "<0.12.4" + }, { "advisory": "Mstr-rest-requests 0.12.4 updates its dependency 'urllib3' to v1.26.7 to include security fixes.", "cve": "CVE-2020-26137", @@ -74222,9 +75472,9 @@ }, { "advisory": "Mstr-rest-requests 0.12.4 updates its dependency 'urllib3' to v1.26.7 to include security fixes.", - "cve": "CVE-2018-20060", - "id": "pyup.io-45306", - "more_info_path": "/vulnerabilities/CVE-2018-20060/45306", + "cve": "CVE-2019-11236", + "id": "pyup.io-45305", + "more_info_path": "/vulnerabilities/CVE-2019-11236/45305", "specs": [ "<0.12.4" ], @@ -74259,6 +75509,16 @@ "<0.12.4" ], "v": "<0.12.4" + }, + { + "advisory": "Mstr-rest-requests 0.12.4 updates its dependency 'urllib3' to v1.26.7 to include security fixes.", + "cve": "CVE-2019-11324", + "id": "pyup.io-45304", + "more_info_path": "/vulnerabilities/CVE-2019-11324/45304", + "specs": [ + "<0.12.4" + ], + "v": "<0.12.4" } ], "mtga": [ @@ -74864,6 +76124,16 @@ } ], "muttlib": [ + { + "advisory": "Muttlib 1.4.19 updates its dependency 'pillow' requirement to \">=9.1.1\" to include security fixes.", + "cve": "CVE-2022-22817", + "id": "pyup.io-50861", + "more_info_path": "/vulnerabilities/CVE-2022-22817/50861", + "specs": [ + "<1.4.19" + ], + "v": "<1.4.19" + }, { "advisory": "Muttlib 1.4.19 updates its dependency 'numpy' to include security fixes.", "cve": "CVE-2021-41496", @@ -74943,16 +76213,6 @@ "<1.4.19" ], "v": "<1.4.19" - }, - { - "advisory": "Muttlib 1.4.19 updates its dependency 'pillow' requirement to \">=9.1.1\" to include security fixes.", - "cve": "CVE-2022-22817", - "id": "pyup.io-50861", - "more_info_path": "/vulnerabilities/CVE-2022-22817/50861", - "specs": [ - "<1.4.19" - ], - "v": "<1.4.19" } ], "mwdb-core": [ @@ -75438,9 +76698,9 @@ }, { "advisory": "Nautilus-trader 1.137.1 updates its dependency 'pillow' to v9.0.0 to include security fixes.", - "cve": "CVE-2022-22815", - "id": "pyup.io-44603", - "more_info_path": "/vulnerabilities/CVE-2022-22815/44603", + "cve": "CVE-2022-22817", + "id": "pyup.io-44601", + "more_info_path": "/vulnerabilities/CVE-2022-22817/44601", "specs": [ "<1.137.1" ], @@ -75448,9 +76708,9 @@ }, { "advisory": "Nautilus-trader 1.137.1 updates its dependency 'pillow' to v9.0.0 to include security fixes.", - "cve": "CVE-2022-22816", - "id": "pyup.io-44602", - "more_info_path": "/vulnerabilities/CVE-2022-22816/44602", + "cve": "CVE-2022-22815", + "id": "pyup.io-44603", + "more_info_path": "/vulnerabilities/CVE-2022-22815/44603", "specs": [ "<1.137.1" ], @@ -75468,9 +76728,9 @@ }, { "advisory": "Nautilus-trader 1.137.1 updates its dependency 'pillow' to v9.0.0 to include security fixes.", - "cve": "CVE-2022-22817", - "id": "pyup.io-44601", - "more_info_path": "/vulnerabilities/CVE-2022-22817/44601", + "cve": "CVE-2022-22816", + "id": "pyup.io-44602", + "more_info_path": "/vulnerabilities/CVE-2022-22816/44602", "specs": [ "<1.137.1" ], @@ -75497,6 +76757,16 @@ "<1.5.7" ], "v": "<1.5.7" + }, + { + "advisory": "Nautobot 2.0.3 includes a fix for CVE-2023-46128: In Nautobot 2.0.x, certain REST API endpoints, in combination with the '?depth=' query parameter, can expose hashed user passwords as stored in the database to any authenticated user with access to these endpoints. The passwords are not exposed in plaintext.\r\nhttps://github.com/nautobot/nautobot/security/advisories/GHSA-r2hw-74xv-4gqp", + "cve": "CVE-2023-46128", + "id": "pyup.io-62042", + "more_info_path": "/vulnerabilities/CVE-2023-46128/62042", + "specs": [ + ">=2.0.0a1,<2.0.3" + ], + "v": ">=2.0.0a1,<2.0.3" } ], "nautobot-ssot-vsphere": [ @@ -75533,6 +76803,28 @@ "v": "<2.1.0" } ], + "nba-api": [ + { + "advisory": "Nba-api 1.1.14 updates its dependency 'numpy' to v1.22.2 to include a security fix.", + "cve": "CVE-2021-41496", + "id": "pyup.io-61610", + "more_info_path": "/vulnerabilities/CVE-2021-41496/61610", + "specs": [ + "<1.1.14" + ], + "v": "<1.1.14" + }, + { + "advisory": "Nba-api 1.1.14 updates its dependency 'numpy' to v1.22.2 to include a security fix.", + "cve": "CVE-2021-34141", + "id": "pyup.io-61646", + "more_info_path": "/vulnerabilities/CVE-2021-34141/61646", + "specs": [ + "<1.1.14" + ], + "v": "<1.1.14" + } + ], "nba-scraper": [ { "advisory": "Nba-scraper 0.2.7 removes a security flaw where it wasn't verifying SSL certificates during testing.", @@ -75734,9 +77026,9 @@ }, { "advisory": "Nemo 1.14.4 updates its dependency 'django' to v1.11.23 to include security fixes.", - "cve": "CVE-2019-14235", - "id": "pyup.io-52539", - "more_info_path": "/vulnerabilities/CVE-2019-14235/52539", + "cve": "CVE-2019-14234", + "id": "pyup.io-52403", + "more_info_path": "/vulnerabilities/CVE-2019-14234/52403", "specs": [ "<1.14.4" ], @@ -75744,9 +77036,9 @@ }, { "advisory": "Nemo 1.14.4 updates its dependency 'django' to v1.11.23 to include security fixes.", - "cve": "CVE-2019-14232", - "id": "pyup.io-52538", - "more_info_path": "/vulnerabilities/CVE-2019-14232/52538", + "cve": "CVE-2019-14235", + "id": "pyup.io-52539", + "more_info_path": "/vulnerabilities/CVE-2019-14235/52539", "specs": [ "<1.14.4" ], @@ -75754,9 +77046,9 @@ }, { "advisory": "Nemo 1.14.4 updates its dependency 'django' to v1.11.23 to include security fixes.", - "cve": "CVE-2019-14234", - "id": "pyup.io-52403", - "more_info_path": "/vulnerabilities/CVE-2019-14234/52403", + "cve": "CVE-2019-14232", + "id": "pyup.io-52538", + "more_info_path": "/vulnerabilities/CVE-2019-14232/52538", "specs": [ "<1.14.4" ], @@ -76021,6 +77313,26 @@ "<4.6.4" ], "v": "<4.6.4" + }, + { + "advisory": "Nemo 4.7.0 updates its dependency 'django' to v3.2.22 to include a security fix.", + "cve": "CVE-2023-43665", + "id": "pyup.io-61746", + "more_info_path": "/vulnerabilities/CVE-2023-43665/61746", + "specs": [ + "<4.7.0" + ], + "v": "<4.7.0" + }, + { + "advisory": "Nemo 4.7.0 updates its dependency 'pillow' to v10.0.1 to include a security fix.", + "cve": "CVE-2023-4863", + "id": "pyup.io-61781", + "more_info_path": "/vulnerabilities/CVE-2023-4863/61781", + "specs": [ + "<4.7.0" + ], + "v": "<4.7.0" } ], "nemo-toolkit": [ @@ -76047,6 +77359,18 @@ "v": "<3.4.0.2" } ], + "neo-mamba": [ + { + "advisory": "Neo-mamba 2.0.2 updates 'aiohttp' to 3.8.5 to include a security fix.", + "cve": "CVE-2023-37276", + "id": "pyup.io-61759", + "more_info_path": "/vulnerabilities/CVE-2023-37276/61759", + "specs": [ + "<2.0.2" + ], + "v": "<2.0.2" + } + ], "neo-python": [ { "advisory": "Neo-python 0.7.8 fixes vulnerability in RPC invoke functionality that can lead to DoS.\r\nhttps://github.com/CityOfZion/neo-python/commit/8e9c488bc0506f13424dc4208b64f250dff2818d", @@ -76297,6 +77621,18 @@ "v": "<1.17.58" } ], + "nettacker": [ + { + "advisory": "Nettacker 0.3.1a2 updates its dependency 'flask' to v2.2.5 to include a security fix.", + "cve": "CVE-2023-30861", + "id": "pyup.io-62039", + "more_info_path": "/vulnerabilities/CVE-2023-30861/62039", + "specs": [ + "<0.3.1" + ], + "v": "<0.3.1" + } + ], "netts": [ { "advisory": "Netts 0.2.1 updates its dependency 'mkdocs' to v1.3.0 to include a security fix.", @@ -76370,10 +77706,10 @@ "v": "<10.0.8,>=11.0.0.0b1,<11.0.7,>=12.0.0.0b1,<12.0.6,>=13.0.0.0b1,<13.0.3" }, { - "advisory": "Neutron 13.0.0.0b2, 12.0.3 and 11.0.5 include a fix for CVE-2018-14635: When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation. A potential denial of service could occur if an IP address, conflicting with existing guests or routers, is then assigned from outside of the allowed allocation pool.", - "cve": "CVE-2018-14635", - "id": "pyup.io-36482", - "more_info_path": "/vulnerabilities/CVE-2018-14635/36482", + "advisory": "Neutron 13.0.0.0b2, 12.0.3 and 11.0.5 include a fix for CVE-2018-14636: Live-migrated instances are briefly able to inspect traffic for other instances on the same hypervisor. This brief window could be extended indefinitely if the instance's port is set administratively down prior to live-migration and kept down after the migration is complete. This is possible due to the Open vSwitch integration bridge being connected to the instance during migration. When connected to the integration bridge, all traffic for instances using the same Open vSwitch instance would potentially be visible to the migrated guest, as the required Open vSwitch VLAN filters are only applied post-migration.", + "cve": "CVE-2018-14636", + "id": "pyup.io-36483", + "more_info_path": "/vulnerabilities/CVE-2018-14636/36483", "specs": [ "<11.0.5", ">=12.0.0.0b1,<12.0.3", @@ -76382,10 +77718,10 @@ "v": "<11.0.5,>=12.0.0.0b1,<12.0.3,>=13.0.0.0b1,<13.0.0.0b2" }, { - "advisory": "Neutron 13.0.0.0b2, 12.0.3 and 11.0.5 include a fix for CVE-2018-14636: Live-migrated instances are briefly able to inspect traffic for other instances on the same hypervisor. This brief window could be extended indefinitely if the instance's port is set administratively down prior to live-migration and kept down after the migration is complete. This is possible due to the Open vSwitch integration bridge being connected to the instance during migration. When connected to the integration bridge, all traffic for instances using the same Open vSwitch instance would potentially be visible to the migrated guest, as the required Open vSwitch VLAN filters are only applied post-migration.", - "cve": "CVE-2018-14636", - "id": "pyup.io-36483", - "more_info_path": "/vulnerabilities/CVE-2018-14636/36483", + "advisory": "Neutron 13.0.0.0b2, 12.0.3 and 11.0.5 include a fix for CVE-2018-14635: When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation. A potential denial of service could occur if an IP address, conflicting with existing guests or routers, is then assigned from outside of the allowed allocation pool.", + "cve": "CVE-2018-14635", + "id": "pyup.io-36482", + "more_info_path": "/vulnerabilities/CVE-2018-14635/36482", "specs": [ "<11.0.5", ">=12.0.0.0b1,<12.0.3", @@ -76591,6 +77927,18 @@ "v": "<1.0.0" } ], + "ni-measurementlink-service": [ + { + "advisory": "Ni-measurementlink-service 1.1.1 includes a fix for CVE-2023-4570: An improper access restriction in NI MeasurementLink Python services could allow an attacker on an adjacent network to reach services exposed on localhst. These services were previously thought to be unreachable outside of the node. This affects measurement plug-ins written in Python using version 1.1.0 of the ni-measurementlink-service Python package and all previous versions.\r\nhttps://github.com/ni/measurementlink-python/security/advisories/GHSA-3f48-9j7q-q2gv", + "cve": "CVE-2023-4570", + "id": "pyup.io-61633", + "more_info_path": "/vulnerabilities/CVE-2023-4570/61633", + "specs": [ + "<=1.1.0" + ], + "v": "<=1.1.0" + } + ], "nibiru-py": [ { "advisory": "Nibiru-py 0.0.1 changes network default to secure (SSL).\r\nhttps://github.com/NibiruChain/nibiru-py/pull/30", @@ -76606,9 +77954,9 @@ "nicegui": [ { "advisory": "Nicegui 0.7.2 updates its dependency 'pillow' to v9.0.0 to include security fixes.", - "cve": "PVE-2022-44524", - "id": "pyup.io-44598", - "more_info_path": "/vulnerabilities/PVE-2022-44524/44598", + "cve": "CVE-2022-22815", + "id": "pyup.io-44585", + "more_info_path": "/vulnerabilities/CVE-2022-22815/44585", "specs": [ "<0.7.2" ], @@ -76616,9 +77964,9 @@ }, { "advisory": "Nicegui 0.7.2 updates its dependency 'pillow' to v9.0.0 to include security fixes.", - "cve": "CVE-2022-22816", - "id": "pyup.io-44595", - "more_info_path": "/vulnerabilities/CVE-2022-22816/44595", + "cve": "PVE-2021-44525", + "id": "pyup.io-44597", + "more_info_path": "/vulnerabilities/PVE-2021-44525/44597", "specs": [ "<0.7.2" ], @@ -76626,9 +77974,9 @@ }, { "advisory": "Nicegui 0.7.2 updates its dependency 'pillow' to v9.0.0 to include security fixes.", - "cve": "PVE-2021-44525", - "id": "pyup.io-44597", - "more_info_path": "/vulnerabilities/PVE-2021-44525/44597", + "cve": "PVE-2022-44524", + "id": "pyup.io-44598", + "more_info_path": "/vulnerabilities/PVE-2022-44524/44598", "specs": [ "<0.7.2" ], @@ -76646,9 +77994,9 @@ }, { "advisory": "Nicegui 0.7.2 updates its dependency 'pillow' to v9.0.0 to include security fixes.", - "cve": "CVE-2022-22815", - "id": "pyup.io-44585", - "more_info_path": "/vulnerabilities/CVE-2022-22815/44585", + "cve": "CVE-2022-22816", + "id": "pyup.io-44595", + "more_info_path": "/vulnerabilities/CVE-2022-22816/44595", "specs": [ "<0.7.2" ], @@ -76741,20 +78089,20 @@ ], "nidaqmx": [ { - "advisory": "Nidaqmx 0.5.8 updates its dependency 'requests' to v2.23.0 to include a security fix.", - "cve": "CVE-2018-18074", - "id": "pyup.io-44701", - "more_info_path": "/vulnerabilities/CVE-2018-18074/44701", + "advisory": "Nidaqmx 0.5.8 updates its dependency 'urllib3' to v1.25.9 to include security fixes.", + "cve": "CVE-2019-11236", + "id": "pyup.io-44704", + "more_info_path": "/vulnerabilities/CVE-2019-11236/44704", "specs": [ "<0.5.8" ], "v": "<0.5.8" }, { - "advisory": "Nidaqmx 0.5.8 updates its dependency 'urllib3' to v1.25.9 to include security fixes.", - "cve": "CVE-2019-11236", - "id": "pyup.io-44704", - "more_info_path": "/vulnerabilities/CVE-2019-11236/44704", + "advisory": "Nidaqmx 0.5.8 updates its dependency 'requests' to v2.23.0 to include a security fix.", + "cve": "CVE-2018-18074", + "id": "pyup.io-44701", + "more_info_path": "/vulnerabilities/CVE-2018-18074/44701", "specs": [ "<0.5.8" ], @@ -77195,9 +78543,9 @@ }, { "advisory": "Nobinobi-child 0.1.3.6 updates its dependency 'pillow' to v8.2.0 to include security fixes.", - "cve": "CVE-2021-28678", - "id": "pyup.io-44960", - "more_info_path": "/vulnerabilities/CVE-2021-28678/44960", + "cve": "CVE-2021-28677", + "id": "pyup.io-44959", + "more_info_path": "/vulnerabilities/CVE-2021-28677/44959", "specs": [ "<0.1.3.6" ], @@ -77205,9 +78553,9 @@ }, { "advisory": "Nobinobi-child 0.1.3.6 updates its dependency 'pillow' to v8.2.0 to include security fixes.", - "cve": "CVE-2021-28677", - "id": "pyup.io-44959", - "more_info_path": "/vulnerabilities/CVE-2021-28677/44959", + "cve": "CVE-2021-28678", + "id": "pyup.io-44960", + "more_info_path": "/vulnerabilities/CVE-2021-28678/44960", "specs": [ "<0.1.3.6" ], @@ -77234,20 +78582,20 @@ "v": "<0.1.3.8" }, { - "advisory": "Nobinobi-child 0.1.3.8 updates its dependency 'django' to v3.2.10 to include security fixes.", - "cve": "CVE-2021-31542", - "id": "pyup.io-40626", - "more_info_path": "/vulnerabilities/CVE-2021-31542/40626", + "advisory": "Nobinobi-child 0.1.3.8 updates its dependency 'pillow' to v8.4.0 to include security fixes.", + "cve": "CVE-2021-23437", + "id": "pyup.io-49109", + "more_info_path": "/vulnerabilities/CVE-2021-23437/49109", "specs": [ "<0.1.3.8" ], "v": "<0.1.3.8" }, { - "advisory": "Nobinobi-child 0.1.3.8 updates its dependency 'pillow' to v8.4.0 to include security fixes.", - "cve": "CVE-2021-23437", - "id": "pyup.io-49109", - "more_info_path": "/vulnerabilities/CVE-2021-23437/49109", + "advisory": "Nobinobi-child 0.1.3.8 updates its dependency 'django' to v3.2.10 to include security fixes.", + "cve": "CVE-2021-31542", + "id": "pyup.io-40626", + "more_info_path": "/vulnerabilities/CVE-2021-31542/40626", "specs": [ "<0.1.3.8" ], @@ -77265,9 +78613,9 @@ }, { "advisory": "Nobinobi-child 0.1.3.8 updates its dependency 'django' to v3.2.10 to include security fixes.", - "cve": "CVE-2021-33571", - "id": "pyup.io-49105", - "more_info_path": "/vulnerabilities/CVE-2021-33571/49105", + "cve": "CVE-2021-35042", + "id": "pyup.io-49107", + "more_info_path": "/vulnerabilities/CVE-2021-35042/49107", "specs": [ "<0.1.3.8" ], @@ -77285,9 +78633,9 @@ }, { "advisory": "Nobinobi-child 0.1.3.8 updates its dependency 'django' to v3.2.10 to include security fixes.", - "cve": "CVE-2021-35042", - "id": "pyup.io-49107", - "more_info_path": "/vulnerabilities/CVE-2021-35042/49107", + "cve": "CVE-2021-33571", + "id": "pyup.io-49105", + "more_info_path": "/vulnerabilities/CVE-2021-33571/49105", "specs": [ "<0.1.3.8" ], @@ -78131,20 +79479,20 @@ "v": ">=2000,<2013.2.3" }, { - "advisory": "The security group extension in OpenStack Compute (Nova) Grizzly 2013.1.3, Havana before havana-3, and earlier allows remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack. NOTE: this issue is due to an incomplete fix for CVE-2013-1664.", - "cve": "CVE-2013-4179", - "id": "pyup.io-35437", - "more_info_path": "/vulnerabilities/CVE-2013-4179/35437", + "advisory": "OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-2 does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to obtain sensitive information (flavor properties), boot arbitrary flavors, and possibly have other unspecified impacts by guessing the flavor id.", + "cve": "CVE-2013-2256", + "id": "pyup.io-35434", + "more_info_path": "/vulnerabilities/CVE-2013-2256/35434", "specs": [ ">=2010,<2013.1.3" ], "v": ">=2010,<2013.1.3" }, { - "advisory": "OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-2 does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to obtain sensitive information (flavor properties), boot arbitrary flavors, and possibly have other unspecified impacts by guessing the flavor id.", - "cve": "CVE-2013-2256", - "id": "pyup.io-35434", - "more_info_path": "/vulnerabilities/CVE-2013-2256/35434", + "advisory": "The security group extension in OpenStack Compute (Nova) Grizzly 2013.1.3, Havana before havana-3, and earlier allows remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack. NOTE: this issue is due to an incomplete fix for CVE-2013-1664.", + "cve": "CVE-2013-4179", + "id": "pyup.io-35437", + "more_info_path": "/vulnerabilities/CVE-2013-4179/35437", "specs": [ ">=2010,<2013.1.3" ], @@ -78182,6 +79530,17 @@ ], "v": ">=2010,<2014.1.4,>=2014.2,<2014.2.3" }, + { + "advisory": "OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) do not properly apply security group changes, which allows remote attackers to bypass intended restriction by leveraging an instance that was running when the change was made.", + "cve": "CVE-2015-7713", + "id": "pyup.io-35650", + "more_info_path": "/vulnerabilities/CVE-2015-7713/35650", + "specs": [ + ">=2010,<2014.2.4", + ">=2015.1,<2015.1.2" + ], + "v": ">=2010,<2014.2.4,>=2015.1,<2015.1.2" + }, { "advisory": "OpenStack Compute (nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of service (disk consumption) by deleting instances while in the resize state.", "cve": "CVE-2015-3280", @@ -78194,15 +79553,14 @@ "v": ">=2010,<2014.2.4,>=2015.1,<2015.1.2" }, { - "advisory": "OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) do not properly apply security group changes, which allows remote attackers to bypass intended restriction by leveraging an instance that was running when the change was made.", - "cve": "CVE-2015-7713", - "id": "pyup.io-35650", - "more_info_path": "/vulnerabilities/CVE-2015-7713/35650", + "advisory": "Multiple directory traversal vulnerabilities in OpenStack Nova before 2011.3.1, when the EC2 API and the S3/RegisterImage image-registration method are enabled, allow remote authenticated users to overwrite arbitrary files via a crafted (1) tarball or (2) manifest.", + "cve": "CVE-2011-4596", + "id": "pyup.io-62097", + "more_info_path": "/vulnerabilities/CVE-2011-4596/62097", "specs": [ - ">=2010,<2014.2.4", - ">=2015.1,<2015.1.2" + ">=2011.3,<2011.3.1" ], - "v": ">=2010,<2014.2.4,>=2015.1,<2015.1.2" + "v": ">=2011.3,<2011.3.1" }, { "advisory": "virt/disk/api.py in OpenStack Compute (Nova) 2012.1.x before 2012.1.2 and Folsom before Folsom-3 allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image that uses a symlink that is only readable by root. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3361.", @@ -78618,20 +79976,20 @@ "v": "<1.21.0rc1" }, { - "advisory": "Numpy 1.22.0 includes a fix for CVE-2021-34141: An incomplete string comparison in the numpy.core component in NumPy before 1.22.0 allows attackers to trigger slightly incorrect copying by constructing specific string objects. \r\nNOTE: the vendor states that this reported code behavior is \"completely harmless.\"\r\nhttps://github.com/numpy/numpy/issues/18993", - "cve": "CVE-2021-34141", - "id": "pyup.io-44717", - "more_info_path": "/vulnerabilities/CVE-2021-34141/44717", + "advisory": "Numpy 1.22.0 includes a fix for CVE-2021-41496: Buffer overflow in the array_from_pyobj function of fortranobject.c, which allows attackers to conduct a Denial of Service attacks by carefully constructing an array with negative values. \r\nNOTE: The vendor does not agree this is a vulnerability; the negative dimensions can only be created by an already privileged user (or internally).\r\nhttps://github.com/numpy/numpy/issues/19000", + "cve": "CVE-2021-41496", + "id": "pyup.io-44716", + "more_info_path": "/vulnerabilities/CVE-2021-41496/44716", "specs": [ "<1.22.0" ], "v": "<1.22.0" }, { - "advisory": "Numpy 1.22.0 includes a fix for CVE-2021-41496: Buffer overflow in the array_from_pyobj function of fortranobject.c, which allows attackers to conduct a Denial of Service attacks by carefully constructing an array with negative values. \r\nNOTE: The vendor does not agree this is a vulnerability; the negative dimensions can only be created by an already privileged user (or internally).\r\nhttps://github.com/numpy/numpy/issues/19000", - "cve": "CVE-2021-41496", - "id": "pyup.io-44716", - "more_info_path": "/vulnerabilities/CVE-2021-41496/44716", + "advisory": "Numpy 1.22.0 includes a fix for CVE-2021-34141: An incomplete string comparison in the numpy.core component in NumPy before 1.22.0 allows attackers to trigger slightly incorrect copying by constructing specific string objects. \r\nNOTE: the vendor states that this reported code behavior is \"completely harmless.\"\r\nhttps://github.com/numpy/numpy/issues/18993", + "cve": "CVE-2021-34141", + "id": "pyup.io-44717", + "more_info_path": "/vulnerabilities/CVE-2021-34141/44717", "specs": [ "<1.22.0" ], @@ -78648,20 +80006,20 @@ "v": "<1.22.2" }, { - "advisory": "Numpy 1.8.1 includes a fix for CVE-2014-1859: (1) core/tests/test_memmap.py, (2) core/tests/test_multiarray.py, (3) f2py/f2py2e.py, and (4) lib/tests/test_io.py in NumPy before 1.8.1 allow local users to write to arbitrary files via a symlink attack on a temporary file.\r\nhttps://github.com/numpy/numpy/pull/4262", - "cve": "CVE-2014-1859", - "id": "pyup.io-34726", - "more_info_path": "/vulnerabilities/CVE-2014-1859/34726", + "advisory": "Numpy 1.8.1 includes a fix for CVE-2014-1858: __init__.py in f2py in NumPy before 1.8.1 allows local users to write to arbitrary files via a symlink attack on a temporary file.\r\nhttps://github.com/numpy/numpy/commit/0bb46c1448b0d3f5453d5182a17ea7ac5854ee15", + "cve": "CVE-2014-1858", + "id": "pyup.io-44719", + "more_info_path": "/vulnerabilities/CVE-2014-1858/44719", "specs": [ "<1.8.1" ], "v": "<1.8.1" }, { - "advisory": "Numpy 1.8.1 includes a fix for CVE-2014-1858: __init__.py in f2py in NumPy before 1.8.1 allows local users to write to arbitrary files via a symlink attack on a temporary file.\r\nhttps://github.com/numpy/numpy/commit/0bb46c1448b0d3f5453d5182a17ea7ac5854ee15", - "cve": "CVE-2014-1858", - "id": "pyup.io-44719", - "more_info_path": "/vulnerabilities/CVE-2014-1858/44719", + "advisory": "Numpy 1.8.1 includes a fix for CVE-2014-1859: (1) core/tests/test_memmap.py, (2) core/tests/test_multiarray.py, (3) f2py/f2py2e.py, and (4) lib/tests/test_io.py in NumPy before 1.8.1 allow local users to write to arbitrary files via a symlink attack on a temporary file.\r\nhttps://github.com/numpy/numpy/pull/4262", + "cve": "CVE-2014-1859", + "id": "pyup.io-34726", + "more_info_path": "/vulnerabilities/CVE-2014-1859/34726", "specs": [ "<1.8.1" ], @@ -79199,6 +80557,16 @@ ], "v": ">=0,<1.6.0" }, + { + "advisory": "Cross-site Scripting (XSS) - DOM in GitHub repository octoprint/octoprint prior to 1.8.0. The login endpoint allows for javascript injection which may lead to account takeover in a phishing scenario.", + "cve": "CVE-2022-1430", + "id": "pyup.io-54451", + "more_info_path": "/vulnerabilities/CVE-2022-1430/54451", + "specs": [ + ">=0,<1.8.0" + ], + "v": ">=0,<1.8.0" + }, { "advisory": "Cross-site Scripting (XSS) - Generic in GitHub repository octoprint/octoprint prior to 1.8.0.", "cve": "CVE-2022-1432", @@ -79210,14 +80578,14 @@ "v": ">=0,<1.8.0" }, { - "advisory": "Cross-site Scripting (XSS) - DOM in GitHub repository octoprint/octoprint prior to 1.8.0. The login endpoint allows for javascript injection which may lead to account takeover in a phishing scenario.", - "cve": "CVE-2022-1430", - "id": "pyup.io-54451", - "more_info_path": "/vulnerabilities/CVE-2022-1430/54451", + "advisory": "OctoPrint prior to 1.8.3 is vulnerable to Special Element Injection.", + "cve": "CVE-2022-3607", + "id": "pyup.io-54570", + "more_info_path": "/vulnerabilities/CVE-2022-3607/54570", "specs": [ - ">=0,<1.8.0" + ">=0,<1.8.3" ], - "v": ">=0,<1.8.0" + "v": ">=0,<1.8.3" }, { "advisory": "If an attacker comes into the possession of a victim's OctoPrint session cookie through whatever means, the attacker can use this cookie to authenticate as long as the victim's account exists. This issue is fixed in version 1.8.3.", @@ -79239,16 +80607,6 @@ ], "v": ">=0,<1.8.3" }, - { - "advisory": "Versions of OctoPrint prior to 1.8.3 did not require the current user password in order to change that users password. As a result users could be locked out of their accounts or have their accounts stolen under certain circumstances.", - "cve": "CVE-2022-2930", - "id": "pyup.io-54354", - "more_info_path": "/vulnerabilities/CVE-2022-2930/54354", - "specs": [ - ">=0,<1.8.3" - ], - "v": ">=0,<1.8.3" - }, { "advisory": "Unrestricted Upload of File with Dangerous Type in GitHub repository octoprint/octoprint prior to 1.8.3.", "cve": "CVE-2022-2872", @@ -79260,10 +80618,10 @@ "v": ">=0,<1.8.3" }, { - "advisory": "OctoPrint prior to 1.8.3 is vulnerable to Special Element Injection.", - "cve": "CVE-2022-3607", - "id": "pyup.io-54570", - "more_info_path": "/vulnerabilities/CVE-2022-3607/54570", + "advisory": "Versions of OctoPrint prior to 1.8.3 did not require the current user password in order to change that users password. As a result users could be locked out of their accounts or have their accounts stolen under certain circumstances.", + "cve": "CVE-2022-2930", + "id": "pyup.io-54354", + "more_info_path": "/vulnerabilities/CVE-2022-2930/54354", "specs": [ ">=0,<1.8.3" ], @@ -79314,10 +80672,10 @@ "v": "<0.41.0" }, { - "advisory": "Octue 0.43.3 updates its dependency 'werkzeug' to v2.2.3 to include security fixes.", - "cve": "CVE-2023-23934", - "id": "pyup.io-53404", - "more_info_path": "/vulnerabilities/CVE-2023-23934/53404", + "advisory": "Octue 0.43.3 updates its dependency 'protobuf' to v3.20.3 to include a security fix.", + "cve": "CVE-2022-1941", + "id": "pyup.io-53399", + "more_info_path": "/vulnerabilities/CVE-2022-1941/53399", "specs": [ "<0.43.3" ], @@ -79334,10 +80692,10 @@ "v": "<0.43.3" }, { - "advisory": "Octue 0.43.3 updates its dependency 'protobuf' to v3.20.3 to include a security fix.", - "cve": "CVE-2022-1941", - "id": "pyup.io-53399", - "more_info_path": "/vulnerabilities/CVE-2022-1941/53399", + "advisory": "Octue 0.43.3 updates its dependency 'werkzeug' to v2.2.3 to include security fixes.", + "cve": "CVE-2023-23934", + "id": "pyup.io-53404", + "more_info_path": "/vulnerabilities/CVE-2023-23934/53404", "specs": [ "<0.43.3" ], @@ -79353,6 +80711,16 @@ ], "v": "<0.46.1" }, + { + "advisory": "Octue 0.46.2 updates its dependency 'protobuf' to version '3.20.3' to include a security fix.\r\nhttps://github.com/octue/octue-sdk-python/commit/b8dc494258381edf7d70ceac98467a89e3b0ecff", + "cve": "CVE-2022-1941", + "id": "pyup.io-59233", + "more_info_path": "/vulnerabilities/CVE-2022-1941/59233", + "specs": [ + "<0.46.2" + ], + "v": "<0.46.2" + }, { "advisory": "Octue 0.46.2 updates its dependency 'requests' to version '2.31.0' to include a security fix.\r\nhttps://github.com/octue/octue-sdk-python/commit/b8dc494258381edf7d70ceac98467a89e3b0ecff", "cve": "CVE-2023-32681", @@ -79362,16 +80730,18 @@ "<0.46.2" ], "v": "<0.46.2" - }, + } + ], + "odooghost": [ { - "advisory": "Octue 0.46.2 updates its dependency 'protobuf' to version '3.20.3' to include a security fix.\r\nhttps://github.com/octue/octue-sdk-python/commit/b8dc494258381edf7d70ceac98467a89e3b0ecff", - "cve": "CVE-2022-1941", - "id": "pyup.io-59233", - "more_info_path": "/vulnerabilities/CVE-2022-1941/59233", + "advisory": "Odooghost 0.2.0 includes a security fix: Change ownership of /etc/odoo directory to odoo user.\r\nhttps://github.com/remyz17/odooghost/commit/ac616176a83f405eb4e195656e91240ccf05d360", + "cve": "PVE-2023-61861", + "id": "pyup.io-61861", + "more_info_path": "/vulnerabilities/PVE-2023-61861/61861", "specs": [ - "<0.46.2" + "<0.2.0" ], - "v": "<0.46.2" + "v": "<0.2.0" } ], "oe-geoutils": [ @@ -79408,6 +80778,18 @@ "v": "<0.3.0" } ], + "offlineimap": [ + { + "advisory": "offlineimap before 6.3.4 added support for SSL server certificate validation but it is still possible to use SSL v2 protocol, which is a flawed protocol with multiple security deficiencies.", + "cve": "CVE-2010-4533", + "id": "pyup.io-61743", + "more_info_path": "/vulnerabilities/CVE-2010-4533/61743", + "specs": [ + "<6.3.4" + ], + "v": "<6.3.4" + } + ], "oger": [ { "advisory": "Oger 1.2 fixes a code injection vulnerability involving eval().\r\nhttps://github.com/OntoGene/OGER/commit/454054dd5d44b7ebab0ec4e453e59822e3c08ca7", @@ -79470,6 +80852,16 @@ } ], "omegaml": [ + { + "advisory": "Omegaml 0.15.2 updates its dependency 'urllib3' to v1.26.5 to include security fixes.", + "cve": "CVE-2020-26137", + "id": "pyup.io-51459", + "more_info_path": "/vulnerabilities/CVE-2020-26137/51459", + "specs": [ + "<0.15.2" + ], + "v": "<0.15.2" + }, { "advisory": "Omegaml 0.15.2 updates its dependency 'protobuf' to v3.18.3 to include a security fix.", "cve": "CVE-2022-1941", @@ -79500,16 +80892,6 @@ ], "v": "<0.15.2" }, - { - "advisory": "Omegaml 0.15.2 updates its dependency 'urllib3' to v1.26.5 to include security fixes.", - "cve": "CVE-2020-26137", - "id": "pyup.io-51459", - "more_info_path": "/vulnerabilities/CVE-2020-26137/51459", - "specs": [ - "<0.15.2" - ], - "v": "<0.15.2" - }, { "advisory": "Omegaml 0.15.2 updates its dependency 'bleach' to v3.3.0 to include security fixes.\r\nhttps://github.com/omegaml/omegaml/pull/273", "cve": "CVE-2021-23980", @@ -80530,16 +81912,6 @@ ], "v": "<0.15.4rc1" }, - { - "advisory": "Omegaml 0.15.4rc1 updates its Dockerfile dependency 'tensorflow' to v2.11.0rc1 to include security fixes.\r\nhttps://github.com/omegaml/omegaml/pull/290", - "cve": "CVE-2022-0529", - "id": "pyup.io-55017", - "more_info_path": "/vulnerabilities/CVE-2022-0529/55017", - "specs": [ - "<0.15.4rc1" - ], - "v": "<0.15.4rc1" - }, { "advisory": "Omegaml 0.15.4rc1 updates its dependency 'sphinx' to v3.0.4 to include security fixes.", "cve": "CVE-2020-11022", @@ -80559,6 +81931,16 @@ "<0.15.4rc1" ], "v": "<0.15.4rc1" + }, + { + "advisory": "Omegaml 0.15.4rc1 updates its Dockerfile dependency 'tensorflow' to v2.11.0rc1 to include security fixes.\r\nhttps://github.com/omegaml/omegaml/pull/290", + "cve": "CVE-2022-0529", + "id": "pyup.io-55017", + "more_info_path": "/vulnerabilities/CVE-2022-0529/55017", + "specs": [ + "<0.15.4rc1" + ], + "v": "<0.15.4rc1" } ], "omero-figure": [ @@ -80595,20 +81977,20 @@ "v": "<5.20.0" }, { - "advisory": "OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 loads various information about the current user such as their id, name and the groups they are in, and these are available on the main webclient pages. This represents an information exposure vulnerability. Some additional information being loaded is not used by the webclient and is being removed in this release. This is fixed in version 5.9.0. See CVE-2021-21376.", - "cve": "CVE-2021-21376", - "id": "pyup.io-40088", - "more_info_path": "/vulnerabilities/CVE-2021-21376/40088", + "advisory": "OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 supports redirection to a given URL after performing login or switching the group context. These URLs are not validated, allowing redirection to untrusted sites. OMERO.web 5.9.0 adds URL validation before redirecting. External URLs are not considered valid, unless specified in the omero.web.redirect_allowed_hosts setting. See CVE-2021-21377.", + "cve": "CVE-2021-21377", + "id": "pyup.io-40089", + "more_info_path": "/vulnerabilities/CVE-2021-21377/40089", "specs": [ "<5.9.0" ], "v": "<5.9.0" }, { - "advisory": "OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 supports redirection to a given URL after performing login or switching the group context. These URLs are not validated, allowing redirection to untrusted sites. OMERO.web 5.9.0 adds URL validation before redirecting. External URLs are not considered valid, unless specified in the omero.web.redirect_allowed_hosts setting. See CVE-2021-21377.", - "cve": "CVE-2021-21377", - "id": "pyup.io-40089", - "more_info_path": "/vulnerabilities/CVE-2021-21377/40089", + "advisory": "OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 loads various information about the current user such as their id, name and the groups they are in, and these are available on the main webclient pages. This represents an information exposure vulnerability. Some additional information being loaded is not used by the webclient and is being removed in this release. This is fixed in version 5.9.0. See CVE-2021-21376.", + "cve": "CVE-2021-21376", + "id": "pyup.io-40088", + "more_info_path": "/vulnerabilities/CVE-2021-21376/40088", "specs": [ "<5.9.0" ], @@ -80933,20 +82315,20 @@ ], "onnxruntime": [ { - "advisory": "Onnxruntime 1.13.1 updates 'protobuf' to v3.18.3 to include a security fix.", - "cve": "CVE-2022-1941", - "id": "pyup.io-53249", - "more_info_path": "/vulnerabilities/CVE-2022-1941/53249", + "advisory": "Onnxruntime 1.13.1 updates 'onnx' to v1.12.1 to fix a vulnerability that allows reading of tensor_data outside the model directory.\r\nhttps://github.com/microsoft/onnxruntime/pull/12915", + "cve": "CVE-2022-25882", + "id": "pyup.io-53234", + "more_info_path": "/vulnerabilities/CVE-2022-25882/53234", "specs": [ "<1.13.1" ], "v": "<1.13.1" }, { - "advisory": "Onnxruntime 1.13.1 updates 'onnx' to v1.12.1 to fix a vulnerability that allows reading of tensor_data outside the model directory.\r\nhttps://github.com/microsoft/onnxruntime/pull/12915", - "cve": "CVE-2022-25882", - "id": "pyup.io-53234", - "more_info_path": "/vulnerabilities/CVE-2022-25882/53234", + "advisory": "Onnxruntime 1.13.1 updates 'protobuf' to v3.18.3 to include a security fix.", + "cve": "CVE-2022-1941", + "id": "pyup.io-53249", + "more_info_path": "/vulnerabilities/CVE-2022-1941/53249", "specs": [ "<1.13.1" ], @@ -81071,6 +82453,38 @@ "v": "<0.1.11" } ], + "openai-copilot": [ + { + "advisory": "Openai-copilot 0.2.4 updates its dependency 'langchain' to v0.0.264 to include a security fix.", + "cve": "CVE-2023-36189", + "id": "pyup.io-61669", + "more_info_path": "/vulnerabilities/CVE-2023-36189/61669", + "specs": [ + "<0.2.4" + ], + "v": "<0.2.4" + }, + { + "advisory": "Openai-copilot 0.2.4 updates its dependency 'langchain' to v0.0.264 to include a security fix.", + "cve": "CVE-2023-34541", + "id": "pyup.io-61667", + "more_info_path": "/vulnerabilities/CVE-2023-34541/61667", + "specs": [ + "<0.2.4" + ], + "v": "<0.2.4" + }, + { + "advisory": "Openai-copilot 0.2.5 updates its dependency 'aiohttp' to v3.8.6 to include a security fix.", + "cve": "PVE-2023-61657", + "id": "pyup.io-61666", + "more_info_path": "/vulnerabilities/PVE-2023-61657/61666", + "specs": [ + "<0.2.5" + ], + "v": "<0.2.5" + } + ], "openapi-core": [ { "advisory": "Openapi-core 0.13.0 includes a fix for CVE-2019-19844. It also introduces security validation with an API Key and support for HTTP security types.\r\nhttps://github.com/python-openapi/openapi-core/commit/745736b5c202ab9768bf4efb869934897d667647", @@ -81298,6 +82712,16 @@ } ], "openbb": [ + { + "advisory": "Openbb 2.3.0 updates its dependency 'gitpython' to v3.1.30 to include a security fix.", + "cve": "CVE-2022-24439", + "id": "pyup.io-53331", + "more_info_path": "/vulnerabilities/CVE-2022-24439/53331", + "specs": [ + "<2.3.0" + ], + "v": "<2.3.0" + }, { "advisory": "Openbb 2.3.0 updates its dependency 'certifi' to v2022.12.7 to include a security fix.", "cve": "CVE-2022-23491", @@ -81319,10 +82743,10 @@ "v": "<2.3.0" }, { - "advisory": "Openbb 2.3.0 updates its dependency 'gitpython' to v3.1.30 to include a security fix.", - "cve": "CVE-2022-24439", - "id": "pyup.io-53331", - "more_info_path": "/vulnerabilities/CVE-2022-24439/53331", + "advisory": "Openbb 2.3.0 updates its dependency 'future' to v0.18.3 to include a security fix.", + "cve": "CVE-2022-40899", + "id": "pyup.io-53330", + "more_info_path": "/vulnerabilities/CVE-2022-40899/53330", "specs": [ "<2.3.0" ], @@ -81338,16 +82762,6 @@ ], "v": "<2.3.0" }, - { - "advisory": "Openbb 2.3.0 updates its dependency 'future' to v0.18.3 to include a security fix.", - "cve": "CVE-2022-40899", - "id": "pyup.io-53330", - "more_info_path": "/vulnerabilities/CVE-2022-40899/53330", - "specs": [ - "<2.3.0" - ], - "v": "<2.3.0" - }, { "advisory": "Openbb 2.4.0 updates its NPM dependency 'eta' to v2.0.0 to include security fixes.", "cve": "CVE-2023-23630", @@ -82240,6 +83654,18 @@ "v": "<0.1.11" } ], + "opentelemetry-instrumentation": [ + { + "advisory": "Opentelemetry-instrumentation 0.41b0 includes a fix for CVE-2023-43810: Autoinstrumentation out of the box adds the label 'http_method' that has unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent. HTTP method for requests can be easily set by an attacker to be random and long. In order to be affected program has to be instrumented for HTTP handlers and does not filter any unknown HTTP methods on the level of CDN, LB, previous middleware, etc.\r\nhttps://github.com/open-telemetry/opentelemetry-python-contrib/security/advisories/GHSA-5rv5-6h4r-h22v", + "cve": "CVE-2023-43810", + "id": "pyup.io-61653", + "more_info_path": "/vulnerabilities/CVE-2023-43810/61653", + "specs": [ + "<0.41b0" + ], + "v": "<0.41b0" + } + ], "opentera": [ { "advisory": "Opentera 1.0.9 adds missing service access checks to the Service API.\r\nhttps://github.com/introlab/opentera/commit/4aa0361f6cd3faa395df6a43755fd197677c5528", @@ -85864,6 +87290,26 @@ "<2.0.0a12" ], "v": "<2.0.0a12" + }, + { + "advisory": "Owlmixin 6.1.1 updates its dependency 'urlllib3' to include a security fix.", + "cve": "CVE-2023-43804", + "id": "pyup.io-61904", + "more_info_path": "/vulnerabilities/CVE-2023-43804/61904", + "specs": [ + "<6.1.1" + ], + "v": "<6.1.1" + }, + { + "advisory": "Owlmixin 6.1.1 updates its dependency 'urlllib3' to include a security fix.", + "cve": "CVE-2023-45803", + "id": "pyup.io-61922", + "more_info_path": "/vulnerabilities/CVE-2023-45803/61922", + "specs": [ + "<6.1.1" + ], + "v": "<6.1.1" } ], "owlmoon": [ @@ -86055,7 +87501,7 @@ "v": "<0.1.4" }, { - "advisory": "Pakettikauppa 0.1.5 updates its dependency 'urllib3' to v1.24.2 to include a security fix.", + "advisory": "Pakettikauppa 0.1.5 updates its dependency 'urllib3' to v1.24.2 to include a security fix. To get latest version, install from source: https://github.com/vilkasgroup/Pakettikauppa/blob/master/docs/installation.rst", "cve": "CVE-2019-11324", "id": "pyup.io-45145", "more_info_path": "/vulnerabilities/CVE-2019-11324/45145", @@ -86086,16 +87532,6 @@ ], "v": "<1.2.2" }, - { - "advisory": "Palladium 1.2.2 updates its dependency 'urllib3' to v1.25.3 to include security fixes.", - "cve": "CVE-2019-11236", - "id": "pyup.io-44632", - "more_info_path": "/vulnerabilities/CVE-2019-11236/44632", - "specs": [ - "<1.2.2" - ], - "v": "<1.2.2" - }, { "advisory": "Palladium 1.2.2 updates its dependency 'numpy' to v1.17.0 to include a security fix.", "cve": "CVE-2019-6446", @@ -86116,21 +87552,31 @@ ], "v": "<1.2.2" }, + { + "advisory": "Palladium 1.2.2 updates its dependency 'jinja2' to v2.10.1 to include a security fix.", + "cve": "CVE-2019-10906", + "id": "pyup.io-37378", + "more_info_path": "/vulnerabilities/CVE-2019-10906/37378", + "specs": [ + "<1.2.2" + ], + "v": "<1.2.2" + }, { "advisory": "Palladium 1.2.2 updates its dependency 'urllib3' to v1.25.3 to include security fixes.", - "cve": "CVE-2019-11324", - "id": "pyup.io-44631", - "more_info_path": "/vulnerabilities/CVE-2019-11324/44631", + "cve": "CVE-2019-11236", + "id": "pyup.io-44632", + "more_info_path": "/vulnerabilities/CVE-2019-11236/44632", "specs": [ "<1.2.2" ], "v": "<1.2.2" }, { - "advisory": "Palladium 1.2.2 updates its dependency 'jinja2' to v2.10.1 to include a security fix.", - "cve": "CVE-2019-10906", - "id": "pyup.io-37378", - "more_info_path": "/vulnerabilities/CVE-2019-10906/37378", + "advisory": "Palladium 1.2.2 updates its dependency 'urllib3' to v1.25.3 to include security fixes.", + "cve": "CVE-2019-11324", + "id": "pyup.io-44631", + "more_info_path": "/vulnerabilities/CVE-2019-11324/44631", "specs": [ "<1.2.2" ], @@ -86641,9 +88087,9 @@ "pathfinder": [ { "advisory": "Pathfinder 0.5.4 stops relying in Jinja2 v2.6 to avoid security issues.", - "cve": "CVE-2014-1402", - "id": "pyup.io-46430", - "more_info_path": "/vulnerabilities/CVE-2014-1402/46430", + "cve": "CVE-2019-10906", + "id": "pyup.io-38220", + "more_info_path": "/vulnerabilities/CVE-2019-10906/38220", "specs": [ "<0.5.4" ], @@ -86651,9 +88097,9 @@ }, { "advisory": "Pathfinder 0.5.4 stops relying in Jinja2 v2.6 to avoid security issues.", - "cve": "CVE-2016-10745", - "id": "pyup.io-46431", - "more_info_path": "/vulnerabilities/CVE-2016-10745/46431", + "cve": "CVE-2014-0012", + "id": "pyup.io-46429", + "more_info_path": "/vulnerabilities/CVE-2014-0012/46429", "specs": [ "<0.5.4" ], @@ -86661,9 +88107,9 @@ }, { "advisory": "Pathfinder 0.5.4 stops relying in Jinja2 v2.6 to avoid security issues.", - "cve": "CVE-2019-10906", - "id": "pyup.io-38220", - "more_info_path": "/vulnerabilities/CVE-2019-10906/38220", + "cve": "CVE-2016-10745", + "id": "pyup.io-46431", + "more_info_path": "/vulnerabilities/CVE-2016-10745/46431", "specs": [ "<0.5.4" ], @@ -86671,9 +88117,9 @@ }, { "advisory": "Pathfinder 0.5.4 stops relying in Jinja2 v2.6 to avoid security issues.", - "cve": "CVE-2014-0012", - "id": "pyup.io-46429", - "more_info_path": "/vulnerabilities/CVE-2014-0012/46429", + "cve": "CVE-2014-1402", + "id": "pyup.io-46430", + "more_info_path": "/vulnerabilities/CVE-2014-1402/46430", "specs": [ "<0.5.4" ], @@ -86779,9 +88225,9 @@ }, { "advisory": "Pconf 1.7.1 updates its dependency 'pyyaml' to v5.3.1 to include security fixes.", - "cve": "CVE-2020-1747", - "id": "pyup.io-43971", - "more_info_path": "/vulnerabilities/CVE-2020-1747/43971", + "cve": "CVE-2017-18342", + "id": "pyup.io-44483", + "more_info_path": "/vulnerabilities/CVE-2017-18342/44483", "specs": [ "<1.7.1" ], @@ -86789,9 +88235,9 @@ }, { "advisory": "Pconf 1.7.1 updates its dependency 'pyyaml' to v5.3.1 to include security fixes.", - "cve": "CVE-2017-18342", - "id": "pyup.io-44483", - "more_info_path": "/vulnerabilities/CVE-2017-18342/44483", + "cve": "CVE-2020-1747", + "id": "pyup.io-43971", + "more_info_path": "/vulnerabilities/CVE-2020-1747/43971", "specs": [ "<1.7.1" ], @@ -87150,6 +88596,18 @@ "v": "<1.2.1" } ], + "pdm": [ + { + "advisory": "Pdm 2.9.4 includes a fix for CVE-2023-45805: It's possible to craft a malicious pdm.lock file that could allow e.g. an insider or a malicious open source project to appear to depend on a trusted PyPI project, but actually install another project.\r\nhttps://github.com/pdm-project/pdm/security/advisories/GHSA-j44v-mmf2-xvm9\r\nhttps://github.com/pdm-project/pdm/commit/6853e2642dfa281d4a9958fbc6c95b7e32d84831", + "cve": "CVE-2023-45805", + "id": "pyup.io-62025", + "more_info_path": "/vulnerabilities/CVE-2023-45805/62025", + "specs": [ + "<2.9.4" + ], + "v": "<2.9.4" + } + ], "pdoc": [ { "advisory": "Pdoc 10.0.0 defuses insecure 'repr()' calls for all templates.\r\nhttps://github.com/mitmproxy/pdoc/commit/b14d6bc3d515d58d20c8810b79ae8f4115efaa8c", @@ -87924,7 +89382,7 @@ ], "pillow": [ { - "advisory": "Pillow 10.0.1 updates its C dependency 'libwebp' to 1.3.2 to include a fix for a high risk vulnerability.\r\nhttps://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html", + "advisory": "Pillow 10.0.1 updates its C dependency 'libwebp' to 1.3.2 to include a fix for a high-risk vulnerability.\r\nhttps://pillow.readthedocs.io/en/stable/releasenotes/10.0.1.html", "cve": "CVE-2023-4863", "id": "pyup.io-61489", "more_info_path": "/vulnerabilities/CVE-2023-4863/61489", @@ -88015,20 +89473,20 @@ "v": "<3.1.1" }, { - "advisory": "Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow before 3.1.1 and Python Imaging Library (PIL) 1.1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PhotoCD file.", - "cve": "CVE-2016-2533", - "id": "pyup.io-33136", - "more_info_path": "/vulnerabilities/CVE-2016-2533/33136", + "advisory": "Integer overflow in the ImagingResampleHorizontal function in libImaging/Resample.c in Pillow before 3.1.1 allows remote attackers to have unspecified impact via negative values of the new size, which triggers a heap-based buffer overflow.", + "cve": "CVE-2016-4009", + "id": "pyup.io-33137", + "more_info_path": "/vulnerabilities/CVE-2016-4009/33137", "specs": [ "<3.1.1" ], "v": "<3.1.1" }, { - "advisory": "Integer overflow in the ImagingResampleHorizontal function in libImaging/Resample.c in Pillow before 3.1.1 allows remote attackers to have unspecified impact via negative values of the new size, which triggers a heap-based buffer overflow.", - "cve": "CVE-2016-4009", - "id": "pyup.io-33137", - "more_info_path": "/vulnerabilities/CVE-2016-4009/33137", + "advisory": "Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow before 3.1.1 and Python Imaging Library (PIL) 1.1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PhotoCD file.", + "cve": "CVE-2016-2533", + "id": "pyup.io-33136", + "more_info_path": "/vulnerabilities/CVE-2016-2533/33136", "specs": [ "<3.1.1" ], @@ -88045,20 +89503,20 @@ "v": "<3.1.2" }, { - "advisory": "Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the \"crafted image file\" approach, related to an \"Integer Overflow\" issue affecting the Image.core.map_buffer in map.c component.", - "cve": "CVE-2016-9189", - "id": "pyup.io-33139", - "more_info_path": "/vulnerabilities/CVE-2016-9189/33139", + "advisory": "Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the \"crafted image file\" approach, related to an \"Insecure Sign Extension\" issue affecting the ImagingNew in Storage.c component.", + "cve": "CVE-2016-9190", + "id": "pyup.io-33138", + "more_info_path": "/vulnerabilities/CVE-2016-9190/33138", "specs": [ "<3.3.2" ], "v": "<3.3.2" }, { - "advisory": "Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the \"crafted image file\" approach, related to an \"Insecure Sign Extension\" issue affecting the ImagingNew in Storage.c component.", - "cve": "CVE-2016-9190", - "id": "pyup.io-33138", - "more_info_path": "/vulnerabilities/CVE-2016-9190/33138", + "advisory": "Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the \"crafted image file\" approach, related to an \"Integer Overflow\" issue affecting the Image.core.map_buffer in map.c component.", + "cve": "CVE-2016-9189", + "id": "pyup.io-33139", + "more_info_path": "/vulnerabilities/CVE-2016-9189/33139", "specs": [ "<3.3.2" ], @@ -88135,20 +89593,20 @@ "v": "<7.1.0" }, { - "advisory": "In libImaging/PcxDecode.c in Pillow before 7.1.0, an out-of-bounds read can occur when reading PCX files where state->shuffle is instructed to read beyond state->buffer.", - "cve": "CVE-2020-10378", - "id": "pyup.io-38449", - "more_info_path": "/vulnerabilities/CVE-2020-10378/38449", + "advisory": "In libImaging/Jpeg2KDecode.c in Pillow before 7.1.0, there are multiple out-of-bounds reads via a crafted JP2 file.", + "cve": "CVE-2020-10994", + "id": "pyup.io-38451", + "more_info_path": "/vulnerabilities/CVE-2020-10994/38451", "specs": [ "<7.1.0" ], "v": "<7.1.0" }, { - "advisory": "In libImaging/Jpeg2KDecode.c in Pillow before 7.1.0, there are multiple out-of-bounds reads via a crafted JP2 file.", - "cve": "CVE-2020-10994", - "id": "pyup.io-38451", - "more_info_path": "/vulnerabilities/CVE-2020-10994/38451", + "advisory": "In libImaging/PcxDecode.c in Pillow before 7.1.0, an out-of-bounds read can occur when reading PCX files where state->shuffle is instructed to read beyond state->buffer.", + "cve": "CVE-2020-10378", + "id": "pyup.io-38449", + "more_info_path": "/vulnerabilities/CVE-2020-10378/38449", "specs": [ "<7.1.0" ], @@ -88204,6 +89662,26 @@ ], "v": "<8.1.0" }, + { + "advisory": "Pillow 8.1.1 includes a fix for CVE-2021-25291: In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries.\r\nhttps://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html", + "cve": "CVE-2021-25291", + "id": "pyup.io-40272", + "more_info_path": "/vulnerabilities/CVE-2021-25291/40272", + "specs": [ + "<8.1.1" + ], + "v": "<8.1.1" + }, + { + "advisory": "Pillow 8.1.1 includes a fix for CVE-2021-25293: There is an out-of-bounds read in SGIRleDecode.c.\r\nhttps://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html", + "cve": "CVE-2021-25293", + "id": "pyup.io-40273", + "more_info_path": "/vulnerabilities/CVE-2021-25293/40273", + "specs": [ + "<8.1.1" + ], + "v": "<8.1.1" + }, { "advisory": "Pillow 8.1.1 includes a fix for CVE-2021-25289: TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654.\r\nhttps://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html", "cve": "CVE-2021-25289", @@ -88234,16 +89712,6 @@ ], "v": "<8.1.1" }, - { - "advisory": "Pillow 8.1.1 includes a fix for CVE-2021-25291: In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries.\r\nhttps://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html", - "cve": "CVE-2021-25291", - "id": "pyup.io-40272", - "more_info_path": "/vulnerabilities/CVE-2021-25291/40272", - "specs": [ - "<8.1.1" - ], - "v": "<8.1.1" - }, { "advisory": "Pillow 8.1.1 includes a fix for CVE-2021-25292: The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex.\r\nhttps://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html", "cve": "CVE-2021-25292", @@ -88264,16 +89732,6 @@ ], "v": "<8.1.1" }, - { - "advisory": "Pillow 8.1.1 includes a fix for CVE-2021-25293: There is an out-of-bounds read in SGIRleDecode.c.\r\nhttps://pillow.readthedocs.io/en/stable/releasenotes/8.1.1.html", - "cve": "CVE-2021-25293", - "id": "pyup.io-40273", - "more_info_path": "/vulnerabilities/CVE-2021-25293/40273", - "specs": [ - "<8.1.1" - ], - "v": "<8.1.1" - }, { "advisory": "Pillow version 8.2.0 includes a fix for CVE-2021-28677: For EPS data, the readline implementation used in EPSImageFile has to deal with any combination of \\r and \\n as line endings. It used an accidentally quadratic method of accumulating lines while looking for a line ending. A malicious EPS file could use this to perform a DoS of Pillow in the open phase, before an image was accepted for opening.\r\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQHA5HAIBOYI3R6HDWCLAGFTIQP767FL/\r\nhttps://github.com/python-pillow/Pillow/pull/5377\r\nhttps://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-28677-fix-eps-dos-on-open", "cve": "CVE-2021-28677", @@ -88305,20 +89763,20 @@ "v": "<8.2.0" }, { - "advisory": "Pillow 8.2.0 includes a fix for CVE-2021-25288: There is an out-of-bounds read in J2kDecode, in j2ku_gray_i.\r\nhttps://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode", - "cve": "CVE-2021-25288", - "id": "pyup.io-40593", - "more_info_path": "/vulnerabilities/CVE-2021-25288/40593", + "advisory": "Pillow 8.2.0 includes a fix for CVE-2021-25287: There is an out-of-bounds read in J2kDecode, in j2ku_graya_la.\r\nhttps://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode", + "cve": "CVE-2021-25287", + "id": "pyup.io-40592", + "more_info_path": "/vulnerabilities/CVE-2021-25287/40592", "specs": [ "<8.2.0" ], "v": "<8.2.0" }, { - "advisory": "Pillow 8.2.0 includes a fix for CVE-2021-25287: There is an out-of-bounds read in J2kDecode, in j2ku_graya_la.\r\nhttps://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode", - "cve": "CVE-2021-25287", - "id": "pyup.io-40592", - "more_info_path": "/vulnerabilities/CVE-2021-25287/40592", + "advisory": "Pillow 8.2.0 includes a fix for CVE-2021-25288: There is an out-of-bounds read in J2kDecode, in j2ku_gray_i.\r\nhttps://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html#cve-2021-25287-cve-2021-25288-fix-oob-read-in-jpeg2kdecode", + "cve": "CVE-2021-25288", + "id": "pyup.io-40593", + "more_info_path": "/vulnerabilities/CVE-2021-25288/40593", "specs": [ "<8.2.0" ], @@ -88334,16 +89792,6 @@ ], "v": "<8.3.0" }, - { - "advisory": "Pillow 9.0.0 includes a fix for CVE-2022-22816: path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path.\r\nhttps://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling", - "cve": "CVE-2022-22816", - "id": "pyup.io-44486", - "more_info_path": "/vulnerabilities/CVE-2022-22816/44486", - "specs": [ - "<9.0.0" - ], - "v": "<9.0.0" - }, { "advisory": "Pillow 9.0.0 excludes carriage return in PDF regex to help prevent ReDoS.\r\nhttps://github.com/python-pillow/Pillow/pull/5912\r\nhttps://github.com/python-pillow/Pillow/commit/43b800d933c996226e4d7df00c33fcbe46d97363", "cve": "PVE-2021-44525", @@ -88374,6 +89822,16 @@ ], "v": "<9.0.0" }, + { + "advisory": "Pillow 9.0.0 includes a fix for CVE-2022-22816: path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path.\r\nhttps://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling", + "cve": "CVE-2022-22816", + "id": "pyup.io-44486", + "more_info_path": "/vulnerabilities/CVE-2022-22816/44486", + "specs": [ + "<9.0.0" + ], + "v": "<9.0.0" + }, { "advisory": "Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled.", "cve": "CVE-2022-24303", @@ -88486,16 +89944,6 @@ ], "v": "<0.6.1" }, - { - "advisory": "Pillow-heif 0.6.1 fixes HEIF decoder's CVEs.", - "cve": "CVE-2021-36411", - "id": "pyup.io-50717", - "more_info_path": "/vulnerabilities/CVE-2021-36411/50717", - "specs": [ - "<0.6.1" - ], - "v": "<0.6.1" - }, { "advisory": "Pillow-heif 0.6.1 fixes HEIF decoder's CVEs.", "cve": "CVE-2021-36408", @@ -88525,6 +89973,16 @@ "<0.6.1" ], "v": "<0.6.1" + }, + { + "advisory": "Pillow-heif 0.6.1 fixes HEIF decoder's CVEs.", + "cve": "CVE-2021-36411", + "id": "pyup.io-50717", + "more_info_path": "/vulnerabilities/CVE-2021-36411/50717", + "specs": [ + "<0.6.1" + ], + "v": "<0.6.1" } ], "pillow-simd": [ @@ -88707,20 +90165,20 @@ ], "pip": [ { - "advisory": "pip before 1.3 allows local users to overwrite arbitrary files via a symlink attack on a file in the /tmp/pip-build temporary directory.", - "cve": "CVE-2013-1888", - "id": "pyup.io-33141", - "more_info_path": "/vulnerabilities/CVE-2013-1888/33141", + "advisory": "pip before 1.3 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to a \"pip install\" operation.", + "cve": "CVE-2013-1629", + "id": "pyup.io-33140", + "more_info_path": "/vulnerabilities/CVE-2013-1629/33140", "specs": [ "<1.3" ], "v": "<1.3" }, { - "advisory": "pip before 1.3 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to a \"pip install\" operation.", - "cve": "CVE-2013-1629", - "id": "pyup.io-33140", - "more_info_path": "/vulnerabilities/CVE-2013-1629/33140", + "advisory": "pip before 1.3 allows local users to overwrite arbitrary files via a symlink attack on a file in the /tmp/pip-build temporary directory.", + "cve": "CVE-2013-1888", + "id": "pyup.io-33141", + "more_info_path": "/vulnerabilities/CVE-2013-1888/33141", "specs": [ "<1.3" ], @@ -88756,6 +90214,16 @@ ], "v": "<19.2" }, + { + "advisory": "A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1.", + "cve": "CVE-2021-3572", + "id": "pyup.io-42559", + "more_info_path": "/vulnerabilities/CVE-2021-3572/42559", + "specs": [ + "<21.1" + ], + "v": "<21.1" + }, { "advisory": "Pip 21.1 updates its dependency 'urllib3' to v1.26.4 due to security issues.", "cve": "CVE-2021-28363", @@ -88767,14 +90235,14 @@ "v": "<21.1" }, { - "advisory": "A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1.", - "cve": "CVE-2021-3572", - "id": "pyup.io-42559", - "more_info_path": "/vulnerabilities/CVE-2021-3572/42559", + "advisory": "Pip 23.3 includes a fix for CVE-2023-5752: When installing a package from a Mercurial VCS URL (ie \"pip install hg+...\") with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the \"hg clone\" call (ie \"--config\"). Controlling the Mercurial configuration can modify how and which repository is installed. This vulnerability does not affect users who aren't installing from Mercurial.\r\nhttps://github.com/pypa/pip/pull/12306", + "cve": "CVE-2023-5752", + "id": "pyup.io-62044", + "more_info_path": "/vulnerabilities/CVE-2023-5752/62044", "specs": [ - "<21.1" + "<23.3" ], - "v": "<21.1" + "v": "<23.3" }, { "advisory": "pip before 6.0 is not using a randomized and secure default build directory when possible. (CVE-2014-8991).", @@ -88808,16 +90276,6 @@ ], "v": "<2020.5.28" }, - { - "advisory": "Pipenv 2020.5.28 updates its dependency 'urllib3' to v1.25.9 to include security fixes.", - "cve": "CVE-2019-11236", - "id": "pyup.io-45799", - "more_info_path": "/vulnerabilities/CVE-2019-11236/45799", - "specs": [ - "<2020.5.28" - ], - "v": "<2020.5.28" - }, { "advisory": "Pipenv 2020.5.28 updates its dependency 'urllib3' to v1.25.9 to include security fixes.", "cve": "CVE-2019-11324", @@ -88838,6 +90296,16 @@ ], "v": "<2020.5.28" }, + { + "advisory": "Pipenv 2020.5.28 updates its dependency 'jinja2' to v2.11.2 to include a security fix.", + "cve": "CVE-2019-10906", + "id": "pyup.io-38334", + "more_info_path": "/vulnerabilities/CVE-2019-10906/38334", + "specs": [ + "<2020.5.28" + ], + "v": "<2020.5.28" + }, { "advisory": "Pipenv 2020.5.28 updates its dependency 'urllib3' to v1.25.9 to include security fixes.", "cve": "CVE-2020-26137", @@ -88849,10 +90317,10 @@ "v": "<2020.5.28" }, { - "advisory": "Pipenv 2020.5.28 updates its dependency 'jinja2' to v2.11.2 to include a security fix.", - "cve": "CVE-2019-10906", - "id": "pyup.io-38334", - "more_info_path": "/vulnerabilities/CVE-2019-10906/38334", + "advisory": "Pipenv 2020.5.28 updates its dependency 'urllib3' to v1.25.9 to include security fixes.", + "cve": "CVE-2019-11236", + "id": "pyup.io-45799", + "more_info_path": "/vulnerabilities/CVE-2019-11236/45799", "specs": [ "<2020.5.28" ], @@ -89135,6 +90603,26 @@ } ], "planetmint-driver-python": [ + { + "advisory": "Planetmint-driver 0.18.3 updates its dependency 'requests' to version '2.31.0' to include a security fix.\r\nhttps://github.com/planetmint/planetmint-driver-python/commit/050332d4c4121b304af1309e95c484cc9ec71947", + "cve": "CVE-2023-32681", + "id": "pyup.io-61872", + "more_info_path": "/vulnerabilities/CVE-2023-32681/61872", + "specs": [ + "<0.18.3" + ], + "v": "<0.18.3" + }, + { + "advisory": "Planetmint-driver 0.18.3 updates its dependency 'tornado' to version '6.3.2' to include a security fix.\r\nhttps://github.com/planetmint/planetmint-driver-python/commit/b492f3fd61f8514e82b1c0f06d64dfc21dc762d6", + "cve": "CVE-2023-28370", + "id": "pyup.io-61873", + "more_info_path": "/vulnerabilities/CVE-2023-28370/61873", + "specs": [ + "<0.18.3" + ], + "v": "<0.18.3" + }, { "advisory": "Planetmint-driver-python 0.5.2 updates its dependency 'cryptogtaphy' to include a security fix.", "cve": "CVE-2018-10903", @@ -89559,6 +91047,37 @@ ], "v": "<4.3.20,>=5.0a1,<5.2.5" }, + { + "advisory": "There exists a vulnerability that could potentially lead to the unauthorized exposure of information of registered users.", + "cve": "PVE-2023-99914", + "id": "pyup.io-62007", + "more_info_path": "/vulnerabilities/PVE-2023-99914/62007", + "specs": [ + "<4.3.8", + ">=5.0a1,<5.0.1" + ], + "v": "<4.3.8,>=5.0a1,<5.0.1" + }, + { + "advisory": "Plone is exposed to risks associated with reflected cross-site scripting and open redirect. These vulnerabilities can occur when an attacker manages to put a compromised version of the image_view_fullscreen page into a cache, such as Varnish.", + "cve": "PVE-2023-99927", + "id": "pyup.io-61947", + "more_info_path": "/vulnerabilities/PVE-2023-99927/61947", + "specs": [ + "<5.0.0" + ], + "v": "<5.0.0" + }, + { + "advisory": "Numerous cross-site request forgery vulnerabilities have been discovered within the Zope Management Interface.", + "cve": "PVE-2023-99915", + "id": "pyup.io-62006", + "more_info_path": "/vulnerabilities/PVE-2023-99915/62006", + "specs": [ + "<5.0a" + ], + "v": "<5.0a" + }, { "advisory": "Plone 5.2.2 contains Products.isurlinportal 1.1.0 with a minor security hardening fix.\r\nhttps://github.com/plone/Products.CMFPlone/commit/ec1b7994c9c4a32d24f9b3f1f5ec0d628234434e\r\nhttps://community.plone.org/t/vulnerability-fix-products-isurlinportal-1-1-0/12735", "cve": "PVE-2021-38990", @@ -91013,9 +92532,9 @@ }, { "advisory": "Pm4py 2.2.19.1 updates its dependency 'numpy' to v1.22.2 to include security fixes.", - "cve": "CVE-2021-41495", - "id": "pyup.io-44946", - "more_info_path": "/vulnerabilities/CVE-2021-41495/44946", + "cve": "CVE-2021-41496", + "id": "pyup.io-44945", + "more_info_path": "/vulnerabilities/CVE-2021-41496/44945", "specs": [ "<2.2.19.1" ], @@ -91023,9 +92542,9 @@ }, { "advisory": "Pm4py 2.2.19.1 updates its dependency 'numpy' to v1.22.2 to include security fixes.", - "cve": "CVE-2021-41496", - "id": "pyup.io-44945", - "more_info_path": "/vulnerabilities/CVE-2021-41496/44945", + "cve": "CVE-2021-34141", + "id": "pyup.io-44944", + "more_info_path": "/vulnerabilities/CVE-2021-34141/44944", "specs": [ "<2.2.19.1" ], @@ -91033,9 +92552,9 @@ }, { "advisory": "Pm4py 2.2.19.1 updates its dependency 'numpy' to v1.22.2 to include security fixes.", - "cve": "CVE-2021-34141", - "id": "pyup.io-44944", - "more_info_path": "/vulnerabilities/CVE-2021-34141/44944", + "cve": "CVE-2021-41495", + "id": "pyup.io-44946", + "more_info_path": "/vulnerabilities/CVE-2021-41495/44946", "specs": [ "<2.2.19.1" ], @@ -91135,20 +92654,20 @@ ], "poetry": [ { - "advisory": "Poetry 1.1.9 includes a fix for CVE-2022-36070: To handle dependencies that come from a Git repository, Poetry executes various commands, e.g. 'git config'. These commands are being executed using the executable\u2019s name and not its absolute path. This can lead to the execution of untrusted code due to the way Windows resolves executable names to paths. Unlike Linux-based operating systems, Windows searches for the executable in the current directory first and looks in the paths that are defined in the 'PATH' environment variable afterward. This vulnerability can lead to Arbitrary Code Execution, which would lead to the takeover of the system. If a developer is exploited, the attacker could steal credentials or persist their access. If the exploit happens on a server, the attackers could use their access to attack other internal systems. Since this vulnerability requires a fair amount of user interaction, it is not as dangerous as a remotely exploitable one. However, it still puts developers at risk when dealing with untrusted files in a way they think is safe. The victim could also not protect themself by vetting any Git or Poetry config files that might be present in the directory, because the behavior is undocumented.\r\nhttps://github.com/python-poetry/poetry/security/advisories/GHSA-j4j9-7hg9-97g6", - "cve": "CVE-2022-36070", - "id": "pyup.io-50948", - "more_info_path": "/vulnerabilities/CVE-2022-36070/50948", + "advisory": "Poetry 1.1.9 includes a fix for CVE-2022-36069: When handling dependencies that come from a Git repository instead of a registry, Poetry uses various commands, such as 'git clone'. These commands are constructed using user input (e.g. the repository URL). When building the commands, Poetry correctly avoids Command Injection vulnerabilities by passing an array of arguments instead of a command string. However, there is the possibility that a user input starts with a dash ('-') and is therefore treated as an optional argument instead of a positional one. This can lead to Code Execution because some of the commands have options that can be leveraged to run arbitrary executables. If a developer is exploited, the attacker could steal credentials or persist their access. If the exploit happens on a server, the attackers could use their access to attack other internal systems. Since this vulnerability requires a fair amount of user interaction, it is not as dangerous as a remotely exploitable one. However, it still puts developers at risk when dealing with untrusted files in a way they think is safe, because the exploit still works when the victim tries to make sure nothing can happen, e.g. by vetting any Git or Poetry config files that might be present in the directory.\r\nhttps://github.com/python-poetry/poetry/security/advisories/GHSA-9xgj-fcgf-x6mw", + "cve": "CVE-2022-36069", + "id": "pyup.io-50947", + "more_info_path": "/vulnerabilities/CVE-2022-36069/50947", "specs": [ "<1.1.9" ], "v": "<1.1.9" }, { - "advisory": "Poetry 1.1.9 includes a fix for CVE-2022-36069: When handling dependencies that come from a Git repository instead of a registry, Poetry uses various commands, such as 'git clone'. These commands are constructed using user input (e.g. the repository URL). When building the commands, Poetry correctly avoids Command Injection vulnerabilities by passing an array of arguments instead of a command string. However, there is the possibility that a user input starts with a dash ('-') and is therefore treated as an optional argument instead of a positional one. This can lead to Code Execution because some of the commands have options that can be leveraged to run arbitrary executables. If a developer is exploited, the attacker could steal credentials or persist their access. If the exploit happens on a server, the attackers could use their access to attack other internal systems. Since this vulnerability requires a fair amount of user interaction, it is not as dangerous as a remotely exploitable one. However, it still puts developers at risk when dealing with untrusted files in a way they think is safe, because the exploit still works when the victim tries to make sure nothing can happen, e.g. by vetting any Git or Poetry config files that might be present in the directory.\r\nhttps://github.com/python-poetry/poetry/security/advisories/GHSA-9xgj-fcgf-x6mw", - "cve": "CVE-2022-36069", - "id": "pyup.io-50947", - "more_info_path": "/vulnerabilities/CVE-2022-36069/50947", + "advisory": "Poetry 1.1.9 includes a fix for CVE-2022-36070: To handle dependencies that come from a Git repository, Poetry executes various commands, e.g. 'git config'. These commands are being executed using the executable\u2019s name and not its absolute path. This can lead to the execution of untrusted code due to the way Windows resolves executable names to paths. Unlike Linux-based operating systems, Windows searches for the executable in the current directory first and looks in the paths that are defined in the 'PATH' environment variable afterward. This vulnerability can lead to Arbitrary Code Execution, which would lead to the takeover of the system. If a developer is exploited, the attacker could steal credentials or persist their access. If the exploit happens on a server, the attackers could use their access to attack other internal systems. Since this vulnerability requires a fair amount of user interaction, it is not as dangerous as a remotely exploitable one. However, it still puts developers at risk when dealing with untrusted files in a way they think is safe. The victim could also not protect themself by vetting any Git or Poetry config files that might be present in the directory, because the behavior is undocumented.\r\nhttps://github.com/python-poetry/poetry/security/advisories/GHSA-j4j9-7hg9-97g6", + "cve": "CVE-2022-36070", + "id": "pyup.io-50948", + "more_info_path": "/vulnerabilities/CVE-2022-36070/50948", "specs": [ "<1.1.9" ], @@ -91223,20 +92742,20 @@ "v": "<0.4.1" }, { - "advisory": "Polyaxon 0.4.1 updates its NPM dependency 'bootstrap' to v3.4.1 to include a security fix.", - "cve": "CVE-2019-8331", - "id": "pyup.io-49097", - "more_info_path": "/vulnerabilities/CVE-2019-8331/49097", + "advisory": "Polyaxon 0.4.1 updates its NPM dependency 'lodash' to v4.17.11 to include security fixes.", + "cve": "CVE-2018-16487", + "id": "pyup.io-49096", + "more_info_path": "/vulnerabilities/CVE-2018-16487/49096", "specs": [ "<0.4.1" ], "v": "<0.4.1" }, { - "advisory": "Polyaxon 0.4.1 updates its NPM dependency 'lodash' to v4.17.11 to include security fixes.", - "cve": "CVE-2018-16487", - "id": "pyup.io-49096", - "more_info_path": "/vulnerabilities/CVE-2018-16487/49096", + "advisory": "Polyaxon 0.4.1 updates its NPM dependency 'bootstrap' to v3.4.1 to include a security fix.", + "cve": "CVE-2019-8331", + "id": "pyup.io-49097", + "more_info_path": "/vulnerabilities/CVE-2019-8331/49097", "specs": [ "<0.4.1" ], @@ -91324,16 +92843,6 @@ ], "v": "<0.3.1" }, - { - "advisory": "Polymatheia 0.3.1 updates its dependency 'lxml' to v4.6.3 to include security fixes.", - "cve": "CVE-2021-28957", - "id": "pyup.io-49782", - "more_info_path": "/vulnerabilities/CVE-2021-28957/49782", - "specs": [ - "<0.3.1" - ], - "v": "<0.3.1" - }, { "advisory": "Polymatheia 0.3.1 updates its dependency 'lxml' to v4.6.3 to include security fixes.", "cve": "CVE-2020-27783", @@ -91355,20 +92864,30 @@ "v": "<0.3.1" }, { - "advisory": "Polymatheia 0.3.1 updates its dependency 'pyyaml' to v5.4 to include a security fix.", - "cve": "CVE-2020-14343", - "id": "pyup.io-49908", - "more_info_path": "/vulnerabilities/CVE-2020-14343/49908", + "advisory": "Polymatheia 0.3.1 updates its dependency 'jinja2' to v2.11.3 to include a security fix.", + "cve": "CVE-2020-28493", + "id": "pyup.io-49909", + "more_info_path": "/vulnerabilities/CVE-2020-28493/49909", "specs": [ "<0.3.1" ], "v": "<0.3.1" }, { - "advisory": "Polymatheia 0.3.1 updates its dependency 'jinja2' to v2.11.3 to include a security fix.", - "cve": "CVE-2020-28493", - "id": "pyup.io-49909", - "more_info_path": "/vulnerabilities/CVE-2020-28493/49909", + "advisory": "Polymatheia 0.3.1 updates its dependency 'lxml' to v4.6.3 to include security fixes.", + "cve": "CVE-2021-28957", + "id": "pyup.io-49782", + "more_info_path": "/vulnerabilities/CVE-2021-28957/49782", + "specs": [ + "<0.3.1" + ], + "v": "<0.3.1" + }, + { + "advisory": "Polymatheia 0.3.1 updates its dependency 'pyyaml' to v5.4 to include a security fix.", + "cve": "CVE-2020-14343", + "id": "pyup.io-49908", + "more_info_path": "/vulnerabilities/CVE-2020-14343/49908", "specs": [ "<0.3.1" ], @@ -91395,20 +92914,20 @@ "v": "<1.0.4" }, { - "advisory": "Polymatheia 1.0.4 updates its dependency 'pygments' to version '2.15.0' to include a fix for a ReDoS vulnerability.\r\nhttps://github.com/scmmmh/polymatheia/pull/28", - "cve": "CVE-2022-40896", - "id": "pyup.io-60403", - "more_info_path": "/vulnerabilities/CVE-2022-40896/60403", + "advisory": "Polymatheia 1.0.4 updates its dependency 'requests' to version '2.31.0' to include a fix for an Information Exposure vulnerability.\r\nhttps://github.com/scmmmh/polymatheia/pull/27", + "cve": "CVE-2023-32681", + "id": "pyup.io-60404", + "more_info_path": "/vulnerabilities/CVE-2023-32681/60404", "specs": [ "<1.0.4" ], "v": "<1.0.4" }, { - "advisory": "Polymatheia 1.0.4 updates its dependency 'requests' to version '2.31.0' to include a fix for an Information Exposure vulnerability.\r\nhttps://github.com/scmmmh/polymatheia/pull/27", - "cve": "CVE-2023-32681", - "id": "pyup.io-60404", - "more_info_path": "/vulnerabilities/CVE-2023-32681/60404", + "advisory": "Polymatheia 1.0.4 updates its dependency 'pygments' to version '2.15.0' to include a fix for a ReDoS vulnerability.\r\nhttps://github.com/scmmmh/polymatheia/pull/28", + "cve": "CVE-2022-40896", + "id": "pyup.io-60403", + "more_info_path": "/vulnerabilities/CVE-2022-40896/60403", "specs": [ "<1.0.4" ], @@ -91561,6 +93080,18 @@ "v": "<2.1.0" } ], + "power-grid-model-io": [ + { + "advisory": "Power-grid-model-io 1.2.50 includes a fix for a potential ReDOS vulnerability.\r\nhttps://github.com/PowerGridModel/power-grid-model-io/pull/201", + "cve": "PVE-2023-61694", + "id": "pyup.io-61694", + "more_info_path": "/vulnerabilities/PVE-2023-61694/61694", + "specs": [ + "<1.2.50" + ], + "v": "<1.2.50" + } + ], "powerline-gitstatus": [ { "advisory": "powerline-gitstatus (aka Powerline Gitstatus) before 1.3.2 allows arbitrary code execution. git repositories can contain per-repository configuration that changes the behavior of git, including running arbitrary commands. When using powerline-gitstatus, changing to a directory automatically runs git commands in order to display information about the current repository in the prompt. If an attacker can convince a user to change their current directory to one controlled by the attacker, such as in a shared filesystem or extracted archive, powerline-gitstatus will run arbitrary commands under the attacker's control. NOTE: this is similar to CVE-2022-20001.\n\nAffected functions:\npowerline_gitstatus.segments.GitStatusSegment.get_base_command", @@ -91738,20 +93269,20 @@ "v": "<0.14.21" }, { - "advisory": "Prefect 0.15.8 includes a Prefect Server update that bumps an upstream dependency to fix a security vulnerability. See CVE-2021-41249.", - "cve": "CVE-2021-41249", - "id": "pyup.io-42552", - "more_info_path": "/vulnerabilities/CVE-2021-41249/42552", + "advisory": "Prefect 0.15.8 includes a version of Prefect UI which updates a dependency (npm:graphiql) to include a security fix.", + "cve": "CVE-2021-41248", + "id": "pyup.io-42952", + "more_info_path": "/vulnerabilities/CVE-2021-41248/42952", "specs": [ "<0.15.8" ], "v": "<0.15.8" }, { - "advisory": "Prefect 0.15.8 includes a version of Prefect UI which updates a dependency (npm:graphiql) to include a security fix.", - "cve": "CVE-2021-41248", - "id": "pyup.io-42952", - "more_info_path": "/vulnerabilities/CVE-2021-41248/42952", + "advisory": "Prefect 0.15.8 includes a Prefect Server update that bumps an upstream dependency to fix a security vulnerability. See CVE-2021-41249.", + "cve": "CVE-2021-41249", + "id": "pyup.io-42552", + "more_info_path": "/vulnerabilities/CVE-2021-41249/42552", "specs": [ "<0.15.8" ], @@ -92140,6 +93671,16 @@ ], "v": "<4.3.20,>=5.0a1,<5.1.7,>=5.2a1,<5.2.5" }, + { + "advisory": "Plone is exposed to risks associated with reflected cross-site scripting and open redirect. These vulnerabilities can occur when an attacker manages to put a compromised version of the image_view_fullscreen page into a cache, such as Varnish.", + "cve": "PVE-2023-99928", + "id": "pyup.io-61946", + "more_info_path": "/vulnerabilities/PVE-2023-99928/61946", + "specs": [ + "<5.0.0" + ], + "v": "<5.0.0" + }, { "advisory": "Products.ATContentTypes are the core content types for Plone 2.1 - 4.3. Versions of Plone that are dependent on Products.ATContentTypes prior to version 3.0.6 are vulnerable to reflected cross site scripting and open redirect when an attacker can get a compromised version of the image_view_fullscreen page in a cache, for example in Varnish. The technique is known as cache poisoning. Any later visitor can get redirected when clicking on a link on this page. Usually only anonymous users are affected, but this depends on the user's cache settings. Version 3.0.6 of Products.ATContentTypes has been released with a fix. This version works on Plone 5.2, Python 2 only. As a workaround, make sure the image_view_fullscreen page is not stored in the cache. More information about the vulnerability and cvmitigation measures is available in the GitHub Security Advisory.", "cve": "CVE-2022-23599", @@ -92150,6 +93691,16 @@ ], "v": "<5.0.0" }, + { + "advisory": "Several cross-site request forgery vulnerabilities have been identified in the Zope Management Interface.", + "cve": "PVE-2023-99916", + "id": "pyup.io-62005", + "more_info_path": "/vulnerabilities/PVE-2023-99916/62005", + "specs": [ + "<5.0a" + ], + "v": "<5.0a" + }, { "advisory": "In Products.CMFPlone before 5.1b1, it's possible to access private content via str.format in through-the-web templates and scripts.", "cve": "CVE-2017-1000483", @@ -92901,16 +94452,6 @@ ], "v": "<0.4.1" }, - { - "advisory": "Psiz 0.4.1 updates the 'TensorFlow' requirement to v2.3.1 to include security fixes.", - "cve": "CVE-2020-15193", - "id": "pyup.io-43995", - "more_info_path": "/vulnerabilities/CVE-2020-15193/43995", - "specs": [ - "<0.4.1" - ], - "v": "<0.4.1" - }, { "advisory": "Psiz 0.4.1 updates the 'TensorFlow' requirement to v2.3.1 to include security fixes.", "cve": "CVE-2020-15206", @@ -92931,36 +94472,6 @@ ], "v": "<0.4.1" }, - { - "advisory": "Psiz 0.4.1 updates the 'TensorFlow' requirement to v2.3.1 to include security fixes.", - "cve": "CVE-2020-15195", - "id": "pyup.io-43984", - "more_info_path": "/vulnerabilities/CVE-2020-15195/43984", - "specs": [ - "<0.4.1" - ], - "v": "<0.4.1" - }, - { - "advisory": "Psiz 0.4.1 updates the 'TensorFlow' requirement to v2.3.1 to include security fixes.", - "cve": "CVE-2020-15198", - "id": "pyup.io-43997", - "more_info_path": "/vulnerabilities/CVE-2020-15198/43997", - "specs": [ - "<0.4.1" - ], - "v": "<0.4.1" - }, - { - "advisory": "Psiz 0.4.1 updates the 'TensorFlow' requirement to v2.3.1 to include security fixes.", - "cve": "CVE-2020-15200", - "id": "pyup.io-43999", - "more_info_path": "/vulnerabilities/CVE-2020-15200/43999", - "specs": [ - "<0.4.1" - ], - "v": "<0.4.1" - }, { "advisory": "Psiz 0.4.1 updates the 'TensorFlow' requirement to v2.3.1 to include security fixes.", "cve": "CVE-2020-15214", @@ -92993,9 +94504,9 @@ }, { "advisory": "Psiz 0.4.1 updates the 'TensorFlow' requirement to v2.3.1 to include security fixes.", - "cve": "CVE-2020-15196", - "id": "pyup.io-43996", - "more_info_path": "/vulnerabilities/CVE-2020-15196/43996", + "cve": "CVE-2020-15211", + "id": "pyup.io-40498", + "more_info_path": "/vulnerabilities/CVE-2020-15211/40498", "specs": [ "<0.4.1" ], @@ -93003,9 +94514,9 @@ }, { "advisory": "Psiz 0.4.1 updates the 'TensorFlow' requirement to v2.3.1 to include security fixes.", - "cve": "CVE-2020-15201", - "id": "pyup.io-44000", - "more_info_path": "/vulnerabilities/CVE-2020-15201/44000", + "cve": "CVE-2020-15195", + "id": "pyup.io-43984", + "more_info_path": "/vulnerabilities/CVE-2020-15195/43984", "specs": [ "<0.4.1" ], @@ -93013,9 +94524,9 @@ }, { "advisory": "Psiz 0.4.1 updates the 'TensorFlow' requirement to v2.3.1 to include security fixes.", - "cve": "CVE-2020-15213", - "id": "pyup.io-44001", - "more_info_path": "/vulnerabilities/CVE-2020-15213/44001", + "cve": "CVE-2020-15198", + "id": "pyup.io-43997", + "more_info_path": "/vulnerabilities/CVE-2020-15198/43997", "specs": [ "<0.4.1" ], @@ -93023,9 +94534,9 @@ }, { "advisory": "Psiz 0.4.1 updates the 'TensorFlow' requirement to v2.3.1 to include security fixes.", - "cve": "CVE-2020-15211", - "id": "pyup.io-40498", - "more_info_path": "/vulnerabilities/CVE-2020-15211/40498", + "cve": "CVE-2020-15200", + "id": "pyup.io-43999", + "more_info_path": "/vulnerabilities/CVE-2020-15200/43999", "specs": [ "<0.4.1" ], @@ -93033,9 +94544,9 @@ }, { "advisory": "Psiz 0.4.1 updates the 'TensorFlow' requirement to v2.3.1 to include security fixes.", - "cve": "CVE-2020-15358", - "id": "pyup.io-43992", - "more_info_path": "/vulnerabilities/CVE-2020-15358/43992", + "cve": "CVE-2020-15196", + "id": "pyup.io-43996", + "more_info_path": "/vulnerabilities/CVE-2020-15196/43996", "specs": [ "<0.4.1" ], @@ -93051,6 +94562,16 @@ ], "v": "<0.4.1" }, + { + "advisory": "Psiz 0.4.1 updates the 'TensorFlow' requirement to v2.3.1 to include security fixes.", + "cve": "CVE-2020-15210", + "id": "pyup.io-44002", + "more_info_path": "/vulnerabilities/CVE-2020-15210/44002", + "specs": [ + "<0.4.1" + ], + "v": "<0.4.1" + }, { "advisory": "Psiz 0.4.1 updates the 'TensorFlow' requirement to v2.3.1 to include security fixes.", "cve": "CVE-2020-15212", @@ -93103,9 +94624,9 @@ }, { "advisory": "Psiz 0.4.1 updates the 'TensorFlow' requirement to v2.3.1 to include security fixes.", - "cve": "CVE-2020-15210", - "id": "pyup.io-44002", - "more_info_path": "/vulnerabilities/CVE-2020-15210/44002", + "cve": "CVE-2020-15205", + "id": "pyup.io-43979", + "more_info_path": "/vulnerabilities/CVE-2020-15205/43979", "specs": [ "<0.4.1" ], @@ -93113,9 +94634,9 @@ }, { "advisory": "Psiz 0.4.1 updates the 'TensorFlow' requirement to v2.3.1 to include security fixes.", - "cve": "CVE-2020-15204", - "id": "pyup.io-43978", - "more_info_path": "/vulnerabilities/CVE-2020-15204/43978", + "cve": "CVE-2020-15207", + "id": "pyup.io-43985", + "more_info_path": "/vulnerabilities/CVE-2020-15207/43985", "specs": [ "<0.4.1" ], @@ -93123,9 +94644,9 @@ }, { "advisory": "Psiz 0.4.1 updates the 'TensorFlow' requirement to v2.3.1 to include security fixes.", - "cve": "CVE-2020-15205", - "id": "pyup.io-43979", - "more_info_path": "/vulnerabilities/CVE-2020-15205/43979", + "cve": "CVE-2020-15193", + "id": "pyup.io-43995", + "more_info_path": "/vulnerabilities/CVE-2020-15193/43995", "specs": [ "<0.4.1" ], @@ -93133,9 +94654,9 @@ }, { "advisory": "Psiz 0.4.1 updates the 'TensorFlow' requirement to v2.3.1 to include security fixes.", - "cve": "CVE-2020-15207", - "id": "pyup.io-43985", - "more_info_path": "/vulnerabilities/CVE-2020-15207/43985", + "cve": "CVE-2020-15201", + "id": "pyup.io-44000", + "more_info_path": "/vulnerabilities/CVE-2020-15201/44000", "specs": [ "<0.4.1" ], @@ -93143,39 +94664,49 @@ }, { "advisory": "Psiz 0.4.1 updates the 'TensorFlow' requirement to v2.3.1 to include security fixes.", - "cve": "CVE-2020-15194", - "id": "pyup.io-43990", - "more_info_path": "/vulnerabilities/CVE-2020-15194/43990", + "cve": "CVE-2020-15213", + "id": "pyup.io-44001", + "more_info_path": "/vulnerabilities/CVE-2020-15213/44001", "specs": [ "<0.4.1" ], "v": "<0.4.1" }, { - "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", - "cve": "CVE-2021-37638", - "id": "pyup.io-48059", - "more_info_path": "/vulnerabilities/CVE-2021-37638/48059", + "advisory": "Psiz 0.4.1 updates the 'TensorFlow' requirement to v2.3.1 to include security fixes.", + "cve": "CVE-2020-15358", + "id": "pyup.io-43992", + "more_info_path": "/vulnerabilities/CVE-2020-15358/43992", "specs": [ - "<0.6.0" + "<0.4.1" ], - "v": "<0.6.0" + "v": "<0.4.1" }, { - "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", - "cve": "CVE-2021-37647", - "id": "pyup.io-48067", - "more_info_path": "/vulnerabilities/CVE-2021-37647/48067", + "advisory": "Psiz 0.4.1 updates the 'TensorFlow' requirement to v2.3.1 to include security fixes.", + "cve": "CVE-2020-15204", + "id": "pyup.io-43978", + "more_info_path": "/vulnerabilities/CVE-2020-15204/43978", "specs": [ - "<0.6.0" + "<0.4.1" ], - "v": "<0.6.0" + "v": "<0.4.1" + }, + { + "advisory": "Psiz 0.4.1 updates the 'TensorFlow' requirement to v2.3.1 to include security fixes.", + "cve": "CVE-2020-15194", + "id": "pyup.io-43990", + "more_info_path": "/vulnerabilities/CVE-2020-15194/43990", + "specs": [ + "<0.4.1" + ], + "v": "<0.4.1" }, { "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", - "cve": "CVE-2021-37648", - "id": "pyup.io-48068", - "more_info_path": "/vulnerabilities/CVE-2021-37648/48068", + "cve": "CVE-2021-37647", + "id": "pyup.io-48067", + "more_info_path": "/vulnerabilities/CVE-2021-37647/48067", "specs": [ "<0.6.0" ], @@ -93263,9 +94794,9 @@ }, { "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", - "cve": "CVE-2021-37669", - "id": "pyup.io-48088", - "more_info_path": "/vulnerabilities/CVE-2021-37669/48088", + "cve": "CVE-2021-37653", + "id": "pyup.io-48072", + "more_info_path": "/vulnerabilities/CVE-2021-37653/48072", "specs": [ "<0.6.0" ], @@ -93273,19 +94804,19 @@ }, { "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", - "cve": "CVE-2021-37670", - "id": "pyup.io-48089", - "more_info_path": "/vulnerabilities/CVE-2021-37670/48089", + "cve": "CVE-2021-37650", + "id": "pyup.io-48070", + "more_info_path": "/vulnerabilities/CVE-2021-37650/48070", "specs": [ "<0.6.0" ], "v": "<0.6.0" }, { - "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include security fixes.", - "cve": "CVE-2021-22901", - "id": "pyup.io-48054", - "more_info_path": "/vulnerabilities/CVE-2021-22901/48054", + "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", + "cve": "CVE-2021-37655", + "id": "pyup.io-48074", + "more_info_path": "/vulnerabilities/CVE-2021-37655/48074", "specs": [ "<0.6.0" ], @@ -93293,9 +94824,9 @@ }, { "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", - "cve": "CVE-2021-37678", - "id": "pyup.io-48096", - "more_info_path": "/vulnerabilities/CVE-2021-37678/48096", + "cve": "CVE-2021-37677", + "id": "pyup.io-48095", + "more_info_path": "/vulnerabilities/CVE-2021-37677/48095", "specs": [ "<0.6.0" ], @@ -93303,9 +94834,59 @@ }, { "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", - "cve": "CVE-2021-37673", - "id": "pyup.io-48091", - "more_info_path": "/vulnerabilities/CVE-2021-37673/48091", + "cve": "CVE-2021-37654", + "id": "pyup.io-48073", + "more_info_path": "/vulnerabilities/CVE-2021-37654/48073", + "specs": [ + "<0.6.0" + ], + "v": "<0.6.0" + }, + { + "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", + "cve": "CVE-2021-37672", + "id": "pyup.io-48090", + "more_info_path": "/vulnerabilities/CVE-2021-37672/48090", + "specs": [ + "<0.6.0" + ], + "v": "<0.6.0" + }, + { + "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", + "cve": "CVE-2021-37684", + "id": "pyup.io-48102", + "more_info_path": "/vulnerabilities/CVE-2021-37684/48102", + "specs": [ + "<0.6.0" + ], + "v": "<0.6.0" + }, + { + "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", + "cve": "CVE-2021-37685", + "id": "pyup.io-48103", + "more_info_path": "/vulnerabilities/CVE-2021-37685/48103", + "specs": [ + "<0.6.0" + ], + "v": "<0.6.0" + }, + { + "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", + "cve": "CVE-2021-37637", + "id": "pyup.io-48058", + "more_info_path": "/vulnerabilities/CVE-2021-37637/48058", + "specs": [ + "<0.6.0" + ], + "v": "<0.6.0" + }, + { + "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", + "cve": "CVE-2021-37683", + "id": "pyup.io-48101", + "more_info_path": "/vulnerabilities/CVE-2021-37683/48101", "specs": [ "<0.6.0" ], @@ -93323,9 +94904,9 @@ }, { "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", - "cve": "CVE-2021-37667", - "id": "pyup.io-48086", - "more_info_path": "/vulnerabilities/CVE-2021-37667/48086", + "cve": "CVE-2021-37678", + "id": "pyup.io-48096", + "more_info_path": "/vulnerabilities/CVE-2021-37678/48096", "specs": [ "<0.6.0" ], @@ -93333,9 +94914,19 @@ }, { "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", - "cve": "CVE-2021-37653", - "id": "pyup.io-48072", - "more_info_path": "/vulnerabilities/CVE-2021-37653/48072", + "cve": "CVE-2021-37673", + "id": "pyup.io-48091", + "more_info_path": "/vulnerabilities/CVE-2021-37673/48091", + "specs": [ + "<0.6.0" + ], + "v": "<0.6.0" + }, + { + "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", + "cve": "CVE-2021-37667", + "id": "pyup.io-48086", + "more_info_path": "/vulnerabilities/CVE-2021-37667/48086", "specs": [ "<0.6.0" ], @@ -93381,26 +94972,6 @@ ], "v": "<0.6.0" }, - { - "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", - "cve": "CVE-2021-37650", - "id": "pyup.io-48070", - "more_info_path": "/vulnerabilities/CVE-2021-37650/48070", - "specs": [ - "<0.6.0" - ], - "v": "<0.6.0" - }, - { - "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", - "cve": "CVE-2021-37655", - "id": "pyup.io-48074", - "more_info_path": "/vulnerabilities/CVE-2021-37655/48074", - "specs": [ - "<0.6.0" - ], - "v": "<0.6.0" - }, { "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", "cve": "CVE-2021-37658", @@ -93451,16 +95022,6 @@ ], "v": "<0.6.0" }, - { - "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", - "cve": "CVE-2021-37665", - "id": "pyup.io-48084", - "more_info_path": "/vulnerabilities/CVE-2021-37665/48084", - "specs": [ - "<0.6.0" - ], - "v": "<0.6.0" - }, { "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", "cve": "CVE-2021-37666", @@ -93473,9 +95034,9 @@ }, { "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", - "cve": "CVE-2021-37680", - "id": "pyup.io-48098", - "more_info_path": "/vulnerabilities/CVE-2021-37680/48098", + "cve": "CVE-2021-37681", + "id": "pyup.io-48099", + "more_info_path": "/vulnerabilities/CVE-2021-37681/48099", "specs": [ "<0.6.0" ], @@ -93483,9 +95044,9 @@ }, { "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", - "cve": "CVE-2021-37681", - "id": "pyup.io-48099", - "more_info_path": "/vulnerabilities/CVE-2021-37681/48099", + "cve": "CVE-2021-37680", + "id": "pyup.io-48098", + "more_info_path": "/vulnerabilities/CVE-2021-37680/48098", "specs": [ "<0.6.0" ], @@ -93533,9 +95094,9 @@ }, { "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", - "cve": "CVE-2021-37677", - "id": "pyup.io-48095", - "more_info_path": "/vulnerabilities/CVE-2021-37677/48095", + "cve": "CVE-2021-37649", + "id": "pyup.io-48069", + "more_info_path": "/vulnerabilities/CVE-2021-37649/48069", "specs": [ "<0.6.0" ], @@ -93543,9 +95104,9 @@ }, { "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", - "cve": "CVE-2021-37636", - "id": "pyup.io-48056", - "more_info_path": "/vulnerabilities/CVE-2021-37636/48056", + "cve": "CVE-2021-37641", + "id": "pyup.io-48061", + "more_info_path": "/vulnerabilities/CVE-2021-37641/48061", "specs": [ "<0.6.0" ], @@ -93553,9 +95114,9 @@ }, { "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", - "cve": "CVE-2021-37649", - "id": "pyup.io-48069", - "more_info_path": "/vulnerabilities/CVE-2021-37649/48069", + "cve": "CVE-2021-37636", + "id": "pyup.io-48056", + "more_info_path": "/vulnerabilities/CVE-2021-37636/48056", "specs": [ "<0.6.0" ], @@ -93563,9 +95124,9 @@ }, { "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", - "cve": "CVE-2021-37641", - "id": "pyup.io-48061", - "more_info_path": "/vulnerabilities/CVE-2021-37641/48061", + "cve": "CVE-2021-22876", + "id": "pyup.io-48045", + "more_info_path": "/vulnerabilities/CVE-2021-22876/48045", "specs": [ "<0.6.0" ], @@ -93573,9 +95134,9 @@ }, { "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", - "cve": "CVE-2021-37690", - "id": "pyup.io-48108", - "more_info_path": "/vulnerabilities/CVE-2021-37690/48108", + "cve": "CVE-2021-37660", + "id": "pyup.io-48079", + "more_info_path": "/vulnerabilities/CVE-2021-37660/48079", "specs": [ "<0.6.0" ], @@ -93583,9 +95144,9 @@ }, { "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", - "cve": "CVE-2021-37688", - "id": "pyup.io-48106", - "more_info_path": "/vulnerabilities/CVE-2021-37688/48106", + "cve": "CVE-2021-37642", + "id": "pyup.io-48062", + "more_info_path": "/vulnerabilities/CVE-2021-37642/48062", "specs": [ "<0.6.0" ], @@ -93593,9 +95154,9 @@ }, { "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", - "cve": "CVE-2021-37643", - "id": "pyup.io-48063", - "more_info_path": "/vulnerabilities/CVE-2021-37643/48063", + "cve": "CVE-2021-37652", + "id": "pyup.io-48071", + "more_info_path": "/vulnerabilities/CVE-2021-37652/48071", "specs": [ "<0.6.0" ], @@ -93603,9 +95164,9 @@ }, { "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", - "cve": "CVE-2021-37654", - "id": "pyup.io-48073", - "more_info_path": "/vulnerabilities/CVE-2021-37654/48073", + "cve": "CVE-2021-37674", + "id": "pyup.io-48092", + "more_info_path": "/vulnerabilities/CVE-2021-37674/48092", "specs": [ "<0.6.0" ], @@ -93613,9 +95174,9 @@ }, { "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", - "cve": "CVE-2021-37672", - "id": "pyup.io-48090", - "more_info_path": "/vulnerabilities/CVE-2021-37672/48090", + "cve": "CVE-2021-37638", + "id": "pyup.io-48059", + "more_info_path": "/vulnerabilities/CVE-2021-37638/48059", "specs": [ "<0.6.0" ], @@ -93623,9 +95184,9 @@ }, { "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", - "cve": "CVE-2021-37684", - "id": "pyup.io-48102", - "more_info_path": "/vulnerabilities/CVE-2021-37684/48102", + "cve": "CVE-2021-37648", + "id": "pyup.io-48068", + "more_info_path": "/vulnerabilities/CVE-2021-37648/48068", "specs": [ "<0.6.0" ], @@ -93633,9 +95194,9 @@ }, { "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", - "cve": "CVE-2021-37685", - "id": "pyup.io-48103", - "more_info_path": "/vulnerabilities/CVE-2021-37685/48103", + "cve": "CVE-2021-37669", + "id": "pyup.io-48088", + "more_info_path": "/vulnerabilities/CVE-2021-37669/48088", "specs": [ "<0.6.0" ], @@ -93643,19 +95204,19 @@ }, { "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", - "cve": "CVE-2021-37637", - "id": "pyup.io-48058", - "more_info_path": "/vulnerabilities/CVE-2021-37637/48058", + "cve": "CVE-2021-37670", + "id": "pyup.io-48089", + "more_info_path": "/vulnerabilities/CVE-2021-37670/48089", "specs": [ "<0.6.0" ], "v": "<0.6.0" }, { - "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", - "cve": "CVE-2021-22876", - "id": "pyup.io-48045", - "more_info_path": "/vulnerabilities/CVE-2021-22876/48045", + "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include security fixes.", + "cve": "CVE-2021-22901", + "id": "pyup.io-48054", + "more_info_path": "/vulnerabilities/CVE-2021-22901/48054", "specs": [ "<0.6.0" ], @@ -93663,9 +95224,9 @@ }, { "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", - "cve": "CVE-2021-37683", - "id": "pyup.io-48101", - "more_info_path": "/vulnerabilities/CVE-2021-37683/48101", + "cve": "CVE-2021-37665", + "id": "pyup.io-48084", + "more_info_path": "/vulnerabilities/CVE-2021-37665/48084", "specs": [ "<0.6.0" ], @@ -93673,9 +95234,9 @@ }, { "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", - "cve": "CVE-2021-37646", - "id": "pyup.io-48066", - "more_info_path": "/vulnerabilities/CVE-2021-37646/48066", + "cve": "CVE-2021-37690", + "id": "pyup.io-48108", + "more_info_path": "/vulnerabilities/CVE-2021-37690/48108", "specs": [ "<0.6.0" ], @@ -93683,9 +95244,9 @@ }, { "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", - "cve": "CVE-2021-37689", - "id": "pyup.io-48107", - "more_info_path": "/vulnerabilities/CVE-2021-37689/48107", + "cve": "CVE-2021-37688", + "id": "pyup.io-48106", + "more_info_path": "/vulnerabilities/CVE-2021-37688/48106", "specs": [ "<0.6.0" ], @@ -93693,9 +95254,9 @@ }, { "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", - "cve": "CVE-2021-37660", - "id": "pyup.io-48079", - "more_info_path": "/vulnerabilities/CVE-2021-37660/48079", + "cve": "CVE-2021-37643", + "id": "pyup.io-48063", + "more_info_path": "/vulnerabilities/CVE-2021-37643/48063", "specs": [ "<0.6.0" ], @@ -93703,9 +95264,9 @@ }, { "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", - "cve": "CVE-2021-37642", - "id": "pyup.io-48062", - "more_info_path": "/vulnerabilities/CVE-2021-37642/48062", + "cve": "CVE-2021-37646", + "id": "pyup.io-48066", + "more_info_path": "/vulnerabilities/CVE-2021-37646/48066", "specs": [ "<0.6.0" ], @@ -93713,9 +95274,9 @@ }, { "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", - "cve": "CVE-2021-37652", - "id": "pyup.io-48071", - "more_info_path": "/vulnerabilities/CVE-2021-37652/48071", + "cve": "CVE-2021-37689", + "id": "pyup.io-48107", + "more_info_path": "/vulnerabilities/CVE-2021-37689/48107", "specs": [ "<0.6.0" ], @@ -93730,19 +95291,19 @@ "<0.6.0" ], "v": "<0.6.0" - }, - { - "advisory": "Psiz 0.6.0 updates its dependency 'TensorFlow' minimum requirement to v2.4.3 to include a security fixes.", - "cve": "CVE-2021-37674", - "id": "pyup.io-48092", - "more_info_path": "/vulnerabilities/CVE-2021-37674/48092", - "specs": [ - "<0.6.0" - ], - "v": "<0.6.0" } ], "psutil": [ + { + "advisory": "Psutil 0.5.1 includes a fix for a potential race condition vulnerability.\r\nhttps://github.com/giampaolo/psutil/commit/163f29d25f4c5d573fbd436e658829afe95bc1d9", + "cve": "PVE-2023-61842", + "id": "pyup.io-61842", + "more_info_path": "/vulnerabilities/PVE-2023-61842/61842", + "specs": [ + "<0.5.1" + ], + "v": "<0.5.1" + }, { "advisory": "psutil (aka python-psutil) through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object. See CVE-2019-18874.", "cve": "CVE-2019-18874", @@ -93804,7 +95365,7 @@ ], "pulp-ansible": [ { - "advisory": "The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API () instead of marking it as write only. ", + "advisory": "Pulp-ansible 0.15.0 includes a fix for CVE-2022-3644: The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API () instead of marking it as write only.\r\nhttps://github.com/pulp/pulp_ansible/pull/1222", "cve": "CVE-2022-3644", "id": "pyup.io-54557", "more_info_path": "/vulnerabilities/CVE-2022-3644/54557", @@ -94031,9 +95592,9 @@ "pupyl": [ { "advisory": "Pupyl 0.10.4 updates its dependency 'tensorflow' to v2.3.1 to include security fixes.", - "cve": "CVE-2020-15190", - "id": "pyup.io-39208", - "more_info_path": "/vulnerabilities/CVE-2020-15190/39208", + "cve": "CVE-2020-15197", + "id": "pyup.io-44998", + "more_info_path": "/vulnerabilities/CVE-2020-15197/44998", "specs": [ "<0.10.4" ], @@ -94041,9 +95602,9 @@ }, { "advisory": "Pupyl 0.10.4 updates its dependency 'tensorflow' to v2.3.1 to include security fixes.", - "cve": "CVE-2020-15197", - "id": "pyup.io-44998", - "more_info_path": "/vulnerabilities/CVE-2020-15197/44998", + "cve": "CVE-2020-15196", + "id": "pyup.io-44997", + "more_info_path": "/vulnerabilities/CVE-2020-15196/44997", "specs": [ "<0.10.4" ], @@ -94051,9 +95612,9 @@ }, { "advisory": "Pupyl 0.10.4 updates its dependency 'tensorflow' to v2.3.1 to include security fixes.", - "cve": "CVE-2020-15196", - "id": "pyup.io-44997", - "more_info_path": "/vulnerabilities/CVE-2020-15196/44997", + "cve": "CVE-2020-15203", + "id": "pyup.io-45004", + "more_info_path": "/vulnerabilities/CVE-2020-15203/45004", "specs": [ "<0.10.4" ], @@ -94061,9 +95622,9 @@ }, { "advisory": "Pupyl 0.10.4 updates its dependency 'tensorflow' to v2.3.1 to include security fixes.", - "cve": "CVE-2020-15210", - "id": "pyup.io-45011", - "more_info_path": "/vulnerabilities/CVE-2020-15210/45011", + "cve": "CVE-2020-15200", + "id": "pyup.io-45001", + "more_info_path": "/vulnerabilities/CVE-2020-15200/45001", "specs": [ "<0.10.4" ], @@ -94071,9 +95632,9 @@ }, { "advisory": "Pupyl 0.10.4 updates its dependency 'tensorflow' to v2.3.1 to include security fixes.", - "cve": "CVE-2020-15203", - "id": "pyup.io-45004", - "more_info_path": "/vulnerabilities/CVE-2020-15203/45004", + "cve": "CVE-2020-15207", + "id": "pyup.io-45008", + "more_info_path": "/vulnerabilities/CVE-2020-15207/45008", "specs": [ "<0.10.4" ], @@ -94081,9 +95642,9 @@ }, { "advisory": "Pupyl 0.10.4 updates its dependency 'tensorflow' to v2.3.1 to include security fixes.", - "cve": "CVE-2020-15198", - "id": "pyup.io-44999", - "more_info_path": "/vulnerabilities/CVE-2020-15198/44999", + "cve": "CVE-2020-15214", + "id": "pyup.io-45015", + "more_info_path": "/vulnerabilities/CVE-2020-15214/45015", "specs": [ "<0.10.4" ], @@ -94091,9 +95652,9 @@ }, { "advisory": "Pupyl 0.10.4 updates its dependency 'tensorflow' to v2.3.1 to include security fixes.", - "cve": "CVE-2020-15200", - "id": "pyup.io-45001", - "more_info_path": "/vulnerabilities/CVE-2020-15200/45001", + "cve": "CVE-2020-15194", + "id": "pyup.io-44995", + "more_info_path": "/vulnerabilities/CVE-2020-15194/44995", "specs": [ "<0.10.4" ], @@ -94101,9 +95662,9 @@ }, { "advisory": "Pupyl 0.10.4 updates its dependency 'tensorflow' to v2.3.1 to include security fixes.", - "cve": "CVE-2020-15195", - "id": "pyup.io-44996", - "more_info_path": "/vulnerabilities/CVE-2020-15195/44996", + "cve": "CVE-2020-15190", + "id": "pyup.io-39208", + "more_info_path": "/vulnerabilities/CVE-2020-15190/39208", "specs": [ "<0.10.4" ], @@ -94111,9 +95672,9 @@ }, { "advisory": "Pupyl 0.10.4 updates its dependency 'tensorflow' to v2.3.1 to include security fixes.", - "cve": "CVE-2020-15358", - "id": "pyup.io-45016", - "more_info_path": "/vulnerabilities/CVE-2020-15358/45016", + "cve": "CVE-2020-15210", + "id": "pyup.io-45011", + "more_info_path": "/vulnerabilities/CVE-2020-15210/45011", "specs": [ "<0.10.4" ], @@ -94121,9 +95682,9 @@ }, { "advisory": "Pupyl 0.10.4 updates its dependency 'tensorflow' to v2.3.1 to include security fixes.", - "cve": "CVE-2020-15207", - "id": "pyup.io-45008", - "more_info_path": "/vulnerabilities/CVE-2020-15207/45008", + "cve": "CVE-2020-15198", + "id": "pyup.io-44999", + "more_info_path": "/vulnerabilities/CVE-2020-15198/44999", "specs": [ "<0.10.4" ], @@ -94131,9 +95692,9 @@ }, { "advisory": "Pupyl 0.10.4 updates its dependency 'tensorflow' to v2.3.1 to include security fixes.", - "cve": "CVE-2020-15214", - "id": "pyup.io-45015", - "more_info_path": "/vulnerabilities/CVE-2020-15214/45015", + "cve": "CVE-2020-15195", + "id": "pyup.io-44996", + "more_info_path": "/vulnerabilities/CVE-2020-15195/44996", "specs": [ "<0.10.4" ], @@ -94141,9 +95702,9 @@ }, { "advisory": "Pupyl 0.10.4 updates its dependency 'tensorflow' to v2.3.1 to include security fixes.", - "cve": "CVE-2020-15194", - "id": "pyup.io-44995", - "more_info_path": "/vulnerabilities/CVE-2020-15194/44995", + "cve": "CVE-2020-15358", + "id": "pyup.io-45016", + "more_info_path": "/vulnerabilities/CVE-2020-15358/45016", "specs": [ "<0.10.4" ], @@ -94179,6 +95740,16 @@ ], "v": "<0.10.4" }, + { + "advisory": "Pupyl 0.10.4 updates its dependency 'tensorflow' to v2.3.1 to include security fixes.", + "cve": "CVE-2020-15205", + "id": "pyup.io-45006", + "more_info_path": "/vulnerabilities/CVE-2020-15205/45006", + "specs": [ + "<0.10.4" + ], + "v": "<0.10.4" + }, { "advisory": "Pupyl 0.10.4 updates its dependency 'tensorflow' to v2.3.1 to include security fixes.", "cve": "CVE-2020-15191", @@ -94280,20 +95851,20 @@ "v": "<0.10.4" }, { - "advisory": "Pupyl 0.10.4 updates its dependency 'tensorflow' to v2.3.1 to include security fixes.", - "cve": "CVE-2020-15205", - "id": "pyup.io-45006", - "more_info_path": "/vulnerabilities/CVE-2020-15205/45006", + "advisory": "Pupyl 0.10.5 updates its dependency 'tensorflow' to v2.4.0 to include security fixes.", + "cve": "CVE-2020-26270", + "id": "pyup.io-44983", + "more_info_path": "/vulnerabilities/CVE-2020-26270/44983", "specs": [ - "<0.10.4" + "<0.10.5" ], - "v": "<0.10.4" + "v": "<0.10.5" }, { "advisory": "Pupyl 0.10.5 updates its dependency 'tensorflow' to v2.4.0 to include security fixes.", - "cve": "CVE-2020-26266", - "id": "pyup.io-44985", - "more_info_path": "/vulnerabilities/CVE-2020-26266/44985", + "cve": "CVE-2020-13790", + "id": "pyup.io-44989", + "more_info_path": "/vulnerabilities/CVE-2020-13790/44989", "specs": [ "<0.10.5" ], @@ -94301,9 +95872,9 @@ }, { "advisory": "Pupyl 0.10.5 updates its dependency 'tensorflow' to v2.4.0 to include security fixes.", - "cve": "CVE-2020-26270", - "id": "pyup.io-44983", - "more_info_path": "/vulnerabilities/CVE-2020-26270/44983", + "cve": "CVE-2020-14155", + "id": "pyup.io-44988", + "more_info_path": "/vulnerabilities/CVE-2020-14155/44988", "specs": [ "<0.10.5" ], @@ -94311,9 +95882,9 @@ }, { "advisory": "Pupyl 0.10.5 updates its dependency 'tensorflow' to v2.4.0 to include security fixes.", - "cve": "CVE-2020-26271", - "id": "pyup.io-44984", - "more_info_path": "/vulnerabilities/CVE-2020-26271/44984", + "cve": "CVE-2020-26266", + "id": "pyup.io-44985", + "more_info_path": "/vulnerabilities/CVE-2020-26266/44985", "specs": [ "<0.10.5" ], @@ -94321,9 +95892,9 @@ }, { "advisory": "Pupyl 0.10.5 updates its dependency 'tensorflow' to v2.4.0 to include security fixes.", - "cve": "CVE-2020-13790", - "id": "pyup.io-44989", - "more_info_path": "/vulnerabilities/CVE-2020-13790/44989", + "cve": "CVE-2020-26271", + "id": "pyup.io-44984", + "more_info_path": "/vulnerabilities/CVE-2020-26271/44984", "specs": [ "<0.10.5" ], @@ -94331,9 +95902,9 @@ }, { "advisory": "Pupyl 0.10.5 updates its dependency 'tensorflow' to v2.4.0 to include security fixes.", - "cve": "CVE-2020-14155", - "id": "pyup.io-44988", - "more_info_path": "/vulnerabilities/CVE-2020-14155/44988", + "cve": "CVE-2020-26267", + "id": "pyup.io-39392", + "more_info_path": "/vulnerabilities/CVE-2020-26267/39392", "specs": [ "<0.10.5" ], @@ -94359,16 +95930,6 @@ ], "v": "<0.10.5" }, - { - "advisory": "Pupyl 0.10.5 updates its dependency 'tensorflow' to v2.4.0 to include security fixes.", - "cve": "CVE-2020-26267", - "id": "pyup.io-39392", - "more_info_path": "/vulnerabilities/CVE-2020-26267/39392", - "specs": [ - "<0.10.5" - ], - "v": "<0.10.5" - }, { "advisory": "Pupyl 0.10.5 updates its dependency 'tensorflow' to v2.4.0 to include security fixes.", "cve": "CVE-2020-26268", @@ -94439,16 +96000,6 @@ ], "v": "<0.11.1" }, - { - "advisory": "Pupyl 0.11.1 updates 'Tensorflow' to v2.5.0 to include security fixes.", - "cve": "CVE-2021-29612", - "id": "pyup.io-43932", - "more_info_path": "/vulnerabilities/CVE-2021-29612/43932", - "specs": [ - "<0.11.1" - ], - "v": "<0.11.1" - }, { "advisory": "Pupyl 0.11.1 updates 'Tensorflow' to v2.5.0 to include security fixes", "cve": "CVE-2021-29559", @@ -94561,9 +96112,9 @@ }, { "advisory": "Pupyl 0.11.1 updates 'Tensorflow' to v2.5.0 to include security fixes", - "cve": "CVE-2021-29584", - "id": "pyup.io-43900", - "more_info_path": "/vulnerabilities/CVE-2021-29584/43900", + "cve": "CVE-2021-29598", + "id": "pyup.io-43917", + "more_info_path": "/vulnerabilities/CVE-2021-29598/43917", "specs": [ "<0.11.1" ], @@ -94580,10 +96131,10 @@ "v": "<0.11.1" }, { - "advisory": "Pupyl 0.11.1 updates 'Tensorflow' to v2.5.0 to include security fixes", - "cve": "CVE-2021-29598", - "id": "pyup.io-43917", - "more_info_path": "/vulnerabilities/CVE-2021-29598/43917", + "advisory": "Pupyl 0.11.1 updates 'Tensorflow' to v2.5.0 to include security fixes.", + "cve": "CVE-2021-29539", + "id": "pyup.io-40931", + "more_info_path": "/vulnerabilities/CVE-2021-29539/40931", "specs": [ "<0.11.1" ], @@ -94599,16 +96150,6 @@ ], "v": "<0.11.1" }, - { - "advisory": "Pupyl 0.11.1 updates 'Tensorflow' to v2.5.0 to include security fixes.", - "cve": "CVE-2021-29539", - "id": "pyup.io-40931", - "more_info_path": "/vulnerabilities/CVE-2021-29539/40931", - "specs": [ - "<0.11.1" - ], - "v": "<0.11.1" - }, { "advisory": "Pupyl 0.11.1 updates 'Tensorflow' to v2.5.0 to include security fixes", "cve": "CVE-2021-29605", @@ -94659,16 +96200,6 @@ ], "v": "<0.11.1" }, - { - "advisory": "Pupyl 0.11.1 updates 'Tensorflow' to v2.5.0 to include security fixes", - "cve": "CVE-2021-29553", - "id": "pyup.io-43939", - "more_info_path": "/vulnerabilities/CVE-2021-29553/43939", - "specs": [ - "<0.11.1" - ], - "v": "<0.11.1" - }, { "advisory": "Pupyl 0.11.1 updates 'Tensorflow' to v2.5.0 to include security fixes", "cve": "CVE-2020-8169", @@ -94679,16 +96210,6 @@ ], "v": "<0.11.1" }, - { - "advisory": "Pupyl 0.11.1 updates 'Tensorflow' to v2.5.0 to include security fixes", - "cve": "CVE-2021-29586", - "id": "pyup.io-43903", - "more_info_path": "/vulnerabilities/CVE-2021-29586/43903", - "specs": [ - "<0.11.1" - ], - "v": "<0.11.1" - }, { "advisory": "Pupyl 0.11.1 updates 'Tensorflow' to v2.5.0 to include security fixes", "cve": "CVE-2021-29529", @@ -94709,26 +96230,6 @@ ], "v": "<0.11.1" }, - { - "advisory": "Pupyl 0.11.1 updates 'Tensorflow' to v2.5.0 to include security fixes", - "cve": "CVE-2021-29552", - "id": "pyup.io-43940", - "more_info_path": "/vulnerabilities/CVE-2021-29552/43940", - "specs": [ - "<0.11.1" - ], - "v": "<0.11.1" - }, - { - "advisory": "Pupyl 0.11.1 updates 'Tensorflow' to v2.5.0 to include security fixes", - "cve": "CVE-2021-29516", - "id": "pyup.io-43955", - "more_info_path": "/vulnerabilities/CVE-2021-29516/43955", - "specs": [ - "<0.11.1" - ], - "v": "<0.11.1" - }, { "advisory": "Pupyl 0.11.1 updates 'Tensorflow' to v2.5.0 to include security fixes", "cve": "CVE-2021-29608", @@ -94749,21 +96250,11 @@ ], "v": "<0.11.1" }, - { - "advisory": "Pupyl 0.11.1 updates 'Tensorflow' to v2.5.0 to include security fixes.", - "cve": "CVE-2020-8285", - "id": "pyup.io-43969", - "more_info_path": "/vulnerabilities/CVE-2020-8285/43969", - "specs": [ - "<0.11.1" - ], - "v": "<0.11.1" - }, { "advisory": "Pupyl 0.11.1 updates 'Tensorflow' to v2.5.0 to include security fixes", - "cve": "CVE-2021-29535", - "id": "pyup.io-43885", - "more_info_path": "/vulnerabilities/CVE-2021-29535/43885", + "cve": "CVE-2021-29568", + "id": "pyup.io-43873", + "more_info_path": "/vulnerabilities/CVE-2021-29568/43873", "specs": [ "<0.11.1" ], @@ -94781,19 +96272,9 @@ }, { "advisory": "Pupyl 0.11.1 updates 'Tensorflow' to v2.5.0 to include security fixes", - "cve": "CVE-2021-29568", - "id": "pyup.io-43873", - "more_info_path": "/vulnerabilities/CVE-2021-29568/43873", - "specs": [ - "<0.11.1" - ], - "v": "<0.11.1" - }, - { - "advisory": "Pupyl 0.11.1 updates 'Tensorflow' to v2.5.0 to include security fixes", - "cve": "CVE-2021-29592", - "id": "pyup.io-43906", - "more_info_path": "/vulnerabilities/CVE-2021-29592/43906", + "cve": "CVE-2021-29535", + "id": "pyup.io-43885", + "more_info_path": "/vulnerabilities/CVE-2021-29535/43885", "specs": [ "<0.11.1" ], @@ -94869,16 +96350,6 @@ ], "v": "<0.11.1" }, - { - "advisory": "Pupyl 0.11.1 updates 'Tensorflow' to v2.5.0 to include security fixes.", - "cve": "CVE-2020-8231", - "id": "pyup.io-43947", - "more_info_path": "/vulnerabilities/CVE-2020-8231/43947", - "specs": [ - "<0.11.1" - ], - "v": "<0.11.1" - }, { "advisory": "Pupyl 0.11.1 updates 'Tensorflow' to v2.5.0 to include security fixes.", "cve": "CVE-2020-8286", @@ -94890,20 +96361,10 @@ "v": "<0.11.1" }, { - "advisory": "Pupyl 0.11.1 updates 'Tensorflow' to v2.5.0 to include security fixes", - "cve": "CVE-2021-29588", - "id": "pyup.io-43904", - "more_info_path": "/vulnerabilities/CVE-2021-29588/43904", - "specs": [ - "<0.11.1" - ], - "v": "<0.11.1" - }, - { - "advisory": "Pupyl 0.11.1 updates 'Tensorflow' to v2.5.0 to include security fixes", - "cve": "CVE-2021-29519", - "id": "pyup.io-43858", - "more_info_path": "/vulnerabilities/CVE-2021-29519/43858", + "advisory": "Pupyl 0.11.1 updates 'Tensorflow' to v2.5.0 to include security fixes.", + "cve": "CVE-2020-8231", + "id": "pyup.io-43947", + "more_info_path": "/vulnerabilities/CVE-2020-8231/43947", "specs": [ "<0.11.1" ], @@ -94951,9 +96412,9 @@ }, { "advisory": "Pupyl 0.11.1 updates 'Tensorflow' to v2.5.0 to include security fixes", - "cve": "CVE-2021-29561", - "id": "pyup.io-43959", - "more_info_path": "/vulnerabilities/CVE-2021-29561/43959", + "cve": "CVE-2021-29548", + "id": "pyup.io-43886", + "more_info_path": "/vulnerabilities/CVE-2021-29548/43886", "specs": [ "<0.11.1" ], @@ -94961,9 +96422,9 @@ }, { "advisory": "Pupyl 0.11.1 updates 'Tensorflow' to v2.5.0 to include security fixes", - "cve": "CVE-2021-29548", - "id": "pyup.io-43886", - "more_info_path": "/vulnerabilities/CVE-2021-29548/43886", + "cve": "CVE-2021-29514", + "id": "pyup.io-43880", + "more_info_path": "/vulnerabilities/CVE-2021-29514/43880", "specs": [ "<0.11.1" ], @@ -94971,9 +96432,9 @@ }, { "advisory": "Pupyl 0.11.1 updates 'Tensorflow' to v2.5.0 to include security fixes", - "cve": "CVE-2021-29515", - "id": "pyup.io-43963", - "more_info_path": "/vulnerabilities/CVE-2021-29515/43963", + "cve": "CVE-2021-29517", + "id": "pyup.io-43956", + "more_info_path": "/vulnerabilities/CVE-2021-29517/43956", "specs": [ "<0.11.1" ], @@ -94981,9 +96442,9 @@ }, { "advisory": "Pupyl 0.11.1 updates 'Tensorflow' to v2.5.0 to include security fixes.", - "cve": "CVE-2021-29520", - "id": "pyup.io-43861", - "more_info_path": "/vulnerabilities/CVE-2021-29520/43861", + "cve": "CVE-2021-29575", + "id": "pyup.io-43961", + "more_info_path": "/vulnerabilities/CVE-2021-29575/43961", "specs": [ "<0.11.1" ], @@ -94991,9 +96452,9 @@ }, { "advisory": "Pupyl 0.11.1 updates 'Tensorflow' to v2.5.0 to include security fixes", - "cve": "CVE-2021-29514", - "id": "pyup.io-43880", - "more_info_path": "/vulnerabilities/CVE-2021-29514/43880", + "cve": "CVE-2021-29524", + "id": "pyup.io-43860", + "more_info_path": "/vulnerabilities/CVE-2021-29524/43860", "specs": [ "<0.11.1" ], @@ -95001,9 +96462,29 @@ }, { "advisory": "Pupyl 0.11.1 updates 'Tensorflow' to v2.5.0 to include security fixes", - "cve": "CVE-2021-29546", - "id": "pyup.io-43933", - "more_info_path": "/vulnerabilities/CVE-2021-29546/43933", + "cve": "CVE-2021-29603", + "id": "pyup.io-43925", + "more_info_path": "/vulnerabilities/CVE-2021-29603/43925", + "specs": [ + "<0.11.1" + ], + "v": "<0.11.1" + }, + { + "advisory": "Pupyl 0.11.1 updates 'Tensorflow' to v2.5.0 to include security fixes.", + "cve": "CVE-2021-29614", + "id": "pyup.io-43968", + "more_info_path": "/vulnerabilities/CVE-2021-29614/43968", + "specs": [ + "<0.11.1" + ], + "v": "<0.11.1" + }, + { + "advisory": "Pupyl 0.11.1 updates 'Tensorflow' to v2.5.0 to include security fixes.", + "cve": "CVE-2021-29612", + "id": "pyup.io-43932", + "more_info_path": "/vulnerabilities/CVE-2021-29612/43932", "specs": [ "<0.11.1" ], @@ -95011,9 +96492,9 @@ }, { "advisory": "Pupyl 0.11.1 updates 'Tensorflow' to v2.5.0 to include security fixes", - "cve": "CVE-2021-29562", - "id": "pyup.io-43958", - "more_info_path": "/vulnerabilities/CVE-2021-29562/43958", + "cve": "CVE-2021-29584", + "id": "pyup.io-43900", + "more_info_path": "/vulnerabilities/CVE-2021-29584/43900", "specs": [ "<0.11.1" ], @@ -95021,9 +96502,9 @@ }, { "advisory": "Pupyl 0.11.1 updates 'Tensorflow' to v2.5.0 to include security fixes", - "cve": "CVE-2021-29517", - "id": "pyup.io-43956", - "more_info_path": "/vulnerabilities/CVE-2021-29517/43956", + "cve": "CVE-2021-29553", + "id": "pyup.io-43939", + "more_info_path": "/vulnerabilities/CVE-2021-29553/43939", "specs": [ "<0.11.1" ], @@ -95031,9 +96512,9 @@ }, { "advisory": "Pupyl 0.11.1 updates 'Tensorflow' to v2.5.0 to include security fixes", - "cve": "CVE-2021-29573", - "id": "pyup.io-43962", - "more_info_path": "/vulnerabilities/CVE-2021-29573/43962", + "cve": "CVE-2021-29523", + "id": "pyup.io-43856", + "more_info_path": "/vulnerabilities/CVE-2021-29523/43856", "specs": [ "<0.11.1" ], @@ -95041,9 +96522,9 @@ }, { "advisory": "Pupyl 0.11.1 updates 'Tensorflow' to v2.5.0 to include security fixes", - "cve": "CVE-2021-29569", - "id": "pyup.io-43957", - "more_info_path": "/vulnerabilities/CVE-2021-29569/43957", + "cve": "CVE-2021-29586", + "id": "pyup.io-43903", + "more_info_path": "/vulnerabilities/CVE-2021-29586/43903", "specs": [ "<0.11.1" ], @@ -95051,9 +96532,19 @@ }, { "advisory": "Pupyl 0.11.1 updates 'Tensorflow' to v2.5.0 to include security fixes", - "cve": "CVE-2021-29524", - "id": "pyup.io-43860", - "more_info_path": "/vulnerabilities/CVE-2021-29524/43860", + "cve": "CVE-2021-29552", + "id": "pyup.io-43940", + "more_info_path": "/vulnerabilities/CVE-2021-29552/43940", + "specs": [ + "<0.11.1" + ], + "v": "<0.11.1" + }, + { + "advisory": "Pupyl 0.11.1 updates 'Tensorflow' to v2.5.0 to include security fixes", + "cve": "CVE-2021-29516", + "id": "pyup.io-43955", + "more_info_path": "/vulnerabilities/CVE-2021-29516/43955", "specs": [ "<0.11.1" ], @@ -95061,9 +96552,9 @@ }, { "advisory": "Pupyl 0.11.1 updates 'Tensorflow' to v2.5.0 to include security fixes.", - "cve": "CVE-2021-29575", - "id": "pyup.io-43961", - "more_info_path": "/vulnerabilities/CVE-2021-29575/43961", + "cve": "CVE-2020-8285", + "id": "pyup.io-43969", + "more_info_path": "/vulnerabilities/CVE-2020-8285/43969", "specs": [ "<0.11.1" ], @@ -95071,9 +96562,69 @@ }, { "advisory": "Pupyl 0.11.1 updates 'Tensorflow' to v2.5.0 to include security fixes", - "cve": "CVE-2021-29603", - "id": "pyup.io-43925", - "more_info_path": "/vulnerabilities/CVE-2021-29603/43925", + "cve": "CVE-2021-29592", + "id": "pyup.io-43906", + "more_info_path": "/vulnerabilities/CVE-2021-29592/43906", + "specs": [ + "<0.11.1" + ], + "v": "<0.11.1" + }, + { + "advisory": "Pupyl 0.11.1 updates 'Tensorflow' to v2.5.0 to include security fixes", + "cve": "CVE-2021-29609", + "id": "pyup.io-43929", + "more_info_path": "/vulnerabilities/CVE-2021-29609/43929", + "specs": [ + "<0.11.1" + ], + "v": "<0.11.1" + }, + { + "advisory": "Pupyl 0.11.1 updates 'Tensorflow' to v2.5.0 to include security fixes", + "cve": "CVE-2021-29582", + "id": "pyup.io-43899", + "more_info_path": "/vulnerabilities/CVE-2021-29582/43899", + "specs": [ + "<0.11.1" + ], + "v": "<0.11.1" + }, + { + "advisory": "Pupyl 0.11.1 updates 'Tensorflow' to v2.5.0 to include security fixes", + "cve": "CVE-2021-29588", + "id": "pyup.io-43904", + "more_info_path": "/vulnerabilities/CVE-2021-29588/43904", + "specs": [ + "<0.11.1" + ], + "v": "<0.11.1" + }, + { + "advisory": "Pupyl 0.11.1 updates 'Tensorflow' to v2.5.0 to include security fixes", + "cve": "CVE-2021-29519", + "id": "pyup.io-43858", + "more_info_path": "/vulnerabilities/CVE-2021-29519/43858", + "specs": [ + "<0.11.1" + ], + "v": "<0.11.1" + }, + { + "advisory": "Pupyl 0.11.1 updates 'Tensorflow' to v2.5.0 to include security fixes", + "cve": "CVE-2021-29561", + "id": "pyup.io-43959", + "more_info_path": "/vulnerabilities/CVE-2021-29561/43959", + "specs": [ + "<0.11.1" + ], + "v": "<0.11.1" + }, + { + "advisory": "Pupyl 0.11.1 updates 'Tensorflow' to v2.5.0 to include security fixes", + "cve": "CVE-2021-29515", + "id": "pyup.io-43963", + "more_info_path": "/vulnerabilities/CVE-2021-29515/43963", "specs": [ "<0.11.1" ], @@ -95081,9 +96632,9 @@ }, { "advisory": "Pupyl 0.11.1 updates 'Tensorflow' to v2.5.0 to include security fixes.", - "cve": "CVE-2021-29614", - "id": "pyup.io-43968", - "more_info_path": "/vulnerabilities/CVE-2021-29614/43968", + "cve": "CVE-2021-29520", + "id": "pyup.io-43861", + "more_info_path": "/vulnerabilities/CVE-2021-29520/43861", "specs": [ "<0.11.1" ], @@ -95091,9 +96642,39 @@ }, { "advisory": "Pupyl 0.11.1 updates 'Tensorflow' to v2.5.0 to include security fixes", - "cve": "CVE-2021-29523", - "id": "pyup.io-43856", - "more_info_path": "/vulnerabilities/CVE-2021-29523/43856", + "cve": "CVE-2021-29546", + "id": "pyup.io-43933", + "more_info_path": "/vulnerabilities/CVE-2021-29546/43933", + "specs": [ + "<0.11.1" + ], + "v": "<0.11.1" + }, + { + "advisory": "Pupyl 0.11.1 updates 'Tensorflow' to v2.5.0 to include security fixes", + "cve": "CVE-2021-29562", + "id": "pyup.io-43958", + "more_info_path": "/vulnerabilities/CVE-2021-29562/43958", + "specs": [ + "<0.11.1" + ], + "v": "<0.11.1" + }, + { + "advisory": "Pupyl 0.11.1 updates 'Tensorflow' to v2.5.0 to include security fixes", + "cve": "CVE-2021-29573", + "id": "pyup.io-43962", + "more_info_path": "/vulnerabilities/CVE-2021-29573/43962", + "specs": [ + "<0.11.1" + ], + "v": "<0.11.1" + }, + { + "advisory": "Pupyl 0.11.1 updates 'Tensorflow' to v2.5.0 to include security fixes", + "cve": "CVE-2021-29569", + "id": "pyup.io-43957", + "more_info_path": "/vulnerabilities/CVE-2021-29569/43957", "specs": [ "<0.11.1" ], @@ -95111,9 +96692,9 @@ }, { "advisory": "Pupyl 0.11.1 updates 'Tensorflow' to v2.5.0 to include security fixes", - "cve": "CVE-2021-29609", - "id": "pyup.io-43929", - "more_info_path": "/vulnerabilities/CVE-2021-29609/43929", + "cve": "CVE-2021-29549", + "id": "pyup.io-43936", + "more_info_path": "/vulnerabilities/CVE-2021-29549/43936", "specs": [ "<0.11.1" ], @@ -95121,9 +96702,9 @@ }, { "advisory": "Pupyl 0.11.1 updates 'Tensorflow' to v2.5.0 to include security fixes", - "cve": "CVE-2021-29521", - "id": "pyup.io-43863", - "more_info_path": "/vulnerabilities/CVE-2021-29521/43863", + "cve": "CVE-2021-29617", + "id": "pyup.io-43938", + "more_info_path": "/vulnerabilities/CVE-2021-29617/43938", "specs": [ "<0.11.1" ], @@ -95131,9 +96712,9 @@ }, { "advisory": "Pupyl 0.11.1 updates 'Tensorflow' to v2.5.0 to include security fixes", - "cve": "CVE-2021-29567", - "id": "pyup.io-43881", - "more_info_path": "/vulnerabilities/CVE-2021-29567/43881", + "cve": "CVE-2021-29555", + "id": "pyup.io-43944", + "more_info_path": "/vulnerabilities/CVE-2021-29555/43944", "specs": [ "<0.11.1" ], @@ -95141,9 +96722,19 @@ }, { "advisory": "Pupyl 0.11.1 updates 'Tensorflow' to v2.5.0 to include security fixes", - "cve": "CVE-2021-29582", - "id": "pyup.io-43899", - "more_info_path": "/vulnerabilities/CVE-2021-29582/43899", + "cve": "CVE-2021-29521", + "id": "pyup.io-43863", + "more_info_path": "/vulnerabilities/CVE-2021-29521/43863", + "specs": [ + "<0.11.1" + ], + "v": "<0.11.1" + }, + { + "advisory": "Pupyl 0.11.1 updates 'Tensorflow' to v2.5.0 to include security fixes", + "cve": "CVE-2021-29567", + "id": "pyup.io-43881", + "more_info_path": "/vulnerabilities/CVE-2021-29567/43881", "specs": [ "<0.11.1" ], @@ -95189,11 +96780,21 @@ ], "v": "<0.11.1" }, + { + "advisory": "Pupyl 0.11.1 updates 'Tensorflow' to v2.5.0 to include security fixes.", + "cve": "CVE-2020-8284", + "id": "pyup.io-43946", + "more_info_path": "/vulnerabilities/CVE-2020-8284/43946", + "specs": [ + "<0.11.1" + ], + "v": "<0.11.1" + }, { "advisory": "Pupyl 0.11.1 updates 'Tensorflow' to v2.5.0 to include security fixes", - "cve": "CVE-2021-29549", - "id": "pyup.io-43936", - "more_info_path": "/vulnerabilities/CVE-2021-29549/43936", + "cve": "CVE-2021-29590", + "id": "pyup.io-43905", + "more_info_path": "/vulnerabilities/CVE-2021-29590/43905", "specs": [ "<0.11.1" ], @@ -95201,9 +96802,9 @@ }, { "advisory": "Pupyl 0.11.1 updates 'Tensorflow' to v2.5.0 to include security fixes", - "cve": "CVE-2021-29617", - "id": "pyup.io-43938", - "more_info_path": "/vulnerabilities/CVE-2021-29617/43938", + "cve": "CVE-2021-29543", + "id": "pyup.io-43867", + "more_info_path": "/vulnerabilities/CVE-2021-29543/43867", "specs": [ "<0.11.1" ], @@ -95211,9 +96812,9 @@ }, { "advisory": "Pupyl 0.11.1 updates 'Tensorflow' to v2.5.0 to include security fixes", - "cve": "CVE-2021-29555", - "id": "pyup.io-43944", - "more_info_path": "/vulnerabilities/CVE-2021-29555/43944", + "cve": "CVE-2021-29565", + "id": "pyup.io-43952", + "more_info_path": "/vulnerabilities/CVE-2021-29565/43952", "specs": [ "<0.11.1" ], @@ -95221,9 +96822,9 @@ }, { "advisory": "Pupyl 0.11.1 updates 'Tensorflow' to v2.5.0 to include security fixes", - "cve": "CVE-2021-29590", - "id": "pyup.io-43905", - "more_info_path": "/vulnerabilities/CVE-2021-29590/43905", + "cve": "CVE-2021-29558", + "id": "pyup.io-43949", + "more_info_path": "/vulnerabilities/CVE-2021-29558/43949", "specs": [ "<0.11.1" ], @@ -95259,16 +96860,6 @@ ], "v": "<0.11.1" }, - { - "advisory": "Pupyl 0.11.1 updates 'Tensorflow' to v2.5.0 to include security fixes.", - "cve": "CVE-2020-8284", - "id": "pyup.io-43946", - "more_info_path": "/vulnerabilities/CVE-2020-8284/43946", - "specs": [ - "<0.11.1" - ], - "v": "<0.11.1" - }, { "advisory": "Pupyl 0.11.1 updates 'Tensorflow' to v2.5.0 to include security fixes.", "cve": "CVE-2021-29610", @@ -95429,16 +97020,6 @@ ], "v": "<0.11.1" }, - { - "advisory": "Pupyl 0.11.1 updates 'Tensorflow' to v2.5.0 to include security fixes", - "cve": "CVE-2021-29543", - "id": "pyup.io-43867", - "more_info_path": "/vulnerabilities/CVE-2021-29543/43867", - "specs": [ - "<0.11.1" - ], - "v": "<0.11.1" - }, { "advisory": "Pupyl 0.11.1 updates 'Tensorflow' to v2.5.0 to include security fixes", "cve": "CVE-2021-29595", @@ -95539,26 +97120,6 @@ ], "v": "<0.11.1" }, - { - "advisory": "Pupyl 0.11.1 updates 'Tensorflow' to v2.5.0 to include security fixes", - "cve": "CVE-2021-29565", - "id": "pyup.io-43952", - "more_info_path": "/vulnerabilities/CVE-2021-29565/43952", - "specs": [ - "<0.11.1" - ], - "v": "<0.11.1" - }, - { - "advisory": "Pupyl 0.11.1 updates 'Tensorflow' to v2.5.0 to include security fixes", - "cve": "CVE-2021-29558", - "id": "pyup.io-43949", - "more_info_path": "/vulnerabilities/CVE-2021-29558/43949", - "specs": [ - "<0.11.1" - ], - "v": "<0.11.1" - }, { "advisory": "Pupyl 0.12.1 updates its dependency 'TensorFlow' to v2.6.0 to include security fixes.", "cve": "CVE-2021-37685", @@ -95569,16 +97130,6 @@ ], "v": "<0.12.1" }, - { - "advisory": "Pupyl 0.12.1 updates its dependency 'TensorFlow' to v2.6.0 to include security fixes.", - "cve": "CVE-2021-37641", - "id": "pyup.io-46248", - "more_info_path": "/vulnerabilities/CVE-2021-37641/46248", - "specs": [ - "<0.12.1" - ], - "v": "<0.12.1" - }, { "advisory": "Pupyl 0.12.1 updates its dependency 'TensorFlow' to v2.6.0 to include security fixes.", "cve": "CVE-2021-37678", @@ -95589,26 +97140,6 @@ ], "v": "<0.12.1" }, - { - "advisory": "Pupyl 0.12.1 updates its dependency 'TensorFlow' to v2.6.0 to include security fixes.", - "cve": "CVE-2021-37661", - "id": "pyup.io-46268", - "more_info_path": "/vulnerabilities/CVE-2021-37661/46268", - "specs": [ - "<0.12.1" - ], - "v": "<0.12.1" - }, - { - "advisory": "Pupyl 0.12.1 updates its dependency 'TensorFlow' to v2.6.0 to include security fixes.", - "cve": "CVE-2021-37669", - "id": "pyup.io-46276", - "more_info_path": "/vulnerabilities/CVE-2021-37669/46276", - "specs": [ - "<0.12.1" - ], - "v": "<0.12.1" - }, { "advisory": "Pupyl 0.12.1 updates its dependency 'TensorFlow' to v2.6.0 to include security fixes.", "cve": "CVE-2021-37690", @@ -95671,9 +97202,9 @@ }, { "advisory": "Pupyl 0.12.1 updates its dependency 'TensorFlow' to v2.6.0 to include security fixes.", - "cve": "CVE-2021-37668", - "id": "pyup.io-46275", - "more_info_path": "/vulnerabilities/CVE-2021-37668/46275", + "cve": "CVE-2021-37672", + "id": "pyup.io-46279", + "more_info_path": "/vulnerabilities/CVE-2021-37672/46279", "specs": [ "<0.12.1" ], @@ -95681,9 +97212,9 @@ }, { "advisory": "Pupyl 0.12.1 updates its dependency 'TensorFlow' to v2.6.0 to include security fixes.", - "cve": "CVE-2021-37636", - "id": "pyup.io-46243", - "more_info_path": "/vulnerabilities/CVE-2021-37636/46243", + "cve": "CVE-2021-37682", + "id": "pyup.io-46289", + "more_info_path": "/vulnerabilities/CVE-2021-37682/46289", "specs": [ "<0.12.1" ], @@ -95691,9 +97222,9 @@ }, { "advisory": "Pupyl 0.12.1 updates its dependency 'TensorFlow' to v2.6.0 to include security fixes.", - "cve": "CVE-2021-37677", - "id": "pyup.io-46284", - "more_info_path": "/vulnerabilities/CVE-2021-37677/46284", + "cve": "CVE-2021-37638", + "id": "pyup.io-46245", + "more_info_path": "/vulnerabilities/CVE-2021-37638/46245", "specs": [ "<0.12.1" ], @@ -95701,9 +97232,9 @@ }, { "advisory": "Pupyl 0.12.1 updates its dependency 'TensorFlow' to v2.6.0 to include security fixes.", - "cve": "CVE-2021-37672", - "id": "pyup.io-46279", - "more_info_path": "/vulnerabilities/CVE-2021-37672/46279", + "cve": "CVE-2021-37635", + "id": "pyup.io-46242", + "more_info_path": "/vulnerabilities/CVE-2021-37635/46242", "specs": [ "<0.12.1" ], @@ -95711,9 +97242,9 @@ }, { "advisory": "Pupyl 0.12.1 updates its dependency 'TensorFlow' to v2.6.0 to include security fixes.", - "cve": "CVE-2021-37647", - "id": "pyup.io-46254", - "more_info_path": "/vulnerabilities/CVE-2021-37647/46254", + "cve": "CVE-2021-37657", + "id": "pyup.io-46264", + "more_info_path": "/vulnerabilities/CVE-2021-37657/46264", "specs": [ "<0.12.1" ], @@ -95721,9 +97252,9 @@ }, { "advisory": "Pupyl 0.12.1 updates its dependency 'TensorFlow' to v2.6.0 to include security fixes.", - "cve": "CVE-2021-37682", - "id": "pyup.io-46289", - "more_info_path": "/vulnerabilities/CVE-2021-37682/46289", + "cve": "CVE-2021-37664", + "id": "pyup.io-46271", + "more_info_path": "/vulnerabilities/CVE-2021-37664/46271", "specs": [ "<0.12.1" ], @@ -95731,9 +97262,9 @@ }, { "advisory": "Pupyl 0.12.1 updates its dependency 'TensorFlow' to v2.6.0 to include security fixes.", - "cve": "CVE-2021-37638", - "id": "pyup.io-46245", - "more_info_path": "/vulnerabilities/CVE-2021-37638/46245", + "cve": "CVE-2021-37686", + "id": "pyup.io-46293", + "more_info_path": "/vulnerabilities/CVE-2021-37686/46293", "specs": [ "<0.12.1" ], @@ -95741,9 +97272,9 @@ }, { "advisory": "Pupyl 0.12.1 updates its dependency 'TensorFlow' to v2.6.0 to include security fixes.", - "cve": "CVE-2021-37646", - "id": "pyup.io-46253", - "more_info_path": "/vulnerabilities/CVE-2021-37646/46253", + "cve": "CVE-2021-37663", + "id": "pyup.io-46270", + "more_info_path": "/vulnerabilities/CVE-2021-37663/46270", "specs": [ "<0.12.1" ], @@ -95751,9 +97282,9 @@ }, { "advisory": "Pupyl 0.12.1 updates its dependency 'TensorFlow' to v2.6.0 to include security fixes.", - "cve": "CVE-2021-37673", - "id": "pyup.io-46280", - "more_info_path": "/vulnerabilities/CVE-2021-37673/46280", + "cve": "CVE-2021-37637", + "id": "pyup.io-46244", + "more_info_path": "/vulnerabilities/CVE-2021-37637/46244", "specs": [ "<0.12.1" ], @@ -95761,9 +97292,9 @@ }, { "advisory": "Pupyl 0.12.1 updates its dependency 'TensorFlow' to v2.6.0 to include security fixes.", - "cve": "CVE-2021-37676", - "id": "pyup.io-46283", - "more_info_path": "/vulnerabilities/CVE-2021-37676/46283", + "cve": "CVE-2021-37679", + "id": "pyup.io-46286", + "more_info_path": "/vulnerabilities/CVE-2021-37679/46286", "specs": [ "<0.12.1" ], @@ -95771,9 +97302,9 @@ }, { "advisory": "Pupyl 0.12.1 updates its dependency 'TensorFlow' to v2.6.0 to include security fixes.", - "cve": "CVE-2021-37640", - "id": "pyup.io-46247", - "more_info_path": "/vulnerabilities/CVE-2021-37640/46247", + "cve": "CVE-2021-37667", + "id": "pyup.io-46274", + "more_info_path": "/vulnerabilities/CVE-2021-37667/46274", "specs": [ "<0.12.1" ], @@ -95781,9 +97312,9 @@ }, { "advisory": "Pupyl 0.12.1 updates its dependency 'TensorFlow' to v2.6.0 to include security fixes.", - "cve": "CVE-2021-37635", - "id": "pyup.io-46242", - "more_info_path": "/vulnerabilities/CVE-2021-37635/46242", + "cve": "CVE-2021-37644", + "id": "pyup.io-46251", + "more_info_path": "/vulnerabilities/CVE-2021-37644/46251", "specs": [ "<0.12.1" ], @@ -95791,9 +97322,9 @@ }, { "advisory": "Pupyl 0.12.1 updates its dependency 'TensorFlow' to v2.6.0 to include security fixes.", - "cve": "CVE-2021-37689", - "id": "pyup.io-46296", - "more_info_path": "/vulnerabilities/CVE-2021-37689/46296", + "cve": "CVE-2021-37688", + "id": "pyup.io-46295", + "more_info_path": "/vulnerabilities/CVE-2021-37688/46295", "specs": [ "<0.12.1" ], @@ -95801,9 +97332,9 @@ }, { "advisory": "Pupyl 0.12.1 updates its dependency 'TensorFlow' to v2.6.0 to include security fixes.", - "cve": "CVE-2021-37642", - "id": "pyup.io-46249", - "more_info_path": "/vulnerabilities/CVE-2021-37642/46249", + "cve": "CVE-2021-37645", + "id": "pyup.io-46252", + "more_info_path": "/vulnerabilities/CVE-2021-37645/46252", "specs": [ "<0.12.1" ], @@ -95811,9 +97342,9 @@ }, { "advisory": "Pupyl 0.12.1 updates its dependency 'TensorFlow' to v2.6.0 to include security fixes.", - "cve": "CVE-2021-37657", - "id": "pyup.io-46264", - "more_info_path": "/vulnerabilities/CVE-2021-37657/46264", + "cve": "CVE-2021-37692", + "id": "pyup.io-46299", + "more_info_path": "/vulnerabilities/CVE-2021-37692/46299", "specs": [ "<0.12.1" ], @@ -95821,9 +97352,9 @@ }, { "advisory": "Pupyl 0.12.1 updates its dependency 'TensorFlow' to v2.6.0 to include security fixes.", - "cve": "CVE-2021-37664", - "id": "pyup.io-46271", - "more_info_path": "/vulnerabilities/CVE-2021-37664/46271", + "cve": "CVE-2021-37683", + "id": "pyup.io-46290", + "more_info_path": "/vulnerabilities/CVE-2021-37683/46290", "specs": [ "<0.12.1" ], @@ -95831,9 +97362,9 @@ }, { "advisory": "Pupyl 0.12.1 updates its dependency 'TensorFlow' to v2.6.0 to include security fixes.", - "cve": "CVE-2021-37686", - "id": "pyup.io-46293", - "more_info_path": "/vulnerabilities/CVE-2021-37686/46293", + "cve": "CVE-2021-37680", + "id": "pyup.io-46287", + "more_info_path": "/vulnerabilities/CVE-2021-37680/46287", "specs": [ "<0.12.1" ], @@ -95841,9 +97372,9 @@ }, { "advisory": "Pupyl 0.12.1 updates its dependency 'TensorFlow' to v2.6.0 to include security fixes.", - "cve": "CVE-2021-22898", - "id": "pyup.io-46240", - "more_info_path": "/vulnerabilities/CVE-2021-22898/46240", + "cve": "CVE-2021-37641", + "id": "pyup.io-46248", + "more_info_path": "/vulnerabilities/CVE-2021-37641/46248", "specs": [ "<0.12.1" ], @@ -95851,9 +97382,9 @@ }, { "advisory": "Pupyl 0.12.1 updates its dependency 'TensorFlow' to v2.6.0 to include security fixes.", - "cve": "CVE-2021-37663", - "id": "pyup.io-46270", - "more_info_path": "/vulnerabilities/CVE-2021-37663/46270", + "cve": "CVE-2021-37661", + "id": "pyup.io-46268", + "more_info_path": "/vulnerabilities/CVE-2021-37661/46268", "specs": [ "<0.12.1" ], @@ -95861,9 +97392,9 @@ }, { "advisory": "Pupyl 0.12.1 updates its dependency 'TensorFlow' to v2.6.0 to include security fixes.", - "cve": "CVE-2021-37691", - "id": "pyup.io-46298", - "more_info_path": "/vulnerabilities/CVE-2021-37691/46298", + "cve": "CVE-2021-37669", + "id": "pyup.io-46276", + "more_info_path": "/vulnerabilities/CVE-2021-37669/46276", "specs": [ "<0.12.1" ], @@ -95871,9 +97402,9 @@ }, { "advisory": "Pupyl 0.12.1 updates its dependency 'TensorFlow' to v2.6.0 to include security fixes.", - "cve": "CVE-2021-37637", - "id": "pyup.io-46244", - "more_info_path": "/vulnerabilities/CVE-2021-37637/46244", + "cve": "CVE-2021-37668", + "id": "pyup.io-46275", + "more_info_path": "/vulnerabilities/CVE-2021-37668/46275", "specs": [ "<0.12.1" ], @@ -95881,9 +97412,9 @@ }, { "advisory": "Pupyl 0.12.1 updates its dependency 'TensorFlow' to v2.6.0 to include security fixes.", - "cve": "CVE-2021-37679", - "id": "pyup.io-46286", - "more_info_path": "/vulnerabilities/CVE-2021-37679/46286", + "cve": "CVE-2021-37636", + "id": "pyup.io-46243", + "more_info_path": "/vulnerabilities/CVE-2021-37636/46243", "specs": [ "<0.12.1" ], @@ -95891,9 +97422,9 @@ }, { "advisory": "Pupyl 0.12.1 updates its dependency 'TensorFlow' to v2.6.0 to include security fixes.", - "cve": "CVE-2021-37667", - "id": "pyup.io-46274", - "more_info_path": "/vulnerabilities/CVE-2021-37667/46274", + "cve": "CVE-2021-37677", + "id": "pyup.io-46284", + "more_info_path": "/vulnerabilities/CVE-2021-37677/46284", "specs": [ "<0.12.1" ], @@ -95901,9 +97432,9 @@ }, { "advisory": "Pupyl 0.12.1 updates its dependency 'TensorFlow' to v2.6.0 to include security fixes.", - "cve": "CVE-2021-37644", - "id": "pyup.io-46251", - "more_info_path": "/vulnerabilities/CVE-2021-37644/46251", + "cve": "CVE-2021-37640", + "id": "pyup.io-46247", + "more_info_path": "/vulnerabilities/CVE-2021-37640/46247", "specs": [ "<0.12.1" ], @@ -95911,9 +97442,9 @@ }, { "advisory": "Pupyl 0.12.1 updates its dependency 'TensorFlow' to v2.6.0 to include security fixes.", - "cve": "CVE-2021-37688", - "id": "pyup.io-46295", - "more_info_path": "/vulnerabilities/CVE-2021-37688/46295", + "cve": "CVE-2021-37647", + "id": "pyup.io-46254", + "more_info_path": "/vulnerabilities/CVE-2021-37647/46254", "specs": [ "<0.12.1" ], @@ -95921,9 +97452,9 @@ }, { "advisory": "Pupyl 0.12.1 updates its dependency 'TensorFlow' to v2.6.0 to include security fixes.", - "cve": "CVE-2021-37645", - "id": "pyup.io-46252", - "more_info_path": "/vulnerabilities/CVE-2021-37645/46252", + "cve": "CVE-2021-37646", + "id": "pyup.io-46253", + "more_info_path": "/vulnerabilities/CVE-2021-37646/46253", "specs": [ "<0.12.1" ], @@ -95931,9 +97462,9 @@ }, { "advisory": "Pupyl 0.12.1 updates its dependency 'TensorFlow' to v2.6.0 to include security fixes.", - "cve": "CVE-2021-37683", - "id": "pyup.io-46290", - "more_info_path": "/vulnerabilities/CVE-2021-37683/46290", + "cve": "CVE-2021-37673", + "id": "pyup.io-46280", + "more_info_path": "/vulnerabilities/CVE-2021-37673/46280", "specs": [ "<0.12.1" ], @@ -95941,9 +97472,9 @@ }, { "advisory": "Pupyl 0.12.1 updates its dependency 'TensorFlow' to v2.6.0 to include security fixes.", - "cve": "CVE-2021-37680", - "id": "pyup.io-46287", - "more_info_path": "/vulnerabilities/CVE-2021-37680/46287", + "cve": "CVE-2021-37676", + "id": "pyup.io-46283", + "more_info_path": "/vulnerabilities/CVE-2021-37676/46283", "specs": [ "<0.12.1" ], @@ -95951,9 +97482,49 @@ }, { "advisory": "Pupyl 0.12.1 updates its dependency 'TensorFlow' to v2.6.0 to include security fixes.", - "cve": "CVE-2021-37692", - "id": "pyup.io-46299", - "more_info_path": "/vulnerabilities/CVE-2021-37692/46299", + "cve": "CVE-2021-37675", + "id": "pyup.io-46282", + "more_info_path": "/vulnerabilities/CVE-2021-37675/46282", + "specs": [ + "<0.12.1" + ], + "v": "<0.12.1" + }, + { + "advisory": "Pupyl 0.12.1 updates its dependency 'TensorFlow' to v2.6.0 to include security fixes.", + "cve": "CVE-2021-37689", + "id": "pyup.io-46296", + "more_info_path": "/vulnerabilities/CVE-2021-37689/46296", + "specs": [ + "<0.12.1" + ], + "v": "<0.12.1" + }, + { + "advisory": "Pupyl 0.12.1 updates its dependency 'TensorFlow' to v2.6.0 to include security fixes.", + "cve": "CVE-2021-37642", + "id": "pyup.io-46249", + "more_info_path": "/vulnerabilities/CVE-2021-37642/46249", + "specs": [ + "<0.12.1" + ], + "v": "<0.12.1" + }, + { + "advisory": "Pupyl 0.12.1 updates its dependency 'TensorFlow' to v2.6.0 to include security fixes.", + "cve": "CVE-2021-22898", + "id": "pyup.io-46240", + "more_info_path": "/vulnerabilities/CVE-2021-22898/46240", + "specs": [ + "<0.12.1" + ], + "v": "<0.12.1" + }, + { + "advisory": "Pupyl 0.12.1 updates its dependency 'TensorFlow' to v2.6.0 to include security fixes.", + "cve": "CVE-2021-37691", + "id": "pyup.io-46298", + "more_info_path": "/vulnerabilities/CVE-2021-37691/46298", "specs": [ "<0.12.1" ], @@ -95971,9 +97542,29 @@ }, { "advisory": "Pupyl 0.12.1 updates its dependency 'TensorFlow' to v2.6.0 to include security fixes.", - "cve": "CVE-2021-37675", - "id": "pyup.io-46282", - "more_info_path": "/vulnerabilities/CVE-2021-37675/46282", + "cve": "CVE-2021-22876", + "id": "pyup.io-46238", + "more_info_path": "/vulnerabilities/CVE-2021-22876/46238", + "specs": [ + "<0.12.1" + ], + "v": "<0.12.1" + }, + { + "advisory": "Pupyl 0.12.1 updates its dependency 'TensorFlow' to v2.6.0 to include security fixes.", + "cve": "CVE-2021-37671", + "id": "pyup.io-46278", + "more_info_path": "/vulnerabilities/CVE-2021-37671/46278", + "specs": [ + "<0.12.1" + ], + "v": "<0.12.1" + }, + { + "advisory": "Pupyl 0.12.1 updates its dependency 'TensorFlow' to v2.6.0 to include security fixes.", + "cve": "CVE-2021-37654", + "id": "pyup.io-46261", + "more_info_path": "/vulnerabilities/CVE-2021-37654/46261", "specs": [ "<0.12.1" ], @@ -96129,36 +97720,6 @@ ], "v": "<0.12.1" }, - { - "advisory": "Pupyl 0.12.1 updates its dependency 'TensorFlow' to v2.6.0 to include security fixes.", - "cve": "CVE-2021-22876", - "id": "pyup.io-46238", - "more_info_path": "/vulnerabilities/CVE-2021-22876/46238", - "specs": [ - "<0.12.1" - ], - "v": "<0.12.1" - }, - { - "advisory": "Pupyl 0.12.1 updates its dependency 'TensorFlow' to v2.6.0 to include security fixes.", - "cve": "CVE-2021-37671", - "id": "pyup.io-46278", - "more_info_path": "/vulnerabilities/CVE-2021-37671/46278", - "specs": [ - "<0.12.1" - ], - "v": "<0.12.1" - }, - { - "advisory": "Pupyl 0.12.1 updates its dependency 'TensorFlow' to v2.6.0 to include security fixes.", - "cve": "CVE-2021-37654", - "id": "pyup.io-46261", - "more_info_path": "/vulnerabilities/CVE-2021-37654/46261", - "specs": [ - "<0.12.1" - ], - "v": "<0.12.1" - }, { "advisory": "Pupyl 0.12.1 updates its dependency 'TensorFlow' to v2.6.0 to include security fixes.", "cve": "CVE-2021-37653", @@ -96181,9 +97742,9 @@ }, { "advisory": "Pupyl 0.12.4 updates its dependency 'TensorFlow' to v2.6.1 to include security fixes.", - "cve": "CVE-2021-41209", - "id": "pyup.io-46320", - "more_info_path": "/vulnerabilities/CVE-2021-41209/46320", + "cve": "CVE-2021-41219", + "id": "pyup.io-46330", + "more_info_path": "/vulnerabilities/CVE-2021-41219/46330", "specs": [ "<0.12.4" ], @@ -96191,9 +97752,9 @@ }, { "advisory": "Pupyl 0.12.4 updates its dependency 'TensorFlow' to v2.6.1 to include security fixes.", - "cve": "CVE-2021-41219", - "id": "pyup.io-46330", - "more_info_path": "/vulnerabilities/CVE-2021-41219/46330", + "cve": "CVE-2021-41222", + "id": "pyup.io-46333", + "more_info_path": "/vulnerabilities/CVE-2021-41222/46333", "specs": [ "<0.12.4" ], @@ -96201,9 +97762,9 @@ }, { "advisory": "Pupyl 0.12.4 updates its dependency 'TensorFlow' to v2.6.1 to include security fixes.", - "cve": "CVE-2021-41222", - "id": "pyup.io-46333", - "more_info_path": "/vulnerabilities/CVE-2021-41222/46333", + "cve": "CVE-2021-41205", + "id": "pyup.io-46316", + "more_info_path": "/vulnerabilities/CVE-2021-41205/46316", "specs": [ "<0.12.4" ], @@ -96211,9 +97772,9 @@ }, { "advisory": "Pupyl 0.12.4 updates its dependency 'TensorFlow' to v2.6.1 to include security fixes.", - "cve": "CVE-2021-41206", - "id": "pyup.io-46317", - "more_info_path": "/vulnerabilities/CVE-2021-41206/46317", + "cve": "CVE-2021-41220", + "id": "pyup.io-46331", + "more_info_path": "/vulnerabilities/CVE-2021-41220/46331", "specs": [ "<0.12.4" ], @@ -96221,9 +97782,9 @@ }, { "advisory": "Pupyl 0.12.4 updates its dependency 'TensorFlow' to v2.6.1 to include security fixes.", - "cve": "CVE-2021-41205", - "id": "pyup.io-46316", - "more_info_path": "/vulnerabilities/CVE-2021-41205/46316", + "cve": "CVE-2021-41216", + "id": "pyup.io-46327", + "more_info_path": "/vulnerabilities/CVE-2021-41216/46327", "specs": [ "<0.12.4" ], @@ -96231,9 +97792,9 @@ }, { "advisory": "Pupyl 0.12.4 updates its dependency 'TensorFlow' to v2.6.1 to include security fixes.", - "cve": "CVE-2021-41220", - "id": "pyup.io-46331", - "more_info_path": "/vulnerabilities/CVE-2021-41220/46331", + "cve": "CVE-2021-22925", + "id": "pyup.io-46304", + "more_info_path": "/vulnerabilities/CVE-2021-22925/46304", "specs": [ "<0.12.4" ], @@ -96241,9 +97802,9 @@ }, { "advisory": "Pupyl 0.12.4 updates its dependency 'TensorFlow' to v2.6.1 to include security fixes.", - "cve": "CVE-2021-41223", - "id": "pyup.io-46334", - "more_info_path": "/vulnerabilities/CVE-2021-41223/46334", + "cve": "CVE-2021-41213", + "id": "pyup.io-46324", + "more_info_path": "/vulnerabilities/CVE-2021-41213/46324", "specs": [ "<0.12.4" ], @@ -96251,9 +97812,9 @@ }, { "advisory": "Pupyl 0.12.4 updates its dependency 'TensorFlow' to v2.6.1 to include security fixes.", - "cve": "CVE-2021-41199", - "id": "pyup.io-46310", - "more_info_path": "/vulnerabilities/CVE-2021-41199/46310", + "cve": "CVE-2021-41226", + "id": "pyup.io-46337", + "more_info_path": "/vulnerabilities/CVE-2021-41226/46337", "specs": [ "<0.12.4" ], @@ -96261,9 +97822,9 @@ }, { "advisory": "Pupyl 0.12.4 updates its dependency 'TensorFlow' to v2.6.1 to include security fixes.", - "cve": "CVE-2021-41216", - "id": "pyup.io-46327", - "more_info_path": "/vulnerabilities/CVE-2021-41216/46327", + "cve": "CVE-2021-22924", + "id": "pyup.io-46303", + "more_info_path": "/vulnerabilities/CVE-2021-22924/46303", "specs": [ "<0.12.4" ], @@ -96271,9 +97832,9 @@ }, { "advisory": "Pupyl 0.12.4 updates its dependency 'TensorFlow' to v2.6.1 to include security fixes.", - "cve": "CVE-2021-41227", - "id": "pyup.io-46338", - "more_info_path": "/vulnerabilities/CVE-2021-41227/46338", + "cve": "CVE-2021-22923", + "id": "pyup.io-46302", + "more_info_path": "/vulnerabilities/CVE-2021-22923/46302", "specs": [ "<0.12.4" ], @@ -96281,9 +97842,9 @@ }, { "advisory": "Pupyl 0.12.4 updates its dependency 'TensorFlow' to v2.6.1 to include security fixes.", - "cve": "CVE-2021-41210", - "id": "pyup.io-46321", - "more_info_path": "/vulnerabilities/CVE-2021-41210/46321", + "cve": "CVE-2021-41207", + "id": "pyup.io-46318", + "more_info_path": "/vulnerabilities/CVE-2021-41207/46318", "specs": [ "<0.12.4" ], @@ -96291,9 +97852,9 @@ }, { "advisory": "Pupyl 0.12.4 updates its dependency 'TensorFlow' to v2.6.1 to include security fixes.", - "cve": "CVE-2021-22925", - "id": "pyup.io-46304", - "more_info_path": "/vulnerabilities/CVE-2021-22925/46304", + "cve": "CVE-2021-41198", + "id": "pyup.io-46309", + "more_info_path": "/vulnerabilities/CVE-2021-41198/46309", "specs": [ "<0.12.4" ], @@ -96301,9 +97862,9 @@ }, { "advisory": "Pupyl 0.12.4 updates its dependency 'TensorFlow' to v2.6.1 to include security fixes.", - "cve": "CVE-2021-41200", - "id": "pyup.io-46311", - "more_info_path": "/vulnerabilities/CVE-2021-41200/46311", + "cve": "CVE-2021-41202", + "id": "pyup.io-46313", + "more_info_path": "/vulnerabilities/CVE-2021-41202/46313", "specs": [ "<0.12.4" ], @@ -96311,9 +97872,9 @@ }, { "advisory": "Pupyl 0.12.4 updates its dependency 'TensorFlow' to v2.6.1 to include security fixes.", - "cve": "CVE-2021-41201", - "id": "pyup.io-46312", - "more_info_path": "/vulnerabilities/CVE-2021-41201/46312", + "cve": "CVE-2021-41209", + "id": "pyup.io-46320", + "more_info_path": "/vulnerabilities/CVE-2021-41209/46320", "specs": [ "<0.12.4" ], @@ -96321,9 +97882,9 @@ }, { "advisory": "Pupyl 0.12.4 updates its dependency 'TensorFlow' to v2.6.1 to include security fixes.", - "cve": "CVE-2021-41214", - "id": "pyup.io-46325", - "more_info_path": "/vulnerabilities/CVE-2021-41214/46325", + "cve": "CVE-2021-41206", + "id": "pyup.io-46317", + "more_info_path": "/vulnerabilities/CVE-2021-41206/46317", "specs": [ "<0.12.4" ], @@ -96331,9 +97892,9 @@ }, { "advisory": "Pupyl 0.12.4 updates its dependency 'TensorFlow' to v2.6.1 to include security fixes.", - "cve": "CVE-2021-41217", - "id": "pyup.io-46328", - "more_info_path": "/vulnerabilities/CVE-2021-41217/46328", + "cve": "CVE-2021-41223", + "id": "pyup.io-46334", + "more_info_path": "/vulnerabilities/CVE-2021-41223/46334", "specs": [ "<0.12.4" ], @@ -96341,9 +97902,9 @@ }, { "advisory": "Pupyl 0.12.4 updates its dependency 'TensorFlow' to v2.6.1 to include security fixes.", - "cve": "CVE-2021-41213", - "id": "pyup.io-46324", - "more_info_path": "/vulnerabilities/CVE-2021-41213/46324", + "cve": "CVE-2021-41199", + "id": "pyup.io-46310", + "more_info_path": "/vulnerabilities/CVE-2021-41199/46310", "specs": [ "<0.12.4" ], @@ -96351,9 +97912,9 @@ }, { "advisory": "Pupyl 0.12.4 updates its dependency 'TensorFlow' to v2.6.1 to include security fixes.", - "cve": "CVE-2021-41226", - "id": "pyup.io-46337", - "more_info_path": "/vulnerabilities/CVE-2021-41226/46337", + "cve": "CVE-2021-41210", + "id": "pyup.io-46321", + "more_info_path": "/vulnerabilities/CVE-2021-41210/46321", "specs": [ "<0.12.4" ], @@ -96361,9 +97922,9 @@ }, { "advisory": "Pupyl 0.12.4 updates its dependency 'TensorFlow' to v2.6.1 to include security fixes.", - "cve": "CVE-2021-22924", - "id": "pyup.io-46303", - "more_info_path": "/vulnerabilities/CVE-2021-22924/46303", + "cve": "CVE-2021-41227", + "id": "pyup.io-46338", + "more_info_path": "/vulnerabilities/CVE-2021-41227/46338", "specs": [ "<0.12.4" ], @@ -96371,9 +97932,9 @@ }, { "advisory": "Pupyl 0.12.4 updates its dependency 'TensorFlow' to v2.6.1 to include security fixes.", - "cve": "CVE-2021-22926", - "id": "pyup.io-46305", - "more_info_path": "/vulnerabilities/CVE-2021-22926/46305", + "cve": "CVE-2021-41200", + "id": "pyup.io-46311", + "more_info_path": "/vulnerabilities/CVE-2021-41200/46311", "specs": [ "<0.12.4" ], @@ -96381,9 +97942,9 @@ }, { "advisory": "Pupyl 0.12.4 updates its dependency 'TensorFlow' to v2.6.1 to include security fixes.", - "cve": "CVE-2021-22923", - "id": "pyup.io-46302", - "more_info_path": "/vulnerabilities/CVE-2021-22923/46302", + "cve": "CVE-2021-41201", + "id": "pyup.io-46312", + "more_info_path": "/vulnerabilities/CVE-2021-41201/46312", "specs": [ "<0.12.4" ], @@ -96391,9 +97952,9 @@ }, { "advisory": "Pupyl 0.12.4 updates its dependency 'TensorFlow' to v2.6.1 to include security fixes.", - "cve": "CVE-2021-41207", - "id": "pyup.io-46318", - "more_info_path": "/vulnerabilities/CVE-2021-41207/46318", + "cve": "CVE-2021-41214", + "id": "pyup.io-46325", + "more_info_path": "/vulnerabilities/CVE-2021-41214/46325", "specs": [ "<0.12.4" ], @@ -96401,9 +97962,9 @@ }, { "advisory": "Pupyl 0.12.4 updates its dependency 'TensorFlow' to v2.6.1 to include security fixes.", - "cve": "CVE-2021-41198", - "id": "pyup.io-46309", - "more_info_path": "/vulnerabilities/CVE-2021-41198/46309", + "cve": "CVE-2021-41217", + "id": "pyup.io-46328", + "more_info_path": "/vulnerabilities/CVE-2021-41217/46328", "specs": [ "<0.12.4" ], @@ -96411,9 +97972,19 @@ }, { "advisory": "Pupyl 0.12.4 updates its dependency 'TensorFlow' to v2.6.1 to include security fixes.", - "cve": "CVE-2021-41202", - "id": "pyup.io-46313", - "more_info_path": "/vulnerabilities/CVE-2021-41202/46313", + "cve": "CVE-2021-22926", + "id": "pyup.io-46305", + "more_info_path": "/vulnerabilities/CVE-2021-22926/46305", + "specs": [ + "<0.12.4" + ], + "v": "<0.12.4" + }, + { + "advisory": "Pupyl 0.12.4 updates its dependency 'TensorFlow' to v2.6.1 to include security fixes.", + "cve": "CVE-2021-41203", + "id": "pyup.io-46314", + "more_info_path": "/vulnerabilities/CVE-2021-41203/46314", "specs": [ "<0.12.4" ], @@ -96429,6 +98000,16 @@ ], "v": "<0.12.4" }, + { + "advisory": "Pupyl 0.12.4 updates its dependency 'TensorFlow' to v2.6.1 to include security fixes.", + "cve": "CVE-2021-22922", + "id": "pyup.io-46300", + "more_info_path": "/vulnerabilities/CVE-2021-22922/46300", + "specs": [ + "<0.12.4" + ], + "v": "<0.12.4" + }, { "advisory": "Pupyl 0.12.4 updates its dependency 'TensorFlow' to v2.6.1 to include security fixes.", "cve": "CVE-2021-41212", @@ -96479,16 +98060,6 @@ ], "v": "<0.12.4" }, - { - "advisory": "Pupyl 0.12.4 updates its dependency 'TensorFlow' to v2.6.1 to include security fixes.", - "cve": "CVE-2021-41203", - "id": "pyup.io-46314", - "more_info_path": "/vulnerabilities/CVE-2021-41203/46314", - "specs": [ - "<0.12.4" - ], - "v": "<0.12.4" - }, { "advisory": "Pupyl 0.12.4 updates its dependency 'TensorFlow' to v2.6.1 to include security fixes.", "cve": "CVE-2021-41221", @@ -96560,20 +98131,20 @@ "v": "<0.12.4" }, { - "advisory": "Pupyl 0.12.4 updates its dependency 'TensorFlow' to v2.6.1 to include security fixes.", - "cve": "CVE-2021-22922", - "id": "pyup.io-46300", - "more_info_path": "/vulnerabilities/CVE-2021-22922/46300", + "advisory": "Pupyl 0.13.2 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", + "cve": "CVE-2022-21735", + "id": "pyup.io-46351", + "more_info_path": "/vulnerabilities/CVE-2022-21735/46351", "specs": [ - "<0.12.4" + "<0.13.2" ], - "v": "<0.12.4" + "v": "<0.13.2" }, { "advisory": "Pupyl 0.13.2 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2020-10531", - "id": "pyup.io-46340", - "more_info_path": "/vulnerabilities/CVE-2020-10531/46340", + "cve": "CVE-2022-23571", + "id": "pyup.io-46372", + "more_info_path": "/vulnerabilities/CVE-2022-23571/46372", "specs": [ "<0.13.2" ], @@ -96581,9 +98152,9 @@ }, { "advisory": "Pupyl 0.13.2 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2022-23558", - "id": "pyup.io-46359", - "more_info_path": "/vulnerabilities/CVE-2022-23558/46359", + "cve": "CVE-2022-23594", + "id": "pyup.io-46395", + "more_info_path": "/vulnerabilities/CVE-2022-23594/46395", "specs": [ "<0.13.2" ], @@ -96591,9 +98162,9 @@ }, { "advisory": "Pupyl 0.13.2 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2022-21730", - "id": "pyup.io-46346", - "more_info_path": "/vulnerabilities/CVE-2022-21730/46346", + "cve": "CVE-2022-23591", + "id": "pyup.io-46392", + "more_info_path": "/vulnerabilities/CVE-2022-23591/46392", "specs": [ "<0.13.2" ], @@ -96601,9 +98172,9 @@ }, { "advisory": "Pupyl 0.13.2 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2022-21735", - "id": "pyup.io-46351", - "more_info_path": "/vulnerabilities/CVE-2022-21735/46351", + "cve": "CVE-2022-23582", + "id": "pyup.io-46383", + "more_info_path": "/vulnerabilities/CVE-2022-23582/46383", "specs": [ "<0.13.2" ], @@ -96611,9 +98182,9 @@ }, { "advisory": "Pupyl 0.13.2 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2022-23571", - "id": "pyup.io-46372", - "more_info_path": "/vulnerabilities/CVE-2022-23571/46372", + "cve": "CVE-2022-23563", + "id": "pyup.io-46364", + "more_info_path": "/vulnerabilities/CVE-2022-23563/46364", "specs": [ "<0.13.2" ], @@ -96621,9 +98192,9 @@ }, { "advisory": "Pupyl 0.13.2 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2022-23591", - "id": "pyup.io-46392", - "more_info_path": "/vulnerabilities/CVE-2022-23591/46392", + "cve": "CVE-2022-23586", + "id": "pyup.io-46387", + "more_info_path": "/vulnerabilities/CVE-2022-23586/46387", "specs": [ "<0.13.2" ], @@ -96631,9 +98202,9 @@ }, { "advisory": "Pupyl 0.13.2 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2022-23594", - "id": "pyup.io-46395", - "more_info_path": "/vulnerabilities/CVE-2022-23594/46395", + "cve": "CVE-2022-23578", + "id": "pyup.io-46379", + "more_info_path": "/vulnerabilities/CVE-2022-23578/46379", "specs": [ "<0.13.2" ], @@ -96641,9 +98212,9 @@ }, { "advisory": "Pupyl 0.13.2 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2022-23582", - "id": "pyup.io-46383", - "more_info_path": "/vulnerabilities/CVE-2022-23582/46383", + "cve": "CVE-2022-23576", + "id": "pyup.io-46377", + "more_info_path": "/vulnerabilities/CVE-2022-23576/46377", "specs": [ "<0.13.2" ], @@ -96651,9 +98222,9 @@ }, { "advisory": "Pupyl 0.13.2 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2022-23563", - "id": "pyup.io-46364", - "more_info_path": "/vulnerabilities/CVE-2022-23563/46364", + "cve": "CVE-2022-21732", + "id": "pyup.io-46348", + "more_info_path": "/vulnerabilities/CVE-2022-21732/46348", "specs": [ "<0.13.2" ], @@ -96661,9 +98232,9 @@ }, { "advisory": "Pupyl 0.13.2 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2022-23579", - "id": "pyup.io-46380", - "more_info_path": "/vulnerabilities/CVE-2022-23579/46380", + "cve": "CVE-2022-23565", + "id": "pyup.io-46366", + "more_info_path": "/vulnerabilities/CVE-2022-23565/46366", "specs": [ "<0.13.2" ], @@ -96671,9 +98242,9 @@ }, { "advisory": "Pupyl 0.13.2 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2022-23586", - "id": "pyup.io-46387", - "more_info_path": "/vulnerabilities/CVE-2022-23586/46387", + "cve": "CVE-2022-23559", + "id": "pyup.io-46360", + "more_info_path": "/vulnerabilities/CVE-2022-23559/46360", "specs": [ "<0.13.2" ], @@ -96681,9 +98252,9 @@ }, { "advisory": "Pupyl 0.13.2 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2022-21732", - "id": "pyup.io-46348", - "more_info_path": "/vulnerabilities/CVE-2022-21732/46348", + "cve": "CVE-2022-23595", + "id": "pyup.io-46396", + "more_info_path": "/vulnerabilities/CVE-2022-23595/46396", "specs": [ "<0.13.2" ], @@ -96691,9 +98262,9 @@ }, { "advisory": "Pupyl 0.13.2 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2022-23578", - "id": "pyup.io-46379", - "more_info_path": "/vulnerabilities/CVE-2022-23578/46379", + "cve": "CVE-2022-23589", + "id": "pyup.io-46390", + "more_info_path": "/vulnerabilities/CVE-2022-23589/46390", "specs": [ "<0.13.2" ], @@ -96701,9 +98272,9 @@ }, { "advisory": "Pupyl 0.13.2 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2022-23576", - "id": "pyup.io-46377", - "more_info_path": "/vulnerabilities/CVE-2022-23576/46377", + "cve": "CVE-2022-21734", + "id": "pyup.io-46350", + "more_info_path": "/vulnerabilities/CVE-2022-21734/46350", "specs": [ "<0.13.2" ], @@ -96711,9 +98282,9 @@ }, { "advisory": "Pupyl 0.13.2 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2022-21740", - "id": "pyup.io-46356", - "more_info_path": "/vulnerabilities/CVE-2022-21740/46356", + "cve": "CVE-2022-23569", + "id": "pyup.io-46370", + "more_info_path": "/vulnerabilities/CVE-2022-23569/46370", "specs": [ "<0.13.2" ], @@ -96721,9 +98292,9 @@ }, { "advisory": "Pupyl 0.13.2 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2022-23566", - "id": "pyup.io-46367", - "more_info_path": "/vulnerabilities/CVE-2022-23566/46367", + "cve": "CVE-2022-23585", + "id": "pyup.io-46386", + "more_info_path": "/vulnerabilities/CVE-2022-23585/46386", "specs": [ "<0.13.2" ], @@ -96731,9 +98302,9 @@ }, { "advisory": "Pupyl 0.13.2 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2022-23573", - "id": "pyup.io-46374", - "more_info_path": "/vulnerabilities/CVE-2022-23573/46374", + "cve": "CVE-2022-23572", + "id": "pyup.io-46373", + "more_info_path": "/vulnerabilities/CVE-2022-23572/46373", "specs": [ "<0.13.2" ], @@ -96741,9 +98312,9 @@ }, { "advisory": "Pupyl 0.13.2 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2022-23557", - "id": "pyup.io-46358", - "more_info_path": "/vulnerabilities/CVE-2022-23557/46358", + "cve": "CVE-2022-23560", + "id": "pyup.io-46361", + "more_info_path": "/vulnerabilities/CVE-2022-23560/46361", "specs": [ "<0.13.2" ], @@ -96751,9 +98322,9 @@ }, { "advisory": "Pupyl 0.13.2 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2022-21733", - "id": "pyup.io-46349", - "more_info_path": "/vulnerabilities/CVE-2022-21733/46349", + "cve": "CVE-2020-10531", + "id": "pyup.io-46340", + "more_info_path": "/vulnerabilities/CVE-2020-10531/46340", "specs": [ "<0.13.2" ], @@ -96761,9 +98332,9 @@ }, { "advisory": "Pupyl 0.13.2 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2022-23565", - "id": "pyup.io-46366", - "more_info_path": "/vulnerabilities/CVE-2022-23565/46366", + "cve": "CVE-2022-23558", + "id": "pyup.io-46359", + "more_info_path": "/vulnerabilities/CVE-2022-23558/46359", "specs": [ "<0.13.2" ], @@ -96771,9 +98342,9 @@ }, { "advisory": "Pupyl 0.13.2 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2022-23581", - "id": "pyup.io-46382", - "more_info_path": "/vulnerabilities/CVE-2022-23581/46382", + "cve": "CVE-2022-21730", + "id": "pyup.io-46346", + "more_info_path": "/vulnerabilities/CVE-2022-21730/46346", "specs": [ "<0.13.2" ], @@ -96781,9 +98352,9 @@ }, { "advisory": "Pupyl 0.13.2 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2022-23595", - "id": "pyup.io-46396", - "more_info_path": "/vulnerabilities/CVE-2022-23595/46396", + "cve": "CVE-2022-23579", + "id": "pyup.io-46380", + "more_info_path": "/vulnerabilities/CVE-2022-23579/46380", "specs": [ "<0.13.2" ], @@ -96791,9 +98362,9 @@ }, { "advisory": "Pupyl 0.13.2 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2022-23559", - "id": "pyup.io-46360", - "more_info_path": "/vulnerabilities/CVE-2022-23559/46360", + "cve": "CVE-2022-21740", + "id": "pyup.io-46356", + "more_info_path": "/vulnerabilities/CVE-2022-21740/46356", "specs": [ "<0.13.2" ], @@ -96801,9 +98372,9 @@ }, { "advisory": "Pupyl 0.13.2 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2022-23561", - "id": "pyup.io-46362", - "more_info_path": "/vulnerabilities/CVE-2022-23561/46362", + "cve": "CVE-2022-23557", + "id": "pyup.io-46358", + "more_info_path": "/vulnerabilities/CVE-2022-23557/46358", "specs": [ "<0.13.2" ], @@ -96811,9 +98382,9 @@ }, { "advisory": "Pupyl 0.13.2 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2022-23589", - "id": "pyup.io-46390", - "more_info_path": "/vulnerabilities/CVE-2022-23589/46390", + "cve": "CVE-2022-21733", + "id": "pyup.io-46349", + "more_info_path": "/vulnerabilities/CVE-2022-21733/46349", "specs": [ "<0.13.2" ], @@ -96821,9 +98392,9 @@ }, { "advisory": "Pupyl 0.13.2 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2022-21734", - "id": "pyup.io-46350", - "more_info_path": "/vulnerabilities/CVE-2022-21734/46350", + "cve": "CVE-2022-23566", + "id": "pyup.io-46367", + "more_info_path": "/vulnerabilities/CVE-2022-23566/46367", "specs": [ "<0.13.2" ], @@ -96831,9 +98402,9 @@ }, { "advisory": "Pupyl 0.13.2 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2022-23569", - "id": "pyup.io-46370", - "more_info_path": "/vulnerabilities/CVE-2022-23569/46370", + "cve": "CVE-2022-23573", + "id": "pyup.io-46374", + "more_info_path": "/vulnerabilities/CVE-2022-23573/46374", "specs": [ "<0.13.2" ], @@ -96841,9 +98412,9 @@ }, { "advisory": "Pupyl 0.13.2 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2022-23585", - "id": "pyup.io-46386", - "more_info_path": "/vulnerabilities/CVE-2022-23585/46386", + "cve": "CVE-2022-23581", + "id": "pyup.io-46382", + "more_info_path": "/vulnerabilities/CVE-2022-23581/46382", "specs": [ "<0.13.2" ], @@ -96851,9 +98422,9 @@ }, { "advisory": "Pupyl 0.13.2 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2022-21739", - "id": "pyup.io-46355", - "more_info_path": "/vulnerabilities/CVE-2022-21739/46355", + "cve": "CVE-2022-23561", + "id": "pyup.io-46362", + "more_info_path": "/vulnerabilities/CVE-2022-23561/46362", "specs": [ "<0.13.2" ], @@ -96861,9 +98432,9 @@ }, { "advisory": "Pupyl 0.13.2 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2022-23574", - "id": "pyup.io-46375", - "more_info_path": "/vulnerabilities/CVE-2022-23574/46375", + "cve": "CVE-2022-21739", + "id": "pyup.io-46355", + "more_info_path": "/vulnerabilities/CVE-2022-21739/46355", "specs": [ "<0.13.2" ], @@ -96871,9 +98442,9 @@ }, { "advisory": "Pupyl 0.13.2 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2022-23572", - "id": "pyup.io-46373", - "more_info_path": "/vulnerabilities/CVE-2022-23572/46373", + "cve": "CVE-2022-23574", + "id": "pyup.io-46375", + "more_info_path": "/vulnerabilities/CVE-2022-23574/46375", "specs": [ "<0.13.2" ], @@ -96891,9 +98462,9 @@ }, { "advisory": "Pupyl 0.13.2 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2022-23560", - "id": "pyup.io-46361", - "more_info_path": "/vulnerabilities/CVE-2022-23560/46361", + "cve": "CVE-2022-23590", + "id": "pyup.io-46391", + "more_info_path": "/vulnerabilities/CVE-2022-23590/46391", "specs": [ "<0.13.2" ], @@ -96911,19 +98482,9 @@ }, { "advisory": "Pupyl 0.13.2 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2022-23590", - "id": "pyup.io-46391", - "more_info_path": "/vulnerabilities/CVE-2022-23590/46391", - "specs": [ - "<0.13.2" - ], - "v": "<0.13.2" - }, - { - "advisory": "Pupyl 0.13.2 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2022-21729", - "id": "pyup.io-46345", - "more_info_path": "/vulnerabilities/CVE-2022-21729/46345", + "cve": "CVE-2022-23577", + "id": "pyup.io-46378", + "more_info_path": "/vulnerabilities/CVE-2022-23577/46378", "specs": [ "<0.13.2" ], @@ -96941,9 +98502,9 @@ }, { "advisory": "Pupyl 0.13.2 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2022-23592", - "id": "pyup.io-46393", - "more_info_path": "/vulnerabilities/CVE-2022-23592/46393", + "cve": "CVE-2022-21728", + "id": "pyup.io-46344", + "more_info_path": "/vulnerabilities/CVE-2022-21728/46344", "specs": [ "<0.13.2" ], @@ -96951,9 +98512,9 @@ }, { "advisory": "Pupyl 0.13.2 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2022-23568", - "id": "pyup.io-46369", - "more_info_path": "/vulnerabilities/CVE-2022-23568/46369", + "cve": "CVE-2022-21729", + "id": "pyup.io-46345", + "more_info_path": "/vulnerabilities/CVE-2022-21729/46345", "specs": [ "<0.13.2" ], @@ -96961,9 +98522,9 @@ }, { "advisory": "Pupyl 0.13.2 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2022-23564", - "id": "pyup.io-46365", - "more_info_path": "/vulnerabilities/CVE-2022-23564/46365", + "cve": "CVE-2022-21737", + "id": "pyup.io-46353", + "more_info_path": "/vulnerabilities/CVE-2022-21737/46353", "specs": [ "<0.13.2" ], @@ -96971,9 +98532,9 @@ }, { "advisory": "Pupyl 0.13.2 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2022-21736", - "id": "pyup.io-46352", - "more_info_path": "/vulnerabilities/CVE-2022-21736/46352", + "cve": "CVE-2022-23575", + "id": "pyup.io-46376", + "more_info_path": "/vulnerabilities/CVE-2022-23575/46376", "specs": [ "<0.13.2" ], @@ -96981,9 +98542,9 @@ }, { "advisory": "Pupyl 0.13.2 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2022-21727", - "id": "pyup.io-46343", - "more_info_path": "/vulnerabilities/CVE-2022-21727/46343", + "cve": "CVE-2022-23587", + "id": "pyup.io-46388", + "more_info_path": "/vulnerabilities/CVE-2022-23587/46388", "specs": [ "<0.13.2" ], @@ -96991,9 +98552,9 @@ }, { "advisory": "Pupyl 0.13.2 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2022-21738", - "id": "pyup.io-46354", - "more_info_path": "/vulnerabilities/CVE-2022-21738/46354", + "cve": "CVE-2022-23562", + "id": "pyup.io-46363", + "more_info_path": "/vulnerabilities/CVE-2022-23562/46363", "specs": [ "<0.13.2" ], @@ -97001,9 +98562,9 @@ }, { "advisory": "Pupyl 0.13.2 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2022-23577", - "id": "pyup.io-46378", - "more_info_path": "/vulnerabilities/CVE-2022-23577/46378", + "cve": "CVE-2022-23588", + "id": "pyup.io-46389", + "more_info_path": "/vulnerabilities/CVE-2022-23588/46389", "specs": [ "<0.13.2" ], @@ -97011,9 +98572,9 @@ }, { "advisory": "Pupyl 0.13.2 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2022-23583", - "id": "pyup.io-46384", - "more_info_path": "/vulnerabilities/CVE-2022-23583/46384", + "cve": "CVE-2022-23592", + "id": "pyup.io-46393", + "more_info_path": "/vulnerabilities/CVE-2022-23592/46393", "specs": [ "<0.13.2" ], @@ -97021,9 +98582,9 @@ }, { "advisory": "Pupyl 0.13.2 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2022-23580", - "id": "pyup.io-46381", - "more_info_path": "/vulnerabilities/CVE-2022-23580/46381", + "cve": "CVE-2022-23568", + "id": "pyup.io-46369", + "more_info_path": "/vulnerabilities/CVE-2022-23568/46369", "specs": [ "<0.13.2" ], @@ -97031,9 +98592,9 @@ }, { "advisory": "Pupyl 0.13.2 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2022-21725", - "id": "pyup.io-46341", - "more_info_path": "/vulnerabilities/CVE-2022-21725/46341", + "cve": "CVE-2022-23564", + "id": "pyup.io-46365", + "more_info_path": "/vulnerabilities/CVE-2022-23564/46365", "specs": [ "<0.13.2" ], @@ -97041,9 +98602,9 @@ }, { "advisory": "Pupyl 0.13.2 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2022-23570", - "id": "pyup.io-46371", - "more_info_path": "/vulnerabilities/CVE-2022-23570/46371", + "cve": "CVE-2022-21736", + "id": "pyup.io-46352", + "more_info_path": "/vulnerabilities/CVE-2022-21736/46352", "specs": [ "<0.13.2" ], @@ -97051,9 +98612,9 @@ }, { "advisory": "Pupyl 0.13.2 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2022-21728", - "id": "pyup.io-46344", - "more_info_path": "/vulnerabilities/CVE-2022-21728/46344", + "cve": "CVE-2022-21727", + "id": "pyup.io-46343", + "more_info_path": "/vulnerabilities/CVE-2022-21727/46343", "specs": [ "<0.13.2" ], @@ -97061,9 +98622,9 @@ }, { "advisory": "Pupyl 0.13.2 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2022-23567", - "id": "pyup.io-46368", - "more_info_path": "/vulnerabilities/CVE-2022-23567/46368", + "cve": "CVE-2022-21738", + "id": "pyup.io-46354", + "more_info_path": "/vulnerabilities/CVE-2022-21738/46354", "specs": [ "<0.13.2" ], @@ -97071,9 +98632,9 @@ }, { "advisory": "Pupyl 0.13.2 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2022-21737", - "id": "pyup.io-46353", - "more_info_path": "/vulnerabilities/CVE-2022-21737/46353", + "cve": "CVE-2022-23580", + "id": "pyup.io-46381", + "more_info_path": "/vulnerabilities/CVE-2022-23580/46381", "specs": [ "<0.13.2" ], @@ -97081,9 +98642,9 @@ }, { "advisory": "Pupyl 0.13.2 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2022-23575", - "id": "pyup.io-46376", - "more_info_path": "/vulnerabilities/CVE-2022-23575/46376", + "cve": "CVE-2022-23583", + "id": "pyup.io-46384", + "more_info_path": "/vulnerabilities/CVE-2022-23583/46384", "specs": [ "<0.13.2" ], @@ -97091,9 +98652,9 @@ }, { "advisory": "Pupyl 0.13.2 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2022-23587", - "id": "pyup.io-46388", - "more_info_path": "/vulnerabilities/CVE-2022-23587/46388", + "cve": "CVE-2022-21725", + "id": "pyup.io-46341", + "more_info_path": "/vulnerabilities/CVE-2022-21725/46341", "specs": [ "<0.13.2" ], @@ -97101,9 +98662,9 @@ }, { "advisory": "Pupyl 0.13.2 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2022-21726", - "id": "pyup.io-46342", - "more_info_path": "/vulnerabilities/CVE-2022-21726/46342", + "cve": "CVE-2022-23570", + "id": "pyup.io-46371", + "more_info_path": "/vulnerabilities/CVE-2022-23570/46371", "specs": [ "<0.13.2" ], @@ -97111,9 +98672,9 @@ }, { "advisory": "Pupyl 0.13.2 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2022-23593", - "id": "pyup.io-46394", - "more_info_path": "/vulnerabilities/CVE-2022-23593/46394", + "cve": "CVE-2022-23567", + "id": "pyup.io-46368", + "more_info_path": "/vulnerabilities/CVE-2022-23567/46368", "specs": [ "<0.13.2" ], @@ -97121,9 +98682,9 @@ }, { "advisory": "Pupyl 0.13.2 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2022-23562", - "id": "pyup.io-46363", - "more_info_path": "/vulnerabilities/CVE-2022-23562/46363", + "cve": "CVE-2022-21726", + "id": "pyup.io-46342", + "more_info_path": "/vulnerabilities/CVE-2022-21726/46342", "specs": [ "<0.13.2" ], @@ -97131,9 +98692,9 @@ }, { "advisory": "Pupyl 0.13.2 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2022-23588", - "id": "pyup.io-46389", - "more_info_path": "/vulnerabilities/CVE-2022-23588/46389", + "cve": "CVE-2022-23593", + "id": "pyup.io-46394", + "more_info_path": "/vulnerabilities/CVE-2022-23593/46394", "specs": [ "<0.13.2" ], @@ -97410,10 +98971,10 @@ "v": "<1.2.0a0" }, { - "advisory": "Py-quantaq 1.2.0a0 updates its dependency 'urllib3' to v1.26.12 to include security fixes.", - "cve": "CVE-2019-11236", - "id": "pyup.io-50901", - "more_info_path": "/vulnerabilities/CVE-2019-11236/50901", + "advisory": "Py-quantaq 1.2.0a0 updates its dependency 'numpy' to v1.23.2 to include security fixes.", + "cve": "CVE-2021-41495", + "id": "pyup.io-50905", + "more_info_path": "/vulnerabilities/CVE-2021-41495/50905", "specs": [ "<1.2.0a0" ], @@ -97421,9 +98982,9 @@ }, { "advisory": "Py-quantaq 1.2.0a0 updates its dependency 'numpy' to v1.23.2 to include security fixes.", - "cve": "CVE-2021-41495", - "id": "pyup.io-50905", - "more_info_path": "/vulnerabilities/CVE-2021-41495/50905", + "cve": "CVE-2021-33430", + "id": "pyup.io-50903", + "more_info_path": "/vulnerabilities/CVE-2021-33430/50903", "specs": [ "<1.2.0a0" ], @@ -97431,19 +98992,19 @@ }, { "advisory": "Py-quantaq 1.2.0a0 updates its dependency 'urllib3' to v1.26.12 to include security fixes.", - "cve": "CVE-2019-11324", - "id": "pyup.io-50900", - "more_info_path": "/vulnerabilities/CVE-2019-11324/50900", + "cve": "CVE-2021-33503", + "id": "pyup.io-50893", + "more_info_path": "/vulnerabilities/CVE-2021-33503/50893", "specs": [ "<1.2.0a0" ], "v": "<1.2.0a0" }, { - "advisory": "Py-quantaq 1.2.0a0 updates its dependency 'numpy' to v1.23.2 to include security fixes.", - "cve": "CVE-2021-33430", - "id": "pyup.io-50903", - "more_info_path": "/vulnerabilities/CVE-2021-33430/50903", + "advisory": "Py-quantaq 1.2.0a0 updates its dependency 'urllib3' to v1.26.12 to include security fixes.", + "cve": "CVE-2019-11236", + "id": "pyup.io-50901", + "more_info_path": "/vulnerabilities/CVE-2019-11236/50901", "specs": [ "<1.2.0a0" ], @@ -97451,9 +99012,9 @@ }, { "advisory": "Py-quantaq 1.2.0a0 updates its dependency 'urllib3' to v1.26.12 to include security fixes.", - "cve": "CVE-2020-26137", - "id": "pyup.io-50899", - "more_info_path": "/vulnerabilities/CVE-2020-26137/50899", + "cve": "CVE-2019-11324", + "id": "pyup.io-50900", + "more_info_path": "/vulnerabilities/CVE-2019-11324/50900", "specs": [ "<1.2.0a0" ], @@ -97461,9 +99022,9 @@ }, { "advisory": "Py-quantaq 1.2.0a0 updates its dependency 'urllib3' to v1.26.12 to include security fixes.", - "cve": "CVE-2021-33503", - "id": "pyup.io-50893", - "more_info_path": "/vulnerabilities/CVE-2021-33503/50893", + "cve": "CVE-2020-26137", + "id": "pyup.io-50899", + "more_info_path": "/vulnerabilities/CVE-2020-26137/50899", "specs": [ "<1.2.0a0" ], @@ -98038,6 +99599,40 @@ "v": ">0" } ], + "pyav": [ + { + "advisory": "Pyav 9.0.1 updates bundled binary wheels to fix vulnerabilities in dependencies openjpeg, ffmpeg, gnutls, libgmp and wavpack.\r\nhttps://github.com/PyAV-Org/PyAV/issues/901", + "cve": "PVE-2023-61575", + "id": "pyup.io-61575", + "more_info_path": "/vulnerabilities/PVE-2023-61575/61575", + "specs": [ + "<9.0.1" + ], + "v": "<9.0.1" + }, + { + "advisory": "Pyav 9.1.0 updates bundled binary wheels to fix vulnerabilities in dependencies vorbis, libass and libxml2.\r\nhttps://github.com/PyAV-Org/PyAV/issues/921", + "cve": "PVE-2023-61574", + "id": "pyup.io-61574", + "more_info_path": "/vulnerabilities/PVE-2023-61574/61574", + "specs": [ + "<9.1.0" + ], + "v": "<9.1.0" + } + ], + "pyb-utils": [ + { + "advisory": "Pyb-utils 1.3.1 updates its dependency 'pillow' to v10.0.1 to include a security fix.", + "cve": "CVE-2023-4863", + "id": "pyup.io-61614", + "more_info_path": "/vulnerabilities/CVE-2023-4863/61614", + "specs": [ + "<1.3.1" + ], + "v": "<1.3.1" + } + ], "pybald": [ { "advisory": "Pybald 0.5.6 updates its dependency 'SQLAlachemy' to v1.3.3 to include a security fix.", @@ -98061,16 +99656,6 @@ } ], "pybeerxml": [ - { - "advisory": "Pybeerxml 1.0.8 updates its dependency 'urllib3' to v1.24.2 to include a security fix.", - "cve": "CVE-2019-11324", - "id": "pyup.io-38251", - "more_info_path": "/vulnerabilities/CVE-2019-11324/38251", - "specs": [ - "<1.0.8" - ], - "v": "<1.0.8" - }, { "advisory": "Pybeerxml 1.0.8 updates its dependency 'bleach' to v3.1.4 to include security fixes.", "cve": "CVE-2020-6817", @@ -98100,6 +99685,16 @@ "<1.0.8" ], "v": "<1.0.8" + }, + { + "advisory": "Pybeerxml 1.0.8 updates its dependency 'urllib3' to v1.24.2 to include a security fix.", + "cve": "CVE-2019-11324", + "id": "pyup.io-38251", + "more_info_path": "/vulnerabilities/CVE-2019-11324/38251", + "specs": [ + "<1.0.8" + ], + "v": "<1.0.8" } ], "pybible-cli": [ @@ -98376,6 +99971,18 @@ "v": "<=1.2.0" } ], + "pycolmap": [ + { + "advisory": "Pycolmap 0.4.0 and prior releases ship with a version of C library 'libwebp' which is affected by a high risk vulnerability.\r\nhttps://inspector.pypi.io/project/pycolmap/0.4.0/packages/4b/bb/90fb7e73617694c411c95f48dd51125f4eb6fa7baf16164ac730bd494809/pycolmap-0.4.0-cp310-cp310-manylinux2014_x86_64.whl", + "cve": "CVE-2023-4863", + "id": "pyup.io-61942", + "more_info_path": "/vulnerabilities/CVE-2023-4863/61942", + "specs": [ + "<=0.4.0" + ], + "v": "<=0.4.0" + } + ], "pycolorz": [ { "advisory": "Pycolorz is a malicious package. It downloads and executes obfuscated code.\r\nhttps://inspector.pypi.io/project/pycolorz/0.0.6/packages/5c/3e/2db21b0e3f13f8930798b5e94a3018a76ce310eba4aeebfb5eed82f75880/pycolorz-0.0.6.tar.gz/pycolorz-0.0.6/setup.py#line.29", @@ -98717,9 +100324,9 @@ "pydbtools": [ { "advisory": "Pydbtools 5.3.0 updates its dependency 'numpy' to v1.23.1 to include security fixes.", - "cve": "CVE-2021-41495", - "id": "pyup.io-50125", - "more_info_path": "/vulnerabilities/CVE-2021-41495/50125", + "cve": "CVE-2021-41496", + "id": "pyup.io-50124", + "more_info_path": "/vulnerabilities/CVE-2021-41496/50124", "specs": [ "<5.3.0" ], @@ -98727,9 +100334,9 @@ }, { "advisory": "Pydbtools 5.3.0 updates its dependency 'numpy' to v1.23.1 to include security fixes.", - "cve": "CVE-2021-41496", - "id": "pyup.io-50124", - "more_info_path": "/vulnerabilities/CVE-2021-41496/50124", + "cve": "CVE-2021-41495", + "id": "pyup.io-50125", + "more_info_path": "/vulnerabilities/CVE-2021-41495/50125", "specs": [ "<5.3.0" ], @@ -98919,6 +100526,16 @@ ], "v": "<0.5.2" }, + { + "advisory": "Pyftpdlib 0.6.0 includes a fix for a path traversal vulnerability.\r\nhttps://github.com/giampaolo/pyftpdlib/commit/07cdcdb7f05ee465dcdcbe7f885c30c002dbaf0e", + "cve": "PVE-2023-61529", + "id": "pyup.io-61529", + "more_info_path": "/vulnerabilities/PVE-2023-61529/61529", + "specs": [ + "<0.6.0" + ], + "v": "<0.6.0" + }, { "advisory": "Pyftpdlib 1.5.2 improves SSL security by changing and disabling vulnerable defaults.\r\nhttps://github.com/giampaolo/pyftpdlib/commit/a889c8ecca6a2b0fd030985386cc3284eca5e7fb", "cve": "PVE-2021-34345", @@ -98939,6 +100556,16 @@ ], "v": ">=0,<0.1.1" }, + { + "advisory": "The ftp_PORT function in FTPServer.py in pyftpdlib before 0.2.0 does not prevent TCP connections to privileged ports if the destination IP address matches the source IP address of the connection from the FTP client, which might allow remote authenticated users to conduct FTP bounce attacks via crafted FTP data, as demonstrated by an FTP bounce attack against a NAT server, a related issue to CVE-1999-0017.", + "cve": "CVE-2007-6741", + "id": "pyup.io-53975", + "more_info_path": "/vulnerabilities/CVE-2007-6741/53975", + "specs": [ + ">=0,<0.2.0" + ], + "v": ">=0,<0.2.0" + }, { "advisory": "Multiple directory traversal vulnerabilities in FTPServer.py in pyftpdlib before 0.2.0 allow remote authenticated users to access arbitrary files and directories via a .. (dot dot) in a (1) LIST, (2) STOR, or (3) RETR command.", "cve": "CVE-2007-6736", @@ -98959,16 +100586,6 @@ ], "v": ">=0,<0.2.0" }, - { - "advisory": "FTPServer.py in pyftpdlib before 0.2.0 allows remote attackers to cause a denial of service via a long command.", - "cve": "CVE-2007-6739", - "id": "pyup.io-53973", - "more_info_path": "/vulnerabilities/CVE-2007-6739/53973", - "specs": [ - ">=0,<0.2.0" - ], - "v": ">=0,<0.2.0" - }, { "advisory": "The ftp_STOU function in FTPServer.py in pyftpdlib before 0.2.0 does not limit the number of attempts to discover a unique filename, which might allow remote authenticated users to cause a denial of service via a STOU command.", "cve": "CVE-2007-6740", @@ -98980,10 +100597,10 @@ "v": ">=0,<0.2.0" }, { - "advisory": "The ftp_PORT function in FTPServer.py in pyftpdlib before 0.2.0 does not prevent TCP connections to privileged ports if the destination IP address matches the source IP address of the connection from the FTP client, which might allow remote authenticated users to conduct FTP bounce attacks via crafted FTP data, as demonstrated by an FTP bounce attack against a NAT server, a related issue to CVE-1999-0017.", - "cve": "CVE-2007-6741", - "id": "pyup.io-53975", - "more_info_path": "/vulnerabilities/CVE-2007-6741/53975", + "advisory": "FTPServer.py in pyftpdlib before 0.2.0 allows remote attackers to cause a denial of service via a long command.", + "cve": "CVE-2007-6739", + "id": "pyup.io-53973", + "more_info_path": "/vulnerabilities/CVE-2007-6739/53973", "specs": [ ">=0,<0.2.0" ], @@ -99009,6 +100626,16 @@ ], "v": ">=0,<0.5.0" }, + { + "advisory": "Memory leak in the on_dtp_close function in ftpserver.py in pyftpdlib before 0.5.2 allows remote authenticated users to cause a denial of service (memory consumption) by sending a QUIT command during a data transfer.", + "cve": "CVE-2009-5013", + "id": "pyup.io-54047", + "more_info_path": "/vulnerabilities/CVE-2009-5013/54047", + "specs": [ + ">=0,<0.5.2" + ], + "v": ">=0,<0.5.2" + }, { "advisory": "ftpserver.py in pyftpdlib before 0.5.2 does not require the l permission for the MLST command, which allows remote authenticated users to bypass intended access restrictions and list the root directory via an FTP session.", "cve": "CVE-2009-5012", @@ -99028,16 +100655,6 @@ ">=0,<0.5.2" ], "v": ">=0,<0.5.2" - }, - { - "advisory": "Memory leak in the on_dtp_close function in ftpserver.py in pyftpdlib before 0.5.2 allows remote authenticated users to cause a denial of service (memory consumption) by sending a QUIT command during a data transfer.", - "cve": "CVE-2009-5013", - "id": "pyup.io-54047", - "more_info_path": "/vulnerabilities/CVE-2009-5013/54047", - "specs": [ - ">=0,<0.5.2" - ], - "v": ">=0,<0.5.2" } ], "pyftpdlib-ustcblog": [ @@ -99108,7 +100725,7 @@ ], "pygame": [ { - "advisory": "Pygame 2.5.2 updates its C dependency 'libwebp' to v1.3.2 to include a fix for a high risk vulnerability.\r\nhttps://github.com/pygame/pygame/commit/94d6c94eae1df106909ca61c18224849cd1f042e", + "advisory": "Pygame 2.5.2 updates its C dependency 'libwebp' to v1.3.2 to include a fix for a high-risk vulnerability.\r\nhttps://github.com/pygame/pygame/commit/94d6c94eae1df106909ca61c18224849cd1f042e", "cve": "CVE-2023-4863", "id": "pyup.io-61494", "more_info_path": "/vulnerabilities/CVE-2023-4863/61494", @@ -99118,6 +100735,18 @@ "v": "<2.5.2" } ], + "pygame-ce": [ + { + "advisory": "Pygame-ce 2.4.0.dev2 updates its C dependency 'libwebp' to v1.3.2 to include a fix for a high risk vulnerability.\r\nhttps://github.com/pygame-community/pygame-ce/commit/eb87abe40348b8d114d8e7040bcd6fb25d8bd66e", + "cve": "CVE-2023-4863", + "id": "pyup.io-61918", + "more_info_path": "/vulnerabilities/CVE-2023-4863/61918", + "specs": [ + "<2.4.0.dev2" + ], + "v": "<2.4.0.dev2" + } + ], "pyglove": [ { "advisory": "Pyglove 0.1.1 includes a fix for a Race Condition vulnerability.\r\nhttps://github.com/google/pyglove/pull/52", @@ -99798,7 +101427,7 @@ ], "pymisp": [ { - "advisory": "Pymisp 2.4.106 includes a fix for CVE-2019-11324: The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to use of the ssl_context, ca_certs, or ca_certs_dir argument.", + "advisory": "Pymisp 2.4.106 updates its dependency 'urllib3' to include a security fix.", "cve": "CVE-2019-11324", "id": "pyup.io-37292", "more_info_path": "/vulnerabilities/CVE-2019-11324/37292", @@ -100000,6 +101629,18 @@ "v": "<0.9.0" } ], + "pyogrio": [ + { + "advisory": "Pyogrio 0.6.0 and prior releases for Windows ship with a version of 'libcurl' that has a high-severity vulnerability.", + "cve": "CVE-2023-38545", + "id": "pyup.io-61775", + "more_info_path": "/vulnerabilities/CVE-2023-38545/61775", + "specs": [ + "<=0.6.0" + ], + "v": "<=0.6.0" + } + ], "pyopenssl": [ { "advisory": "The X509Extension in pyOpenSSL before 0.13.1 does not properly handle a '\\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.", @@ -100012,20 +101653,20 @@ "v": "<0.13.1" }, { - "advisory": "Pyopenssl 17.5.0 includes a fix for CVE-2018-1000807: Use After Free vulnerability in X509 object handling that can possibly lead to denial of service or remote code execution. This attack appears to be exploitable via Depends on the calling application and if it retains a reference to the memory.\r\nhttps://github.com/pyca/pyopenssl/pull/723", - "cve": "CVE-2018-1000807", - "id": "pyup.io-36533", - "more_info_path": "/vulnerabilities/CVE-2018-1000807/36533", + "advisory": "Pyopenssl 17.5.0 includes a fix for CVE-2018-1000808: Failure to Release Memory Before Removing Last Reference vulnerability in PKCS #12 store that can result in denial-of-service if memory runs low or is exhausted. This attack appears to be exploitable via Depends upon calling application, however it could be as simple as initiating a TLS connection. Anything that would cause the calling application to reload certificates from a PKCS #12 store.\r\nhttps://github.com/pyca/pyopenssl/pull/723", + "cve": "CVE-2018-1000808", + "id": "pyup.io-36534", + "more_info_path": "/vulnerabilities/CVE-2018-1000808/36534", "specs": [ ">=0.14,<17.5.0" ], "v": ">=0.14,<17.5.0" }, { - "advisory": "Pyopenssl 17.5.0 includes a fix for CVE-2018-1000808: Failure to Release Memory Before Removing Last Reference vulnerability in PKCS #12 store that can result in denial-of-service if memory runs low or is exhausted. This attack appears to be exploitable via Depends upon calling application, however it could be as simple as initiating a TLS connection. Anything that would cause the calling application to reload certificates from a PKCS #12 store.\r\nhttps://github.com/pyca/pyopenssl/pull/723", - "cve": "CVE-2018-1000808", - "id": "pyup.io-36534", - "more_info_path": "/vulnerabilities/CVE-2018-1000808/36534", + "advisory": "Pyopenssl 17.5.0 includes a fix for CVE-2018-1000807: Use After Free vulnerability in X509 object handling that can possibly lead to denial of service or remote code execution. This attack appears to be exploitable via Depends on the calling application and if it retains a reference to the memory.\r\nhttps://github.com/pyca/pyopenssl/pull/723", + "cve": "CVE-2018-1000807", + "id": "pyup.io-36533", + "more_info_path": "/vulnerabilities/CVE-2018-1000807/36533", "specs": [ ">=0.14,<17.5.0" ], @@ -100241,16 +101882,6 @@ ], "v": "<0.7.0" }, - { - "advisory": "Pyplanet 0.7.0 updates its dependency 'jinja2' to v2.10.1 to include a security fix.", - "cve": "CVE-2019-10906", - "id": "pyup.io-37476", - "more_info_path": "/vulnerabilities/CVE-2019-10906/37476", - "specs": [ - "<0.7.0" - ], - "v": "<0.7.0" - }, { "advisory": "Pyplanet 0.7.0 updates its dependency 'urllib3' to v1.25.3 to include security fixes.", "cve": "CVE-2019-11324", @@ -100270,6 +101901,16 @@ "<0.7.0" ], "v": "<0.7.0" + }, + { + "advisory": "Pyplanet 0.7.0 updates its dependency 'jinja2' to v2.10.1 to include a security fix.", + "cve": "CVE-2019-10906", + "id": "pyup.io-37476", + "more_info_path": "/vulnerabilities/CVE-2019-10906/37476", + "specs": [ + "<0.7.0" + ], + "v": "<0.7.0" } ], "pypostalcode": [ @@ -100770,7 +102411,7 @@ ], "pyrotools": [ { - "advisory": "Pyrotools 1.0.1 includes a fix for CVE-2019-11324: The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to use of the ssl_context, ca_certs, or ca_certs_dir argument.", + "advisory": "Pyrotools 1.0.1 updates its dependency 'urllib3' to v1.24.2 to include a security fix.", "cve": "CVE-2019-11324", "id": "pyup.io-37086", "more_info_path": "/vulnerabilities/CVE-2019-11324/37086", @@ -100931,9 +102572,9 @@ }, { "advisory": "Pyserini 0.11.0.0 and prior includes a version of Anserini affected by critical and severe vulnerabilities, related to log4j.", - "cve": "CVE-2021-45105", - "id": "pyup.io-43608", - "more_info_path": "/vulnerabilities/CVE-2021-45105/43608", + "cve": "CVE-2021-44832", + "id": "pyup.io-44462", + "more_info_path": "/vulnerabilities/CVE-2021-44832/44462", "specs": [ "<=0.11.0.0" ], @@ -100941,9 +102582,9 @@ }, { "advisory": "Pyserini 0.11.0.0 and prior includes a version of Anserini affected by critical and severe vulnerabilities, related to log4j.", - "cve": "CVE-2021-44832", - "id": "pyup.io-44462", - "more_info_path": "/vulnerabilities/CVE-2021-44832/44462", + "cve": "CVE-2021-45105", + "id": "pyup.io-43608", + "more_info_path": "/vulnerabilities/CVE-2021-45105/43608", "specs": [ "<=0.11.0.0" ], @@ -100982,6 +102623,16 @@ "<0.10.0" ], "v": "<0.10.0" + }, + { + "advisory": "Pysigma 0.2.1 pins certifi to version 2023.07.22 to address CVE-2023-37920.", + "cve": "CVE-2023-37920", + "id": "pyup.io-62059", + "more_info_path": "/vulnerabilities/CVE-2023-37920/62059", + "specs": [ + "<0.2.1" + ], + "v": "<0.2.1" } ], "pyslyte": [ @@ -102474,7 +104125,7 @@ "v": "<3.6.10,>=3.7.0a0,<3.7.6,>=3.8.0a0,<3.8.1" }, { - "advisory": "Python 3.6.11, 3.7.7 and 3.8.2 include a fix for CVE-2022-48560: Use After Free vulnerability.\r\nhttps://bugs.python.org/issue39421", + "advisory": "Python 3.6.11, 3.7.7 and 3.8.2 include a fix for CVE-2022-48560: Use After Free vulnerability via heappushpop in heapq.\r\nhttps://bugs.python.org/issue39421", "cve": "CVE-2022-48560", "id": "pyup.io-60628", "more_info_path": "/vulnerabilities/CVE-2022-48560/60628", @@ -103201,7 +104852,7 @@ "v": ">=3.11.0a1,<3.11.4" }, { - "advisory": "Python 3.8.18, 3.9.18, 3.10.13, 3.11.5 and 3.12.0rc2 include a fix for CVE-2023-40217: It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as \"not connected\" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.)\r\nhttps://github.com/python/cpython/issues/108310\r\nhttps://mail.python.org/archives/list/security-announce@python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY", + "advisory": "Python 3.8.18, 3.9.18, 3.10.13, 3.11.5 and 3.12.0rc2 include a fix for CVE-2023-40217: It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as \"not connected\" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.\r\nhttps://github.com/python/cpython/issues/108310\r\nhttps://mail.python.org/archives/list/security-announce@python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY", "cve": "CVE-2023-40217", "id": "pyup.io-60680", "more_info_path": "/vulnerabilities/CVE-2023-40217/60680", @@ -103278,20 +104929,6 @@ ], "v": ">=3.6.0a0,<3.6.11,>=3.7.0a0,<3.7.7,>=3.8.0a0,<3.8.2,>=3.9.0a0,<3.9.0a6,<2.7.17,>=3.0.0a0,<3.5.10" }, - { - "advisory": "Python 3.6.13, 3.7.10, 3.8.7, 3.9.1 and 3.10.0a3 include a fix for CVE-2022-48566: Observable Timing Discrepancy vulnerability in compare_digest in Lib/hmac.py. The fix includes constant-time-defeating optimizations were possible in the accumulator variable in hmac.compare_digest.\r\nhttps://bugs.python.org/issue40791", - "cve": "CVE-2022-48566", - "id": "pyup.io-60631", - "more_info_path": "/vulnerabilities/CVE-2022-48566/60631", - "specs": [ - ">=3.6.0a1,<3.6.13", - ">=3.7.0a1,<3.7.10", - ">=3.10.0a1,<3.10.0a3", - ">=3.8.0a1,<3.8.7", - ">=3.9.0a1,<3.9.1" - ], - "v": ">=3.6.0a1,<3.6.13,>=3.7.0a1,<3.7.10,>=3.10.0a1,<3.10.0a3,>=3.8.0a1,<3.8.7,>=3.9.0a1,<3.9.1" - }, { "advisory": "Python versions 3.6.13, 3.7.10, 3.8.8 and 3.9.2 include a fix for CVE-2021-23336: The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.\r\nhttps://bugs.python.org/issue42967\r\nhttps://github.com/python/cpython/pull/24297", "cve": "CVE-2021-23336", @@ -103342,6 +104979,20 @@ ], "v": ">=3.7.0a1,<3.7.10,==3.10.0a1,<3.6.13,>=3.8.0a1,<3.8.7,>=3.9.0a1,<3.9.1" }, + { + "advisory": "Python 3.6.13, 3.7.10, 3.8.7, 3.9.1 and 3.10.0a3 include a fix for CVE-2022-48566: Observable Timing Discrepancy vulnerability in compare_digest in Lib/hmac.py. The fix includes constant-time-defeating optimizations were possible in the accumulator variable in hmac.compare_digest.\r\nhttps://bugs.python.org/issue40791", + "cve": "CVE-2022-48566", + "id": "pyup.io-60631", + "more_info_path": "/vulnerabilities/CVE-2022-48566/60631", + "specs": [ + ">=3.7.0a1,<3.7.10", + ">=3.10.0a1,<3.10.0a3", + ">=3.8.0a1,<3.8.7", + ">=3.9.0a1,<3.9.1", + "<3.6.13" + ], + "v": ">=3.7.0a1,<3.7.10,>=3.10.0a1,<3.10.0a3,>=3.8.0a1,<3.8.7,>=3.9.0a1,<3.9.1,<3.6.13" + }, { "advisory": "Python 3.6.13, 3.7.10, 3.8.7 and 3.9.1 include a fix for CVE-2022-48564: read_ints in plistlib.py in Python is vulnerable to a potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format.\r\nhttps://bugs.python.org/issue42103", "cve": "CVE-2022-48564", @@ -103368,6 +105019,18 @@ "v": ">=3.8.0a0,<3.8.0,>=3.7.0a0,<3.7.4" } ], + "python-amazon-ad-api": [ + { + "advisory": "Python-amazon-ad-api 0.5.1 includes a security fix that could lead the application to crash.\r\nhttps://github.com/denisneuf/python-amazon-ad-api/pull/172", + "cve": "PVE-2023-61860", + "id": "pyup.io-61860", + "more_info_path": "/vulnerabilities/PVE-2023-61860/61860", + "specs": [ + "<0.5.1" + ], + "v": "<0.5.1" + } + ], "python-augeas": [ { "advisory": "The clone_file function in transfer.c in Augeas before 1.0.0, when copy_if_rename_fails is set and EXDEV or EBUSY is returned by the rename function, allows local users to overwrite arbitrary files and obtain sensitive information via a bind mount on the (1) .augsave or (2) destination file when using the backup save option, or (3) .augnew file when using the newfile save option.", @@ -103686,6 +105349,38 @@ "v": "==0.3.5,==0.3.6" } ], + "python-homewizard-energy": [ + { + "advisory": "Python-homewizard-energy 2.1.2 updates its dependency 'gitpython' to include a security fix.", + "cve": "CVE-2023-41040", + "id": "pyup.io-61751", + "more_info_path": "/vulnerabilities/CVE-2023-41040/61751", + "specs": [ + "<2.1.2" + ], + "v": "<2.1.2" + }, + { + "advisory": "Python-homewizard-energy 2.1.2 updates its dependency 'gitpython' to include a security fix.", + "cve": "CVE-2023-40590", + "id": "pyup.io-61780", + "more_info_path": "/vulnerabilities/CVE-2023-40590/61780", + "specs": [ + "<2.1.2" + ], + "v": "<2.1.2" + }, + { + "advisory": "Python-homewizard-energy 2.1.2 updates its dependency 'urllib3' to include a security fix.", + "cve": "CVE-2023-43804", + "id": "pyup.io-61779", + "more_info_path": "/vulnerabilities/CVE-2023-43804/61779", + "specs": [ + "<2.1.2" + ], + "v": "<2.1.2" + } + ], "python-incidentio-client": [ { "advisory": "Python-incidentio-client 0.10.0 updates its dependency 'httpx' to version '0.23.0' to include a fix for an Improper Input Validation vulnerability.\r\nhttps://github.com/expobrain/python-incidentio-client/commit/3170dc08b80f82d729164d24fc36e2989ac0f6d0\r\nhttps://github.com/advisories/GHSA-h8pj-cxx2-jfg2", @@ -104020,20 +105715,20 @@ "v": "<2016.1.a1" }, { - "advisory": "Python-openflow 2019.1b3 updates its dependency 'jinja2' to v2.10.1 to include a security fix.", - "cve": "CVE-2019-10906", - "id": "pyup.io-37224", - "more_info_path": "/vulnerabilities/CVE-2019-10906/37224", + "advisory": "Python-openflow 2019.1b3 updates its dependency 'urllib3' to v1.24.2 to include a security fix.", + "cve": "CVE-2019-11324", + "id": "pyup.io-44962", + "more_info_path": "/vulnerabilities/CVE-2019-11324/44962", "specs": [ "<2019.1b3" ], "v": "<2019.1b3" }, { - "advisory": "Python-openflow 2019.1b3 updates its dependency 'urllib3' to v1.24.2 to include a security fix.", - "cve": "CVE-2019-11324", - "id": "pyup.io-44962", - "more_info_path": "/vulnerabilities/CVE-2019-11324/44962", + "advisory": "Python-openflow 2019.1b3 updates its dependency 'jinja2' to v2.10.1 to include a security fix.", + "cve": "CVE-2019-10906", + "id": "pyup.io-37224", + "more_info_path": "/vulnerabilities/CVE-2019-10906/37224", "specs": [ "<2019.1b3" ], @@ -104112,6 +105807,16 @@ ], "v": "<2.11.0" }, + { + "advisory": "Python-saml 2.11.0 updates its dependency 'lxml' requirement to \">=4.7.1\" to include security fixes.", + "cve": "PVE-2021-39195", + "id": "pyup.io-50743", + "more_info_path": "/vulnerabilities/PVE-2021-39195/50743", + "specs": [ + "<2.11.0" + ], + "v": "<2.11.0" + }, { "advisory": "Python-saml 2.11.0 updates its dependency 'lxml' requirement to \">=4.7.1\" to include security fixes.", "cve": "CVE-2020-27783", @@ -104142,16 +105847,6 @@ ], "v": "<2.11.0" }, - { - "advisory": "Python-saml 2.11.0 updates its dependency 'lxml' requirement to \">=4.7.1\" to include security fixes.", - "cve": "PVE-2021-39195", - "id": "pyup.io-50743", - "more_info_path": "/vulnerabilities/PVE-2021-39195/50743", - "specs": [ - "<2.11.0" - ], - "v": "<2.11.0" - }, { "advisory": "Python-saml 2.11.0 updates its dependency 'lxml' requirement to \">=4.7.1\" to include security fixes.", "cve": "CVE-2021-43818", @@ -104386,16 +106081,6 @@ } ], "python3-saml": [ - { - "advisory": "Python3-saml 1.13.0 updates its dependency 'lxml' to v4.7.0 to include security fixes.", - "cve": "CVE-2021-43818", - "id": "pyup.io-44754", - "more_info_path": "/vulnerabilities/CVE-2021-43818/44754", - "specs": [ - "<1.13.0" - ], - "v": "<1.13.0" - }, { "advisory": "Python3-saml 1.13.0 sets sha256 and rsa-sha256 as default algorithms.\r\nhttps://github.com/onelogin/python3-saml/pull/296", "cve": "PVE-2022-44711", @@ -104426,6 +106111,16 @@ ], "v": "<1.13.0" }, + { + "advisory": "Python3-saml 1.13.0 updates its dependency 'lxml' to v4.7.0 to include security fixes.", + "cve": "CVE-2021-43818", + "id": "pyup.io-44754", + "more_info_path": "/vulnerabilities/CVE-2021-43818/44754", + "specs": [ + "<1.13.0" + ], + "v": "<1.13.0" + }, { "advisory": "Python3-saml 1.13.0 updates its dependency 'lxml' to v4.7.0 to include security fixes.", "cve": "CVE-2020-27783", @@ -104563,9 +106258,9 @@ }, { "advisory": "Pytorch-lightning 1.6.0 updates its dependency 'pyyaml' to v5.4 and uses yaml.safe_load() to fix code execution vulnerabilities.", - "cve": "CVE-2020-14343", - "id": "pyup.io-43752", - "more_info_path": "/vulnerabilities/CVE-2020-14343/43752", + "cve": "CVE-2020-1747", + "id": "pyup.io-43581", + "more_info_path": "/vulnerabilities/CVE-2020-1747/43581", "specs": [ "<1.6.0" ], @@ -104573,29 +106268,29 @@ }, { "advisory": "Pytorch-lightning 1.6.0 updates its dependency 'pyyaml' to v5.4 and uses yaml.safe_load() to fix code execution vulnerabilities.", - "cve": "CVE-2020-1747", - "id": "pyup.io-43581", - "more_info_path": "/vulnerabilities/CVE-2020-1747/43581", + "cve": "CVE-2020-14343", + "id": "pyup.io-43752", + "more_info_path": "/vulnerabilities/CVE-2020-14343/43752", "specs": [ "<1.6.0" ], "v": "<1.6.0" }, { - "advisory": "PyTorch Lightning version 1.5.10 and prior is vulnerable to code injection. An attacker could execute commands on the target OS running the operating system by setting the `PL_TRAINER_GPUS` when using the `Trainer` module. A [patch](https://github.com/pytorchlightning/pytorch-lightning/commit/8b7a12c52e52a06408e9231647839ddb4665e8ae) is included in the `1.6.0` release.\r\nAffected functions:\r\npytorch_lightning.utilities.argparse.parse_env_variables", - "cve": "CVE-2022-0845", - "id": "pyup.io-54685", - "more_info_path": "/vulnerabilities/CVE-2022-0845/54685", + "advisory": "Pytorch-lightning before 1.6.0 is vulnerable to Deserialization of Untrusted Data.", + "cve": "CVE-2021-4118", + "id": "pyup.io-54698", + "more_info_path": "/vulnerabilities/CVE-2021-4118/54698", "specs": [ ">=0,<1.6.0" ], "v": ">=0,<1.6.0" }, { - "advisory": "Pytorch-lightning before 1.6.0 is vulnerable to Deserialization of Untrusted Data.", - "cve": "CVE-2021-4118", - "id": "pyup.io-54698", - "more_info_path": "/vulnerabilities/CVE-2021-4118/54698", + "advisory": "PyTorch Lightning version 1.5.10 and prior is vulnerable to code injection. An attacker could execute commands on the target OS running the operating system by setting the `PL_TRAINER_GPUS` when using the `Trainer` module. A [patch](https://github.com/pytorchlightning/pytorch-lightning/commit/8b7a12c52e52a06408e9231647839ddb4665e8ae) is included in the `1.6.0` release.\r\nAffected functions:\r\npytorch_lightning.utilities.argparse.parse_env_variables", + "cve": "CVE-2022-0845", + "id": "pyup.io-54685", + "more_info_path": "/vulnerabilities/CVE-2022-0845/54685", "specs": [ ">=0,<1.6.0" ], @@ -105117,9 +106812,9 @@ }, { "advisory": "Pywikibot 6.1.0 updates its dependency 'Pillow' to versions >=8.1.1 to include security fixes.", - "cve": "CVE-2020-10994", - "id": "pyup.io-46449", - "more_info_path": "/vulnerabilities/CVE-2020-10994/46449", + "cve": "CVE-2021-25289", + "id": "pyup.io-46438", + "more_info_path": "/vulnerabilities/CVE-2021-25289/46438", "specs": [ "<6.1.0" ], @@ -105147,9 +106842,9 @@ }, { "advisory": "Pywikibot 6.1.0 updates its dependency 'Pillow' to versions >=8.1.1 to include security fixes.", - "cve": "CVE-2021-25289", - "id": "pyup.io-46438", - "more_info_path": "/vulnerabilities/CVE-2021-25289/46438", + "cve": "CVE-2020-10379", + "id": "pyup.io-40579", + "more_info_path": "/vulnerabilities/CVE-2020-10379/40579", "specs": [ "<6.1.0" ], @@ -105157,9 +106852,9 @@ }, { "advisory": "Pywikibot 6.1.0 updates its dependency 'Pillow' to versions >=8.1.1 to include security fixes.", - "cve": "CVE-2020-10379", - "id": "pyup.io-40579", - "more_info_path": "/vulnerabilities/CVE-2020-10379/40579", + "cve": "CVE-2020-11538", + "id": "pyup.io-46450", + "more_info_path": "/vulnerabilities/CVE-2020-11538/46450", "specs": [ "<6.1.0" ], @@ -105185,16 +106880,6 @@ ], "v": "<6.1.0" }, - { - "advisory": "Pywikibot 6.1.0 updates its dependency 'Pillow' to versions >=8.1.1 to include security fixes.", - "cve": "CVE-2020-11538", - "id": "pyup.io-46450", - "more_info_path": "/vulnerabilities/CVE-2020-11538/46450", - "specs": [ - "<6.1.0" - ], - "v": "<6.1.0" - }, { "advisory": "Pywikibot 6.1.0 updates its dependency 'Pillow' to versions >=8.1.1 to include security fixes.", "cve": "CVE-2021-25290", @@ -105207,9 +106892,9 @@ }, { "advisory": "Pywikibot 6.1.0 updates its dependency 'Pillow' to versions >=8.1.1 to include security fixes.", - "cve": "CVE-2020-15999", - "id": "pyup.io-46445", - "more_info_path": "/vulnerabilities/CVE-2020-15999/46445", + "cve": "CVE-2020-10378", + "id": "pyup.io-46437", + "more_info_path": "/vulnerabilities/CVE-2020-10378/46437", "specs": [ "<6.1.0" ], @@ -105217,9 +106902,9 @@ }, { "advisory": "Pywikibot 6.1.0 updates its dependency 'Pillow' to versions >=8.1.1 to include security fixes.", - "cve": "CVE-2020-10378", - "id": "pyup.io-46437", - "more_info_path": "/vulnerabilities/CVE-2020-10378/46437", + "cve": "CVE-2021-27922", + "id": "pyup.io-46444", + "more_info_path": "/vulnerabilities/CVE-2021-27922/46444", "specs": [ "<6.1.0" ], @@ -105227,9 +106912,9 @@ }, { "advisory": "Pywikibot 6.1.0 updates its dependency 'Pillow' to versions >=8.1.1 to include security fixes.", - "cve": "CVE-2021-27923", - "id": "pyup.io-46451", - "more_info_path": "/vulnerabilities/CVE-2021-27923/46451", + "cve": "CVE-2021-27921", + "id": "pyup.io-46443", + "more_info_path": "/vulnerabilities/CVE-2021-27921/46443", "specs": [ "<6.1.0" ], @@ -105237,9 +106922,9 @@ }, { "advisory": "Pywikibot 6.1.0 updates its dependency 'Pillow' to versions >=8.1.1 to include security fixes.", - "cve": "CVE-2021-27922", - "id": "pyup.io-46444", - "more_info_path": "/vulnerabilities/CVE-2021-27922/46444", + "cve": "CVE-2021-25293", + "id": "pyup.io-46442", + "more_info_path": "/vulnerabilities/CVE-2021-25293/46442", "specs": [ "<6.1.0" ], @@ -105267,9 +106952,9 @@ }, { "advisory": "Pywikibot 6.1.0 updates its dependency 'Pillow' to versions >=8.1.1 to include security fixes.", - "cve": "CVE-2021-25293", - "id": "pyup.io-46442", - "more_info_path": "/vulnerabilities/CVE-2021-25293/46442", + "cve": "CVE-2021-27923", + "id": "pyup.io-46451", + "more_info_path": "/vulnerabilities/CVE-2021-27923/46451", "specs": [ "<6.1.0" ], @@ -105277,9 +106962,19 @@ }, { "advisory": "Pywikibot 6.1.0 updates its dependency 'Pillow' to versions >=8.1.1 to include security fixes.", - "cve": "CVE-2021-27921", - "id": "pyup.io-46443", - "more_info_path": "/vulnerabilities/CVE-2021-27921/46443", + "cve": "CVE-2020-15999", + "id": "pyup.io-46445", + "more_info_path": "/vulnerabilities/CVE-2020-15999/46445", + "specs": [ + "<6.1.0" + ], + "v": "<6.1.0" + }, + { + "advisory": "Pywikibot 6.1.0 updates its dependency 'Pillow' to versions >=8.1.1 to include security fixes.", + "cve": "CVE-2020-10994", + "id": "pyup.io-46449", + "more_info_path": "/vulnerabilities/CVE-2020-10994/46449", "specs": [ "<6.1.0" ], @@ -105332,6 +107027,18 @@ "v": "<1.0.19" } ], + "pywry": [ + { + "advisory": "Pywry 0.6.2 updates its C dependency 'libwebp' to include a fix for a high-risk vulnerability.\r\nhttps://github.com/OpenBB-finance/pywry/pull/99", + "cve": "CVE-2023-4863", + "id": "pyup.io-61928", + "more_info_path": "/vulnerabilities/CVE-2023-4863/61928", + "specs": [ + "<0.6.2" + ], + "v": "<0.6.2" + } + ], "pyxdsm": [ { "advisory": "Pyxdsm version 2.2.0 includes a security patch for the function '_write_tikz' in 'pyxdsm/matrix_eqn.py'. It contained an OS injection vulnerability: unsafe use of os.system().\r\nhttps://github.com/mdolab/pyXDSM/commit/9c59eb6764e64907c7c103f15bb3dee109ea24a7#diff-9489c2e554d0f234b6dd3212dafdbdd069df6e93d4046ece0921f04bacc15b70", @@ -105562,6 +107269,18 @@ "v": ">=0.0.0" } ], + "qmp": [ + { + "advisory": "qemu-kvm before 0.11.0 disables VNC authentication when the password is cleared, which allows remote attackers to bypass authentication and establish VNC sessions.", + "cve": "CVE-2011-0011", + "id": "pyup.io-62103", + "more_info_path": "/vulnerabilities/CVE-2011-0011/62103", + "specs": [ + "<0.11.0" + ], + "v": "<0.11.0" + } + ], "qne-adk": [ { "advisory": "Qne-adk 0.3.0 includes a fix for CVE-2007-4559, a path traversal vulnerability.\r\nhttps://github.com/QuTech-Delft/qne-adk/commit/75f978c2c976cb59181b7741d2be623e9265636a", @@ -105639,6 +107358,16 @@ } ], "qpid-python": [ + { + "advisory": "Apache Qpid before 0.16 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.", + "cve": "CVE-2011-3620", + "id": "pyup.io-62094", + "more_info_path": "/vulnerabilities/CVE-2011-3620/62094", + "specs": [ + "<0.16" + ], + "v": "<0.16" + }, { "advisory": "Qpid-python 0.22 includes a fix for CVE-2013-1909: The Python client in Apache Qpid before 0.22 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.\r\nhttps://issues.apache.org/jira/browse/QPID-4918", "cve": "CVE-2013-1909", @@ -105648,6 +107377,16 @@ "<0.22" ], "v": "<0.22" + }, + { + "advisory": "sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.", + "cve": "CVE-2010-3083", + "id": "pyup.io-61705", + "more_info_path": "/vulnerabilities/CVE-2010-3083/61705", + "specs": [ + "<1.2.2" + ], + "v": "<1.2.2" } ], "quandl-fund-xlsx": [ @@ -106137,16 +107876,6 @@ } ], "rapidtide": [ - { - "advisory": "Rapidtide 2.0.2 starts to require the 'Tensorflow' 2.4.0 or above to address security issues.", - "cve": "CVE-2020-15210", - "id": "pyup.io-48375", - "more_info_path": "/vulnerabilities/CVE-2020-15210/48375", - "specs": [ - "<2.0.2" - ], - "v": "<2.0.2" - }, { "advisory": "Rapidtide 2.0.2 starts to require the 'Tensorflow' 2.4.0 or above to address security issues.", "cve": "CVE-2019-19244", @@ -106169,19 +107898,9 @@ }, { "advisory": "Rapidtide 2.0.2 starts to require the 'Tensorflow' 2.4.0 or above to address security issues.", - "cve": "CVE-2020-13631", - "id": "pyup.io-48360", - "more_info_path": "/vulnerabilities/CVE-2020-13631/48360", - "specs": [ - "<2.0.2" - ], - "v": "<2.0.2" - }, - { - "advisory": "Rapidtide 2.0.2 starts to require the 'Tensorflow' 2.4.0 or above to address security issues.", - "cve": "CVE-2019-5482", - "id": "pyup.io-48354", - "more_info_path": "/vulnerabilities/CVE-2019-5482/48354", + "cve": "CVE-2020-26267", + "id": "pyup.io-48380", + "more_info_path": "/vulnerabilities/CVE-2020-26267/48380", "specs": [ "<2.0.2" ], @@ -106219,9 +107938,9 @@ }, { "advisory": "Rapidtide 2.0.2 starts to require the 'Tensorflow' 2.4.0 or above to address security issues.", - "cve": "CVE-2020-15195", - "id": "pyup.io-48366", - "more_info_path": "/vulnerabilities/CVE-2020-15195/48366", + "cve": "CVE-2020-15208", + "id": "pyup.io-48373", + "more_info_path": "/vulnerabilities/CVE-2020-15208/48373", "specs": [ "<2.0.2" ], @@ -106229,9 +107948,9 @@ }, { "advisory": "Rapidtide 2.0.2 starts to require the 'Tensorflow' 2.4.0 or above to address security issues.", - "cve": "CVE-2020-26267", - "id": "pyup.io-48380", - "more_info_path": "/vulnerabilities/CVE-2020-26267/48380", + "cve": "CVE-2020-15358", + "id": "pyup.io-48378", + "more_info_path": "/vulnerabilities/CVE-2020-15358/48378", "specs": [ "<2.0.2" ], @@ -106239,9 +107958,9 @@ }, { "advisory": "Rapidtide 2.0.2 starts to require the 'Tensorflow' 2.4.0 or above to address security issues.", - "cve": "CVE-2020-13435", - "id": "pyup.io-48358", - "more_info_path": "/vulnerabilities/CVE-2020-13435/48358", + "cve": "CVE-2020-15206", + "id": "pyup.io-48371", + "more_info_path": "/vulnerabilities/CVE-2020-15206/48371", "specs": [ "<2.0.2" ], @@ -106249,9 +107968,9 @@ }, { "advisory": "Rapidtide 2.0.2 starts to require the 'Tensorflow' 2.4.0 or above to address security issues.", - "cve": "CVE-2020-15208", - "id": "pyup.io-48373", - "more_info_path": "/vulnerabilities/CVE-2020-15208/48373", + "cve": "CVE-2020-13434", + "id": "pyup.io-48357", + "more_info_path": "/vulnerabilities/CVE-2020-13434/48357", "specs": [ "<2.0.2" ], @@ -106259,9 +107978,9 @@ }, { "advisory": "Rapidtide 2.0.2 starts to require the 'Tensorflow' 2.4.0 or above to address security issues.", - "cve": "CVE-2019-16168", - "id": "pyup.io-48347", - "more_info_path": "/vulnerabilities/CVE-2019-16168/48347", + "cve": "CVE-2020-26270", + "id": "pyup.io-48382", + "more_info_path": "/vulnerabilities/CVE-2020-26270/48382", "specs": [ "<2.0.2" ], @@ -106269,9 +107988,9 @@ }, { "advisory": "Rapidtide 2.0.2 starts to require the 'Tensorflow' 2.4.0 or above to address security issues.", - "cve": "CVE-2020-26271", - "id": "pyup.io-48383", - "more_info_path": "/vulnerabilities/CVE-2020-26271/48383", + "cve": "CVE-2020-15209", + "id": "pyup.io-48374", + "more_info_path": "/vulnerabilities/CVE-2020-15209/48374", "specs": [ "<2.0.2" ], @@ -106279,9 +107998,9 @@ }, { "advisory": "Rapidtide 2.0.2 starts to require the 'Tensorflow' 2.4.0 or above to address security issues.", - "cve": "CVE-2018-11770", - "id": "pyup.io-40991", - "more_info_path": "/vulnerabilities/CVE-2018-11770/40991", + "cve": "CVE-2020-13790", + "id": "pyup.io-48361", + "more_info_path": "/vulnerabilities/CVE-2020-13790/48361", "specs": [ "<2.0.2" ], @@ -106289,9 +108008,9 @@ }, { "advisory": "Rapidtide 2.0.2 starts to require the 'Tensorflow' 2.4.0 or above to address security issues.", - "cve": "CVE-2019-10099", - "id": "pyup.io-48344", - "more_info_path": "/vulnerabilities/CVE-2019-10099/48344", + "cve": "CVE-2020-26266", + "id": "pyup.io-48379", + "more_info_path": "/vulnerabilities/CVE-2020-26266/48379", "specs": [ "<2.0.2" ], @@ -106299,9 +108018,9 @@ }, { "advisory": "Rapidtide 2.0.2 starts to require the 'Tensorflow' 2.4.0 or above to address security issues.", - "cve": "CVE-2020-15358", - "id": "pyup.io-48378", - "more_info_path": "/vulnerabilities/CVE-2020-15358/48378", + "cve": "CVE-2020-15207", + "id": "pyup.io-48372", + "more_info_path": "/vulnerabilities/CVE-2020-15207/48372", "specs": [ "<2.0.2" ], @@ -106309,9 +108028,9 @@ }, { "advisory": "Rapidtide 2.0.2 starts to require the 'Tensorflow' 2.4.0 or above to address security issues.", - "cve": "CVE-2019-19645", - "id": "pyup.io-48349", - "more_info_path": "/vulnerabilities/CVE-2019-19645/48349", + "cve": "CVE-2020-15202", + "id": "pyup.io-48367", + "more_info_path": "/vulnerabilities/CVE-2020-15202/48367", "specs": [ "<2.0.2" ], @@ -106319,9 +108038,9 @@ }, { "advisory": "Rapidtide 2.0.2 starts to require the 'Tensorflow' 2.4.0 or above to address security issues.", - "cve": "CVE-2019-19646", - "id": "pyup.io-48350", - "more_info_path": "/vulnerabilities/CVE-2019-19646/48350", + "cve": "CVE-2020-13435", + "id": "pyup.io-48358", + "more_info_path": "/vulnerabilities/CVE-2020-13435/48358", "specs": [ "<2.0.2" ], @@ -106329,9 +108048,9 @@ }, { "advisory": "Rapidtide 2.0.2 starts to require the 'Tensorflow' 2.4.0 or above to address security issues.", - "cve": "CVE-2020-15194", - "id": "pyup.io-48365", - "more_info_path": "/vulnerabilities/CVE-2020-15194/48365", + "cve": "CVE-2019-16168", + "id": "pyup.io-48347", + "more_info_path": "/vulnerabilities/CVE-2019-16168/48347", "specs": [ "<2.0.2" ], @@ -106339,9 +108058,39 @@ }, { "advisory": "Rapidtide 2.0.2 starts to require the 'Tensorflow' 2.4.0 or above to address security issues.", - "cve": "CVE-2020-15206", - "id": "pyup.io-48371", - "more_info_path": "/vulnerabilities/CVE-2020-15206/48371", + "cve": "CVE-2018-11770", + "id": "pyup.io-40991", + "more_info_path": "/vulnerabilities/CVE-2018-11770/40991", + "specs": [ + "<2.0.2" + ], + "v": "<2.0.2" + }, + { + "advisory": "Rapidtide 2.0.2 starts to require the 'Tensorflow' 2.4.0 or above to address security issues.", + "cve": "CVE-2019-10099", + "id": "pyup.io-48344", + "more_info_path": "/vulnerabilities/CVE-2019-10099/48344", + "specs": [ + "<2.0.2" + ], + "v": "<2.0.2" + }, + { + "advisory": "Rapidtide 2.0.2 starts to require the 'Tensorflow' 2.4.0 or above to address security issues.", + "cve": "CVE-2019-19645", + "id": "pyup.io-48349", + "more_info_path": "/vulnerabilities/CVE-2019-19645/48349", + "specs": [ + "<2.0.2" + ], + "v": "<2.0.2" + }, + { + "advisory": "Rapidtide 2.0.2 starts to require the 'Tensorflow' 2.4.0 or above to address security issues.", + "cve": "CVE-2020-15194", + "id": "pyup.io-48365", + "more_info_path": "/vulnerabilities/CVE-2020-15194/48365", "specs": [ "<2.0.2" ], @@ -106367,6 +108116,76 @@ ], "v": "<2.0.2" }, + { + "advisory": "Rapidtide 2.0.2 starts to require the 'Tensorflow' 2.4.0 or above to address security issues.", + "cve": "CVE-2020-5215", + "id": "pyup.io-48384", + "more_info_path": "/vulnerabilities/CVE-2020-5215/48384", + "specs": [ + "<2.0.2" + ], + "v": "<2.0.2" + }, + { + "advisory": "Rapidtide 2.0.2 starts to require the 'Tensorflow' 2.4.0 or above to address security issues.", + "cve": "CVE-2020-15210", + "id": "pyup.io-48375", + "more_info_path": "/vulnerabilities/CVE-2020-15210/48375", + "specs": [ + "<2.0.2" + ], + "v": "<2.0.2" + }, + { + "advisory": "Rapidtide 2.0.2 starts to require the 'Tensorflow' 2.4.0 or above to address security issues.", + "cve": "CVE-2020-13631", + "id": "pyup.io-48360", + "more_info_path": "/vulnerabilities/CVE-2020-13631/48360", + "specs": [ + "<2.0.2" + ], + "v": "<2.0.2" + }, + { + "advisory": "Rapidtide 2.0.2 starts to require the 'Tensorflow' 2.4.0 or above to address security issues.", + "cve": "CVE-2019-5482", + "id": "pyup.io-48354", + "more_info_path": "/vulnerabilities/CVE-2019-5482/48354", + "specs": [ + "<2.0.2" + ], + "v": "<2.0.2" + }, + { + "advisory": "Rapidtide 2.0.2 starts to require the 'Tensorflow' 2.4.0 or above to address security issues.", + "cve": "CVE-2020-15195", + "id": "pyup.io-48366", + "more_info_path": "/vulnerabilities/CVE-2020-15195/48366", + "specs": [ + "<2.0.2" + ], + "v": "<2.0.2" + }, + { + "advisory": "Rapidtide 2.0.2 starts to require the 'Tensorflow' 2.4.0 or above to address security issues.", + "cve": "CVE-2020-26271", + "id": "pyup.io-48383", + "more_info_path": "/vulnerabilities/CVE-2020-26271/48383", + "specs": [ + "<2.0.2" + ], + "v": "<2.0.2" + }, + { + "advisory": "Rapidtide 2.0.2 starts to require the 'Tensorflow' 2.4.0 or above to address security issues.", + "cve": "CVE-2019-19646", + "id": "pyup.io-48350", + "more_info_path": "/vulnerabilities/CVE-2019-19646/48350", + "specs": [ + "<2.0.2" + ], + "v": "<2.0.2" + }, { "advisory": "Rapidtide 2.0.2 starts to require the 'Tensorflow' 2.4.0 or above to address security issues.", "cve": "CVE-2020-15250", @@ -106379,9 +108198,9 @@ }, { "advisory": "Rapidtide 2.0.2 starts to require the 'Tensorflow' 2.4.0 or above to address security issues.", - "cve": "CVE-2020-5215", - "id": "pyup.io-48384", - "more_info_path": "/vulnerabilities/CVE-2020-5215/48384", + "cve": "CVE-2020-15190", + "id": "pyup.io-48364", + "more_info_path": "/vulnerabilities/CVE-2020-15190/48364", "specs": [ "<2.0.2" ], @@ -106389,9 +108208,9 @@ }, { "advisory": "Rapidtide 2.0.2 starts to require the 'Tensorflow' 2.4.0 or above to address security issues.", - "cve": "CVE-2020-13434", - "id": "pyup.io-48357", - "more_info_path": "/vulnerabilities/CVE-2020-13434/48357", + "cve": "CVE-2018-17190", + "id": "pyup.io-48341", + "more_info_path": "/vulnerabilities/CVE-2018-17190/48341", "specs": [ "<2.0.2" ], @@ -106417,16 +108236,6 @@ ], "v": "<2.0.2" }, - { - "advisory": "Rapidtide 2.0.2 starts to require the 'Tensorflow' 2.4.0 or above to address security issues.", - "cve": "CVE-2020-15209", - "id": "pyup.io-48374", - "more_info_path": "/vulnerabilities/CVE-2020-15209/48374", - "specs": [ - "<2.0.2" - ], - "v": "<2.0.2" - }, { "advisory": "Rapidtide 2.0.2 starts to require the 'Tensorflow' 2.4.0 or above to address security issues.", "cve": "CVE-2020-11655", @@ -106447,16 +108256,6 @@ ], "v": "<2.0.2" }, - { - "advisory": "Rapidtide 2.0.2 starts to require the 'Tensorflow' 2.4.0 or above to address security issues.", - "cve": "CVE-2020-13790", - "id": "pyup.io-48361", - "more_info_path": "/vulnerabilities/CVE-2020-13790/48361", - "specs": [ - "<2.0.2" - ], - "v": "<2.0.2" - }, { "advisory": "Rapidtide 2.0.2 starts to require the 'Tensorflow' 2.4.0 or above to address security issues.", "cve": "CVE-2020-13871", @@ -106487,16 +108286,6 @@ ], "v": "<2.0.2" }, - { - "advisory": "Rapidtide 2.0.2 starts to require the 'Tensorflow' 2.4.0 or above to address security issues.", - "cve": "CVE-2020-26266", - "id": "pyup.io-48379", - "more_info_path": "/vulnerabilities/CVE-2020-26266/48379", - "specs": [ - "<2.0.2" - ], - "v": "<2.0.2" - }, { "advisory": "Rapidtide 2.0.2 starts to require the 'Tensorflow' 2.4.0 or above to address security issues.", "cve": "CVE-2020-15203", @@ -106507,16 +108296,6 @@ ], "v": "<2.0.2" }, - { - "advisory": "Rapidtide 2.0.2 starts to require the 'Tensorflow' 2.4.0 or above to address security issues.", - "cve": "CVE-2020-15207", - "id": "pyup.io-48372", - "more_info_path": "/vulnerabilities/CVE-2020-15207/48372", - "specs": [ - "<2.0.2" - ], - "v": "<2.0.2" - }, { "advisory": "Rapidtide 2.0.2 starts to require the 'Tensorflow' 2.4.0 or above to address security issues.", "cve": "CVE-2020-15204", @@ -106537,16 +108316,6 @@ ], "v": "<2.0.2" }, - { - "advisory": "Rapidtide 2.0.2 starts to require the 'Tensorflow' 2.4.0 or above to address security issues.", - "cve": "CVE-2020-15202", - "id": "pyup.io-48367", - "more_info_path": "/vulnerabilities/CVE-2020-15202/48367", - "specs": [ - "<2.0.2" - ], - "v": "<2.0.2" - }, { "advisory": "Rapidtide 2.0.2 starts to require the 'Tensorflow' 2.4.0 or above to address security issues.", "cve": "CVE-2020-14155", @@ -106558,34 +108327,24 @@ "v": "<2.0.2" }, { - "advisory": "Rapidtide 2.0.2 starts to require the 'Tensorflow' 2.4.0 or above to address security issues.", - "cve": "CVE-2020-15190", - "id": "pyup.io-48364", - "more_info_path": "/vulnerabilities/CVE-2020-15190/48364", - "specs": [ - "<2.0.2" - ], - "v": "<2.0.2" - }, - { - "advisory": "Rapidtide 2.0.2 starts to require the 'Tensorflow' 2.4.0 or above to address security issues.", - "cve": "CVE-2020-26270", - "id": "pyup.io-48382", - "more_info_path": "/vulnerabilities/CVE-2020-26270/48382", + "advisory": "Rapidtide 2.6.5 updates its dependency 'urllib3' to v2.0.6 to include a security fix.", + "cve": "CVE-2023-43804", + "id": "pyup.io-61598", + "more_info_path": "/vulnerabilities/CVE-2023-43804/61598", "specs": [ - "<2.0.2" + "<2.6.5" ], - "v": "<2.0.2" + "v": "<2.6.5" }, { - "advisory": "Rapidtide 2.0.2 starts to require the 'Tensorflow' 2.4.0 or above to address security issues.", - "cve": "CVE-2018-17190", - "id": "pyup.io-48341", - "more_info_path": "/vulnerabilities/CVE-2018-17190/48341", + "advisory": "Rapidtide 2.6.5 updates its dependency 'pillow' to v10.0.1 to include a security fix.", + "cve": "CVE-2023-4863", + "id": "pyup.io-61647", + "more_info_path": "/vulnerabilities/CVE-2023-4863/61647", "specs": [ - "<2.0.2" + "<2.6.5" ], - "v": "<2.0.2" + "v": "<2.6.5" }, { "advisory": "Rapidtide 2.2.5 and prior may use a version of TensorFlow (2.4.0) affected by known vulnerabilities.", @@ -106653,9 +108412,9 @@ }, { "advisory": "Rasa 2.8.13 and 3.0.0rc2 update its dependency 'Tensorflow' to v2.6.2 and v2.6.1 respectively to include security fixes.", - "cve": "CVE-2021-41207", - "id": "pyup.io-46937", - "more_info_path": "/vulnerabilities/CVE-2021-41207/46937", + "cve": "CVE-2021-41223", + "id": "pyup.io-46953", + "more_info_path": "/vulnerabilities/CVE-2021-41223/46953", "specs": [ "<2.8.13", ">=3.0.0rc1,<3.0.0rc2" @@ -106664,9 +108423,9 @@ }, { "advisory": "Rasa 2.8.13 and 3.0.0rc2 update its dependency 'Tensorflow' to v2.6.2 and v2.6.1 respectively to include security fixes.", - "cve": "CVE-2021-41228", - "id": "pyup.io-46958", - "more_info_path": "/vulnerabilities/CVE-2021-41228/46958", + "cve": "CVE-2021-22922", + "id": "pyup.io-46882", + "more_info_path": "/vulnerabilities/CVE-2021-22922/46882", "specs": [ "<2.8.13", ">=3.0.0rc1,<3.0.0rc2" @@ -106675,9 +108434,9 @@ }, { "advisory": "Rasa 2.8.13 and 3.0.0rc2 update its dependency 'Tensorflow' to v2.6.2 and v2.6.1 respectively to include security fixes.", - "cve": "CVE-2021-22924", - "id": "pyup.io-46922", - "more_info_path": "/vulnerabilities/CVE-2021-22924/46922", + "cve": "CVE-2021-41212", + "id": "pyup.io-46942", + "more_info_path": "/vulnerabilities/CVE-2021-41212/46942", "specs": [ "<2.8.13", ">=3.0.0rc1,<3.0.0rc2" @@ -106686,9 +108445,9 @@ }, { "advisory": "Rasa 2.8.13 and 3.0.0rc2 update its dependency 'Tensorflow' to v2.6.2 and v2.6.1 respectively to include security fixes.", - "cve": "CVE-2021-41204", - "id": "pyup.io-46934", - "more_info_path": "/vulnerabilities/CVE-2021-41204/46934", + "cve": "CVE-2021-41210", + "id": "pyup.io-46940", + "more_info_path": "/vulnerabilities/CVE-2021-41210/46940", "specs": [ "<2.8.13", ">=3.0.0rc1,<3.0.0rc2" @@ -106697,9 +108456,9 @@ }, { "advisory": "Rasa 2.8.13 and 3.0.0rc2 update its dependency 'Tensorflow' to v2.6.2 and v2.6.1 respectively to include security fixes.", - "cve": "CVE-2021-41200", - "id": "pyup.io-46930", - "more_info_path": "/vulnerabilities/CVE-2021-41200/46930", + "cve": "CVE-2021-41215", + "id": "pyup.io-46945", + "more_info_path": "/vulnerabilities/CVE-2021-41215/46945", "specs": [ "<2.8.13", ">=3.0.0rc1,<3.0.0rc2" @@ -106708,9 +108467,9 @@ }, { "advisory": "Rasa 2.8.13 and 3.0.0rc2 update its dependency 'Tensorflow' to v2.6.2 and v2.6.1 respectively to include security fixes.", - "cve": "CVE-2021-41222", - "id": "pyup.io-46952", - "more_info_path": "/vulnerabilities/CVE-2021-41222/46952", + "cve": "CVE-2021-41219", + "id": "pyup.io-46949", + "more_info_path": "/vulnerabilities/CVE-2021-41219/46949", "specs": [ "<2.8.13", ">=3.0.0rc1,<3.0.0rc2" @@ -106719,9 +108478,9 @@ }, { "advisory": "Rasa 2.8.13 and 3.0.0rc2 update its dependency 'Tensorflow' to v2.6.2 and v2.6.1 respectively to include security fixes.", - "cve": "CVE-2021-41221", - "id": "pyup.io-46951", - "more_info_path": "/vulnerabilities/CVE-2021-41221/46951", + "cve": "CVE-2021-22924", + "id": "pyup.io-46922", + "more_info_path": "/vulnerabilities/CVE-2021-22924/46922", "specs": [ "<2.8.13", ">=3.0.0rc1,<3.0.0rc2" @@ -106730,9 +108489,9 @@ }, { "advisory": "Rasa 2.8.13 and 3.0.0rc2 update its dependency 'Tensorflow' to v2.6.2 and v2.6.1 respectively to include security fixes.", - "cve": "CVE-2021-41216", - "id": "pyup.io-46946", - "more_info_path": "/vulnerabilities/CVE-2021-41216/46946", + "cve": "CVE-2021-41228", + "id": "pyup.io-46958", + "more_info_path": "/vulnerabilities/CVE-2021-41228/46958", "specs": [ "<2.8.13", ">=3.0.0rc1,<3.0.0rc2" @@ -106741,9 +108500,9 @@ }, { "advisory": "Rasa 2.8.13 and 3.0.0rc2 update its dependency 'Tensorflow' to v2.6.2 and v2.6.1 respectively to include security fixes.", - "cve": "CVE-2021-41217", - "id": "pyup.io-46947", - "more_info_path": "/vulnerabilities/CVE-2021-41217/46947", + "cve": "CVE-2021-41196", + "id": "pyup.io-46926", + "more_info_path": "/vulnerabilities/CVE-2021-41196/46926", "specs": [ "<2.8.13", ">=3.0.0rc1,<3.0.0rc2" @@ -106752,9 +108511,9 @@ }, { "advisory": "Rasa 2.8.13 and 3.0.0rc2 update its dependency 'Tensorflow' to v2.6.2 and v2.6.1 respectively to include security fixes.", - "cve": "CVE-2021-41212", - "id": "pyup.io-46942", - "more_info_path": "/vulnerabilities/CVE-2021-41212/46942", + "cve": "CVE-2021-41227", + "id": "pyup.io-46957", + "more_info_path": "/vulnerabilities/CVE-2021-41227/46957", "specs": [ "<2.8.13", ">=3.0.0rc1,<3.0.0rc2" @@ -106763,9 +108522,9 @@ }, { "advisory": "Rasa 2.8.13 and 3.0.0rc2 update its dependency 'Tensorflow' to v2.6.2 and v2.6.1 respectively to include security fixes.", - "cve": "CVE-2021-41203", - "id": "pyup.io-46933", - "more_info_path": "/vulnerabilities/CVE-2021-41203/46933", + "cve": "CVE-2021-41211", + "id": "pyup.io-46941", + "more_info_path": "/vulnerabilities/CVE-2021-41211/46941", "specs": [ "<2.8.13", ">=3.0.0rc1,<3.0.0rc2" @@ -106774,9 +108533,9 @@ }, { "advisory": "Rasa 2.8.13 and 3.0.0rc2 update its dependency 'Tensorflow' to v2.6.2 and v2.6.1 respectively to include security fixes.", - "cve": "CVE-2021-41210", - "id": "pyup.io-46940", - "more_info_path": "/vulnerabilities/CVE-2021-41210/46940", + "cve": "CVE-2021-41206", + "id": "pyup.io-46936", + "more_info_path": "/vulnerabilities/CVE-2021-41206/46936", "specs": [ "<2.8.13", ">=3.0.0rc1,<3.0.0rc2" @@ -106785,9 +108544,9 @@ }, { "advisory": "Rasa 2.8.13 and 3.0.0rc2 update its dependency 'Tensorflow' to v2.6.2 and v2.6.1 respectively to include security fixes.", - "cve": "CVE-2021-41224", - "id": "pyup.io-46954", - "more_info_path": "/vulnerabilities/CVE-2021-41224/46954", + "cve": "CVE-2021-41213", + "id": "pyup.io-46943", + "more_info_path": "/vulnerabilities/CVE-2021-41213/46943", "specs": [ "<2.8.13", ">=3.0.0rc1,<3.0.0rc2" @@ -106796,9 +108555,9 @@ }, { "advisory": "Rasa 2.8.13 and 3.0.0rc2 update its dependency 'Tensorflow' to v2.6.2 and v2.6.1 respectively to include security fixes.", - "cve": "CVE-2021-41201", - "id": "pyup.io-46931", - "more_info_path": "/vulnerabilities/CVE-2021-41201/46931", + "cve": "CVE-2021-41197", + "id": "pyup.io-46927", + "more_info_path": "/vulnerabilities/CVE-2021-41197/46927", "specs": [ "<2.8.13", ">=3.0.0rc1,<3.0.0rc2" @@ -106807,9 +108566,9 @@ }, { "advisory": "Rasa 2.8.13 and 3.0.0rc2 update its dependency 'Tensorflow' to v2.6.2 and v2.6.1 respectively to include security fixes.", - "cve": "CVE-2021-41226", - "id": "pyup.io-46956", - "more_info_path": "/vulnerabilities/CVE-2021-41226/46956", + "cve": "CVE-2021-41225", + "id": "pyup.io-46955", + "more_info_path": "/vulnerabilities/CVE-2021-41225/46955", "specs": [ "<2.8.13", ">=3.0.0rc1,<3.0.0rc2" @@ -106818,9 +108577,9 @@ }, { "advisory": "Rasa 2.8.13 and 3.0.0rc2 update its dependency 'Tensorflow' to v2.6.2 and v2.6.1 respectively to include security fixes.", - "cve": "CVE-2021-41213", - "id": "pyup.io-46943", - "more_info_path": "/vulnerabilities/CVE-2021-41213/46943", + "cve": "CVE-2021-41221", + "id": "pyup.io-46951", + "more_info_path": "/vulnerabilities/CVE-2021-41221/46951", "specs": [ "<2.8.13", ">=3.0.0rc1,<3.0.0rc2" @@ -106829,9 +108588,9 @@ }, { "advisory": "Rasa 2.8.13 and 3.0.0rc2 update its dependency 'Tensorflow' to v2.6.2 and v2.6.1 respectively to include security fixes.", - "cve": "CVE-2021-41211", - "id": "pyup.io-46941", - "more_info_path": "/vulnerabilities/CVE-2021-41211/46941", + "cve": "CVE-2021-41222", + "id": "pyup.io-46952", + "more_info_path": "/vulnerabilities/CVE-2021-41222/46952", "specs": [ "<2.8.13", ">=3.0.0rc1,<3.0.0rc2" @@ -106840,9 +108599,9 @@ }, { "advisory": "Rasa 2.8.13 and 3.0.0rc2 update its dependency 'Tensorflow' to v2.6.2 and v2.6.1 respectively to include security fixes.", - "cve": "CVE-2021-41218", - "id": "pyup.io-46948", - "more_info_path": "/vulnerabilities/CVE-2021-41218/46948", + "cve": "CVE-2021-41216", + "id": "pyup.io-46946", + "more_info_path": "/vulnerabilities/CVE-2021-41216/46946", "specs": [ "<2.8.13", ">=3.0.0rc1,<3.0.0rc2" @@ -106851,9 +108610,9 @@ }, { "advisory": "Rasa 2.8.13 and 3.0.0rc2 update its dependency 'Tensorflow' to v2.6.2 and v2.6.1 respectively to include security fixes.", - "cve": "CVE-2021-41196", - "id": "pyup.io-46926", - "more_info_path": "/vulnerabilities/CVE-2021-41196/46926", + "cve": "CVE-2021-41217", + "id": "pyup.io-46947", + "more_info_path": "/vulnerabilities/CVE-2021-41217/46947", "specs": [ "<2.8.13", ">=3.0.0rc1,<3.0.0rc2" @@ -106862,9 +108621,9 @@ }, { "advisory": "Rasa 2.8.13 and 3.0.0rc2 update its dependency 'Tensorflow' to v2.6.2 and v2.6.1 respectively to include security fixes.", - "cve": "CVE-2021-41197", - "id": "pyup.io-46927", - "more_info_path": "/vulnerabilities/CVE-2021-41197/46927", + "cve": "CVE-2021-41207", + "id": "pyup.io-46937", + "more_info_path": "/vulnerabilities/CVE-2021-41207/46937", "specs": [ "<2.8.13", ">=3.0.0rc1,<3.0.0rc2" @@ -106873,9 +108632,9 @@ }, { "advisory": "Rasa 2.8.13 and 3.0.0rc2 update its dependency 'Tensorflow' to v2.6.2 and v2.6.1 respectively to include security fixes.", - "cve": "CVE-2021-41227", - "id": "pyup.io-46957", - "more_info_path": "/vulnerabilities/CVE-2021-41227/46957", + "cve": "CVE-2021-41201", + "id": "pyup.io-46931", + "more_info_path": "/vulnerabilities/CVE-2021-41201/46931", "specs": [ "<2.8.13", ">=3.0.0rc1,<3.0.0rc2" @@ -106884,9 +108643,9 @@ }, { "advisory": "Rasa 2.8.13 and 3.0.0rc2 update its dependency 'Tensorflow' to v2.6.2 and v2.6.1 respectively to include security fixes.", - "cve": "CVE-2021-41215", - "id": "pyup.io-46945", - "more_info_path": "/vulnerabilities/CVE-2021-41215/46945", + "cve": "CVE-2021-41220", + "id": "pyup.io-46950", + "more_info_path": "/vulnerabilities/CVE-2021-41220/46950", "specs": [ "<2.8.13", ">=3.0.0rc1,<3.0.0rc2" @@ -106895,9 +108654,9 @@ }, { "advisory": "Rasa 2.8.13 and 3.0.0rc2 update its dependency 'Tensorflow' to v2.6.2 and v2.6.1 respectively to include security fixes.", - "cve": "CVE-2021-41208", - "id": "pyup.io-46938", - "more_info_path": "/vulnerabilities/CVE-2021-41208/46938", + "cve": "CVE-2021-41205", + "id": "pyup.io-46935", + "more_info_path": "/vulnerabilities/CVE-2021-41205/46935", "specs": [ "<2.8.13", ">=3.0.0rc1,<3.0.0rc2" @@ -106906,9 +108665,9 @@ }, { "advisory": "Rasa 2.8.13 and 3.0.0rc2 update its dependency 'Tensorflow' to v2.6.2 and v2.6.1 respectively to include security fixes.", - "cve": "CVE-2021-41225", - "id": "pyup.io-46955", - "more_info_path": "/vulnerabilities/CVE-2021-41225/46955", + "cve": "CVE-2021-22926", + "id": "pyup.io-46924", + "more_info_path": "/vulnerabilities/CVE-2021-22926/46924", "specs": [ "<2.8.13", ">=3.0.0rc1,<3.0.0rc2" @@ -106928,9 +108687,9 @@ }, { "advisory": "Rasa 2.8.13 and 3.0.0rc2 update its dependency 'Tensorflow' to v2.6.2 and v2.6.1 respectively to include security fixes.", - "cve": "CVE-2021-41206", - "id": "pyup.io-46936", - "more_info_path": "/vulnerabilities/CVE-2021-41206/46936", + "cve": "CVE-2021-41214", + "id": "pyup.io-46944", + "more_info_path": "/vulnerabilities/CVE-2021-41214/46944", "specs": [ "<2.8.13", ">=3.0.0rc1,<3.0.0rc2" @@ -106939,9 +108698,9 @@ }, { "advisory": "Rasa 2.8.13 and 3.0.0rc2 update its dependency 'Tensorflow' to v2.6.2 and v2.6.1 respectively to include security fixes.", - "cve": "CVE-2021-41220", - "id": "pyup.io-46950", - "more_info_path": "/vulnerabilities/CVE-2021-41220/46950", + "cve": "CVE-2021-41195", + "id": "pyup.io-46925", + "more_info_path": "/vulnerabilities/CVE-2021-41195/46925", "specs": [ "<2.8.13", ">=3.0.0rc1,<3.0.0rc2" @@ -106950,9 +108709,9 @@ }, { "advisory": "Rasa 2.8.13 and 3.0.0rc2 update its dependency 'Tensorflow' to v2.6.2 and v2.6.1 respectively to include security fixes.", - "cve": "CVE-2021-41219", - "id": "pyup.io-46949", - "more_info_path": "/vulnerabilities/CVE-2021-41219/46949", + "cve": "CVE-2021-41203", + "id": "pyup.io-46933", + "more_info_path": "/vulnerabilities/CVE-2021-41203/46933", "specs": [ "<2.8.13", ">=3.0.0rc1,<3.0.0rc2" @@ -106961,9 +108720,9 @@ }, { "advisory": "Rasa 2.8.13 and 3.0.0rc2 update its dependency 'Tensorflow' to v2.6.2 and v2.6.1 respectively to include security fixes.", - "cve": "CVE-2021-41214", - "id": "pyup.io-46944", - "more_info_path": "/vulnerabilities/CVE-2021-41214/46944", + "cve": "CVE-2021-41218", + "id": "pyup.io-46948", + "more_info_path": "/vulnerabilities/CVE-2021-41218/46948", "specs": [ "<2.8.13", ">=3.0.0rc1,<3.0.0rc2" @@ -106972,9 +108731,9 @@ }, { "advisory": "Rasa 2.8.13 and 3.0.0rc2 update its dependency 'Tensorflow' to v2.6.2 and v2.6.1 respectively to include security fixes.", - "cve": "CVE-2021-41195", - "id": "pyup.io-46925", - "more_info_path": "/vulnerabilities/CVE-2021-41195/46925", + "cve": "CVE-2021-41200", + "id": "pyup.io-46930", + "more_info_path": "/vulnerabilities/CVE-2021-41200/46930", "specs": [ "<2.8.13", ">=3.0.0rc1,<3.0.0rc2" @@ -106983,9 +108742,9 @@ }, { "advisory": "Rasa 2.8.13 and 3.0.0rc2 update its dependency 'Tensorflow' to v2.6.2 and v2.6.1 respectively to include security fixes.", - "cve": "CVE-2021-22922", - "id": "pyup.io-46882", - "more_info_path": "/vulnerabilities/CVE-2021-22922/46882", + "cve": "CVE-2021-41226", + "id": "pyup.io-46956", + "more_info_path": "/vulnerabilities/CVE-2021-41226/46956", "specs": [ "<2.8.13", ">=3.0.0rc1,<3.0.0rc2" @@ -107005,9 +108764,9 @@ }, { "advisory": "Rasa 2.8.13 and 3.0.0rc2 update its dependency 'Tensorflow' to v2.6.2 and v2.6.1 respectively to include security fixes.", - "cve": "CVE-2021-41223", - "id": "pyup.io-46953", - "more_info_path": "/vulnerabilities/CVE-2021-41223/46953", + "cve": "CVE-2021-41224", + "id": "pyup.io-46954", + "more_info_path": "/vulnerabilities/CVE-2021-41224/46954", "specs": [ "<2.8.13", ">=3.0.0rc1,<3.0.0rc2" @@ -107016,9 +108775,9 @@ }, { "advisory": "Rasa 2.8.13 and 3.0.0rc2 update its dependency 'Tensorflow' to v2.6.2 and v2.6.1 respectively to include security fixes.", - "cve": "CVE-2021-41205", - "id": "pyup.io-46935", - "more_info_path": "/vulnerabilities/CVE-2021-41205/46935", + "cve": "CVE-2021-41198", + "id": "pyup.io-46928", + "more_info_path": "/vulnerabilities/CVE-2021-41198/46928", "specs": [ "<2.8.13", ">=3.0.0rc1,<3.0.0rc2" @@ -107027,9 +108786,9 @@ }, { "advisory": "Rasa 2.8.13 and 3.0.0rc2 update its dependency 'Tensorflow' to v2.6.2 and v2.6.1 respectively to include security fixes.", - "cve": "CVE-2021-22926", - "id": "pyup.io-46924", - "more_info_path": "/vulnerabilities/CVE-2021-22926/46924", + "cve": "CVE-2021-41199", + "id": "pyup.io-46929", + "more_info_path": "/vulnerabilities/CVE-2021-41199/46929", "specs": [ "<2.8.13", ">=3.0.0rc1,<3.0.0rc2" @@ -107038,9 +108797,9 @@ }, { "advisory": "Rasa 2.8.13 and 3.0.0rc2 update its dependency 'Tensorflow' to v2.6.2 and v2.6.1 respectively to include security fixes.", - "cve": "CVE-2021-41198", - "id": "pyup.io-46928", - "more_info_path": "/vulnerabilities/CVE-2021-41198/46928", + "cve": "CVE-2021-41208", + "id": "pyup.io-46938", + "more_info_path": "/vulnerabilities/CVE-2021-41208/46938", "specs": [ "<2.8.13", ">=3.0.0rc1,<3.0.0rc2" @@ -107049,9 +108808,9 @@ }, { "advisory": "Rasa 2.8.13 and 3.0.0rc2 update its dependency 'Tensorflow' to v2.6.2 and v2.6.1 respectively to include security fixes.", - "cve": "CVE-2021-41199", - "id": "pyup.io-46929", - "more_info_path": "/vulnerabilities/CVE-2021-41199/46929", + "cve": "CVE-2021-41204", + "id": "pyup.io-46934", + "more_info_path": "/vulnerabilities/CVE-2021-41204/46934", "specs": [ "<2.8.13", ">=3.0.0rc1,<3.0.0rc2" @@ -107060,9 +108819,9 @@ }, { "advisory": "Rasa 2.8.5 updates tensorflow to v2.3.4 to address security vulnerabilities.", - "cve": "CVE-2021-37654", - "id": "pyup.io-44049", - "more_info_path": "/vulnerabilities/CVE-2021-37654/44049", + "cve": "CVE-2021-37655", + "id": "pyup.io-44009", + "more_info_path": "/vulnerabilities/CVE-2021-37655/44009", "specs": [ "<2.8.5" ], @@ -107070,9 +108829,9 @@ }, { "advisory": "Rasa 2.8.5 updates tensorflow to v2.3.4 to address security vulnerabilities.", - "cve": "CVE-2021-37672", - "id": "pyup.io-44012", - "more_info_path": "/vulnerabilities/CVE-2021-37672/44012", + "cve": "CVE-2021-37636", + "id": "pyup.io-44053", + "more_info_path": "/vulnerabilities/CVE-2021-37636/44053", "specs": [ "<2.8.5" ], @@ -107080,9 +108839,9 @@ }, { "advisory": "Rasa 2.8.5 updates tensorflow to v2.3.4 to address security vulnerabilities.", - "cve": "CVE-2021-37648", - "id": "pyup.io-44057", - "more_info_path": "/vulnerabilities/CVE-2021-37648/44057", + "cve": "CVE-2021-37663", + "id": "pyup.io-44019", + "more_info_path": "/vulnerabilities/CVE-2021-37663/44019", "specs": [ "<2.8.5" ], @@ -107090,9 +108849,9 @@ }, { "advisory": "Rasa 2.8.5 updates tensorflow to v2.3.4 to address security vulnerabilities.", - "cve": "CVE-2021-37635", - "id": "pyup.io-44047", - "more_info_path": "/vulnerabilities/CVE-2021-37635/44047", + "cve": "CVE-2021-37641", + "id": "pyup.io-44030", + "more_info_path": "/vulnerabilities/CVE-2021-37641/44030", "specs": [ "<2.8.5" ], @@ -107100,9 +108859,9 @@ }, { "advisory": "Rasa 2.8.5 updates tensorflow to v2.3.4 to address security vulnerabilities.", - "cve": "CVE-2021-37655", - "id": "pyup.io-44009", - "more_info_path": "/vulnerabilities/CVE-2021-37655/44009", + "cve": "CVE-2021-37684", + "id": "pyup.io-44041", + "more_info_path": "/vulnerabilities/CVE-2021-37684/44041", "specs": [ "<2.8.5" ], @@ -107110,9 +108869,9 @@ }, { "advisory": "Rasa 2.8.5 updates tensorflow to v2.3.4 to address security vulnerabilities.", - "cve": "CVE-2021-37682", - "id": "pyup.io-44028", - "more_info_path": "/vulnerabilities/CVE-2021-37682/44028", + "cve": "CVE-2021-37669", + "id": "pyup.io-44011", + "more_info_path": "/vulnerabilities/CVE-2021-37669/44011", "specs": [ "<2.8.5" ], @@ -107120,9 +108879,9 @@ }, { "advisory": "Rasa 2.8.5 updates tensorflow to v2.3.4 to address security vulnerabilities.", - "cve": "CVE-2021-22876", - "id": "pyup.io-44005", - "more_info_path": "/vulnerabilities/CVE-2021-22876/44005", + "cve": "CVE-2021-37637", + "id": "pyup.io-44023", + "more_info_path": "/vulnerabilities/CVE-2021-37637/44023", "specs": [ "<2.8.5" ], @@ -107130,9 +108889,9 @@ }, { "advisory": "Rasa 2.8.5 updates tensorflow to v2.3.4 to address security vulnerabilities.", - "cve": "CVE-2021-37643", - "id": "pyup.io-44039", - "more_info_path": "/vulnerabilities/CVE-2021-37643/44039", + "cve": "CVE-2021-22898", + "id": "pyup.io-44051", + "more_info_path": "/vulnerabilities/CVE-2021-22898/44051", "specs": [ "<2.8.5" ], @@ -107140,9 +108899,9 @@ }, { "advisory": "Rasa 2.8.5 updates tensorflow to v2.3.4 to address security vulnerabilities.", - "cve": "CVE-2021-37666", - "id": "pyup.io-44033", - "more_info_path": "/vulnerabilities/CVE-2021-37666/44033", + "cve": "CVE-2021-37660", + "id": "pyup.io-44025", + "more_info_path": "/vulnerabilities/CVE-2021-37660/44025", "specs": [ "<2.8.5" ], @@ -107150,9 +108909,9 @@ }, { "advisory": "Rasa 2.8.5 updates tensorflow to v2.3.4 to address security vulnerabilities.", - "cve": "CVE-2021-37650", - "id": "pyup.io-44035", - "more_info_path": "/vulnerabilities/CVE-2021-37650/44035", + "cve": "CVE-2021-37658", + "id": "pyup.io-44043", + "more_info_path": "/vulnerabilities/CVE-2021-37658/44043", "specs": [ "<2.8.5" ], @@ -107160,9 +108919,9 @@ }, { "advisory": "Rasa 2.8.5 updates tensorflow to v2.3.4 to address security vulnerabilities.", - "cve": "CVE-2021-37678", - "id": "pyup.io-44060", - "more_info_path": "/vulnerabilities/CVE-2021-37678/44060", + "cve": "CVE-2021-37638", + "id": "pyup.io-44052", + "more_info_path": "/vulnerabilities/CVE-2021-37638/44052", "specs": [ "<2.8.5" ], @@ -107170,9 +108929,9 @@ }, { "advisory": "Rasa 2.8.5 updates tensorflow to v2.3.4 to address security vulnerabilities.", - "cve": "CVE-2021-37680", - "id": "pyup.io-44058", - "more_info_path": "/vulnerabilities/CVE-2021-37680/44058", + "cve": "CVE-2021-37681", + "id": "pyup.io-44021", + "more_info_path": "/vulnerabilities/CVE-2021-37681/44021", "specs": [ "<2.8.5" ], @@ -107180,9 +108939,9 @@ }, { "advisory": "Rasa 2.8.5 updates tensorflow to v2.3.4 to address security vulnerabilities.", - "cve": "CVE-2021-37691", - "id": "pyup.io-44022", - "more_info_path": "/vulnerabilities/CVE-2021-37691/44022", + "cve": "CVE-2021-37664", + "id": "pyup.io-44045", + "more_info_path": "/vulnerabilities/CVE-2021-37664/44045", "specs": [ "<2.8.5" ], @@ -107190,9 +108949,9 @@ }, { "advisory": "Rasa 2.8.5 updates tensorflow to v2.3.4 to address security vulnerabilities.", - "cve": "CVE-2021-37675", - "id": "pyup.io-44038", - "more_info_path": "/vulnerabilities/CVE-2021-37675/44038", + "cve": "CVE-2021-37650", + "id": "pyup.io-44035", + "more_info_path": "/vulnerabilities/CVE-2021-37650/44035", "specs": [ "<2.8.5" ], @@ -107200,9 +108959,9 @@ }, { "advisory": "Rasa 2.8.5 updates tensorflow to v2.3.4 to address security vulnerabilities.", - "cve": "CVE-2021-37688", - "id": "pyup.io-44036", - "more_info_path": "/vulnerabilities/CVE-2021-37688/44036", + "cve": "CVE-2021-37680", + "id": "pyup.io-44058", + "more_info_path": "/vulnerabilities/CVE-2021-37680/44058", "specs": [ "<2.8.5" ], @@ -107210,9 +108969,9 @@ }, { "advisory": "Rasa 2.8.5 updates tensorflow to v2.3.4 to address security vulnerabilities.", - "cve": "CVE-2021-37665", - "id": "pyup.io-44017", - "more_info_path": "/vulnerabilities/CVE-2021-37665/44017", + "cve": "CVE-2021-37642", + "id": "pyup.io-44054", + "more_info_path": "/vulnerabilities/CVE-2021-37642/44054", "specs": [ "<2.8.5" ], @@ -107220,9 +108979,9 @@ }, { "advisory": "Rasa 2.8.5 updates tensorflow to v2.3.4 to address security vulnerabilities.", - "cve": "CVE-2021-37661", - "id": "pyup.io-44024", - "more_info_path": "/vulnerabilities/CVE-2021-37661/44024", + "cve": "CVE-2021-37672", + "id": "pyup.io-44012", + "more_info_path": "/vulnerabilities/CVE-2021-37672/44012", "specs": [ "<2.8.5" ], @@ -107230,9 +108989,9 @@ }, { "advisory": "Rasa 2.8.5 updates tensorflow to v2.3.4 to address security vulnerabilities.", - "cve": "CVE-2021-37662", - "id": "pyup.io-44031", - "more_info_path": "/vulnerabilities/CVE-2021-37662/44031", + "cve": "CVE-2021-37635", + "id": "pyup.io-44047", + "more_info_path": "/vulnerabilities/CVE-2021-37635/44047", "specs": [ "<2.8.5" ], @@ -107240,9 +108999,9 @@ }, { "advisory": "Rasa 2.8.5 updates tensorflow to v2.3.4 to address security vulnerabilities.", - "cve": "CVE-2021-37674", - "id": "pyup.io-44018", - "more_info_path": "/vulnerabilities/CVE-2021-37674/44018", + "cve": "CVE-2021-37673", + "id": "pyup.io-44016", + "more_info_path": "/vulnerabilities/CVE-2021-37673/44016", "specs": [ "<2.8.5" ], @@ -107250,9 +109009,9 @@ }, { "advisory": "Rasa 2.8.5 updates tensorflow to v2.3.4 to address security vulnerabilities.", - "cve": "CVE-2021-37657", - "id": "pyup.io-44026", - "more_info_path": "/vulnerabilities/CVE-2021-37657/44026", + "cve": "CVE-2021-37689", + "id": "pyup.io-44056", + "more_info_path": "/vulnerabilities/CVE-2021-37689/44056", "specs": [ "<2.8.5" ], @@ -107260,9 +109019,9 @@ }, { "advisory": "Rasa 2.8.5 updates tensorflow to v2.3.4 to address security vulnerabilities.", - "cve": "CVE-2021-37670", - "id": "pyup.io-44013", - "more_info_path": "/vulnerabilities/CVE-2021-37670/44013", + "cve": "CVE-2021-37652", + "id": "pyup.io-44032", + "more_info_path": "/vulnerabilities/CVE-2021-37652/44032", "specs": [ "<2.8.5" ], @@ -107270,9 +109029,9 @@ }, { "advisory": "Rasa 2.8.5 updates tensorflow to v2.3.4 to address security vulnerabilities.", - "cve": "CVE-2021-37636", - "id": "pyup.io-44053", - "more_info_path": "/vulnerabilities/CVE-2021-37636/44053", + "cve": "CVE-2021-22876", + "id": "pyup.io-44005", + "more_info_path": "/vulnerabilities/CVE-2021-22876/44005", "specs": [ "<2.8.5" ], @@ -107280,9 +109039,9 @@ }, { "advisory": "Rasa 2.8.5 updates tensorflow to v2.3.4 to address security vulnerabilities.", - "cve": "CVE-2021-37646", - "id": "pyup.io-44029", - "more_info_path": "/vulnerabilities/CVE-2021-37646/44029", + "cve": "CVE-2021-37656", + "id": "pyup.io-44048", + "more_info_path": "/vulnerabilities/CVE-2021-37656/44048", "specs": [ "<2.8.5" ], @@ -107290,9 +109049,9 @@ }, { "advisory": "Rasa 2.8.5 updates tensorflow to v2.3.4 to address security vulnerabilities.", - "cve": "CVE-2021-37642", - "id": "pyup.io-44054", - "more_info_path": "/vulnerabilities/CVE-2021-37642/44054", + "cve": "CVE-2021-37683", + "id": "pyup.io-44055", + "more_info_path": "/vulnerabilities/CVE-2021-37683/44055", "specs": [ "<2.8.5" ], @@ -107300,9 +109059,9 @@ }, { "advisory": "Rasa 2.8.5 updates tensorflow to v2.3.4 to address security vulnerabilities.", - "cve": "CVE-2021-37652", - "id": "pyup.io-44032", - "more_info_path": "/vulnerabilities/CVE-2021-37652/44032", + "cve": "CVE-2021-37659", + "id": "pyup.io-44034", + "more_info_path": "/vulnerabilities/CVE-2021-37659/44034", "specs": [ "<2.8.5" ], @@ -107310,9 +109069,9 @@ }, { "advisory": "Rasa 2.8.5 updates tensorflow to v2.3.4 to address security vulnerabilities.", - "cve": "CVE-2021-37644", - "id": "pyup.io-44010", - "more_info_path": "/vulnerabilities/CVE-2021-37644/44010", + "cve": "CVE-2021-37674", + "id": "pyup.io-44018", + "more_info_path": "/vulnerabilities/CVE-2021-37674/44018", "specs": [ "<2.8.5" ], @@ -107320,9 +109079,9 @@ }, { "advisory": "Rasa 2.8.5 updates tensorflow to v2.3.4 to address security vulnerabilities.", - "cve": "CVE-2021-37667", - "id": "pyup.io-44042", - "more_info_path": "/vulnerabilities/CVE-2021-37667/44042", + "cve": "CVE-2021-37678", + "id": "pyup.io-44060", + "more_info_path": "/vulnerabilities/CVE-2021-37678/44060", "specs": [ "<2.8.5" ], @@ -107330,9 +109089,9 @@ }, { "advisory": "Rasa 2.8.5 updates tensorflow to v2.3.4 to address security vulnerabilities.", - "cve": "CVE-2021-37683", - "id": "pyup.io-44055", - "more_info_path": "/vulnerabilities/CVE-2021-37683/44055", + "cve": "CVE-2021-37653", + "id": "pyup.io-44027", + "more_info_path": "/vulnerabilities/CVE-2021-37653/44027", "specs": [ "<2.8.5" ], @@ -107340,9 +109099,9 @@ }, { "advisory": "Rasa 2.8.5 updates tensorflow to v2.3.4 to address security vulnerabilities.", - "cve": "CVE-2021-37656", - "id": "pyup.io-44048", - "more_info_path": "/vulnerabilities/CVE-2021-37656/44048", + "cve": "CVE-2021-37687", + "id": "pyup.io-44007", + "more_info_path": "/vulnerabilities/CVE-2021-37687/44007", "specs": [ "<2.8.5" ], @@ -107360,9 +109119,9 @@ }, { "advisory": "Rasa 2.8.5 updates tensorflow to v2.3.4 to address security vulnerabilities.", - "cve": "CVE-2021-37690", - "id": "pyup.io-44020", - "more_info_path": "/vulnerabilities/CVE-2021-37690/44020", + "cve": "CVE-2021-37644", + "id": "pyup.io-44010", + "more_info_path": "/vulnerabilities/CVE-2021-37644/44010", "specs": [ "<2.8.5" ], @@ -107370,9 +109129,9 @@ }, { "advisory": "Rasa 2.8.5 updates tensorflow to v2.3.4 to address security vulnerabilities.", - "cve": "CVE-2021-37684", - "id": "pyup.io-44041", - "more_info_path": "/vulnerabilities/CVE-2021-37684/44041", + "cve": "CVE-2021-37679", + "id": "pyup.io-44015", + "more_info_path": "/vulnerabilities/CVE-2021-37679/44015", "specs": [ "<2.8.5" ], @@ -107380,9 +109139,9 @@ }, { "advisory": "Rasa 2.8.5 updates tensorflow to v2.3.4 to address security vulnerabilities.", - "cve": "CVE-2021-37639", - "id": "pyup.io-44050", - "more_info_path": "/vulnerabilities/CVE-2021-37639/44050", + "cve": "CVE-2021-37691", + "id": "pyup.io-44022", + "more_info_path": "/vulnerabilities/CVE-2021-37691/44022", "specs": [ "<2.8.5" ], @@ -107390,9 +109149,9 @@ }, { "advisory": "Rasa 2.8.5 updates tensorflow to v2.3.4 to address security vulnerabilities.", - "cve": "CVE-2021-37676", - "id": "pyup.io-44037", - "more_info_path": "/vulnerabilities/CVE-2021-37676/44037", + "cve": "CVE-2021-37651", + "id": "pyup.io-44040", + "more_info_path": "/vulnerabilities/CVE-2021-37651/44040", "specs": [ "<2.8.5" ], @@ -107400,9 +109159,9 @@ }, { "advisory": "Rasa 2.8.5 updates tensorflow to v2.3.4 to address security vulnerabilities.", - "cve": "CVE-2021-37669", - "id": "pyup.io-44011", - "more_info_path": "/vulnerabilities/CVE-2021-37669/44011", + "cve": "CVE-2021-37662", + "id": "pyup.io-44031", + "more_info_path": "/vulnerabilities/CVE-2021-37662/44031", "specs": [ "<2.8.5" ], @@ -107410,9 +109169,9 @@ }, { "advisory": "Rasa 2.8.5 updates tensorflow to v2.3.4 to address security vulnerabilities.", - "cve": "CVE-2021-37685", - "id": "pyup.io-44008", - "more_info_path": "/vulnerabilities/CVE-2021-37685/44008", + "cve": "CVE-2021-37646", + "id": "pyup.io-44029", + "more_info_path": "/vulnerabilities/CVE-2021-37646/44029", "specs": [ "<2.8.5" ], @@ -107420,9 +109179,9 @@ }, { "advisory": "Rasa 2.8.5 updates tensorflow to v2.3.4 to address security vulnerabilities.", - "cve": "CVE-2021-37673", - "id": "pyup.io-44016", - "more_info_path": "/vulnerabilities/CVE-2021-37673/44016", + "cve": "CVE-2021-37690", + "id": "pyup.io-44020", + "more_info_path": "/vulnerabilities/CVE-2021-37690/44020", "specs": [ "<2.8.5" ], @@ -107430,9 +109189,9 @@ }, { "advisory": "Rasa 2.8.5 updates tensorflow to v2.3.4 to address security vulnerabilities.", - "cve": "CVE-2021-37649", - "id": "pyup.io-44046", - "more_info_path": "/vulnerabilities/CVE-2021-37649/44046", + "cve": "CVE-2021-37671", + "id": "pyup.io-44059", + "more_info_path": "/vulnerabilities/CVE-2021-37671/44059", "specs": [ "<2.8.5" ], @@ -107440,9 +109199,9 @@ }, { "advisory": "Rasa 2.8.5 updates tensorflow to v2.3.4 to address security vulnerabilities.", - "cve": "CVE-2021-37671", - "id": "pyup.io-44059", - "more_info_path": "/vulnerabilities/CVE-2021-37671/44059", + "cve": "CVE-2021-37645", + "id": "pyup.io-44006", + "more_info_path": "/vulnerabilities/CVE-2021-37645/44006", "specs": [ "<2.8.5" ], @@ -107450,9 +109209,9 @@ }, { "advisory": "Rasa 2.8.5 updates tensorflow to v2.3.4 to address security vulnerabilities.", - "cve": "CVE-2021-37637", - "id": "pyup.io-44023", - "more_info_path": "/vulnerabilities/CVE-2021-37637/44023", + "cve": "CVE-2021-37654", + "id": "pyup.io-44049", + "more_info_path": "/vulnerabilities/CVE-2021-37654/44049", "specs": [ "<2.8.5" ], @@ -107460,9 +109219,9 @@ }, { "advisory": "Rasa 2.8.5 updates tensorflow to v2.3.4 to address security vulnerabilities.", - "cve": "CVE-2021-37663", - "id": "pyup.io-44019", - "more_info_path": "/vulnerabilities/CVE-2021-37663/44019", + "cve": "CVE-2021-37676", + "id": "pyup.io-44037", + "more_info_path": "/vulnerabilities/CVE-2021-37676/44037", "specs": [ "<2.8.5" ], @@ -107470,9 +109229,9 @@ }, { "advisory": "Rasa 2.8.5 updates tensorflow to v2.3.4 to address security vulnerabilities.", - "cve": "CVE-2021-22898", - "id": "pyup.io-44051", - "more_info_path": "/vulnerabilities/CVE-2021-22898/44051", + "cve": "CVE-2021-37643", + "id": "pyup.io-44039", + "more_info_path": "/vulnerabilities/CVE-2021-37643/44039", "specs": [ "<2.8.5" ], @@ -107480,9 +109239,9 @@ }, { "advisory": "Rasa 2.8.5 updates tensorflow to v2.3.4 to address security vulnerabilities.", - "cve": "CVE-2021-37660", - "id": "pyup.io-44025", - "more_info_path": "/vulnerabilities/CVE-2021-37660/44025", + "cve": "CVE-2021-37666", + "id": "pyup.io-44033", + "more_info_path": "/vulnerabilities/CVE-2021-37666/44033", "specs": [ "<2.8.5" ], @@ -107490,9 +109249,9 @@ }, { "advisory": "Rasa 2.8.5 updates tensorflow to v2.3.4 to address security vulnerabilities.", - "cve": "CVE-2021-37658", - "id": "pyup.io-44043", - "more_info_path": "/vulnerabilities/CVE-2021-37658/44043", + "cve": "CVE-2021-37661", + "id": "pyup.io-44024", + "more_info_path": "/vulnerabilities/CVE-2021-37661/44024", "specs": [ "<2.8.5" ], @@ -107500,9 +109259,9 @@ }, { "advisory": "Rasa 2.8.5 updates tensorflow to v2.3.4 to address security vulnerabilities.", - "cve": "CVE-2021-37641", - "id": "pyup.io-44030", - "more_info_path": "/vulnerabilities/CVE-2021-37641/44030", + "cve": "CVE-2021-37670", + "id": "pyup.io-44013", + "more_info_path": "/vulnerabilities/CVE-2021-37670/44013", "specs": [ "<2.8.5" ], @@ -107510,9 +109269,9 @@ }, { "advisory": "Rasa 2.8.5 updates tensorflow to v2.3.4 to address security vulnerabilities.", - "cve": "CVE-2021-37638", - "id": "pyup.io-44052", - "more_info_path": "/vulnerabilities/CVE-2021-37638/44052", + "cve": "CVE-2021-22897", + "id": "pyup.io-44004", + "more_info_path": "/vulnerabilities/CVE-2021-22897/44004", "specs": [ "<2.8.5" ], @@ -107520,9 +109279,9 @@ }, { "advisory": "Rasa 2.8.5 updates tensorflow to v2.3.4 to address security vulnerabilities.", - "cve": "CVE-2021-37651", - "id": "pyup.io-44040", - "more_info_path": "/vulnerabilities/CVE-2021-37651/44040", + "cve": "CVE-2021-37647", + "id": "pyup.io-44044", + "more_info_path": "/vulnerabilities/CVE-2021-37647/44044", "specs": [ "<2.8.5" ], @@ -107530,9 +109289,9 @@ }, { "advisory": "Rasa 2.8.5 updates tensorflow to v2.3.4 to address security vulnerabilities.", - "cve": "CVE-2021-37679", - "id": "pyup.io-44015", - "more_info_path": "/vulnerabilities/CVE-2021-37679/44015", + "cve": "CVE-2021-37682", + "id": "pyup.io-44028", + "more_info_path": "/vulnerabilities/CVE-2021-37682/44028", "specs": [ "<2.8.5" ], @@ -107540,9 +109299,9 @@ }, { "advisory": "Rasa 2.8.5 updates tensorflow to v2.3.4 to address security vulnerabilities.", - "cve": "CVE-2021-22897", - "id": "pyup.io-44004", - "more_info_path": "/vulnerabilities/CVE-2021-22897/44004", + "cve": "CVE-2021-37665", + "id": "pyup.io-44017", + "more_info_path": "/vulnerabilities/CVE-2021-37665/44017", "specs": [ "<2.8.5" ], @@ -107550,9 +109309,9 @@ }, { "advisory": "Rasa 2.8.5 updates tensorflow to v2.3.4 to address security vulnerabilities.", - "cve": "CVE-2021-37689", - "id": "pyup.io-44056", - "more_info_path": "/vulnerabilities/CVE-2021-37689/44056", + "cve": "CVE-2021-37648", + "id": "pyup.io-44057", + "more_info_path": "/vulnerabilities/CVE-2021-37648/44057", "specs": [ "<2.8.5" ], @@ -107560,9 +109319,9 @@ }, { "advisory": "Rasa 2.8.5 updates tensorflow to v2.3.4 to address security vulnerabilities.", - "cve": "CVE-2021-37647", - "id": "pyup.io-44044", - "more_info_path": "/vulnerabilities/CVE-2021-37647/44044", + "cve": "CVE-2021-37688", + "id": "pyup.io-44036", + "more_info_path": "/vulnerabilities/CVE-2021-37688/44036", "specs": [ "<2.8.5" ], @@ -107570,9 +109329,9 @@ }, { "advisory": "Rasa 2.8.5 updates tensorflow to v2.3.4 to address security vulnerabilities.", - "cve": "CVE-2021-22901", - "id": "pyup.io-44003", - "more_info_path": "/vulnerabilities/CVE-2021-22901/44003", + "cve": "CVE-2021-37685", + "id": "pyup.io-44008", + "more_info_path": "/vulnerabilities/CVE-2021-37685/44008", "specs": [ "<2.8.5" ], @@ -107580,9 +109339,9 @@ }, { "advisory": "Rasa 2.8.5 updates tensorflow to v2.3.4 to address security vulnerabilities.", - "cve": "CVE-2021-37653", - "id": "pyup.io-44027", - "more_info_path": "/vulnerabilities/CVE-2021-37653/44027", + "cve": "CVE-2021-37675", + "id": "pyup.io-44038", + "more_info_path": "/vulnerabilities/CVE-2021-37675/44038", "specs": [ "<2.8.5" ], @@ -107590,9 +109349,9 @@ }, { "advisory": "Rasa 2.8.5 updates tensorflow to v2.3.4 to address security vulnerabilities.", - "cve": "CVE-2021-37659", - "id": "pyup.io-44034", - "more_info_path": "/vulnerabilities/CVE-2021-37659/44034", + "cve": "CVE-2021-37639", + "id": "pyup.io-44050", + "more_info_path": "/vulnerabilities/CVE-2021-37639/44050", "specs": [ "<2.8.5" ], @@ -107600,9 +109359,9 @@ }, { "advisory": "Rasa 2.8.5 updates tensorflow to v2.3.4 to address security vulnerabilities.", - "cve": "CVE-2021-37681", - "id": "pyup.io-44021", - "more_info_path": "/vulnerabilities/CVE-2021-37681/44021", + "cve": "CVE-2021-37649", + "id": "pyup.io-44046", + "more_info_path": "/vulnerabilities/CVE-2021-37649/44046", "specs": [ "<2.8.5" ], @@ -107610,9 +109369,9 @@ }, { "advisory": "Rasa 2.8.5 updates tensorflow to v2.3.4 to address security vulnerabilities.", - "cve": "CVE-2021-37645", - "id": "pyup.io-44006", - "more_info_path": "/vulnerabilities/CVE-2021-37645/44006", + "cve": "CVE-2021-22901", + "id": "pyup.io-44003", + "more_info_path": "/vulnerabilities/CVE-2021-22901/44003", "specs": [ "<2.8.5" ], @@ -107620,9 +109379,9 @@ }, { "advisory": "Rasa 2.8.5 updates tensorflow to v2.3.4 to address security vulnerabilities.", - "cve": "CVE-2021-37686", - "id": "pyup.io-41286", - "more_info_path": "/vulnerabilities/CVE-2021-37686/41286", + "cve": "CVE-2021-37657", + "id": "pyup.io-44026", + "more_info_path": "/vulnerabilities/CVE-2021-37657/44026", "specs": [ "<2.8.5" ], @@ -107630,9 +109389,9 @@ }, { "advisory": "Rasa 2.8.5 updates tensorflow to v2.3.4 to address security vulnerabilities.", - "cve": "CVE-2021-37687", - "id": "pyup.io-44007", - "more_info_path": "/vulnerabilities/CVE-2021-37687/44007", + "cve": "CVE-2021-37667", + "id": "pyup.io-44042", + "more_info_path": "/vulnerabilities/CVE-2021-37667/44042", "specs": [ "<2.8.5" ], @@ -107640,9 +109399,9 @@ }, { "advisory": "Rasa 2.8.5 updates tensorflow to v2.3.4 to address security vulnerabilities.", - "cve": "CVE-2021-37664", - "id": "pyup.io-44045", - "more_info_path": "/vulnerabilities/CVE-2021-37664/44045", + "cve": "CVE-2021-37686", + "id": "pyup.io-41286", + "more_info_path": "/vulnerabilities/CVE-2021-37686/41286", "specs": [ "<2.8.5" ], @@ -107650,9 +109409,9 @@ }, { "advisory": "Rasa 2.8.9 updates its dependency 'tensorflow' to v2.6 to include several security fixes.\r\nhttps://github.com/RasaHQ/rasa/commit/c57dbd466dc153126f1486aafb60b8f19fb911e4", - "cve": "CVE-2021-41206", - "id": "pyup.io-42660", - "more_info_path": "/vulnerabilities/CVE-2021-41206/42660", + "cve": "CVE-2021-41215", + "id": "pyup.io-42658", + "more_info_path": "/vulnerabilities/CVE-2021-41215/42658", "specs": [ "<2.8.9" ], @@ -107660,9 +109419,9 @@ }, { "advisory": "Rasa 2.8.9 updates its dependency 'tensorflow' to v2.6 to include several security fixes.\r\nhttps://github.com/RasaHQ/rasa/commit/c57dbd466dc153126f1486aafb60b8f19fb911e4", - "cve": "CVE-2021-41215", - "id": "pyup.io-42658", - "more_info_path": "/vulnerabilities/CVE-2021-41215/42658", + "cve": "CVE-2021-41208", + "id": "pyup.io-42659", + "more_info_path": "/vulnerabilities/CVE-2021-41208/42659", "specs": [ "<2.8.9" ], @@ -107670,9 +109429,9 @@ }, { "advisory": "Rasa 2.8.9 updates its dependency 'tensorflow' to v2.6 to include several security fixes.\r\nhttps://github.com/RasaHQ/rasa/commit/c57dbd466dc153126f1486aafb60b8f19fb911e4", - "cve": "CVE-2021-41216", - "id": "pyup.io-42657", - "more_info_path": "/vulnerabilities/CVE-2021-41216/42657", + "cve": "CVE-2021-41225", + "id": "pyup.io-42649", + "more_info_path": "/vulnerabilities/CVE-2021-41225/42649", "specs": [ "<2.8.9" ], @@ -107680,9 +109439,9 @@ }, { "advisory": "Rasa 2.8.9 updates its dependency 'tensorflow' to v2.6 to include several security fixes.\r\nhttps://github.com/RasaHQ/rasa/commit/c57dbd466dc153126f1486aafb60b8f19fb911e4", - "cve": "CVE-2021-41198", - "id": "pyup.io-42669", - "more_info_path": "/vulnerabilities/CVE-2021-41198/42669", + "cve": "CVE-2021-41196", + "id": "pyup.io-42641", + "more_info_path": "/vulnerabilities/CVE-2021-41196/42641", "specs": [ "<2.8.9" ], @@ -107690,9 +109449,9 @@ }, { "advisory": "Rasa 2.8.9 updates its dependency 'tensorflow' to v2.6 to include several security fixes.\r\nhttps://github.com/RasaHQ/rasa/commit/c57dbd466dc153126f1486aafb60b8f19fb911e4", - "cve": "CVE-2021-41224", - "id": "pyup.io-42655", - "more_info_path": "/vulnerabilities/CVE-2021-41224/42655", + "cve": "CVE-2021-41202", + "id": "pyup.io-42665", + "more_info_path": "/vulnerabilities/CVE-2021-41202/42665", "specs": [ "<2.8.9" ], @@ -107700,9 +109459,9 @@ }, { "advisory": "Rasa 2.8.9 updates its dependency 'tensorflow' to v2.6 to include several security fixes.\r\nhttps://github.com/RasaHQ/rasa/commit/c57dbd466dc153126f1486aafb60b8f19fb911e4", - "cve": "CVE-2021-41210", - "id": "pyup.io-42663", - "more_info_path": "/vulnerabilities/CVE-2021-41210/42663", + "cve": "CVE-2021-41221", + "id": "pyup.io-42650", + "more_info_path": "/vulnerabilities/CVE-2021-41221/42650", "specs": [ "<2.8.9" ], @@ -107710,9 +109469,9 @@ }, { "advisory": "Rasa 2.8.9 updates its dependency 'tensorflow' to v2.6 to include several security fixes.\r\nhttps://github.com/RasaHQ/rasa/commit/c57dbd466dc153126f1486aafb60b8f19fb911e4", - "cve": "CVE-2021-41209", - "id": "pyup.io-42651", - "more_info_path": "/vulnerabilities/CVE-2021-41209/42651", + "cve": "CVE-2021-41222", + "id": "pyup.io-42654", + "more_info_path": "/vulnerabilities/CVE-2021-41222/42654", "specs": [ "<2.8.9" ], @@ -107720,9 +109479,9 @@ }, { "advisory": "Rasa 2.8.9 updates its dependency 'tensorflow' to v2.6 to include several security fixes.\r\nhttps://github.com/RasaHQ/rasa/commit/c57dbd466dc153126f1486aafb60b8f19fb911e4", - "cve": "CVE-2021-41197", - "id": "pyup.io-42667", - "more_info_path": "/vulnerabilities/CVE-2021-41197/42667", + "cve": "CVE-2021-41224", + "id": "pyup.io-42655", + "more_info_path": "/vulnerabilities/CVE-2021-41224/42655", "specs": [ "<2.8.9" ], @@ -107730,9 +109489,9 @@ }, { "advisory": "Rasa 2.8.9 updates its dependency 'tensorflow' to v2.6 to include several security fixes.\r\nhttps://github.com/RasaHQ/rasa/commit/c57dbd466dc153126f1486aafb60b8f19fb911e4", - "cve": "CVE-2021-41195", - "id": "pyup.io-42668", - "more_info_path": "/vulnerabilities/CVE-2021-41195/42668", + "cve": "CVE-2021-41197", + "id": "pyup.io-42667", + "more_info_path": "/vulnerabilities/CVE-2021-41197/42667", "specs": [ "<2.8.9" ], @@ -107740,9 +109499,9 @@ }, { "advisory": "Rasa 2.8.9 updates its dependency 'tensorflow' to v2.6 to include several security fixes.\r\nhttps://github.com/RasaHQ/rasa/commit/c57dbd466dc153126f1486aafb60b8f19fb911e4", - "cve": "CVE-2021-41226", - "id": "pyup.io-42647", - "more_info_path": "/vulnerabilities/CVE-2021-41226/42647", + "cve": "CVE-2021-41198", + "id": "pyup.io-42669", + "more_info_path": "/vulnerabilities/CVE-2021-41198/42669", "specs": [ "<2.8.9" ], @@ -107750,9 +109509,9 @@ }, { "advisory": "Rasa 2.8.9 updates its dependency 'tensorflow' to v2.6 to include several security fixes.\r\nhttps://github.com/RasaHQ/rasa/commit/c57dbd466dc153126f1486aafb60b8f19fb911e4", - "cve": "CVE-2020-15265", - "id": "pyup.io-42670", - "more_info_path": "/vulnerabilities/CVE-2020-15265/42670", + "cve": "CVE-2021-41228", + "id": "pyup.io-42653", + "more_info_path": "/vulnerabilities/CVE-2021-41228/42653", "specs": [ "<2.8.9" ], @@ -107760,9 +109519,9 @@ }, { "advisory": "Rasa 2.8.9 updates its dependency 'tensorflow' to v2.6 to include several security fixes.\r\nhttps://github.com/RasaHQ/rasa/commit/c57dbd466dc153126f1486aafb60b8f19fb911e4", - "cve": "CVE-2021-41212", - "id": "pyup.io-42662", - "more_info_path": "/vulnerabilities/CVE-2021-41212/42662", + "cve": "CVE-2021-41206", + "id": "pyup.io-42660", + "more_info_path": "/vulnerabilities/CVE-2021-41206/42660", "specs": [ "<2.8.9" ], @@ -107770,9 +109529,9 @@ }, { "advisory": "Rasa 2.8.9 updates its dependency 'tensorflow' to v2.6 to include several security fixes.\r\nhttps://github.com/RasaHQ/rasa/commit/c57dbd466dc153126f1486aafb60b8f19fb911e4", - "cve": "CVE-2021-41214", - "id": "pyup.io-42645", - "more_info_path": "/vulnerabilities/CVE-2021-41214/42645", + "cve": "CVE-2021-41199", + "id": "pyup.io-42437", + "more_info_path": "/vulnerabilities/CVE-2021-41199/42437", "specs": [ "<2.8.9" ], @@ -107780,9 +109539,9 @@ }, { "advisory": "Rasa 2.8.9 updates its dependency 'tensorflow' to v2.6 to include several security fixes.\r\nhttps://github.com/RasaHQ/rasa/commit/c57dbd466dc153126f1486aafb60b8f19fb911e4", - "cve": "CVE-2021-41207", - "id": "pyup.io-42664", - "more_info_path": "/vulnerabilities/CVE-2021-41207/42664", + "cve": "CVE-2021-41219", + "id": "pyup.io-42646", + "more_info_path": "/vulnerabilities/CVE-2021-41219/42646", "specs": [ "<2.8.9" ], @@ -107790,9 +109549,9 @@ }, { "advisory": "Rasa 2.8.9 updates its dependency 'tensorflow' to v2.6 to include several security fixes.\r\nhttps://github.com/RasaHQ/rasa/commit/c57dbd466dc153126f1486aafb60b8f19fb911e4", - "cve": "CVE-2021-41217", - "id": "pyup.io-42644", - "more_info_path": "/vulnerabilities/CVE-2021-41217/42644", + "cve": "CVE-2021-41203", + "id": "pyup.io-42642", + "more_info_path": "/vulnerabilities/CVE-2021-41203/42642", "specs": [ "<2.8.9" ], @@ -107800,9 +109559,9 @@ }, { "advisory": "Rasa 2.8.9 updates its dependency 'tensorflow' to v2.6 to include several security fixes.\r\nhttps://github.com/RasaHQ/rasa/commit/c57dbd466dc153126f1486aafb60b8f19fb911e4", - "cve": "CVE-2021-41218", - "id": "pyup.io-42656", - "more_info_path": "/vulnerabilities/CVE-2021-41218/42656", + "cve": "CVE-2021-41209", + "id": "pyup.io-42651", + "more_info_path": "/vulnerabilities/CVE-2021-41209/42651", "specs": [ "<2.8.9" ], @@ -107810,9 +109569,9 @@ }, { "advisory": "Rasa 2.8.9 updates its dependency 'tensorflow' to v2.6 to include several security fixes.\r\nhttps://github.com/RasaHQ/rasa/commit/c57dbd466dc153126f1486aafb60b8f19fb911e4", - "cve": "CVE-2021-41221", - "id": "pyup.io-42650", - "more_info_path": "/vulnerabilities/CVE-2021-41221/42650", + "cve": "CVE-2021-41195", + "id": "pyup.io-42668", + "more_info_path": "/vulnerabilities/CVE-2021-41195/42668", "specs": [ "<2.8.9" ], @@ -107820,9 +109579,9 @@ }, { "advisory": "Rasa 2.8.9 updates its dependency 'tensorflow' to v2.6 to include several security fixes.\r\nhttps://github.com/RasaHQ/rasa/commit/c57dbd466dc153126f1486aafb60b8f19fb911e4", - "cve": "CVE-2021-41201", - "id": "pyup.io-42666", - "more_info_path": "/vulnerabilities/CVE-2021-41201/42666", + "cve": "CVE-2021-41210", + "id": "pyup.io-42663", + "more_info_path": "/vulnerabilities/CVE-2021-41210/42663", "specs": [ "<2.8.9" ], @@ -107830,9 +109589,9 @@ }, { "advisory": "Rasa 2.8.9 updates its dependency 'tensorflow' to v2.6 to include several security fixes.\r\nhttps://github.com/RasaHQ/rasa/commit/c57dbd466dc153126f1486aafb60b8f19fb911e4", - "cve": "CVE-2021-41219", - "id": "pyup.io-42646", - "more_info_path": "/vulnerabilities/CVE-2021-41219/42646", + "cve": "CVE-2021-41214", + "id": "pyup.io-42645", + "more_info_path": "/vulnerabilities/CVE-2021-41214/42645", "specs": [ "<2.8.9" ], @@ -107840,9 +109599,9 @@ }, { "advisory": "Rasa 2.8.9 updates its dependency 'tensorflow' to v2.6 to include several security fixes.\r\nhttps://github.com/RasaHQ/rasa/commit/c57dbd466dc153126f1486aafb60b8f19fb911e4", - "cve": "CVE-2021-41208", - "id": "pyup.io-42659", - "more_info_path": "/vulnerabilities/CVE-2021-41208/42659", + "cve": "CVE-2021-41218", + "id": "pyup.io-42656", + "more_info_path": "/vulnerabilities/CVE-2021-41218/42656", "specs": [ "<2.8.9" ], @@ -107850,9 +109609,9 @@ }, { "advisory": "Rasa 2.8.9 updates its dependency 'tensorflow' to v2.6 to include several security fixes.\r\nhttps://github.com/RasaHQ/rasa/commit/c57dbd466dc153126f1486aafb60b8f19fb911e4", - "cve": "CVE-2021-41205", - "id": "pyup.io-42661", - "more_info_path": "/vulnerabilities/CVE-2021-41205/42661", + "cve": "CVE-2021-41204", + "id": "pyup.io-42652", + "more_info_path": "/vulnerabilities/CVE-2021-41204/42652", "specs": [ "<2.8.9" ], @@ -107860,9 +109619,9 @@ }, { "advisory": "Rasa 2.8.9 updates its dependency 'tensorflow' to v2.6 to include several security fixes.\r\nhttps://github.com/RasaHQ/rasa/commit/c57dbd466dc153126f1486aafb60b8f19fb911e4", - "cve": "CVE-2021-41203", - "id": "pyup.io-42642", - "more_info_path": "/vulnerabilities/CVE-2021-41203/42642", + "cve": "CVE-2021-41207", + "id": "pyup.io-42664", + "more_info_path": "/vulnerabilities/CVE-2021-41207/42664", "specs": [ "<2.8.9" ], @@ -107870,9 +109629,9 @@ }, { "advisory": "Rasa 2.8.9 updates its dependency 'tensorflow' to v2.6 to include several security fixes.\r\nhttps://github.com/RasaHQ/rasa/commit/c57dbd466dc153126f1486aafb60b8f19fb911e4", - "cve": "CVE-2021-41196", - "id": "pyup.io-42641", - "more_info_path": "/vulnerabilities/CVE-2021-41196/42641", + "cve": "CVE-2021-41205", + "id": "pyup.io-42661", + "more_info_path": "/vulnerabilities/CVE-2021-41205/42661", "specs": [ "<2.8.9" ], @@ -107880,9 +109639,9 @@ }, { "advisory": "Rasa 2.8.9 updates its dependency 'tensorflow' to v2.6 to include several security fixes.\r\nhttps://github.com/RasaHQ/rasa/commit/c57dbd466dc153126f1486aafb60b8f19fb911e4", - "cve": "CVE-2021-41222", - "id": "pyup.io-42654", - "more_info_path": "/vulnerabilities/CVE-2021-41222/42654", + "cve": "CVE-2021-41200", + "id": "pyup.io-42643", + "more_info_path": "/vulnerabilities/CVE-2021-41200/42643", "specs": [ "<2.8.9" ], @@ -107900,9 +109659,9 @@ }, { "advisory": "Rasa 2.8.9 updates its dependency 'tensorflow' to v2.6 to include several security fixes.\r\nhttps://github.com/RasaHQ/rasa/commit/c57dbd466dc153126f1486aafb60b8f19fb911e4", - "cve": "CVE-2021-41227", - "id": "pyup.io-42648", - "more_info_path": "/vulnerabilities/CVE-2021-41227/42648", + "cve": "CVE-2021-41212", + "id": "pyup.io-42662", + "more_info_path": "/vulnerabilities/CVE-2021-41212/42662", "specs": [ "<2.8.9" ], @@ -107910,9 +109669,9 @@ }, { "advisory": "Rasa 2.8.9 updates its dependency 'tensorflow' to v2.6 to include several security fixes.\r\nhttps://github.com/RasaHQ/rasa/commit/c57dbd466dc153126f1486aafb60b8f19fb911e4", - "cve": "CVE-2021-41204", - "id": "pyup.io-42652", - "more_info_path": "/vulnerabilities/CVE-2021-41204/42652", + "cve": "CVE-2021-41217", + "id": "pyup.io-42644", + "more_info_path": "/vulnerabilities/CVE-2021-41217/42644", "specs": [ "<2.8.9" ], @@ -107920,9 +109679,9 @@ }, { "advisory": "Rasa 2.8.9 updates its dependency 'tensorflow' to v2.6 to include several security fixes.\r\nhttps://github.com/RasaHQ/rasa/commit/c57dbd466dc153126f1486aafb60b8f19fb911e4", - "cve": "CVE-2021-41225", - "id": "pyup.io-42649", - "more_info_path": "/vulnerabilities/CVE-2021-41225/42649", + "cve": "CVE-2021-41227", + "id": "pyup.io-42648", + "more_info_path": "/vulnerabilities/CVE-2021-41227/42648", "specs": [ "<2.8.9" ], @@ -107930,9 +109689,9 @@ }, { "advisory": "Rasa 2.8.9 updates its dependency 'tensorflow' to v2.6 to include several security fixes.\r\nhttps://github.com/RasaHQ/rasa/commit/c57dbd466dc153126f1486aafb60b8f19fb911e4", - "cve": "CVE-2021-41228", - "id": "pyup.io-42653", - "more_info_path": "/vulnerabilities/CVE-2021-41228/42653", + "cve": "CVE-2020-15265", + "id": "pyup.io-42670", + "more_info_path": "/vulnerabilities/CVE-2020-15265/42670", "specs": [ "<2.8.9" ], @@ -107940,9 +109699,9 @@ }, { "advisory": "Rasa 2.8.9 updates its dependency 'tensorflow' to v2.6 to include several security fixes.\r\nhttps://github.com/RasaHQ/rasa/commit/c57dbd466dc153126f1486aafb60b8f19fb911e4", - "cve": "CVE-2021-41199", - "id": "pyup.io-42437", - "more_info_path": "/vulnerabilities/CVE-2021-41199/42437", + "cve": "CVE-2021-41216", + "id": "pyup.io-42657", + "more_info_path": "/vulnerabilities/CVE-2021-41216/42657", "specs": [ "<2.8.9" ], @@ -107950,9 +109709,9 @@ }, { "advisory": "Rasa 2.8.9 updates its dependency 'tensorflow' to v2.6 to include several security fixes.\r\nhttps://github.com/RasaHQ/rasa/commit/c57dbd466dc153126f1486aafb60b8f19fb911e4", - "cve": "CVE-2021-41202", - "id": "pyup.io-42665", - "more_info_path": "/vulnerabilities/CVE-2021-41202/42665", + "cve": "CVE-2021-41201", + "id": "pyup.io-42666", + "more_info_path": "/vulnerabilities/CVE-2021-41201/42666", "specs": [ "<2.8.9" ], @@ -107960,9 +109719,9 @@ }, { "advisory": "Rasa 2.8.9 updates its dependency 'tensorflow' to v2.6 to include several security fixes.\r\nhttps://github.com/RasaHQ/rasa/commit/c57dbd466dc153126f1486aafb60b8f19fb911e4", - "cve": "CVE-2021-41200", - "id": "pyup.io-42643", - "more_info_path": "/vulnerabilities/CVE-2021-41200/42643", + "cve": "CVE-2021-41226", + "id": "pyup.io-42647", + "more_info_path": "/vulnerabilities/CVE-2021-41226/42647", "specs": [ "<2.8.9" ], @@ -108012,9 +109771,19 @@ }, { "advisory": "Rasa 3.1.4 updates its dependency 'tensorflow' to v2.7.3 to include security fixes.", - "cve": "CVE-2022-27780", - "id": "pyup.io-49597", - "more_info_path": "/vulnerabilities/CVE-2022-27780/49597", + "cve": "CVE-2022-29204", + "id": "pyup.io-49613", + "more_info_path": "/vulnerabilities/CVE-2022-29204/49613", + "specs": [ + "<3.1.4" + ], + "v": "<3.1.4" + }, + { + "advisory": "Rasa 3.1.4 updates its dependency 'tensorflow' to v2.7.3 to include security fixes.", + "cve": "CVE-2022-29199", + "id": "pyup.io-49608", + "more_info_path": "/vulnerabilities/CVE-2022-29199/49608", "specs": [ "<3.1.4" ], @@ -108032,9 +109801,9 @@ }, { "advisory": "Rasa 3.1.4 updates its dependency 'tensorflow' to v2.7.3 to include security fixes.", - "cve": "CVE-2022-29200", - "id": "pyup.io-49609", - "more_info_path": "/vulnerabilities/CVE-2022-29200/49609", + "cve": "CVE-2022-27779", + "id": "pyup.io-49596", + "more_info_path": "/vulnerabilities/CVE-2022-27779/49596", "specs": [ "<3.1.4" ], @@ -108042,9 +109811,9 @@ }, { "advisory": "Rasa 3.1.4 updates its dependency 'tensorflow' to v2.7.3 to include security fixes.", - "cve": "CVE-2022-27782", - "id": "pyup.io-49599", - "more_info_path": "/vulnerabilities/CVE-2022-27782/49599", + "cve": "CVE-2022-29198", + "id": "pyup.io-49607", + "more_info_path": "/vulnerabilities/CVE-2022-29198/49607", "specs": [ "<3.1.4" ], @@ -108052,9 +109821,9 @@ }, { "advisory": "Rasa 3.1.4 updates its dependency 'tensorflow' to v2.7.3 to include security fixes.", - "cve": "CVE-2022-27778", - "id": "pyup.io-49595", - "more_info_path": "/vulnerabilities/CVE-2022-27778/49595", + "cve": "CVE-2022-27776", + "id": "pyup.io-49594", + "more_info_path": "/vulnerabilities/CVE-2022-27776/49594", "specs": [ "<3.1.4" ], @@ -108062,9 +109831,9 @@ }, { "advisory": "Rasa 3.1.4 updates its dependency 'tensorflow' to v2.7.3 to include security fixes.", - "cve": "CVE-2022-29193", - "id": "pyup.io-49602", - "more_info_path": "/vulnerabilities/CVE-2022-29193/49602", + "cve": "CVE-2022-29208", + "id": "pyup.io-49617", + "more_info_path": "/vulnerabilities/CVE-2022-29208/49617", "specs": [ "<3.1.4" ], @@ -108072,9 +109841,9 @@ }, { "advisory": "Rasa 3.1.4 updates its dependency 'tensorflow' to v2.7.3 to include security fixes.", - "cve": "CVE-2022-29201", - "id": "pyup.io-49610", - "more_info_path": "/vulnerabilities/CVE-2022-29201/49610", + "cve": "CVE-2022-29200", + "id": "pyup.io-49609", + "more_info_path": "/vulnerabilities/CVE-2022-29200/49609", "specs": [ "<3.1.4" ], @@ -108082,9 +109851,9 @@ }, { "advisory": "Rasa 3.1.4 updates its dependency 'tensorflow' to v2.7.3 to include security fixes.", - "cve": "CVE-2022-27779", - "id": "pyup.io-49596", - "more_info_path": "/vulnerabilities/CVE-2022-27779/49596", + "cve": "CVE-2022-29213", + "id": "pyup.io-49621", + "more_info_path": "/vulnerabilities/CVE-2022-29213/49621", "specs": [ "<3.1.4" ], @@ -108092,9 +109861,9 @@ }, { "advisory": "Rasa 3.1.4 updates its dependency 'tensorflow' to v2.7.3 to include security fixes.", - "cve": "CVE-2022-30115", - "id": "pyup.io-49623", - "more_info_path": "/vulnerabilities/CVE-2022-30115/49623", + "cve": "CVE-2022-27775", + "id": "pyup.io-49593", + "more_info_path": "/vulnerabilities/CVE-2022-27775/49593", "specs": [ "<3.1.4" ], @@ -108102,9 +109871,9 @@ }, { "advisory": "Rasa 3.1.4 updates its dependency 'tensorflow' to v2.7.3 to include security fixes.", - "cve": "CVE-2018-25032", - "id": "pyup.io-49581", - "more_info_path": "/vulnerabilities/CVE-2018-25032/49581", + "cve": "CVE-2022-29206", + "id": "pyup.io-49615", + "more_info_path": "/vulnerabilities/CVE-2022-29206/49615", "specs": [ "<3.1.4" ], @@ -108112,9 +109881,9 @@ }, { "advisory": "Rasa 3.1.4 updates its dependency 'tensorflow' to v2.7.3 to include security fixes.", - "cve": "CVE-2022-29213", - "id": "pyup.io-49621", - "more_info_path": "/vulnerabilities/CVE-2022-29213/49621", + "cve": "CVE-2022-29196", + "id": "pyup.io-49605", + "more_info_path": "/vulnerabilities/CVE-2022-29196/49605", "specs": [ "<3.1.4" ], @@ -108122,9 +109891,9 @@ }, { "advisory": "Rasa 3.1.4 updates its dependency 'tensorflow' to v2.7.3 to include security fixes.", - "cve": "CVE-2022-29216", - "id": "pyup.io-49622", - "more_info_path": "/vulnerabilities/CVE-2022-29216/49622", + "cve": "CVE-2022-30115", + "id": "pyup.io-49623", + "more_info_path": "/vulnerabilities/CVE-2022-30115/49623", "specs": [ "<3.1.4" ], @@ -108132,9 +109901,9 @@ }, { "advisory": "Rasa 3.1.4 updates its dependency 'tensorflow' to v2.7.3 to include security fixes.", - "cve": "CVE-2022-29194", - "id": "pyup.io-49603", - "more_info_path": "/vulnerabilities/CVE-2022-29194/49603", + "cve": "CVE-2022-29192", + "id": "pyup.io-49601", + "more_info_path": "/vulnerabilities/CVE-2022-29192/49601", "specs": [ "<3.1.4" ], @@ -108142,9 +109911,9 @@ }, { "advisory": "Rasa 3.1.4 updates its dependency 'tensorflow' to v2.7.3 to include security fixes.", - "cve": "CVE-2022-22576", - "id": "pyup.io-49591", - "more_info_path": "/vulnerabilities/CVE-2022-22576/49591", + "cve": "CVE-2022-29216", + "id": "pyup.io-49622", + "more_info_path": "/vulnerabilities/CVE-2022-29216/49622", "specs": [ "<3.1.4" ], @@ -108152,9 +109921,9 @@ }, { "advisory": "Rasa 3.1.4 updates its dependency 'tensorflow' to v2.7.3 to include security fixes.", - "cve": "CVE-2022-27775", - "id": "pyup.io-49593", - "more_info_path": "/vulnerabilities/CVE-2022-27775/49593", + "cve": "CVE-2022-29205", + "id": "pyup.io-49614", + "more_info_path": "/vulnerabilities/CVE-2022-29205/49614", "specs": [ "<3.1.4" ], @@ -108162,9 +109931,9 @@ }, { "advisory": "Rasa 3.1.4 updates its dependency 'tensorflow' to v2.7.3 to include security fixes.", - "cve": "CVE-2022-29191", - "id": "pyup.io-49600", - "more_info_path": "/vulnerabilities/CVE-2022-29191/49600", + "cve": "CVE-2022-29212", + "id": "pyup.io-49620", + "more_info_path": "/vulnerabilities/CVE-2022-29212/49620", "specs": [ "<3.1.4" ], @@ -108172,9 +109941,9 @@ }, { "advisory": "Rasa 3.1.4 updates its dependency 'tensorflow' to v2.7.3 to include security fixes.", - "cve": "CVE-2022-29199", - "id": "pyup.io-49608", - "more_info_path": "/vulnerabilities/CVE-2022-29199/49608", + "cve": "CVE-2022-29193", + "id": "pyup.io-49602", + "more_info_path": "/vulnerabilities/CVE-2022-29193/49602", "specs": [ "<3.1.4" ], @@ -108182,9 +109951,9 @@ }, { "advisory": "Rasa 3.1.4 updates its dependency 'tensorflow' to v2.7.3 to include security fixes.", - "cve": "CVE-2022-29203", - "id": "pyup.io-49612", - "more_info_path": "/vulnerabilities/CVE-2022-29203/49612", + "cve": "CVE-2022-27778", + "id": "pyup.io-49595", + "more_info_path": "/vulnerabilities/CVE-2022-27778/49595", "specs": [ "<3.1.4" ], @@ -108192,9 +109961,9 @@ }, { "advisory": "Rasa 3.1.4 updates its dependency 'tensorflow' to v2.7.3 to include security fixes.", - "cve": "CVE-2022-29198", - "id": "pyup.io-49607", - "more_info_path": "/vulnerabilities/CVE-2022-29198/49607", + "cve": "CVE-2022-27780", + "id": "pyup.io-49597", + "more_info_path": "/vulnerabilities/CVE-2022-27780/49597", "specs": [ "<3.1.4" ], @@ -108202,9 +109971,9 @@ }, { "advisory": "Rasa 3.1.4 updates its dependency 'tensorflow' to v2.7.3 to include security fixes.", - "cve": "CVE-2022-29197", - "id": "pyup.io-49606", - "more_info_path": "/vulnerabilities/CVE-2022-29197/49606", + "cve": "CVE-2022-29202", + "id": "pyup.io-49611", + "more_info_path": "/vulnerabilities/CVE-2022-29202/49611", "specs": [ "<3.1.4" ], @@ -108212,9 +109981,9 @@ }, { "advisory": "Rasa 3.1.4 updates its dependency 'tensorflow' to v2.7.3 to include security fixes.", - "cve": "CVE-2022-27776", - "id": "pyup.io-49594", - "more_info_path": "/vulnerabilities/CVE-2022-27776/49594", + "cve": "CVE-2022-29207", + "id": "pyup.io-49616", + "more_info_path": "/vulnerabilities/CVE-2022-29207/49616", "specs": [ "<3.1.4" ], @@ -108222,9 +109991,9 @@ }, { "advisory": "Rasa 3.1.4 updates its dependency 'tensorflow' to v2.7.3 to include security fixes.", - "cve": "CVE-2022-27781", - "id": "pyup.io-49598", - "more_info_path": "/vulnerabilities/CVE-2022-27781/49598", + "cve": "CVE-2022-29211", + "id": "pyup.io-49619", + "more_info_path": "/vulnerabilities/CVE-2022-29211/49619", "specs": [ "<3.1.4" ], @@ -108232,9 +110001,9 @@ }, { "advisory": "Rasa 3.1.4 updates its dependency 'tensorflow' to v2.7.3 to include security fixes.", - "cve": "CVE-2022-29207", - "id": "pyup.io-49616", - "more_info_path": "/vulnerabilities/CVE-2022-29207/49616", + "cve": "CVE-2022-29191", + "id": "pyup.io-49600", + "more_info_path": "/vulnerabilities/CVE-2022-29191/49600", "specs": [ "<3.1.4" ], @@ -108242,9 +110011,9 @@ }, { "advisory": "Rasa 3.1.4 updates its dependency 'tensorflow' to v2.7.3 to include security fixes.", - "cve": "CVE-2022-29205", - "id": "pyup.io-49614", - "more_info_path": "/vulnerabilities/CVE-2022-29205/49614", + "cve": "CVE-2022-29203", + "id": "pyup.io-49612", + "more_info_path": "/vulnerabilities/CVE-2022-29203/49612", "specs": [ "<3.1.4" ], @@ -108252,9 +110021,9 @@ }, { "advisory": "Rasa 3.1.4 updates its dependency 'tensorflow' to v2.7.3 to include security fixes.", - "cve": "CVE-2022-29211", - "id": "pyup.io-49619", - "more_info_path": "/vulnerabilities/CVE-2022-29211/49619", + "cve": "CVE-2022-27782", + "id": "pyup.io-49599", + "more_info_path": "/vulnerabilities/CVE-2022-27782/49599", "specs": [ "<3.1.4" ], @@ -108272,9 +110041,9 @@ }, { "advisory": "Rasa 3.1.4 updates its dependency 'tensorflow' to v2.7.3 to include security fixes.", - "cve": "CVE-2022-29208", - "id": "pyup.io-49617", - "more_info_path": "/vulnerabilities/CVE-2022-29208/49617", + "cve": "CVE-2022-27781", + "id": "pyup.io-49598", + "more_info_path": "/vulnerabilities/CVE-2022-27781/49598", "specs": [ "<3.1.4" ], @@ -108282,9 +110051,9 @@ }, { "advisory": "Rasa 3.1.4 updates its dependency 'tensorflow' to v2.7.3 to include security fixes.", - "cve": "CVE-2022-29212", - "id": "pyup.io-49620", - "more_info_path": "/vulnerabilities/CVE-2022-29212/49620", + "cve": "CVE-2022-29195", + "id": "pyup.io-49604", + "more_info_path": "/vulnerabilities/CVE-2022-29195/49604", "specs": [ "<3.1.4" ], @@ -108292,9 +110061,9 @@ }, { "advisory": "Rasa 3.1.4 updates its dependency 'tensorflow' to v2.7.3 to include security fixes.", - "cve": "CVE-2022-29202", - "id": "pyup.io-49611", - "more_info_path": "/vulnerabilities/CVE-2022-29202/49611", + "cve": "CVE-2018-25032", + "id": "pyup.io-49581", + "more_info_path": "/vulnerabilities/CVE-2018-25032/49581", "specs": [ "<3.1.4" ], @@ -108302,9 +110071,9 @@ }, { "advisory": "Rasa 3.1.4 updates its dependency 'tensorflow' to v2.7.3 to include security fixes.", - "cve": "CVE-2022-29196", - "id": "pyup.io-49605", - "more_info_path": "/vulnerabilities/CVE-2022-29196/49605", + "cve": "CVE-2022-29194", + "id": "pyup.io-49603", + "more_info_path": "/vulnerabilities/CVE-2022-29194/49603", "specs": [ "<3.1.4" ], @@ -108312,9 +110081,9 @@ }, { "advisory": "Rasa 3.1.4 updates its dependency 'tensorflow' to v2.7.3 to include security fixes.", - "cve": "CVE-2022-29206", - "id": "pyup.io-49615", - "more_info_path": "/vulnerabilities/CVE-2022-29206/49615", + "cve": "CVE-2022-22576", + "id": "pyup.io-49591", + "more_info_path": "/vulnerabilities/CVE-2022-22576/49591", "specs": [ "<3.1.4" ], @@ -108322,9 +110091,9 @@ }, { "advisory": "Rasa 3.1.4 updates its dependency 'tensorflow' to v2.7.3 to include security fixes.", - "cve": "CVE-2022-29192", - "id": "pyup.io-49601", - "more_info_path": "/vulnerabilities/CVE-2022-29192/49601", + "cve": "CVE-2022-29197", + "id": "pyup.io-49606", + "more_info_path": "/vulnerabilities/CVE-2022-29197/49606", "specs": [ "<3.1.4" ], @@ -108332,19 +110101,9 @@ }, { "advisory": "Rasa 3.1.4 updates its dependency 'tensorflow' to v2.7.3 to include security fixes.", - "cve": "CVE-2022-29204", - "id": "pyup.io-49613", - "more_info_path": "/vulnerabilities/CVE-2022-29204/49613", - "specs": [ - "<3.1.4" - ], - "v": "<3.1.4" - }, - { - "advisory": "Rasa 3.1.4 updates its dependency 'tensorflow' to v2.7.3 to include security fixes.", - "cve": "CVE-2022-29195", - "id": "pyup.io-49604", - "more_info_path": "/vulnerabilities/CVE-2022-29195/49604", + "cve": "CVE-2022-29201", + "id": "pyup.io-49610", + "more_info_path": "/vulnerabilities/CVE-2022-29201/49610", "specs": [ "<3.1.4" ], @@ -108372,9 +110131,9 @@ }, { "advisory": "Rasa 3.3.1 updates its dependency 'numpy' to v1.23.4 to include security fixes.", - "cve": "CVE-2021-34141", - "id": "pyup.io-51877", - "more_info_path": "/vulnerabilities/CVE-2021-34141/51877", + "cve": "CVE-2021-41495", + "id": "pyup.io-51806", + "more_info_path": "/vulnerabilities/CVE-2021-41495/51806", "specs": [ "<3.3.1" ], @@ -108382,9 +110141,9 @@ }, { "advisory": "Rasa 3.3.1 updates its dependency 'numpy' to v1.23.4 to include security fixes.", - "cve": "CVE-2021-41495", - "id": "pyup.io-51806", - "more_info_path": "/vulnerabilities/CVE-2021-41495/51806", + "cve": "CVE-2021-34141", + "id": "pyup.io-51877", + "more_info_path": "/vulnerabilities/CVE-2021-34141/51877", "specs": [ "<3.3.1" ], @@ -108401,14 +110160,14 @@ "v": "<3.5.6" }, { - "advisory": "Rasa 3.6.6 updates its dependency 'wheel' to include a fix for ReDoS vulnerability.\r\nhttps://github.com/rasahq/rasa/issues/12755", - "cve": "CVE-2022-40898", - "id": "pyup.io-60657", - "more_info_path": "/vulnerabilities/CVE-2022-40898/60657", + "advisory": "Rasa 3.6.12 updates its dependency 'pillow' to include a fix for a high-risk vulnerability affecting libwebp.", + "cve": "CVE-2023-4863", + "id": "pyup.io-61703", + "more_info_path": "/vulnerabilities/CVE-2023-4863/61703", "specs": [ - "<3.6.6" + "<3.6.12" ], - "v": "<3.6.6" + "v": "<3.6.12" }, { "advisory": "Rasa 3.6.6 updates its dependency 'setuptools' to include a fix for ReDoS vulnerability.\r\nhttps://github.com/rasahq/rasa/issues/12755", @@ -108421,14 +110180,14 @@ "v": "<3.6.6" }, { - "advisory": "Rasa 3.6.7 updates its dependency 'scipy' to version '1.10.1' to include a fix for a DoS vulnerability.\r\nhttps://github.com/RasaHQ/rasa/pull/12768", - "cve": "CVE-2023-25399", - "id": "pyup.io-60811", - "more_info_path": "/vulnerabilities/CVE-2023-25399/60811", + "advisory": "Rasa 3.6.6 updates its dependency 'wheel' to include a fix for ReDoS vulnerability.\r\nhttps://github.com/rasahq/rasa/issues/12755", + "cve": "CVE-2022-40898", + "id": "pyup.io-60657", + "more_info_path": "/vulnerabilities/CVE-2022-40898/60657", "specs": [ - "<3.6.7" + "<3.6.6" ], - "v": "<3.6.7" + "v": "<3.6.6" }, { "advisory": "Rasa 3.6.7 updates its dependency 'certifi' to version '2023.7.22' to include a fix for a vulnerability.\r\nhttps://github.com/RasaHQ/rasa/pull/12768", @@ -108440,6 +110199,16 @@ ], "v": "<3.6.7" }, + { + "advisory": "Rasa 3.6.7 updates its dependency 'cryptography' to version '41.0.3' to include a fix for a DoS vulnerability.\r\nhttps://github.com/RasaHQ/rasa/pull/12768", + "cve": "CVE-2023-3446", + "id": "pyup.io-60808", + "more_info_path": "/vulnerabilities/CVE-2023-3446/60808", + "specs": [ + "<3.6.7" + ], + "v": "<3.6.7" + }, { "advisory": "Rasa 3.6.7 updates its dependency 'cryptography' to version '41.0.3' to include a fix for a vulnerability.\r\nhttps://github.com/RasaHQ/rasa/pull/12768", "cve": "CVE-2023-38325", @@ -108450,11 +110219,21 @@ ], "v": "<3.6.7" }, + { + "advisory": "Rasa 3.6.7 updates its dependency 'scipy' to version '1.10.1' to include a fix for a DoS vulnerability.\r\nhttps://github.com/RasaHQ/rasa/pull/12768", + "cve": "CVE-2023-25399", + "id": "pyup.io-60811", + "more_info_path": "/vulnerabilities/CVE-2023-25399/60811", + "specs": [ + "<3.6.7" + ], + "v": "<3.6.7" + }, { "advisory": "Rasa 3.6.7 updates its dependency 'cryptography' to version '41.0.3' to include a fix for a DoS vulnerability.\r\nhttps://github.com/RasaHQ/rasa/pull/12768", - "cve": "CVE-2023-3446", - "id": "pyup.io-60808", - "more_info_path": "/vulnerabilities/CVE-2023-3446/60808", + "cve": "CVE-2023-3817", + "id": "pyup.io-60807", + "more_info_path": "/vulnerabilities/CVE-2023-3817/60807", "specs": [ "<3.6.7" ], @@ -108471,20 +110250,21 @@ "v": "<3.6.7" }, { - "advisory": "Rasa 3.6.7 updates its dependency 'cryptography' to version '41.0.3' to include a fix for a DoS vulnerability.\r\nhttps://github.com/RasaHQ/rasa/pull/12768", - "cve": "CVE-2023-3817", - "id": "pyup.io-60807", - "more_info_path": "/vulnerabilities/CVE-2023-3817/60807", + "advisory": "Rasa 3.0.x <= 3.0.9 and <=2.8.26 require versions of TensorFlow (2.6.1/2.6.2) that have known vulnerabilities.", + "cve": "CVE-2022-23575", + "id": "pyup.io-46995", + "more_info_path": "/vulnerabilities/CVE-2022-23575/46995", "specs": [ - "<3.6.7" + "<=2.8.26", + ">=3.0.0rc1,<=3.0.9" ], - "v": "<3.6.7" + "v": "<=2.8.26,>=3.0.0rc1,<=3.0.9" }, { "advisory": "Rasa 3.0.x <= 3.0.9 and <=2.8.26 require versions of TensorFlow (2.6.1/2.6.2) that have known vulnerabilities.", - "cve": "CVE-2022-23579", - "id": "pyup.io-46999", - "more_info_path": "/vulnerabilities/CVE-2022-23579/46999", + "cve": "CVE-2022-21731", + "id": "pyup.io-46966", + "more_info_path": "/vulnerabilities/CVE-2022-21731/46966", "specs": [ "<=2.8.26", ">=3.0.0rc1,<=3.0.9" @@ -108504,9 +110284,9 @@ }, { "advisory": "Rasa 3.0.x <= 3.0.9 and <=2.8.26 require versions of TensorFlow (2.6.1/2.6.2) that have known vulnerabilities.", - "cve": "CVE-2022-23569", - "id": "pyup.io-46989", - "more_info_path": "/vulnerabilities/CVE-2022-23569/46989", + "cve": "CVE-2022-23562", + "id": "pyup.io-46982", + "more_info_path": "/vulnerabilities/CVE-2022-23562/46982", "specs": [ "<=2.8.26", ">=3.0.0rc1,<=3.0.9" @@ -108515,9 +110295,9 @@ }, { "advisory": "Rasa 3.0.x <= 3.0.9 and <=2.8.26 require versions of TensorFlow (2.6.1/2.6.2) that have known vulnerabilities.", - "cve": "CVE-2022-21735", - "id": "pyup.io-46970", - "more_info_path": "/vulnerabilities/CVE-2022-21735/46970", + "cve": "CVE-2022-23568", + "id": "pyup.io-46988", + "more_info_path": "/vulnerabilities/CVE-2022-23568/46988", "specs": [ "<=2.8.26", ">=3.0.0rc1,<=3.0.9" @@ -108526,9 +110306,9 @@ }, { "advisory": "Rasa 3.0.x <= 3.0.9 and <=2.8.26 require versions of TensorFlow (2.6.1/2.6.2) that have known vulnerabilities.", - "cve": "CVE-2022-21726", - "id": "pyup.io-46961", - "more_info_path": "/vulnerabilities/CVE-2022-21726/46961", + "cve": "CVE-2022-23560", + "id": "pyup.io-46980", + "more_info_path": "/vulnerabilities/CVE-2022-23560/46980", "specs": [ "<=2.8.26", ">=3.0.0rc1,<=3.0.9" @@ -108537,9 +110317,9 @@ }, { "advisory": "Rasa 3.0.x <= 3.0.9 and <=2.8.26 require versions of TensorFlow (2.6.1/2.6.2) that have known vulnerabilities.", - "cve": "CVE-2022-21734", - "id": "pyup.io-46969", - "more_info_path": "/vulnerabilities/CVE-2022-21734/46969", + "cve": "CVE-2022-21732", + "id": "pyup.io-46967", + "more_info_path": "/vulnerabilities/CVE-2022-21732/46967", "specs": [ "<=2.8.26", ">=3.0.0rc1,<=3.0.9" @@ -108548,9 +110328,9 @@ }, { "advisory": "Rasa 3.0.x <= 3.0.9 and <=2.8.26 require versions of TensorFlow (2.6.1/2.6.2) that have known vulnerabilities.", - "cve": "CVE-2022-23583", - "id": "pyup.io-47003", - "more_info_path": "/vulnerabilities/CVE-2022-23583/47003", + "cve": "CVE-2022-23588", + "id": "pyup.io-47008", + "more_info_path": "/vulnerabilities/CVE-2022-23588/47008", "specs": [ "<=2.8.26", ">=3.0.0rc1,<=3.0.9" @@ -108559,9 +110339,9 @@ }, { "advisory": "Rasa 3.0.x <= 3.0.9 and <=2.8.26 require versions of TensorFlow (2.6.1/2.6.2) that have known vulnerabilities.", - "cve": "CVE-2022-23573", - "id": "pyup.io-46993", - "more_info_path": "/vulnerabilities/CVE-2022-23573/46993", + "cve": "CVE-2022-23565", + "id": "pyup.io-46985", + "more_info_path": "/vulnerabilities/CVE-2022-23565/46985", "specs": [ "<=2.8.26", ">=3.0.0rc1,<=3.0.9" @@ -108570,9 +110350,9 @@ }, { "advisory": "Rasa 3.0.x <= 3.0.9 and <=2.8.26 require versions of TensorFlow (2.6.1/2.6.2) that have known vulnerabilities.", - "cve": "CVE-2022-21729", - "id": "pyup.io-46964", - "more_info_path": "/vulnerabilities/CVE-2022-21729/46964", + "cve": "CVE-2022-21741", + "id": "pyup.io-46976", + "more_info_path": "/vulnerabilities/CVE-2022-21741/46976", "specs": [ "<=2.8.26", ">=3.0.0rc1,<=3.0.9" @@ -108581,9 +110361,9 @@ }, { "advisory": "Rasa 3.0.x <= 3.0.9 and <=2.8.26 require versions of TensorFlow (2.6.1/2.6.2) that have known vulnerabilities.", - "cve": "CVE-2022-23565", - "id": "pyup.io-46985", - "more_info_path": "/vulnerabilities/CVE-2022-23565/46985", + "cve": "CVE-2022-23574", + "id": "pyup.io-46994", + "more_info_path": "/vulnerabilities/CVE-2022-23574/46994", "specs": [ "<=2.8.26", ">=3.0.0rc1,<=3.0.9" @@ -108592,9 +110372,9 @@ }, { "advisory": "Rasa 3.0.x <= 3.0.9 and <=2.8.26 require versions of TensorFlow (2.6.1/2.6.2) that have known vulnerabilities.", - "cve": "CVE-2022-23576", - "id": "pyup.io-46996", - "more_info_path": "/vulnerabilities/CVE-2022-23576/46996", + "cve": "CVE-2022-23570", + "id": "pyup.io-46990", + "more_info_path": "/vulnerabilities/CVE-2022-23570/46990", "specs": [ "<=2.8.26", ">=3.0.0rc1,<=3.0.9" @@ -108603,9 +110383,9 @@ }, { "advisory": "Rasa 3.0.x <= 3.0.9 and <=2.8.26 require versions of TensorFlow (2.6.1/2.6.2) that have known vulnerabilities.", - "cve": "CVE-2022-21741", - "id": "pyup.io-46976", - "more_info_path": "/vulnerabilities/CVE-2022-21741/46976", + "cve": "CVE-2022-23569", + "id": "pyup.io-46989", + "more_info_path": "/vulnerabilities/CVE-2022-23569/46989", "specs": [ "<=2.8.26", ">=3.0.0rc1,<=3.0.9" @@ -108614,9 +110394,9 @@ }, { "advisory": "Rasa 3.0.x <= 3.0.9 and <=2.8.26 require versions of TensorFlow (2.6.1/2.6.2) that have known vulnerabilities.", - "cve": "CVE-2022-21727", - "id": "pyup.io-46962", - "more_info_path": "/vulnerabilities/CVE-2022-21727/46962", + "cve": "CVE-2022-23563", + "id": "pyup.io-46983", + "more_info_path": "/vulnerabilities/CVE-2022-23563/46983", "specs": [ "<=2.8.26", ">=3.0.0rc1,<=3.0.9" @@ -108625,9 +110405,9 @@ }, { "advisory": "Rasa 3.0.x <= 3.0.9 and <=2.8.26 require versions of TensorFlow (2.6.1/2.6.2) that have known vulnerabilities.", - "cve": "CVE-2022-23572", - "id": "pyup.io-46992", - "more_info_path": "/vulnerabilities/CVE-2022-23572/46992", + "cve": "CVE-2022-23578", + "id": "pyup.io-46998", + "more_info_path": "/vulnerabilities/CVE-2022-23578/46998", "specs": [ "<=2.8.26", ">=3.0.0rc1,<=3.0.9" @@ -108636,9 +110416,9 @@ }, { "advisory": "Rasa 3.0.x <= 3.0.9 and <=2.8.26 require versions of TensorFlow (2.6.1/2.6.2) that have known vulnerabilities.", - "cve": "CVE-2022-23595", - "id": "pyup.io-47011", - "more_info_path": "/vulnerabilities/CVE-2022-23595/47011", + "cve": "CVE-2022-21726", + "id": "pyup.io-46961", + "more_info_path": "/vulnerabilities/CVE-2022-21726/46961", "specs": [ "<=2.8.26", ">=3.0.0rc1,<=3.0.9" @@ -108658,9 +110438,9 @@ }, { "advisory": "Rasa 3.0.x <= 3.0.9 and <=2.8.26 require versions of TensorFlow (2.6.1/2.6.2) that have known vulnerabilities.", - "cve": "CVE-2022-23586", - "id": "pyup.io-47006", - "more_info_path": "/vulnerabilities/CVE-2022-23586/47006", + "cve": "CVE-2022-23561", + "id": "pyup.io-46981", + "more_info_path": "/vulnerabilities/CVE-2022-23561/46981", "specs": [ "<=2.8.26", ">=3.0.0rc1,<=3.0.9" @@ -108669,9 +110449,9 @@ }, { "advisory": "Rasa 3.0.x <= 3.0.9 and <=2.8.26 require versions of TensorFlow (2.6.1/2.6.2) that have known vulnerabilities.", - "cve": "CVE-2022-21736", - "id": "pyup.io-46971", - "more_info_path": "/vulnerabilities/CVE-2022-21736/46971", + "cve": "CVE-2022-23584", + "id": "pyup.io-47004", + "more_info_path": "/vulnerabilities/CVE-2022-23584/47004", "specs": [ "<=2.8.26", ">=3.0.0rc1,<=3.0.9" @@ -108680,9 +110460,9 @@ }, { "advisory": "Rasa 3.0.x <= 3.0.9 and <=2.8.26 require versions of TensorFlow (2.6.1/2.6.2) that have known vulnerabilities.", - "cve": "CVE-2022-23563", - "id": "pyup.io-46983", - "more_info_path": "/vulnerabilities/CVE-2022-23563/46983", + "cve": "CVE-2022-21736", + "id": "pyup.io-46971", + "more_info_path": "/vulnerabilities/CVE-2022-21736/46971", "specs": [ "<=2.8.26", ">=3.0.0rc1,<=3.0.9" @@ -108691,9 +110471,9 @@ }, { "advisory": "Rasa 3.0.x <= 3.0.9 and <=2.8.26 require versions of TensorFlow (2.6.1/2.6.2) that have known vulnerabilities.", - "cve": "CVE-2022-23567", - "id": "pyup.io-46987", - "more_info_path": "/vulnerabilities/CVE-2022-23567/46987", + "cve": "CVE-2022-23582", + "id": "pyup.io-47002", + "more_info_path": "/vulnerabilities/CVE-2022-23582/47002", "specs": [ "<=2.8.26", ">=3.0.0rc1,<=3.0.9" @@ -108702,9 +110482,9 @@ }, { "advisory": "Rasa 3.0.x <= 3.0.9 and <=2.8.26 require versions of TensorFlow (2.6.1/2.6.2) that have known vulnerabilities.", - "cve": "CVE-2022-23587", - "id": "pyup.io-47007", - "more_info_path": "/vulnerabilities/CVE-2022-23587/47007", + "cve": "CVE-2022-23585", + "id": "pyup.io-47005", + "more_info_path": "/vulnerabilities/CVE-2022-23585/47005", "specs": [ "<=2.8.26", ">=3.0.0rc1,<=3.0.9" @@ -108713,9 +110493,9 @@ }, { "advisory": "Rasa 3.0.x <= 3.0.9 and <=2.8.26 require versions of TensorFlow (2.6.1/2.6.2) that have known vulnerabilities.", - "cve": "CVE-2022-23559", - "id": "pyup.io-46979", - "more_info_path": "/vulnerabilities/CVE-2022-23559/46979", + "cve": "CVE-2022-23558", + "id": "pyup.io-46978", + "more_info_path": "/vulnerabilities/CVE-2022-23558/46978", "specs": [ "<=2.8.26", ">=3.0.0rc1,<=3.0.9" @@ -108724,9 +110504,9 @@ }, { "advisory": "Rasa 3.0.x <= 3.0.9 and <=2.8.26 require versions of TensorFlow (2.6.1/2.6.2) that have known vulnerabilities.", - "cve": "CVE-2022-21737", - "id": "pyup.io-46972", - "more_info_path": "/vulnerabilities/CVE-2022-21737/46972", + "cve": "CVE-2022-23586", + "id": "pyup.io-47006", + "more_info_path": "/vulnerabilities/CVE-2022-23586/47006", "specs": [ "<=2.8.26", ">=3.0.0rc1,<=3.0.9" @@ -108735,9 +110515,9 @@ }, { "advisory": "Rasa 3.0.x <= 3.0.9 and <=2.8.26 require versions of TensorFlow (2.6.1/2.6.2) that have known vulnerabilities.", - "cve": "CVE-2022-23578", - "id": "pyup.io-46998", - "more_info_path": "/vulnerabilities/CVE-2022-23578/46998", + "cve": "CVE-2020-10531", + "id": "pyup.io-46959", + "more_info_path": "/vulnerabilities/CVE-2020-10531/46959", "specs": [ "<=2.8.26", ">=3.0.0rc1,<=3.0.9" @@ -108746,9 +110526,9 @@ }, { "advisory": "Rasa 3.0.x <= 3.0.9 and <=2.8.26 require versions of TensorFlow (2.6.1/2.6.2) that have known vulnerabilities.", - "cve": "CVE-2022-23584", - "id": "pyup.io-47004", - "more_info_path": "/vulnerabilities/CVE-2022-23584/47004", + "cve": "CVE-2022-23572", + "id": "pyup.io-46992", + "more_info_path": "/vulnerabilities/CVE-2022-23572/46992", "specs": [ "<=2.8.26", ">=3.0.0rc1,<=3.0.9" @@ -108757,9 +110537,9 @@ }, { "advisory": "Rasa 3.0.x <= 3.0.9 and <=2.8.26 require versions of TensorFlow (2.6.1/2.6.2) that have known vulnerabilities.", - "cve": "CVE-2022-23580", - "id": "pyup.io-47000", - "more_info_path": "/vulnerabilities/CVE-2022-23580/47000", + "cve": "CVE-2022-23579", + "id": "pyup.io-46999", + "more_info_path": "/vulnerabilities/CVE-2022-23579/46999", "specs": [ "<=2.8.26", ">=3.0.0rc1,<=3.0.9" @@ -108768,9 +110548,9 @@ }, { "advisory": "Rasa 3.0.x <= 3.0.9 and <=2.8.26 require versions of TensorFlow (2.6.1/2.6.2) that have known vulnerabilities.", - "cve": "CVE-2022-23558", - "id": "pyup.io-46978", - "more_info_path": "/vulnerabilities/CVE-2022-23558/46978", + "cve": "CVE-2022-21733", + "id": "pyup.io-46968", + "more_info_path": "/vulnerabilities/CVE-2022-21733/46968", "specs": [ "<=2.8.26", ">=3.0.0rc1,<=3.0.9" @@ -108779,9 +110559,9 @@ }, { "advisory": "Rasa 3.0.x <= 3.0.9 and <=2.8.26 require versions of TensorFlow (2.6.1/2.6.2) that have known vulnerabilities.", - "cve": "CVE-2022-21731", - "id": "pyup.io-46966", - "more_info_path": "/vulnerabilities/CVE-2022-21731/46966", + "cve": "CVE-2022-23571", + "id": "pyup.io-46991", + "more_info_path": "/vulnerabilities/CVE-2022-23571/46991", "specs": [ "<=2.8.26", ">=3.0.0rc1,<=3.0.9" @@ -108790,9 +110570,9 @@ }, { "advisory": "Rasa 3.0.x <= 3.0.9 and <=2.8.26 require versions of TensorFlow (2.6.1/2.6.2) that have known vulnerabilities.", - "cve": "CVE-2022-21739", - "id": "pyup.io-46974", - "more_info_path": "/vulnerabilities/CVE-2022-21739/46974", + "cve": "CVE-2022-23559", + "id": "pyup.io-46979", + "more_info_path": "/vulnerabilities/CVE-2022-23559/46979", "specs": [ "<=2.8.26", ">=3.0.0rc1,<=3.0.9" @@ -108801,9 +110581,9 @@ }, { "advisory": "Rasa 3.0.x <= 3.0.9 and <=2.8.26 require versions of TensorFlow (2.6.1/2.6.2) that have known vulnerabilities.", - "cve": "CVE-2022-23591", - "id": "pyup.io-47010", - "more_info_path": "/vulnerabilities/CVE-2022-23591/47010", + "cve": "CVE-2022-23580", + "id": "pyup.io-47000", + "more_info_path": "/vulnerabilities/CVE-2022-23580/47000", "specs": [ "<=2.8.26", ">=3.0.0rc1,<=3.0.9" @@ -108812,9 +110592,9 @@ }, { "advisory": "Rasa 3.0.x <= 3.0.9 and <=2.8.26 require versions of TensorFlow (2.6.1/2.6.2) that have known vulnerabilities.", - "cve": "CVE-2022-21738", - "id": "pyup.io-46973", - "more_info_path": "/vulnerabilities/CVE-2022-21738/46973", + "cve": "CVE-2022-23595", + "id": "pyup.io-47011", + "more_info_path": "/vulnerabilities/CVE-2022-23595/47011", "specs": [ "<=2.8.26", ">=3.0.0rc1,<=3.0.9" @@ -108834,9 +110614,9 @@ }, { "advisory": "Rasa 3.0.x <= 3.0.9 and <=2.8.26 require versions of TensorFlow (2.6.1/2.6.2) that have known vulnerabilities.", - "cve": "CVE-2022-23574", - "id": "pyup.io-46994", - "more_info_path": "/vulnerabilities/CVE-2022-23574/46994", + "cve": "CVE-2022-21735", + "id": "pyup.io-46970", + "more_info_path": "/vulnerabilities/CVE-2022-21735/46970", "specs": [ "<=2.8.26", ">=3.0.0rc1,<=3.0.9" @@ -108845,9 +110625,9 @@ }, { "advisory": "Rasa 3.0.x <= 3.0.9 and <=2.8.26 require versions of TensorFlow (2.6.1/2.6.2) that have known vulnerabilities.", - "cve": "CVE-2022-23585", - "id": "pyup.io-47005", - "more_info_path": "/vulnerabilities/CVE-2022-23585/47005", + "cve": "CVE-2022-23583", + "id": "pyup.io-47003", + "more_info_path": "/vulnerabilities/CVE-2022-23583/47003", "specs": [ "<=2.8.26", ">=3.0.0rc1,<=3.0.9" @@ -108856,9 +110636,9 @@ }, { "advisory": "Rasa 3.0.x <= 3.0.9 and <=2.8.26 require versions of TensorFlow (2.6.1/2.6.2) that have known vulnerabilities.", - "cve": "CVE-2022-23562", - "id": "pyup.io-46982", - "more_info_path": "/vulnerabilities/CVE-2022-23562/46982", + "cve": "CVE-2022-21727", + "id": "pyup.io-46962", + "more_info_path": "/vulnerabilities/CVE-2022-21727/46962", "specs": [ "<=2.8.26", ">=3.0.0rc1,<=3.0.9" @@ -108867,9 +110647,9 @@ }, { "advisory": "Rasa 3.0.x <= 3.0.9 and <=2.8.26 require versions of TensorFlow (2.6.1/2.6.2) that have known vulnerabilities.", - "cve": "CVE-2022-23570", - "id": "pyup.io-46990", - "more_info_path": "/vulnerabilities/CVE-2022-23570/46990", + "cve": "CVE-2022-21737", + "id": "pyup.io-46972", + "more_info_path": "/vulnerabilities/CVE-2022-21737/46972", "specs": [ "<=2.8.26", ">=3.0.0rc1,<=3.0.9" @@ -108878,9 +110658,9 @@ }, { "advisory": "Rasa 3.0.x <= 3.0.9 and <=2.8.26 require versions of TensorFlow (2.6.1/2.6.2) that have known vulnerabilities.", - "cve": "CVE-2022-21733", - "id": "pyup.io-46968", - "more_info_path": "/vulnerabilities/CVE-2022-21733/46968", + "cve": "CVE-2022-21725", + "id": "pyup.io-46960", + "more_info_path": "/vulnerabilities/CVE-2022-21725/46960", "specs": [ "<=2.8.26", ">=3.0.0rc1,<=3.0.9" @@ -108889,9 +110669,9 @@ }, { "advisory": "Rasa 3.0.x <= 3.0.9 and <=2.8.26 require versions of TensorFlow (2.6.1/2.6.2) that have known vulnerabilities.", - "cve": "CVE-2022-23568", - "id": "pyup.io-46988", - "more_info_path": "/vulnerabilities/CVE-2022-23568/46988", + "cve": "CVE-2022-23564", + "id": "pyup.io-46984", + "more_info_path": "/vulnerabilities/CVE-2022-23564/46984", "specs": [ "<=2.8.26", ">=3.0.0rc1,<=3.0.9" @@ -108900,9 +110680,9 @@ }, { "advisory": "Rasa 3.0.x <= 3.0.9 and <=2.8.26 require versions of TensorFlow (2.6.1/2.6.2) that have known vulnerabilities.", - "cve": "CVE-2022-23581", - "id": "pyup.io-47001", - "more_info_path": "/vulnerabilities/CVE-2022-23581/47001", + "cve": "CVE-2022-23576", + "id": "pyup.io-46996", + "more_info_path": "/vulnerabilities/CVE-2022-23576/46996", "specs": [ "<=2.8.26", ">=3.0.0rc1,<=3.0.9" @@ -108922,9 +110702,9 @@ }, { "advisory": "Rasa 3.0.x <= 3.0.9 and <=2.8.26 require versions of TensorFlow (2.6.1/2.6.2) that have known vulnerabilities.", - "cve": "CVE-2022-23561", - "id": "pyup.io-46981", - "more_info_path": "/vulnerabilities/CVE-2022-23561/46981", + "cve": "CVE-2022-23591", + "id": "pyup.io-47010", + "more_info_path": "/vulnerabilities/CVE-2022-23591/47010", "specs": [ "<=2.8.26", ">=3.0.0rc1,<=3.0.9" @@ -108933,9 +110713,9 @@ }, { "advisory": "Rasa 3.0.x <= 3.0.9 and <=2.8.26 require versions of TensorFlow (2.6.1/2.6.2) that have known vulnerabilities.", - "cve": "CVE-2022-23560", - "id": "pyup.io-46980", - "more_info_path": "/vulnerabilities/CVE-2022-23560/46980", + "cve": "CVE-2022-21738", + "id": "pyup.io-46973", + "more_info_path": "/vulnerabilities/CVE-2022-21738/46973", "specs": [ "<=2.8.26", ">=3.0.0rc1,<=3.0.9" @@ -108944,9 +110724,9 @@ }, { "advisory": "Rasa 3.0.x <= 3.0.9 and <=2.8.26 require versions of TensorFlow (2.6.1/2.6.2) that have known vulnerabilities.", - "cve": "CVE-2022-23577", - "id": "pyup.io-46997", - "more_info_path": "/vulnerabilities/CVE-2022-23577/46997", + "cve": "CVE-2022-21734", + "id": "pyup.io-46969", + "more_info_path": "/vulnerabilities/CVE-2022-21734/46969", "specs": [ "<=2.8.26", ">=3.0.0rc1,<=3.0.9" @@ -108955,9 +110735,9 @@ }, { "advisory": "Rasa 3.0.x <= 3.0.9 and <=2.8.26 require versions of TensorFlow (2.6.1/2.6.2) that have known vulnerabilities.", - "cve": "CVE-2022-23564", - "id": "pyup.io-46984", - "more_info_path": "/vulnerabilities/CVE-2022-23564/46984", + "cve": "CVE-2022-23577", + "id": "pyup.io-46997", + "more_info_path": "/vulnerabilities/CVE-2022-23577/46997", "specs": [ "<=2.8.26", ">=3.0.0rc1,<=3.0.9" @@ -108966,9 +110746,9 @@ }, { "advisory": "Rasa 3.0.x <= 3.0.9 and <=2.8.26 require versions of TensorFlow (2.6.1/2.6.2) that have known vulnerabilities.", - "cve": "CVE-2022-21732", - "id": "pyup.io-46967", - "more_info_path": "/vulnerabilities/CVE-2022-21732/46967", + "cve": "CVE-2022-23587", + "id": "pyup.io-47007", + "more_info_path": "/vulnerabilities/CVE-2022-23587/47007", "specs": [ "<=2.8.26", ">=3.0.0rc1,<=3.0.9" @@ -108977,9 +110757,9 @@ }, { "advisory": "Rasa 3.0.x <= 3.0.9 and <=2.8.26 require versions of TensorFlow (2.6.1/2.6.2) that have known vulnerabilities.", - "cve": "CVE-2022-21728", - "id": "pyup.io-46963", - "more_info_path": "/vulnerabilities/CVE-2022-21728/46963", + "cve": "CVE-2022-23567", + "id": "pyup.io-46987", + "more_info_path": "/vulnerabilities/CVE-2022-23567/46987", "specs": [ "<=2.8.26", ">=3.0.0rc1,<=3.0.9" @@ -108988,9 +110768,9 @@ }, { "advisory": "Rasa 3.0.x <= 3.0.9 and <=2.8.26 require versions of TensorFlow (2.6.1/2.6.2) that have known vulnerabilities.", - "cve": "CVE-2022-23588", - "id": "pyup.io-47008", - "more_info_path": "/vulnerabilities/CVE-2022-23588/47008", + "cve": "CVE-2022-21739", + "id": "pyup.io-46974", + "more_info_path": "/vulnerabilities/CVE-2022-21739/46974", "specs": [ "<=2.8.26", ">=3.0.0rc1,<=3.0.9" @@ -108999,9 +110779,9 @@ }, { "advisory": "Rasa 3.0.x <= 3.0.9 and <=2.8.26 require versions of TensorFlow (2.6.1/2.6.2) that have known vulnerabilities.", - "cve": "CVE-2022-23582", - "id": "pyup.io-47002", - "more_info_path": "/vulnerabilities/CVE-2022-23582/47002", + "cve": "CVE-2022-23581", + "id": "pyup.io-47001", + "more_info_path": "/vulnerabilities/CVE-2022-23581/47001", "specs": [ "<=2.8.26", ">=3.0.0rc1,<=3.0.9" @@ -109010,9 +110790,9 @@ }, { "advisory": "Rasa 3.0.x <= 3.0.9 and <=2.8.26 require versions of TensorFlow (2.6.1/2.6.2) that have known vulnerabilities.", - "cve": "CVE-2022-23575", - "id": "pyup.io-46995", - "more_info_path": "/vulnerabilities/CVE-2022-23575/46995", + "cve": "CVE-2022-21729", + "id": "pyup.io-46964", + "more_info_path": "/vulnerabilities/CVE-2022-21729/46964", "specs": [ "<=2.8.26", ">=3.0.0rc1,<=3.0.9" @@ -109021,9 +110801,9 @@ }, { "advisory": "Rasa 3.0.x <= 3.0.9 and <=2.8.26 require versions of TensorFlow (2.6.1/2.6.2) that have known vulnerabilities.", - "cve": "CVE-2020-10531", - "id": "pyup.io-46959", - "more_info_path": "/vulnerabilities/CVE-2020-10531/46959", + "cve": "CVE-2022-23573", + "id": "pyup.io-46993", + "more_info_path": "/vulnerabilities/CVE-2022-23573/46993", "specs": [ "<=2.8.26", ">=3.0.0rc1,<=3.0.9" @@ -109032,9 +110812,9 @@ }, { "advisory": "Rasa 3.0.x <= 3.0.9 and <=2.8.26 require versions of TensorFlow (2.6.1/2.6.2) that have known vulnerabilities.", - "cve": "CVE-2022-21725", - "id": "pyup.io-46960", - "more_info_path": "/vulnerabilities/CVE-2022-21725/46960", + "cve": "CVE-2022-21728", + "id": "pyup.io-46963", + "more_info_path": "/vulnerabilities/CVE-2022-21728/46963", "specs": [ "<=2.8.26", ">=3.0.0rc1,<=3.0.9" @@ -109051,17 +110831,6 @@ ">=3.0.0rc1,<=3.0.9" ], "v": "<=2.8.26,>=3.0.0rc1,<=3.0.9" - }, - { - "advisory": "Rasa 3.0.x <= 3.0.9 and <=2.8.26 require versions of TensorFlow (2.6.1/2.6.2) that have known vulnerabilities.", - "cve": "CVE-2022-23571", - "id": "pyup.io-46991", - "more_info_path": "/vulnerabilities/CVE-2022-23571/46991", - "specs": [ - "<=2.8.26", - ">=3.0.0rc1,<=3.0.9" - ], - "v": "<=2.8.26,>=3.0.0rc1,<=3.0.9" } ], "rasa-sdk": [ @@ -109108,10 +110877,10 @@ "v": "<1.3.0" }, { - "advisory": "Rasterio 1.3.0 updates its C dependency 'hdf5' to include security fixes.\r\nhttps://github.com/rasterio/rasterio-wheels/issues/81", - "cve": "CVE-2020-10810", - "id": "pyup.io-51986", - "more_info_path": "/vulnerabilities/CVE-2020-10810/51986", + "advisory": "Rasterio 1.3.0 updates its C dependency 'json-c' to include a security fix.\r\nhttps://github.com/rasterio/rasterio-wheels/issues/81", + "cve": "CVE-2020-12762", + "id": "pyup.io-51989", + "more_info_path": "/vulnerabilities/CVE-2020-12762/51989", "specs": [ "<1.3.0" ], @@ -109138,17 +110907,37 @@ "v": "<1.3.0" }, { - "advisory": "Rasterio 1.3.0 updates its C dependency 'json-c' to include a security fix.\r\nhttps://github.com/rasterio/rasterio-wheels/issues/81", - "cve": "CVE-2020-12762", - "id": "pyup.io-51989", - "more_info_path": "/vulnerabilities/CVE-2020-12762/51989", + "advisory": "Rasterio 1.3.0 updates its C dependency 'hdf5' to include security fixes.\r\nhttps://github.com/rasterio/rasterio-wheels/issues/81", + "cve": "CVE-2020-10810", + "id": "pyup.io-51986", + "more_info_path": "/vulnerabilities/CVE-2020-10810/51986", "specs": [ "<1.3.0" ], "v": "<1.3.0" }, { - "advisory": "Rasterio 1.3.8 and prior versions include versions of C library 'libwebp' affected by a high risk vulnerability.\r\nhttps://github.com/rasterio/rasterio/discussions/2924", + "advisory": "Rasterio 1.3.8.post2 updates its bundled dependency 'libcurl' to v8.4.0 to include a security fix.\r\nhttps://github.com/rasterio/rasterio-wheels/issues/112", + "cve": "CVE-2023-38546", + "id": "pyup.io-61770", + "more_info_path": "/vulnerabilities/CVE-2023-38546/61770", + "specs": [ + "<1.3.8.post2" + ], + "v": "<1.3.8.post2" + }, + { + "advisory": "Rasterio 1.3.8.post2 updates its bundled dependency 'libcurl' to v8.4.0 to include a security fix.\r\nhttps://github.com/rasterio/rasterio-wheels/issues/112", + "cve": "CVE-2023-38545", + "id": "pyup.io-61769", + "more_info_path": "/vulnerabilities/CVE-2023-38545/61769", + "specs": [ + "<1.3.8.post2" + ], + "v": "<1.3.8.post2" + }, + { + "advisory": "Rasterio 1.3.8.post1 updates its C dependency 'libwebp' to v1.3.2 to include a fix for a high-risk vulnerability.\r\nhttps://github.com/rasterio/rasterio/discussions/2924", "cve": "CVE-2023-4863", "id": "pyup.io-61493", "more_info_path": "/vulnerabilities/CVE-2023-4863/61493", @@ -109310,6 +111099,19 @@ "v": "<19.0.0" } ], + "rbtools": [ + { + "advisory": "Multiple cross-site scripting (XSS) vulnerabilities in the commenting system in Review Board before 1.5.7 and 1.6.x before 1.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) diff viewer or (2) screenshot component.", + "cve": "CVE-2011-4312", + "id": "pyup.io-62095", + "more_info_path": "/vulnerabilities/CVE-2011-4312/62095", + "specs": [ + "<1.5.7", + ">=1.6.0,<1.6.3" + ], + "v": "<1.5.7,>=1.6.0,<1.6.3" + } + ], "rdflib": [ { "advisory": "Rdflib 4.0 includes validation for URIRefs and Literal language tags on construction to avoiding some \"RDF-injection\" issues.\r\nhttps://github.com/RDFLib/rdflib/issues/266", @@ -109586,20 +111388,20 @@ "v": ">=0,<2.4.9" }, { - "advisory": "Insufficient Session Expiration in GitHub repository ikus060/rdiffweb prior to 2.5.0.", - "cve": "CVE-2022-3362", - "id": "pyup.io-54584", - "more_info_path": "/vulnerabilities/CVE-2022-3362/54584", + "advisory": "Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0.", + "cve": "CVE-2022-3456", + "id": "pyup.io-54520", + "more_info_path": "/vulnerabilities/CVE-2022-3456/54520", "specs": [ ">=0,<2.5.0" ], "v": ">=0,<2.5.0" }, { - "advisory": "Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0.", - "cve": "CVE-2022-3456", - "id": "pyup.io-54520", - "more_info_path": "/vulnerabilities/CVE-2022-3456/54520", + "advisory": "Insufficient Session Expiration in GitHub repository ikus060/rdiffweb prior to 2.5.0.", + "cve": "CVE-2022-3362", + "id": "pyup.io-54584", + "more_info_path": "/vulnerabilities/CVE-2022-3362/54584", "specs": [ ">=0,<2.5.0" ], @@ -109927,9 +111729,9 @@ "recline": [ { "advisory": "Recline 2022.5 updates its dependency 'urllib3' to v1.26.9 to include security fixes.", - "cve": "CVE-2021-33503", - "id": "pyup.io-58793", - "more_info_path": "/vulnerabilities/CVE-2021-33503/58793", + "cve": "CVE-2019-11324", + "id": "pyup.io-58795", + "more_info_path": "/vulnerabilities/CVE-2019-11324/58795", "specs": [ "<2022.5" ], @@ -109937,9 +111739,9 @@ }, { "advisory": "Recline 2022.5 updates its dependency 'urllib3' to v1.26.9 to include security fixes.", - "cve": "CVE-2020-26137", - "id": "pyup.io-58794", - "more_info_path": "/vulnerabilities/CVE-2020-26137/58794", + "cve": "CVE-2019-11236", + "id": "pyup.io-58796", + "more_info_path": "/vulnerabilities/CVE-2019-11236/58796", "specs": [ "<2022.5" ], @@ -109947,9 +111749,9 @@ }, { "advisory": "Recline 2022.5 updates its dependency 'urllib3' to v1.26.9 to include security fixes.", - "cve": "CVE-2019-11324", - "id": "pyup.io-58795", - "more_info_path": "/vulnerabilities/CVE-2019-11324/58795", + "cve": "CVE-2020-26137", + "id": "pyup.io-58794", + "more_info_path": "/vulnerabilities/CVE-2020-26137/58794", "specs": [ "<2022.5" ], @@ -109957,9 +111759,9 @@ }, { "advisory": "Recline 2022.5 updates its dependency 'urllib3' to v1.26.9 to include security fixes.", - "cve": "CVE-2019-11236", - "id": "pyup.io-58796", - "more_info_path": "/vulnerabilities/CVE-2019-11236/58796", + "cve": "CVE-2021-33503", + "id": "pyup.io-58793", + "more_info_path": "/vulnerabilities/CVE-2021-33503/58793", "specs": [ "<2022.5" ], @@ -110431,6 +112233,18 @@ "v": "<1.0.6" } ], + "repairwheel": [ + { + "advisory": "Repairwheel 0.2.6 vendors 'auditwheel' from unreleased commit to include a fix for a ReDOS vulnerability.\r\nhttps://github.com/jvolkman/repairwheel/pull/17", + "cve": "CVE-2022-40898", + "id": "pyup.io-61777", + "more_info_path": "/vulnerabilities/CVE-2022-40898/61777", + "specs": [ + "<0.2.6" + ], + "v": "<0.2.6" + } + ], "repobee": [ { "advisory": "Repobee 0.4.0 adds a strict security policy to prevent malicious code from executing.", @@ -110519,7 +112333,7 @@ "v": "<3.6.13" }, { - "advisory": "Reportlab 3.5.55 includes a fix for a Server-side Request Forgery (SSRF) vulnerability using img tags. In order to reduce risk, use trustedSchemes & trustedHosts (see in Reportlab's documentation).\r\nhttps://github.com/advisories/GHSA-mpvw-25mg-59vx\r\nhttps://hg.reportlab.com/hg-public/reportlab/rev/7f2231703dc7", + "advisory": "Reportlab 3.5.55 includes a security fix: Server-side Request Forgery (SSRF) vulnerability when using img tags. In order to reduce risk, use trustedSchemes & trustedHosts (see in Reportlab's documentation).\r\nhttps://github.com/advisories/GHSA-mpvw-25mg-59vx\r\nhttps://hg.reportlab.com/hg-public/reportlab/rev/7f2231703dc7", "cve": "CVE-2020-28463", "id": "pyup.io-39642", "more_info_path": "/vulnerabilities/CVE-2020-28463/39642", @@ -110713,6 +112527,16 @@ ], "v": "<2.3.0" }, + { + "advisory": "If an incorrect password is used in conjunction with digest authentication in the `requests` package, it can lead to an infinite request retry cycle. This presents a Denial of Service (DoS) vulnerability.", + "cve": "PVE-2023-99936", + "id": "pyup.io-61879", + "more_info_path": "/vulnerabilities/PVE-2023-99936/61879", + "specs": [ + "<=0.13.1" + ], + "v": "<=0.13.1" + }, { "advisory": "Requests before 2.20.0 sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.", "cve": "CVE-2018-18074", @@ -111002,6 +112826,18 @@ "v": "<0.6.3" } ], + "restful-client2": [ + { + "advisory": "Restful-client2 1.0.0 enables SSL verification by default.\r\nhttps://github.com/johnbrandborg/restful-client2/commit/6b359a709cf40212b99f2001c639210a12e575f7", + "cve": "PVE-2023-61675", + "id": "pyup.io-61675", + "more_info_path": "/vulnerabilities/PVE-2023-61675/61675", + "specs": [ + "<1.0.0" + ], + "v": "<1.0.0" + } + ], "restkit": [ { "advisory": "Restkit allows man-in-the-middle attackers to spoof TLS servers by leveraging use of the ssl.wrap_socket function in Python with the default CERT_NONE value for the cert_reqs argument.", @@ -111506,20 +113342,20 @@ "v": "<0.0.2" }, { - "advisory": "Rotten-tomatoes-cli 0.0.2 updates its dependency 'pyyaml' to >=v4.2b1 to include a security fix.", - "cve": "CVE-2017-18342", - "id": "pyup.io-37315", - "more_info_path": "/vulnerabilities/CVE-2017-18342/37315", + "advisory": "Rotten-tomatoes-cli 0.0.2 updates its dependency 'urllib3' to >=1.24.2 to include a security fix.", + "cve": "CVE-2019-11324", + "id": "pyup.io-42550", + "more_info_path": "/vulnerabilities/CVE-2019-11324/42550", "specs": [ "<0.0.2" ], "v": "<0.0.2" }, { - "advisory": "Rotten-tomatoes-cli 0.0.2 updates its dependency 'urllib3' to >=1.24.2 to include a security fix.", - "cve": "CVE-2019-11324", - "id": "pyup.io-42550", - "more_info_path": "/vulnerabilities/CVE-2019-11324/42550", + "advisory": "Rotten-tomatoes-cli 0.0.2 updates its dependency 'pyyaml' to >=v4.2b1 to include a security fix.", + "cve": "CVE-2017-18342", + "id": "pyup.io-37315", + "more_info_path": "/vulnerabilities/CVE-2017-18342/37315", "specs": [ "<0.0.2" ], @@ -111810,20 +113646,20 @@ ], "rozetka-api": [ { - "advisory": "Rozetka-api 1.1.6 updates its dependency 'aiohttp' to version '3.8.5' to include a fix for an HTTP Request Smuggling vulnerability.\r\nhttps://github.com/ALERTua/rozetka_api/commit/ec51dcf627aa00cf67e40b89793a6b0a39615a5a", - "cve": "CVE-2023-37276", - "id": "pyup.io-60495", - "more_info_path": "/vulnerabilities/CVE-2023-37276/60495", + "advisory": "Rozetka-api 1.1.6 updates its dependency 'cryptography' to version '41.0.3' to include a fix for a DoS vulnerability.\r\nhttps://github.com/ALERTua/rozetka_api/commit/ec51dcf627aa00cf67e40b89793a6b0a39615a5a", + "cve": "CVE-2023-3446", + "id": "pyup.io-60499", + "more_info_path": "/vulnerabilities/CVE-2023-3446/60499", "specs": [ "<1.1.6" ], "v": "<1.1.6" }, { - "advisory": "Rozetka-api 1.1.6 updates its dependency 'cryptography' to version '41.0.3' to include a fix for a DoS vulnerability.\r\nhttps://github.com/ALERTua/rozetka_api/commit/ec51dcf627aa00cf67e40b89793a6b0a39615a5a", - "cve": "CVE-2023-3446", - "id": "pyup.io-60499", - "more_info_path": "/vulnerabilities/CVE-2023-3446/60499", + "advisory": "Rozetka-api 1.1.6 updates its dependency 'aiohttp' to version '3.8.5' to include a fix for an HTTP Request Smuggling vulnerability.\r\nhttps://github.com/ALERTua/rozetka_api/commit/ec51dcf627aa00cf67e40b89793a6b0a39615a5a", + "cve": "CVE-2023-37276", + "id": "pyup.io-60495", + "more_info_path": "/vulnerabilities/CVE-2023-37276/60495", "specs": [ "<1.1.6" ], @@ -112397,6 +114233,16 @@ ], "v": "<1.4.1" }, + { + "advisory": "Sagemaker-pytorch-inference 1.4.1 updates its dependency 'pillow' to v7.1.0 to include security fixes.", + "cve": "CVE-2019-19911", + "id": "pyup.io-45797", + "more_info_path": "/vulnerabilities/CVE-2019-19911/45797", + "specs": [ + "<1.4.1" + ], + "v": "<1.4.1" + }, { "advisory": "Sagemaker-pytorch-inference 1.4.1 updates its dependency 'pillow' to v7.1.0 to include security fixes.", "cve": "CVE-2020-11538", @@ -112427,16 +114273,6 @@ ], "v": "<1.4.1" }, - { - "advisory": "Sagemaker-pytorch-inference 1.4.1 updates its dependency 'pillow' to v7.1.0 to include security fixes.", - "cve": "CVE-2019-19911", - "id": "pyup.io-45797", - "more_info_path": "/vulnerabilities/CVE-2019-19911/45797", - "specs": [ - "<1.4.1" - ], - "v": "<1.4.1" - }, { "advisory": "Sagemaker-pytorch-inference 1.4.1 updates its dependency 'pillow' to v7.1.0 to include security fixes.", "cve": "CVE-2020-5313", @@ -112528,10 +114364,10 @@ ], "salt": [ { - "advisory": "An issue was discovered in through SaltStack Salt before 3002.5. Salt-api does not honor eauth credentials for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the master. Several Salt versions were patched. See: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/", - "cve": "CVE-2021-25281", - "id": "pyup.io-41946", - "more_info_path": "/vulnerabilities/CVE-2021-25281/41946", + "advisory": "An issue was discovered in through SaltStack Salt before 3002.5, identified as CVE-2021-25282: The salt.wheel.pillar_roots.write method is vulnerable to directory traversal. Several Salt versions were patched. https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25", + "cve": "CVE-2021-25282", + "id": "pyup.io-41947", + "more_info_path": "/vulnerabilities/CVE-2021-25282/41947", "specs": [ "<2015.8.10", ">=2015.8.11,<2015.8.13", @@ -112575,78 +114411,6 @@ ], "v": "<2015.8.10,>=2015.8.11,<2015.8.13,>=2016.3.0rc0,<2016.3.4,==2016.3.5,==2016.3.7,>=2016.3.9,<2016.11.3,==2016.11.4,>=2016.11.7,<2016.11.10,>=2017.5.0,<2017.7.8,>=2018.2.0,<=2018.3.5,>=2019.2.0rc0,<2019.2.5,>=2019.2.6,<2019.2.8,>=3000.0.0rc0,<3000.6,>=3001rc1,<3001.4,>=3002rc0,<3002.5" }, - { - "advisory": "An issue was discovered in SaltStack Salt before 3002.5 identified as CVE-2021-25284: salt.modules.cmdmod can log credentials to the info or error log level.\r\nhttps://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25", - "cve": "CVE-2021-25284", - "id": "pyup.io-41949", - "more_info_path": "/vulnerabilities/CVE-2021-25284/41949", - "specs": [ - "<2015.8.10", - ">=2015.8.11,<2015.8.13", - ">=2016.3.0rc0,<2016.3.4", - "==2016.3.5", - "==2016.3.7", - ">=2016.3.9,<2016.11.3", - "==2016.11.4", - ">=2016.11.7,<2016.11.10", - ">=2017.5.0,<2017.7.8", - ">=2018.2.0,<=2018.3.5", - ">=2019.2.0rc0,<2019.2.5", - ">=2019.2.6,<2019.2.8", - ">=3000.0.0rc0,<3000.6", - ">=3001rc1,<3001.4", - ">=3002rc0,<3002.5" - ], - "v": "<2015.8.10,>=2015.8.11,<2015.8.13,>=2016.3.0rc0,<2016.3.4,==2016.3.5,==2016.3.7,>=2016.3.9,<2016.11.3,==2016.11.4,>=2016.11.7,<2016.11.10,>=2017.5.0,<2017.7.8,>=2018.2.0,<=2018.3.5,>=2019.2.0rc0,<2019.2.5,>=2019.2.6,<2019.2.8,>=3000.0.0rc0,<3000.6,>=3001rc1,<3001.4,>=3002rc0,<3002.5" - }, - { - "advisory": "In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. They might be used to run command against the salt master or minions. Several Salt versions were patched. See: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/", - "cve": "CVE-2021-3144", - "id": "pyup.io-41950", - "more_info_path": "/vulnerabilities/CVE-2021-3144/41950", - "specs": [ - "<2015.8.10", - ">=2015.8.11,<2015.8.13", - ">=2016.3.0rc0,<2016.3.4", - "==2016.3.5", - "==2016.3.7", - ">=2016.3.9,<2016.11.3", - "==2016.11.4", - ">=2016.11.7,<2016.11.10", - ">=2017.5.0,<2017.7.8", - ">=2018.2.0,<=2018.3.5", - ">=2019.2.0rc0,<2019.2.5", - ">=2019.2.6,<2019.2.8", - ">=3000.0.0rc0,<3000.6", - ">=3001rc1,<3001.4", - ">=3002rc0,<3002.5" - ], - "v": "<2015.8.10,>=2015.8.11,<2015.8.13,>=2016.3.0rc0,<2016.3.4,==2016.3.5,==2016.3.7,>=2016.3.9,<2016.11.3,==2016.11.4,>=2016.11.7,<2016.11.10,>=2017.5.0,<2017.7.8,>=2018.2.0,<=2018.3.5,>=2019.2.0rc0,<2019.2.5,>=2019.2.6,<2019.2.8,>=3000.0.0rc0,<3000.6,>=3001rc1,<3001.4,>=3002rc0,<3002.5" - }, - { - "advisory": "In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the vmware.py files) does not always validate the SSL/TLS certificate. Several Salt versions were patched. See: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/", - "cve": "CVE-2020-28972", - "id": "pyup.io-41944", - "more_info_path": "/vulnerabilities/CVE-2020-28972/41944", - "specs": [ - "<2015.8.10", - ">=2015.8.11,<2015.8.13", - ">=2016.3.0rc0,<2016.3.4", - "==2016.3.5", - "==2016.3.7", - ">=2016.3.9,<2016.11.3", - "==2016.11.4", - ">=2016.11.7,<2016.11.10", - ">=2017.5.0,<2017.7.8", - ">=2018.2.0,<=2018.3.5", - ">=2019.2.0rc0,<2019.2.5", - ">=2019.2.6,<2019.2.8", - ">=3000.0.0rc0,<3000.6", - ">=3001rc1,<3001.4", - ">=3002rc0,<3002.5" - ], - "v": "<2015.8.10,>=2015.8.11,<2015.8.13,>=2016.3.0rc0,<2016.3.4,==2016.3.5,==2016.3.7,>=2016.3.9,<2016.11.3,==2016.11.4,>=2016.11.7,<2016.11.10,>=2017.5.0,<2017.7.8,>=2018.2.0,<=2018.3.5,>=2019.2.0rc0,<2019.2.5,>=2019.2.6,<2019.2.8,>=3000.0.0rc0,<3000.6,>=3001rc1,<3001.4,>=3002rc0,<3002.5" - }, { "advisory": "An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py. Several Salt versions were patched. See: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/", "cve": "CVE-2021-3148", @@ -112672,34 +114436,10 @@ "v": "<2015.8.10,>=2015.8.11,<2015.8.13,>=2016.3.0rc0,<2016.3.4,==2016.3.5,==2016.3.7,>=2016.3.9,<2016.11.3,==2016.11.4,>=2016.11.7,<2016.11.10,>=2017.5.0,<2017.7.8,>=2018.2.0,<=2018.3.5,>=2019.2.0rc0,<2019.2.5,>=2019.2.6,<2019.2.8,>=3000.0.0rc0,<3000.6,>=3001rc1,<3001.4,>=3002rc0,<3002.5" }, { - "advisory": "An issue was discovered in through SaltStack Salt before 3002.5, identified as CVE-2021-25282: The salt.wheel.pillar_roots.write method is vulnerable to directory traversal. Several Salt versions were patched. https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25", - "cve": "CVE-2021-25282", - "id": "pyup.io-41947", - "more_info_path": "/vulnerabilities/CVE-2021-25282/41947", - "specs": [ - "<2015.8.10", - ">=2015.8.11,<2015.8.13", - ">=2016.3.0rc0,<2016.3.4", - "==2016.3.5", - "==2016.3.7", - ">=2016.3.9,<2016.11.3", - "==2016.11.4", - ">=2016.11.7,<2016.11.10", - ">=2017.5.0,<2017.7.8", - ">=2018.2.0,<=2018.3.5", - ">=2019.2.0rc0,<2019.2.5", - ">=2019.2.6,<2019.2.8", - ">=3000.0.0rc0,<3000.6", - ">=3001rc1,<3001.4", - ">=3002rc0,<3002.5" - ], - "v": "<2015.8.10,>=2015.8.11,<2015.8.13,>=2016.3.0rc0,<2016.3.4,==2016.3.5,==2016.3.7,>=2016.3.9,<2016.11.3,==2016.11.4,>=2016.11.7,<2016.11.10,>=2017.5.0,<2017.7.8,>=2018.2.0,<=2018.3.5,>=2019.2.0rc0,<2019.2.5,>=2019.2.6,<2019.2.8,>=3000.0.0rc0,<3000.6,>=3001rc1,<3001.4,>=3002rc0,<3002.5" - }, - { - "advisory": "In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL certificate is not always validated. Several Salt versions were patched. See: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/", - "cve": "CVE-2020-35662", - "id": "pyup.io-41945", - "more_info_path": "/vulnerabilities/CVE-2020-35662/41945", + "advisory": "In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. They might be used to run command against the salt master or minions. Several Salt versions were patched. See: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/", + "cve": "CVE-2021-3144", + "id": "pyup.io-41950", + "more_info_path": "/vulnerabilities/CVE-2021-3144/41950", "specs": [ "<2015.8.10", ">=2015.8.11,<2015.8.13", @@ -112720,10 +114460,10 @@ "v": "<2015.8.10,>=2015.8.11,<2015.8.13,>=2016.3.0rc0,<2016.3.4,==2016.3.5,==2016.3.7,>=2016.3.9,<2016.11.3,==2016.11.4,>=2016.11.7,<2016.11.10,>=2017.5.0,<2017.7.8,>=2018.2.0,<=2018.3.5,>=2019.2.0rc0,<2019.2.5,>=2019.2.6,<2019.2.8,>=3000.0.0rc0,<3000.6,>=3001rc1,<3001.4,>=3002rc0,<3002.5" }, { - "advisory": "An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This allows for a local privilege escalation by any user able to create a files on the minion in a non-blacklisted directory. Several Salt versions were patched. \r\nhttps://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25", - "cve": "CVE-2020-28243", - "id": "pyup.io-41929", - "more_info_path": "/vulnerabilities/CVE-2020-28243/41929", + "advisory": "An issue was discovered in SaltStack Salt before 3002.5 identified as CVE-2021-25284: salt.modules.cmdmod can log credentials to the info or error log level.\r\nhttps://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25", + "cve": "CVE-2021-25284", + "id": "pyup.io-41949", + "more_info_path": "/vulnerabilities/CVE-2021-25284/41949", "specs": [ "<2015.8.10", ">=2015.8.11,<2015.8.13", @@ -112767,6 +114507,102 @@ ], "v": "<2015.8.10,>=2015.8.11,<2015.8.13,>=2016.3.0rc0,<2016.3.4,==2016.3.5,==2016.3.7,>=2016.3.9,<2016.11.3,==2016.11.4,>=2016.11.7,<2016.11.10,>=2017.5.0,<2017.7.8,>=2018.2.0,<=2018.3.5,>=2019.2.0rc0,<2019.2.5,>=2019.2.6,<2019.2.8,>=3000.0.0rc0,<3000.6,>=3001rc1,<3001.4,>=3002rc0,<3002.5" }, + { + "advisory": "An issue was discovered in through SaltStack Salt before 3002.5. Salt-api does not honor eauth credentials for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the master. Several Salt versions were patched. See: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/", + "cve": "CVE-2021-25281", + "id": "pyup.io-41946", + "more_info_path": "/vulnerabilities/CVE-2021-25281/41946", + "specs": [ + "<2015.8.10", + ">=2015.8.11,<2015.8.13", + ">=2016.3.0rc0,<2016.3.4", + "==2016.3.5", + "==2016.3.7", + ">=2016.3.9,<2016.11.3", + "==2016.11.4", + ">=2016.11.7,<2016.11.10", + ">=2017.5.0,<2017.7.8", + ">=2018.2.0,<=2018.3.5", + ">=2019.2.0rc0,<2019.2.5", + ">=2019.2.6,<2019.2.8", + ">=3000.0.0rc0,<3000.6", + ">=3001rc1,<3001.4", + ">=3002rc0,<3002.5" + ], + "v": "<2015.8.10,>=2015.8.11,<2015.8.13,>=2016.3.0rc0,<2016.3.4,==2016.3.5,==2016.3.7,>=2016.3.9,<2016.11.3,==2016.11.4,>=2016.11.7,<2016.11.10,>=2017.5.0,<2017.7.8,>=2018.2.0,<=2018.3.5,>=2019.2.0rc0,<2019.2.5,>=2019.2.6,<2019.2.8,>=3000.0.0rc0,<3000.6,>=3001rc1,<3001.4,>=3002rc0,<3002.5" + }, + { + "advisory": "In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL certificate is not always validated. Several Salt versions were patched. See: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/", + "cve": "CVE-2020-35662", + "id": "pyup.io-41945", + "more_info_path": "/vulnerabilities/CVE-2020-35662/41945", + "specs": [ + "<2015.8.10", + ">=2015.8.11,<2015.8.13", + ">=2016.3.0rc0,<2016.3.4", + "==2016.3.5", + "==2016.3.7", + ">=2016.3.9,<2016.11.3", + "==2016.11.4", + ">=2016.11.7,<2016.11.10", + ">=2017.5.0,<2017.7.8", + ">=2018.2.0,<=2018.3.5", + ">=2019.2.0rc0,<2019.2.5", + ">=2019.2.6,<2019.2.8", + ">=3000.0.0rc0,<3000.6", + ">=3001rc1,<3001.4", + ">=3002rc0,<3002.5" + ], + "v": "<2015.8.10,>=2015.8.11,<2015.8.13,>=2016.3.0rc0,<2016.3.4,==2016.3.5,==2016.3.7,>=2016.3.9,<2016.11.3,==2016.11.4,>=2016.11.7,<2016.11.10,>=2017.5.0,<2017.7.8,>=2018.2.0,<=2018.3.5,>=2019.2.0rc0,<2019.2.5,>=2019.2.6,<2019.2.8,>=3000.0.0rc0,<3000.6,>=3001rc1,<3001.4,>=3002rc0,<3002.5" + }, + { + "advisory": "In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the vmware.py files) does not always validate the SSL/TLS certificate. Several Salt versions were patched. See: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/", + "cve": "CVE-2020-28972", + "id": "pyup.io-41944", + "more_info_path": "/vulnerabilities/CVE-2020-28972/41944", + "specs": [ + "<2015.8.10", + ">=2015.8.11,<2015.8.13", + ">=2016.3.0rc0,<2016.3.4", + "==2016.3.5", + "==2016.3.7", + ">=2016.3.9,<2016.11.3", + "==2016.11.4", + ">=2016.11.7,<2016.11.10", + ">=2017.5.0,<2017.7.8", + ">=2018.2.0,<=2018.3.5", + ">=2019.2.0rc0,<2019.2.5", + ">=2019.2.6,<2019.2.8", + ">=3000.0.0rc0,<3000.6", + ">=3001rc1,<3001.4", + ">=3002rc0,<3002.5" + ], + "v": "<2015.8.10,>=2015.8.11,<2015.8.13,>=2016.3.0rc0,<2016.3.4,==2016.3.5,==2016.3.7,>=2016.3.9,<2016.11.3,==2016.11.4,>=2016.11.7,<2016.11.10,>=2017.5.0,<2017.7.8,>=2018.2.0,<=2018.3.5,>=2019.2.0rc0,<2019.2.5,>=2019.2.6,<2019.2.8,>=3000.0.0rc0,<3000.6,>=3001rc1,<3001.4,>=3002rc0,<3002.5" + }, + { + "advisory": "An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This allows for a local privilege escalation by any user able to create a files on the minion in a non-blacklisted directory. Several Salt versions were patched. \r\nhttps://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25", + "cve": "CVE-2020-28243", + "id": "pyup.io-41929", + "more_info_path": "/vulnerabilities/CVE-2020-28243/41929", + "specs": [ + "<2015.8.10", + ">=2015.8.11,<2015.8.13", + ">=2016.3.0rc0,<2016.3.4", + "==2016.3.5", + "==2016.3.7", + ">=2016.3.9,<2016.11.3", + "==2016.11.4", + ">=2016.11.7,<2016.11.10", + ">=2017.5.0,<2017.7.8", + ">=2018.2.0,<=2018.3.5", + ">=2019.2.0rc0,<2019.2.5", + ">=2019.2.6,<2019.2.8", + ">=3000.0.0rc0,<3000.6", + ">=3001rc1,<3001.4", + ">=3002rc0,<3002.5" + ], + "v": "<2015.8.10,>=2015.8.11,<2015.8.13,>=2016.3.0rc0,<2016.3.4,==2016.3.5,==2016.3.7,>=2016.3.9,<2016.11.3,==2016.11.4,>=2016.11.7,<2016.11.10,>=2017.5.0,<2017.7.8,>=2018.2.0,<=2018.3.5,>=2019.2.0rc0,<2019.2.5,>=2019.2.6,<2019.2.8,>=3000.0.0rc0,<3000.6,>=3001rc1,<3001.4,>=3002rc0,<3002.5" + }, { "advisory": "Salt 3000.4 prevents creating world-readable private keys with the TLS execution module (cve-2020-17490).", "cve": "CVE-2020-17490", @@ -112902,10 +114738,10 @@ "v": "<3003.4,>=3004rc1,<3004.1" }, { - "advisory": "Salt 3005.2 and 3006.2 update its dependency 'cryptography' to v41.0.3 to include security fixes.", - "cve": "CVE-2023-3446", - "id": "pyup.io-61047", - "more_info_path": "/vulnerabilities/CVE-2023-3446/61047", + "advisory": "Salt 3005.2 and 3006.2 update its dependency 'certifi' to v2023.07.22 to include a security fix.", + "cve": "CVE-2023-37920", + "id": "pyup.io-61048", + "more_info_path": "/vulnerabilities/CVE-2023-37920/61048", "specs": [ "<3005.2", ">=3006.0rc1,<3006.2" @@ -112913,10 +114749,10 @@ "v": "<3005.2,>=3006.0rc1,<3006.2" }, { - "advisory": "Salt 3005.2 and 3006.2 update its dependency 'certifi' to v2023.07.22 to include a security fix.", - "cve": "CVE-2023-37920", - "id": "pyup.io-61048", - "more_info_path": "/vulnerabilities/CVE-2023-37920/61048", + "advisory": "Salt 3005.2 and 3006.2 update its dependency 'cryptography' to v41.0.3 to include security fixes.", + "cve": "CVE-2023-3446", + "id": "pyup.io-61047", + "more_info_path": "/vulnerabilities/CVE-2023-3446/61047", "specs": [ "<3005.2", ">=3006.0rc1,<3006.2" @@ -112956,6 +114792,16 @@ ], "v": "<3005.2,>=3006.0rc1,<3006.2" }, + { + "advisory": "Salt 3005.3 updates gitpython to >=3.1.35 due to https://github.com/advisories/GHSA-wfm5-v35h-vwf4 and https://github.com/advisories/GHSA-cwvm-v4w8-q58c (#65167)", + "cve": "PVE-2023-62053", + "id": "pyup.io-62053", + "more_info_path": "/vulnerabilities/PVE-2023-62053/62053", + "specs": [ + "<3005.3" + ], + "v": "<3005.3" + }, { "advisory": "Salt 3006.0rc3 updates its dependency 'cryptography' to versions '>=39.0.1' to include security fixes.", "cve": "CVE-2023-0286", @@ -112967,20 +114813,20 @@ "v": "<3006.0rc3" }, { - "advisory": "Salt 3006.0rc3 updates its dependency 'markdown-it-py' to v2.2.0 to include security fixes.", - "cve": "CVE-2023-26302", - "id": "pyup.io-55068", - "more_info_path": "/vulnerabilities/CVE-2023-26302/55068", + "advisory": "Salt 3006.0rc3 updates its dependency 'cryptography' to versions '>=39.0.1' to include security fixes.", + "cve": "CVE-2023-23931", + "id": "pyup.io-55067", + "more_info_path": "/vulnerabilities/CVE-2023-23931/55067", "specs": [ "<3006.0rc3" ], "v": "<3006.0rc3" }, { - "advisory": "Salt 3006.0rc3 updates its dependency 'cryptography' to versions '>=39.0.1' to include security fixes.", - "cve": "CVE-2023-23931", - "id": "pyup.io-55067", - "more_info_path": "/vulnerabilities/CVE-2023-23931/55067", + "advisory": "Salt 3006.0rc3 updates its dependency 'markdown-it-py' to v2.2.0 to include security fixes.", + "cve": "CVE-2023-26302", + "id": "pyup.io-55068", + "more_info_path": "/vulnerabilities/CVE-2023-26302/55068", "specs": [ "<3006.0rc3" ], @@ -113098,10 +114944,10 @@ "v": ">=0,<2015.8.11" }, { - "advisory": "Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's ssh_client.", - "cve": "CVE-2017-5200", - "id": "pyup.io-53957", - "more_info_path": "/vulnerabilities/CVE-2017-5200/53957", + "advisory": "When using the local_batch client from salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2, external authentication is not respected, enabling all authentication to be bypassed.", + "cve": "CVE-2017-5192", + "id": "pyup.io-53956", + "more_info_path": "/vulnerabilities/CVE-2017-5192/53956", "specs": [ ">=0,<2015.8.13", ">=2016.3,<2016.3.5", @@ -113110,10 +114956,10 @@ "v": ">=0,<2015.8.13,>=2016.3,<2016.3.5,>=2016.11,<2016.11.2" }, { - "advisory": "When using the local_batch client from salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2, external authentication is not respected, enabling all authentication to be bypassed.", - "cve": "CVE-2017-5192", - "id": "pyup.io-53956", - "more_info_path": "/vulnerabilities/CVE-2017-5192/53956", + "advisory": "Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's ssh_client.", + "cve": "CVE-2017-5200", + "id": "pyup.io-53957", + "more_info_path": "/vulnerabilities/CVE-2017-5200/53957", "specs": [ ">=0,<2015.8.13", ">=2016.3,<2016.3.5", @@ -113388,6 +115234,18 @@ "v": ">=0.1.7,<20.12.6" } ], + "sanic-ext": [ + { + "advisory": "The official compatibility of Sanic includes Python versions 3.6, 3.7, 3.8, and 3.9, but not version 3.10. Mistakenly running it with Python 3.10 can potentially cause your server to crash upon receiving a web request.", + "cve": "PVE-2023-99923", + "id": "pyup.io-61984", + "more_info_path": "/vulnerabilities/PVE-2023-99923/61984", + "specs": [ + ">=0.1.7,<20.12.6" + ], + "v": ">=0.1.7,<20.12.6" + } + ], "sanic-oauthlib": [ { "advisory": "Sanic-oauthlib 0.5.0 mentions \"**Security bug** for access token via `#92`\". No other information was provided.", @@ -113673,16 +115531,6 @@ ], "v": "<21.3.30" }, - { - "advisory": "Scancode-toolkit 21.6.7 dropped its dependency 'pycryptodrome', as it was not longer used and imposed a security threat.", - "cve": "CVE-2018-15560", - "id": "pyup.io-48447", - "more_info_path": "/vulnerabilities/CVE-2018-15560/48447", - "specs": [ - "<21.6.7" - ], - "v": "<21.6.7" - }, { "advisory": "Scancode-toolkit 21.6.7 updates its dependency 'jinja2' to v3.0.1 to include security fixes.", "cve": "CVE-2019-10906", @@ -113703,6 +115551,16 @@ ], "v": "<21.6.7" }, + { + "advisory": "Scancode-toolkit 21.6.7 dropped its dependency 'pycryptodrome', as it was not longer used and imposed a security threat.", + "cve": "CVE-2018-15560", + "id": "pyup.io-48447", + "more_info_path": "/vulnerabilities/CVE-2018-15560/48447", + "specs": [ + "<21.6.7" + ], + "v": "<21.6.7" + }, { "advisory": "Scancode-toolkit 21.6.7 updates its dependency 'jinja2' to v3.0.1 to include security fixes.", "cve": "CVE-2020-28493", @@ -113713,6 +115571,16 @@ ], "v": "<21.6.7" }, + { + "advisory": "Scancode-toolkit 21.6.7 updates its dependency 'pygments' to v2.9.0 to include security fixes.", + "cve": "CVE-2021-20270", + "id": "pyup.io-48400", + "more_info_path": "/vulnerabilities/CVE-2021-20270/48400", + "specs": [ + "<21.6.7" + ], + "v": "<21.6.7" + }, { "advisory": "Scancode-toolkit 21.6.7 updates its dependency 'pygments' to v2.9.0 to include security fixes.", "cve": "CVE-2021-27291", @@ -113733,16 +115601,6 @@ ], "v": "<21.6.7" }, - { - "advisory": "Scancode-toolkit 21.6.7 updates its dependency 'pygments' to v2.9.0 to include security fixes.", - "cve": "CVE-2021-20270", - "id": "pyup.io-48400", - "more_info_path": "/vulnerabilities/CVE-2021-20270/48400", - "specs": [ - "<21.6.7" - ], - "v": "<21.6.7" - }, { "advisory": "Scancode-toolkit 31.0.0b1 updates its dependency 'lxml' to 4.7.1 to include a security fix.", "cve": "CVE-2021-43818", @@ -113880,20 +115738,20 @@ ], "schemathesis": [ { - "advisory": "Schemathesis 3.18.4 updates its dependency 'werkzeug' to version '2.3.7' to include a fix for a Denial of Service vulnerability.\r\nhttps://github.com/schemathesis/schemathesis/pull/1696", - "cve": "CVE-2023-25577", - "id": "pyup.io-60382", - "more_info_path": "/vulnerabilities/CVE-2023-25577/60382", + "advisory": "Schemathesis 3.18.4 updates its dependency 'werkzeug' to version '2.3.7' to include a fix for an Access Restriction Bypass vulnerability.\r\nhttps://github.com/schemathesis/schemathesis/pull/1696", + "cve": "CVE-2023-23934", + "id": "pyup.io-60397", + "more_info_path": "/vulnerabilities/CVE-2023-23934/60397", "specs": [ "<3.18.4" ], "v": "<3.18.4" }, { - "advisory": "Schemathesis 3.18.4 updates its dependency 'werkzeug' to version '2.3.7' to include a fix for an Access Restriction Bypass vulnerability.\r\nhttps://github.com/schemathesis/schemathesis/pull/1696", - "cve": "CVE-2023-23934", - "id": "pyup.io-60397", - "more_info_path": "/vulnerabilities/CVE-2023-23934/60397", + "advisory": "Schemathesis 3.18.4 updates its dependency 'werkzeug' to version '2.3.7' to include a fix for a Denial of Service vulnerability.\r\nhttps://github.com/schemathesis/schemathesis/pull/1696", + "cve": "CVE-2023-25577", + "id": "pyup.io-60382", + "more_info_path": "/vulnerabilities/CVE-2023-25577/60382", "specs": [ "<3.18.4" ], @@ -114046,20 +115904,20 @@ ], "scout-browser": [ { - "advisory": "Scout is a Variant Call Format (VCF) visualization interface. The Pypi package `scout-browser` is vulnerable to path traversal due to `send_file` call in versions prior to 4.52.", - "cve": "CVE-2022-1554", - "id": "pyup.io-54438", - "more_info_path": "/vulnerabilities/CVE-2022-1554/54438", + "advisory": "Pypi package scout-browser (GitHub repository clinical-genomics/scout) prior to v4.52 is vulnerable to server-side request forgery. An attacker could make the application perform arbitrary requests to steal cookies, request access to private areas, or lead to cross-site scripting.", + "cve": "CVE-2022-1592", + "id": "pyup.io-53953", + "more_info_path": "/vulnerabilities/CVE-2022-1592/53953", "specs": [ ">=0,<4.52" ], "v": ">=0,<4.52" }, { - "advisory": "Pypi package scout-browser (GitHub repository clinical-genomics/scout) prior to v4.52 is vulnerable to server-side request forgery. An attacker could make the application perform arbitrary requests to steal cookies, request access to private areas, or lead to cross-site scripting.", - "cve": "CVE-2022-1592", - "id": "pyup.io-53953", - "more_info_path": "/vulnerabilities/CVE-2022-1592/53953", + "advisory": "Scout is a Variant Call Format (VCF) visualization interface. The Pypi package `scout-browser` is vulnerable to path traversal due to `send_file` call in versions prior to 4.52.", + "cve": "CVE-2022-1554", + "id": "pyup.io-54438", + "more_info_path": "/vulnerabilities/CVE-2022-1554/54438", "specs": [ ">=0,<4.52" ], @@ -115826,6 +117684,16 @@ "<2.10.3" ], "v": "<2.10.3" + }, + { + "advisory": "Seed-farmer 2.10.4 updates its dependency 'urllib3' to include a security fix.", + "cve": "CVE-2023-45803", + "id": "pyup.io-61993", + "more_info_path": "/vulnerabilities/CVE-2023-45803/61993", + "specs": [ + "<2.10.4" + ], + "v": "<2.10.4" } ], "seed-identity-store": [ @@ -116129,16 +117997,6 @@ ], "v": "<1.7.0" }, - { - "advisory": "Seldon-core 1.7.0 addresses CVEs from Python base Image.\r\nhttps://github.com/SeldonIO/seldon-core/pull/2970", - "cve": "CVE-2020-26137", - "id": "pyup.io-45344", - "more_info_path": "/vulnerabilities/CVE-2020-26137/45344", - "specs": [ - "<1.7.0" - ], - "v": "<1.7.0" - }, { "advisory": "Seldon-core 1.7.0 addresses CVEs for Redhat Python based images.\r\nhttps://github.com/SeldonIO/seldon-core/pull/2977", "cve": "CVE-2020-9490", @@ -116218,6 +118076,16 @@ "<1.7.0" ], "v": "<1.7.0" + }, + { + "advisory": "Seldon-core 1.7.0 addresses CVEs from Python base Image.\r\nhttps://github.com/SeldonIO/seldon-core/pull/2970", + "cve": "CVE-2020-26137", + "id": "pyup.io-45344", + "more_info_path": "/vulnerabilities/CVE-2020-26137/45344", + "specs": [ + "<1.7.0" + ], + "v": "<1.7.0" } ], "selenible": [ @@ -116256,6 +118124,18 @@ "v": ">=1.5.2,<1.25.0" } ], + "seml": [ + { + "advisory": "In Seml versions before 0.3.5, a potential vulnerability exists related to the creation of temporary directories. The changelog for version 0.3.5 mentions the use of UUIDs to fix race conditions during temporary directory creation. While the specific nature of the vulnerability is not detailed, the update implies that race conditions may occur, potentially making it possible for an attacker to exploit issues such as symlink attacks or unauthorized data access.", + "cve": "PVE-2023-62086", + "id": "pyup.io-62086", + "more_info_path": "/vulnerabilities/PVE-2023-62086/62086", + "specs": [ + "<0.3.5" + ], + "v": "<0.3.5" + } + ], "semversioner": [ { "advisory": "Semversioner 0.13.0 updates its dependency 'jinja2' to v2.11.3 to include a security fix.", @@ -117848,6 +119728,30 @@ "v": "<0.3.1" } ], + "simple-websocket": [ + { + "advisory": "Simple-websocket 0.8.1 includes a fix for a potential race condition vulnerability.\r\nhttps://github.com/miguelgrinberg/simple-websocket/issues/18", + "cve": "PVE-2023-61626", + "id": "pyup.io-61626", + "more_info_path": "/vulnerabilities/PVE-2023-61626/61626", + "specs": [ + "<0.8.1" + ], + "v": "<0.8.1" + } + ], + "simplejson": [ + { + "advisory": "Simplejson 2.6.1 includes a fix for CVE-2014-4616: Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the raw_decode function.\r\nhttps://bugs.python.org/issue21529", + "cve": "CVE-2014-4616", + "id": "pyup.io-61644", + "more_info_path": "/vulnerabilities/CVE-2014-4616/61644", + "specs": [ + "<2.6.1" + ], + "v": "<2.6.1" + } + ], "simplematrixbotlib": [ { "advisory": "Simplematrixbotlib 2.6.2 fixes a possible code injection vulnerability.\r\nhttps://github.com/i10b/simplematrixbotlib/commit/4a6eea5a3eaa5cf0f06b7087a5b1e851e9d021a8", @@ -120571,10 +122475,10 @@ "v": "<2.3.0rc5" }, { - "advisory": "Smart-app-framework 2.3.0rc5 updates its dependency 'nltk' to version '3.8.1' to include a fix for a ReDoS vulnerability.", - "cve": "CVE-2021-3828", - "id": "pyup.io-60337", - "more_info_path": "/vulnerabilities/CVE-2021-3828/60337", + "advisory": "Smart-app-framework 2.3.0rc5 updates its dependency 'aiohttp' to version '3.8.5' to include a fix for an HTTP Request Smuggling vulnerability.", + "cve": "CVE-2023-37276", + "id": "pyup.io-60331", + "more_info_path": "/vulnerabilities/CVE-2023-37276/60331", "specs": [ "<2.3.0rc5" ], @@ -120582,9 +122486,9 @@ }, { "advisory": "Smart-app-framework 2.3.0rc5 updates its dependency 'nltk' to version '3.8.1' to include a fix for a ReDoS vulnerability.", - "cve": "CVE-2021-3842", - "id": "pyup.io-60335", - "more_info_path": "/vulnerabilities/CVE-2021-3842/60335", + "cve": "CVE-2021-3828", + "id": "pyup.io-60337", + "more_info_path": "/vulnerabilities/CVE-2021-3828/60337", "specs": [ "<2.3.0rc5" ], @@ -120592,29 +122496,29 @@ }, { "advisory": "Smart-app-framework 2.3.0rc5 updates its dependency 'nltk' to version '3.8.1' to include a fix for a ReDoS vulnerability.", - "cve": "CVE-2021-43854", - "id": "pyup.io-60336", - "more_info_path": "/vulnerabilities/CVE-2021-43854/60336", + "cve": "CVE-2021-3842", + "id": "pyup.io-60335", + "more_info_path": "/vulnerabilities/CVE-2021-3842/60335", "specs": [ "<2.3.0rc5" ], "v": "<2.3.0rc5" }, { - "advisory": "Smart-app-framework 2.3.0rc5 updates its dependency 'aiohttp' to version '3.8.5' to include a fix for an HTTP Request Smuggling vulnerability.", - "cve": "CVE-2023-37276", - "id": "pyup.io-60331", - "more_info_path": "/vulnerabilities/CVE-2023-37276/60331", + "advisory": "Smart-app-framework 2.3.0rc5 updates its dependency 'PyYAML' to version '6.0.1' to include a fix for an Arbitrary Code Execution vulnerability.", + "cve": "CVE-2020-1747", + "id": "pyup.io-60340", + "more_info_path": "/vulnerabilities/CVE-2020-1747/60340", "specs": [ "<2.3.0rc5" ], "v": "<2.3.0rc5" }, { - "advisory": "Smart-app-framework 2.3.0rc5 updates its dependency 'PyYAML' to version '6.0.1' to include a fix for an Arbitrary Code Execution vulnerability.", - "cve": "CVE-2020-1747", - "id": "pyup.io-60340", - "more_info_path": "/vulnerabilities/CVE-2020-1747/60340", + "advisory": "Smart-app-framework 2.3.0rc5 updates its dependency 'nltk' to version '3.8.1' to include a fix for a ReDoS vulnerability.", + "cve": "CVE-2021-43854", + "id": "pyup.io-60336", + "more_info_path": "/vulnerabilities/CVE-2021-43854/60336", "specs": [ "<2.3.0rc5" ], @@ -122128,9 +124032,9 @@ "sqlalchemy-cockroachdb": [ { "advisory": "Sqlalchemy-cockroachdb 1.3.0 updates 'urllib3' to v1.25.3 to include security fixes.", - "cve": "CVE-2019-11324", - "id": "pyup.io-38405", - "more_info_path": "/vulnerabilities/CVE-2019-11324/38405", + "cve": "CVE-2019-11236", + "id": "pyup.io-54884", + "more_info_path": "/vulnerabilities/CVE-2019-11236/54884", "specs": [ "<1.3.0" ], @@ -122138,9 +124042,9 @@ }, { "advisory": "Sqlalchemy-cockroachdb 1.3.0 updates 'urllib3' to v1.25.3 to include security fixes.", - "cve": "CVE-2019-11236", - "id": "pyup.io-54884", - "more_info_path": "/vulnerabilities/CVE-2019-11236/54884", + "cve": "CVE-2019-11324", + "id": "pyup.io-38405", + "more_info_path": "/vulnerabilities/CVE-2019-11324/38405", "specs": [ "<1.3.0" ], @@ -123623,6 +125527,16 @@ "<0.6.0a0" ], "v": "<0.6.0a0" + }, + { + "advisory": "Syft 0.8.2b40 updates its dependency 'RestrictedPython' to 6.2 to include a security fix.\r\nhttps://github.com/OpenMined/PySyft/pull/8177/commits/5fb618fbf04ed26cae34d635ddf21d05100367ca", + "cve": "CVE-2023-41039", + "id": "pyup.io-61959", + "more_info_path": "/vulnerabilities/CVE-2023-41039/61959", + "specs": [ + "<0.8.2b40" + ], + "v": "<0.8.2b40" } ], "symphony-bdk-python": [ @@ -124185,6 +126099,16 @@ "<1.9.1" ], "v": "<1.9.1" + }, + { + "advisory": "Tahoe-LAFS v1.3.0 through v1.8.2 could allow unauthorized users to delete immutable files in some cases.", + "cve": "CVE-2011-3617", + "id": "pyup.io-62024", + "more_info_path": "/vulnerabilities/CVE-2011-3617/62024", + "specs": [ + ">=1.3.0,<=1.8.2" + ], + "v": ">=1.3.0,<=1.8.2" } ], "tair": [ @@ -124222,16 +126146,6 @@ } ], "tap-rest-api-msdk": [ - { - "advisory": "Tap-rest-api-msdk 1.3.2 updates its dependency 'cryptography' to version '41.0.3' to include a fix for a Denial of Service vulnerability.", - "cve": "CVE-2023-3446", - "id": "pyup.io-60221", - "more_info_path": "/vulnerabilities/CVE-2023-3446/60221", - "specs": [ - "<1.3.2" - ], - "v": "<1.3.2" - }, { "advisory": "Tap-rest-api-msdk 1.3.2 updates its dependency 'cryptography' to version '41.0.3' to include a fix for an Insufficient Verification of Data Authenticity vulnerability.", "cve": "CVE-2023-2975", @@ -124251,6 +126165,16 @@ "<1.3.2" ], "v": "<1.3.2" + }, + { + "advisory": "Tap-rest-api-msdk 1.3.2 updates its dependency 'cryptography' to version '41.0.3' to include a fix for a Denial of Service vulnerability.", + "cve": "CVE-2023-3446", + "id": "pyup.io-60221", + "more_info_path": "/vulnerabilities/CVE-2023-3446/60221", + "specs": [ + "<1.3.2" + ], + "v": "<1.3.2" } ], "tapestry": [ @@ -124324,6 +126248,38 @@ "v": "<2.7.0" } ], + "taskgraph": [ + { + "advisory": "Taskgraph 0.10.0 contains multiple race conditions that may cause the TaskGraph object to become unresponsive during its normal termination procedure. These race conditions do more than just freeze the object; they also pose a risk of initiating a Denial of Service (DoS) attack. This risk is magnified because the description admits to various race conditions that could cause system crashes. Fixes for this issue were only implemented in versions released after 0.10.0, underlining the critical nature of this vulnerability. If exploited with malicious intent, the primary risk is a Denial of Service attack.", + "cve": "PVE-2023-62055", + "id": "pyup.io-62055", + "more_info_path": "/vulnerabilities/PVE-2023-62055/62055", + "specs": [ + "<0.10.0" + ], + "v": "<0.10.0" + }, + { + "advisory": "Taskgraph 0.6.0 addresses an issue where the worker process pool wasn't correctly joined during the closing or dismantling of a TaskGraph. This could lead to an open cache .json file, as evidenced by inconsistent build test results. The extent of the race condition's impact is uncertain, but it's worth treating as a potential low-level security risk. Race conditions are commonly underestimated.", + "cve": "PVE-2023-62057", + "id": "pyup.io-62057", + "more_info_path": "/vulnerabilities/PVE-2023-62057/62057", + "specs": [ + "<0.6.0" + ], + "v": "<0.6.0" + }, + { + "advisory": "Taskgraph 0.8.0 resolves a race condition that could sometimes cause an exception when multiple threads tried to read or write to the completed Task Database at the same time. This issue has additional implications beyond just triggering exceptions. While it's uncertain, there is a potential for this to escalate into something like a Denial of Service (DoS) attack, although executing such an attack might not be straightforward. More critically, the concurrent read and write operations by multiple threads on the same memory location pose a risk of data corruption or even data leakage. These threads are performing different tasks simultaneously, making the system more vulnerable. If exploited intentionally, this could turn into a significant security issue.", + "cve": "PVE-2023-62056", + "id": "pyup.io-62056", + "more_info_path": "/vulnerabilities/PVE-2023-62056/62056", + "specs": [ + "<0.8.0" + ], + "v": "<0.8.0" + } + ], "tatoebatools": [ { "advisory": "Tatoebatools 0.2.2 includes a fix for CVE-2007-4559: Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.", @@ -124360,7 +126316,7 @@ "v": "<1.0.7" }, { - "advisory": "Tbats 1.0.8 includes a fix for CVE-2019-11324: The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to use of the ssl_context, ca_certs, or ca_certs_dir argument.", + "advisory": "Tbats 1.0.8 updates its dependency 'urllib3' to include a security fix.", "cve": "CVE-2019-11324", "id": "pyup.io-37336", "more_info_path": "/vulnerabilities/CVE-2019-11324/37336", @@ -124921,10 +126877,10 @@ "v": "<1.15.3,>=2.0.0a0,<2.0.2,>=2.1.0rc0,<2.1.1" }, { - "advisory": "Tensorflow versions 1.15.3, 2.0.2 and 2.1.1 updates its dependency \"libjpeg-turbo\" to handle CVE-2018-19664.", - "cve": "CVE-2018-19664", - "id": "pyup.io-39821", - "more_info_path": "/vulnerabilities/CVE-2018-19664/39821", + "advisory": "Tensorflow versions 1.15.3, 2.0.2 and 2.1.1 update its dependency \"SQLite3\" to handle CVE-2019-19880.", + "cve": "CVE-2019-19880", + "id": "pyup.io-38460", + "more_info_path": "/vulnerabilities/CVE-2019-19880/38460", "specs": [ "<1.15.3", ">=2.0.0a0,<2.0.2", @@ -124933,10 +126889,10 @@ "v": "<1.15.3,>=2.0.0a0,<2.0.2,>=2.1.0rc0,<2.1.1" }, { - "advisory": "Tensorflow versions 1.15.3, 2.0.2 and 2.1.1 updates its dependency \"SQLite\" to handle CVE-2019-19645.", - "cve": "CVE-2019-19645", - "id": "pyup.io-39819", - "more_info_path": "/vulnerabilities/CVE-2019-19645/39819", + "advisory": "Tensorflow versions 1.15.3, 2.0.2 and 2.1.1 updates its dependency \"SQLite3\" to handle CVE-2019-19244.", + "cve": "CVE-2019-19244", + "id": "pyup.io-39818", + "more_info_path": "/vulnerabilities/CVE-2019-19244/39818", "specs": [ "<1.15.3", ">=2.0.0a0,<2.0.2", @@ -124945,10 +126901,22 @@ "v": "<1.15.3,>=2.0.0a0,<2.0.2,>=2.1.0rc0,<2.1.1" }, { - "advisory": "Tensorflow versions 1.15.3, 2.0.2 and 2.1.1 update its dependency \"SQLite3\" to handle CVE-2019-19880.", - "cve": "CVE-2019-19880", - "id": "pyup.io-38460", - "more_info_path": "/vulnerabilities/CVE-2019-19880/38460", + "advisory": "Tensorflow versions 1.15.3, 2.0.2 and 2.1.1 updates its dependency \"libjpeg-turbo\" to handle CVE-2018-19664.", + "cve": "CVE-2018-19664", + "id": "pyup.io-39821", + "more_info_path": "/vulnerabilities/CVE-2018-19664/39821", + "specs": [ + "<1.15.3", + ">=2.0.0a0,<2.0.2", + ">=2.1.0rc0,<2.1.1" + ], + "v": "<1.15.3,>=2.0.0a0,<2.0.2,>=2.1.0rc0,<2.1.1" + }, + { + "advisory": "Tensorflow versions 1.15.3, 2.0.2 and 2.1.1 updates its dependency \"SQLite\" to handle CVE-2019-19645.", + "cve": "CVE-2019-19645", + "id": "pyup.io-39819", + "more_info_path": "/vulnerabilities/CVE-2019-19645/39819", "specs": [ "<1.15.3", ">=2.0.0a0,<2.0.2", @@ -124992,18 +126960,6 @@ ], "v": "<1.15.3,>=2.0.0a0,<2.0.2,>=2.1.0rc0,<2.1.1" }, - { - "advisory": "Tensorflow versions 1.15.3, 2.0.2 and 2.1.1 updates its dependency \"SQLite3\" to handle CVE-2019-19244.", - "cve": "CVE-2019-19244", - "id": "pyup.io-39818", - "more_info_path": "/vulnerabilities/CVE-2019-19244/39818", - "specs": [ - "<1.15.3", - ">=2.0.0a0,<2.0.2", - ">=2.1.0rc0,<2.1.1" - ], - "v": "<1.15.3,>=2.0.0a0,<2.0.2,>=2.1.0rc0,<2.1.1" - }, { "advisory": "Tensorflow versions 1.15.3, 2.0.2 and 2.1.1 update its dependency \"Apache Spark\" to handle CVE-2018-11770.", "cve": "CVE-2018-11770", @@ -125016,20 +126972,6 @@ ], "v": "<1.15.3,>=2.0.0a0,<2.0.2,>=2.1.0rc0,<2.1.1" }, - { - "advisory": "Tensorflow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 include a fix for CVE-2020-15195: In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the implementation of 'SparseFillEmptyRowsGrad' uses a double indexing pattern. It is possible for 'reverse_index_map(i)' to be an index outside of bounds of 'grad_values', thus resulting in a heap buffer overflow.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-63xm-rx5p-xvqr", - "cve": "CVE-2020-15195", - "id": "pyup.io-39944", - "more_info_path": "/vulnerabilities/CVE-2020-15195/39944", - "specs": [ - "<1.15.4", - ">=2.0.0a0,<2.0.3", - ">=2.1.0a0,<2.1.2", - ">=2.2.0a0,<2.2.1", - ">=2.3.0a0,<2.3.1" - ], - "v": "<1.15.4,>=2.0.0a0,<2.0.3,>=2.1.0a0,<2.1.2,>=2.2.0a0,<2.2.1,>=2.3.0a0,<2.3.1" - }, { "advisory": "Tensorflow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 include a fix for CVE-2020-15207: In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, to mimic Python's indexing with negative values, TFLite uses 'ResolveAxis' to convert negative values to positive indices. However, the only check that the converted index is now valid is only present in debug builds. If the 'DCHECK' does not trigger, then code execution moves ahead with a negative index. This, in turn, results in accessing data out of bounds which results in segfaults and/or data corruption.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-q4qf-3fc6-8x34", "cve": "CVE-2020-15207", @@ -125045,10 +126987,10 @@ "v": "<1.15.4,>=2.0.0a0,<2.0.3,>=2.1.0a0,<2.1.2,>=2.2.0a0,<2.2.1,>=2.3.0a0,<2.3.1" }, { - "advisory": "Tensorflow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, and 2.3.1 include a fix for CVE-2020-15208: In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a \"DCHECK\" which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can craft cases where this is larger than that of the second tensor. In turn, this would result in reads/writes outside of bounds since the interpreter will wrongly assume that there is enough data in both tensors. The issue was patched in commit 8ee24e7949a203d234489f9da2c5bf45a7d5157d", - "cve": "CVE-2020-15208", - "id": "pyup.io-39937", - "more_info_path": "/vulnerabilities/CVE-2020-15208/39937", + "advisory": "Tensorflow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 include a fix for CVE-2020-15202: In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the 'Shard' API in TensorFlow expects the last argument to be a function taking two 'int64' (i.e., 'long long') arguments. However, there are several places in TensorFlow where a lambda taking 'int' or 'int32' arguments is being used. In these cases, if the amount of work to be parallelized is large enough, integer truncation occurs. Depending on how the two arguments of the lambda are used, this can result in segfaults, read/write outside of heap allocated arrays, stack overflows, or data corruption.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-h6fg-mjxg-hqq4", + "cve": "CVE-2020-15202", + "id": "pyup.io-39943", + "more_info_path": "/vulnerabilities/CVE-2020-15202/39943", "specs": [ "<1.15.4", ">=2.0.0a0,<2.0.3", @@ -125059,10 +127001,10 @@ "v": "<1.15.4,>=2.0.0a0,<2.0.3,>=2.1.0a0,<2.1.2,>=2.2.0a0,<2.2.1,>=2.3.0a0,<2.3.1" }, { - "advisory": "Tensorflow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, and 2.3.1 include a fix for CVE-2020-15209: In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a \"nullptr\" buffer. This can be achieved by changing a buffer index in the flatbuffer serialization to convert a read-only tensor to a read-write one. The runtime assumes that these buffers are written to before a possible read, hence they are initialized with \"nullptr\". However, by changing the buffer index for a tensor and implicitly converting that tensor to be a read-write one, as there is nothing in the model that writes to it, we get a null pointer dereference. The issue was patched in commit 0b5662bc.", - "cve": "CVE-2020-15209", - "id": "pyup.io-39960", - "more_info_path": "/vulnerabilities/CVE-2020-15209/39960", + "advisory": "Tensorflow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, and 2.3.1 include a fix for CVE-2020-15206: In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, changing the TensorFlow's \"SavedModel\" protocol buffer and altering the name of required keys results in segfaults and data corruption while loading the model. This can cause a denial of service in products using \"tensorflow-serving\" or other inference-as-a-service installments. Fixed were added in commits f760f88b4267d981e13f4b302c437ae800445968 and fcfef195637c6e365577829c4d67681695956e7d. However, this was not enough, as #41097 reported a different failure mode. The issue was finally patched in commit df095206f25471e864a8e63a0f1caef53a0e3a6", + "cve": "CVE-2020-15206", + "id": "pyup.io-39939", + "more_info_path": "/vulnerabilities/CVE-2020-15206/39939", "specs": [ "<1.15.4", ">=2.0.0a0,<2.0.3", @@ -125073,10 +127015,10 @@ "v": "<1.15.4,>=2.0.0a0,<2.0.3,>=2.1.0a0,<2.1.2,>=2.2.0a0,<2.2.1,>=2.3.0a0,<2.3.1" }, { - "advisory": "Tensorflow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 include a fix for CVE-2020-15205: In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the 'data_splits' argument of 'tf.raw_ops.StringNGrams' lacks validation. This allows a user to pass values that can cause heap overflow errors and even leak contents of memory In the linked code snippet, all the binary strings after 'ee ff' are contents from the memory stack. Since these can contain return addresses, this data leak can be used to defeat ASLR.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-g7p5-5759-qv46", - "cve": "CVE-2020-15205", - "id": "pyup.io-39940", - "more_info_path": "/vulnerabilities/CVE-2020-15205/39940", + "advisory": "Tensorflow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, and 2.3.1 include a fix for CVE-2020-15211: In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices for the tensors, indexing into an array of tensors that is owned by the subgraph. This results in a pattern of double array indexing when trying to get the data of each tensor. However, some operators can have some tensors be optional. To handle this scenario, the flatbuffer model uses a negative \"-1\" value as index for these tensors. This results in special casing during validation at model loading time. Unfortunately, this means that the \"-1\" index is a valid tensor index for any operator, including those that don't expect optional inputs and including for output tensors. Thus, this allows writing and reading from outside the bounds of heap allocated arrays, although only at a specific offset from the start of these arrays. This results in both read and write gadgets, albeit very limited in scope. The issue was patched in several commits (46d5b0852, 00302787b7, e11f5558, cd31fd0ce, 1970c21, and fff2c83). A potential workaround would be to add a custom \"Verifier\" to the model loading code to ensure that only operators which accept optional inputs use the \"-1\" special value and only for the tensors that they expect to be optional. Since this allow-list type approach is error-prone, it's advised upgrading to the patched code.", + "cve": "CVE-2020-15211", + "id": "pyup.io-39958", + "more_info_path": "/vulnerabilities/CVE-2020-15211/39958", "specs": [ "<1.15.4", ">=2.0.0a0,<2.0.3", @@ -125087,10 +127029,10 @@ "v": "<1.15.4,>=2.0.0a0,<2.0.3,>=2.1.0a0,<2.1.2,>=2.2.0a0,<2.2.1,>=2.3.0a0,<2.3.1" }, { - "advisory": "Tensorflow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 include a fix for CVE-2020-15190: In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the \"tf.raw_ops.Switch\" operation takes as input a tensor and a boolean and outputs two tensors. Depending on the boolean value, one of the tensors is exactly the input tensor whereas the other one should be an empty tensor. However, the eager runtime traverses all tensors in the output. Since only one of the tensors is defined, the other one is \"nullptr\", hence we are binding a reference to \"nullptr\". This is undefined behavior and reported as an error if compiling with \"-fsanitize=null\". In this case, this results in a segmentation fault The issue was patched in commit da8558533d925694483d2c136a9220d6d49d843c\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-4g9f-63rx-5cw4", - "cve": "CVE-2020-15190", - "id": "pyup.io-38813", - "more_info_path": "/vulnerabilities/CVE-2020-15190/38813", + "advisory": "Tensorflow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 include a fix for CVE-2020-15195: In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the implementation of 'SparseFillEmptyRowsGrad' uses a double indexing pattern. It is possible for 'reverse_index_map(i)' to be an index outside of bounds of 'grad_values', thus resulting in a heap buffer overflow.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-63xm-rx5p-xvqr", + "cve": "CVE-2020-15195", + "id": "pyup.io-39944", + "more_info_path": "/vulnerabilities/CVE-2020-15195/39944", "specs": [ "<1.15.4", ">=2.0.0a0,<2.0.3", @@ -125101,10 +127043,10 @@ "v": "<1.15.4,>=2.0.0a0,<2.0.3,>=2.1.0a0,<2.1.2,>=2.2.0a0,<2.2.1,>=2.3.0a0,<2.3.1" }, { - "advisory": "Tensorflow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 include a fix for CVE-2020-15202: In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the 'Shard' API in TensorFlow expects the last argument to be a function taking two 'int64' (i.e., 'long long') arguments. However, there are several places in TensorFlow where a lambda taking 'int' or 'int32' arguments is being used. In these cases, if the amount of work to be parallelized is large enough, integer truncation occurs. Depending on how the two arguments of the lambda are used, this can result in segfaults, read/write outside of heap allocated arrays, stack overflows, or data corruption.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-h6fg-mjxg-hqq4", - "cve": "CVE-2020-15202", - "id": "pyup.io-39943", - "more_info_path": "/vulnerabilities/CVE-2020-15202/39943", + "advisory": "Tensorflow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 include a fix for CVE-2020-15203: In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the 'fill' argument of tf.strings.as_string, a malicious attacker is able to trigger a format string vulnerability due to the way the internal format use in a 'printf' call is constructed. This may result in segmentation fault.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-xmq7-7fxm-rr79", + "cve": "CVE-2020-15203", + "id": "pyup.io-39942", + "more_info_path": "/vulnerabilities/CVE-2020-15203/39942", "specs": [ "<1.15.4", ">=2.0.0a0,<2.0.3", @@ -125115,10 +127057,10 @@ "v": "<1.15.4,>=2.0.0a0,<2.0.3,>=2.1.0a0,<2.1.2,>=2.2.0a0,<2.2.1,>=2.3.0a0,<2.3.1" }, { - "advisory": "Tensorflow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, and 2.3.1 include a fix for CVE-2020-15204: In eager mode, TensorFlow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 does not set the session state. Hence, calling \"tf.raw_ops.GetSessionHandle\" or \"tf.raw_ops.GetSessionHandleV2\" results in a null pointer dereference In linked snippet, in eager mode, \"ctx->session_state()\" returns \"nullptr\". Since code immediately dereferences this, we get a segmentation fault. The issue was patched in commit 9a133d73ae4b4664d22bd1aa6d654fec13c52ee1", - "cve": "CVE-2020-15204", - "id": "pyup.io-39941", - "more_info_path": "/vulnerabilities/CVE-2020-15204/39941", + "advisory": "Tensorflow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, and 2.3.1 include a fix for CVE-2020-15208: In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a \"DCHECK\" which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can craft cases where this is larger than that of the second tensor. In turn, this would result in reads/writes outside of bounds since the interpreter will wrongly assume that there is enough data in both tensors. The issue was patched in commit 8ee24e7949a203d234489f9da2c5bf45a7d5157d", + "cve": "CVE-2020-15208", + "id": "pyup.io-39937", + "more_info_path": "/vulnerabilities/CVE-2020-15208/39937", "specs": [ "<1.15.4", ">=2.0.0a0,<2.0.3", @@ -125129,10 +127071,10 @@ "v": "<1.15.4,>=2.0.0a0,<2.0.3,>=2.1.0a0,<2.1.2,>=2.2.0a0,<2.2.1,>=2.3.0a0,<2.3.1" }, { - "advisory": "Tensorflow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, and 2.3.1 include a fix for CVE-2020-15206: In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, changing the TensorFlow's \"SavedModel\" protocol buffer and altering the name of required keys results in segfaults and data corruption while loading the model. This can cause a denial of service in products using \"tensorflow-serving\" or other inference-as-a-service installments. Fixed were added in commits f760f88b4267d981e13f4b302c437ae800445968 and fcfef195637c6e365577829c4d67681695956e7d. However, this was not enough, as #41097 reported a different failure mode. The issue was finally patched in commit df095206f25471e864a8e63a0f1caef53a0e3a6", - "cve": "CVE-2020-15206", - "id": "pyup.io-39939", - "more_info_path": "/vulnerabilities/CVE-2020-15206/39939", + "advisory": "Tensorflow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, and 2.3.1 include a fix for CVE-2020-15209: In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a \"nullptr\" buffer. This can be achieved by changing a buffer index in the flatbuffer serialization to convert a read-only tensor to a read-write one. The runtime assumes that these buffers are written to before a possible read, hence they are initialized with \"nullptr\". However, by changing the buffer index for a tensor and implicitly converting that tensor to be a read-write one, as there is nothing in the model that writes to it, we get a null pointer dereference. The issue was patched in commit 0b5662bc.", + "cve": "CVE-2020-15209", + "id": "pyup.io-39960", + "more_info_path": "/vulnerabilities/CVE-2020-15209/39960", "specs": [ "<1.15.4", ">=2.0.0a0,<2.0.3", @@ -125143,10 +127085,10 @@ "v": "<1.15.4,>=2.0.0a0,<2.0.3,>=2.1.0a0,<2.1.2,>=2.2.0a0,<2.2.1,>=2.3.0a0,<2.3.1" }, { - "advisory": "Tensorflow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, and 2.3.1 include a fix for CVE-2020-15211: In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices for the tensors, indexing into an array of tensors that is owned by the subgraph. This results in a pattern of double array indexing when trying to get the data of each tensor. However, some operators can have some tensors be optional. To handle this scenario, the flatbuffer model uses a negative \"-1\" value as index for these tensors. This results in special casing during validation at model loading time. Unfortunately, this means that the \"-1\" index is a valid tensor index for any operator, including those that don't expect optional inputs and including for output tensors. Thus, this allows writing and reading from outside the bounds of heap allocated arrays, although only at a specific offset from the start of these arrays. This results in both read and write gadgets, albeit very limited in scope. The issue was patched in several commits (46d5b0852, 00302787b7, e11f5558, cd31fd0ce, 1970c21, and fff2c83). A potential workaround would be to add a custom \"Verifier\" to the model loading code to ensure that only operators which accept optional inputs use the \"-1\" special value and only for the tensors that they expect to be optional. Since this allow-list type approach is error-prone, it's advised upgrading to the patched code.", - "cve": "CVE-2020-15211", - "id": "pyup.io-39958", - "more_info_path": "/vulnerabilities/CVE-2020-15211/39958", + "advisory": "Tensorflow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 include a fix for CVE-2020-15205: In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the 'data_splits' argument of 'tf.raw_ops.StringNGrams' lacks validation. This allows a user to pass values that can cause heap overflow errors and even leak contents of memory In the linked code snippet, all the binary strings after 'ee ff' are contents from the memory stack. Since these can contain return addresses, this data leak can be used to defeat ASLR.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-g7p5-5759-qv46", + "cve": "CVE-2020-15205", + "id": "pyup.io-39940", + "more_info_path": "/vulnerabilities/CVE-2020-15205/39940", "specs": [ "<1.15.4", ">=2.0.0a0,<2.0.3", @@ -125157,10 +127099,10 @@ "v": "<1.15.4,>=2.0.0a0,<2.0.3,>=2.1.0a0,<2.1.2,>=2.2.0a0,<2.2.1,>=2.3.0a0,<2.3.1" }, { - "advisory": "Tensorflow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 include a fix for CVE-2020-15203: In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the 'fill' argument of tf.strings.as_string, a malicious attacker is able to trigger a format string vulnerability due to the way the internal format use in a 'printf' call is constructed. This may result in segmentation fault.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-xmq7-7fxm-rr79", - "cve": "CVE-2020-15203", - "id": "pyup.io-39942", - "more_info_path": "/vulnerabilities/CVE-2020-15203/39942", + "advisory": "Tensorflow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 include a fix for CVE-2020-15190: In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the \"tf.raw_ops.Switch\" operation takes as input a tensor and a boolean and outputs two tensors. Depending on the boolean value, one of the tensors is exactly the input tensor whereas the other one should be an empty tensor. However, the eager runtime traverses all tensors in the output. Since only one of the tensors is defined, the other one is \"nullptr\", hence we are binding a reference to \"nullptr\". This is undefined behavior and reported as an error if compiling with \"-fsanitize=null\". In this case, this results in a segmentation fault The issue was patched in commit da8558533d925694483d2c136a9220d6d49d843c\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-4g9f-63rx-5cw4", + "cve": "CVE-2020-15190", + "id": "pyup.io-38813", + "more_info_path": "/vulnerabilities/CVE-2020-15190/38813", "specs": [ "<1.15.4", ">=2.0.0a0,<2.0.3", @@ -125171,17 +127113,18 @@ "v": "<1.15.4,>=2.0.0a0,<2.0.3,>=2.1.0a0,<2.1.2,>=2.2.0a0,<2.2.1,>=2.3.0a0,<2.3.1" }, { - "advisory": "Tensorflow versions 1.15.4, 2.0.3, 2.1.2 and 2.2.1 updates its dependency \"SQLite\" to handle CVE-2020-13871.", - "cve": "CVE-2020-13871", - "id": "pyup.io-39899", - "more_info_path": "/vulnerabilities/CVE-2020-13871/39899", + "advisory": "Tensorflow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, and 2.3.1 include a fix for CVE-2020-15204: In eager mode, TensorFlow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 does not set the session state. Hence, calling \"tf.raw_ops.GetSessionHandle\" or \"tf.raw_ops.GetSessionHandleV2\" results in a null pointer dereference In linked snippet, in eager mode, \"ctx->session_state()\" returns \"nullptr\". Since code immediately dereferences this, we get a segmentation fault. The issue was patched in commit 9a133d73ae4b4664d22bd1aa6d654fec13c52ee1", + "cve": "CVE-2020-15204", + "id": "pyup.io-39941", + "more_info_path": "/vulnerabilities/CVE-2020-15204/39941", "specs": [ "<1.15.4", ">=2.0.0a0,<2.0.3", - ">=2.1.0rc0,<2.1.2", - ">=2.2.0rc0,<2.2.1" + ">=2.1.0a0,<2.1.2", + ">=2.2.0a0,<2.2.1", + ">=2.3.0a0,<2.3.1" ], - "v": "<1.15.4,>=2.0.0a0,<2.0.3,>=2.1.0rc0,<2.1.2,>=2.2.0rc0,<2.2.1" + "v": "<1.15.4,>=2.0.0a0,<2.0.3,>=2.1.0a0,<2.1.2,>=2.2.0a0,<2.2.1,>=2.3.0a0,<2.3.1" }, { "advisory": "Tensorflow versions 1.15.4, 2.0.3, 2.1.2 and 2.2.1 update its dependency \"SQLite\" to handle CVE-2020-11655.", @@ -125210,10 +127153,10 @@ "v": "<1.15.4,>=2.0.0a0,<2.0.3,>=2.1.0rc0,<2.1.2,>=2.2.0rc0,<2.2.1" }, { - "advisory": "Tensorflow versions 1.15.4, 2.0.3, 2.1.2 and 2.2.1 updates its dependency \"SQLite\" to handle CVE-2020-13631.", - "cve": "CVE-2020-13631", - "id": "pyup.io-39900", - "more_info_path": "/vulnerabilities/CVE-2020-13631/39900", + "advisory": "Tensorflow versions 1.15.4, 2.0.3, 2.1.2 and 2.2.1 update its dependency \"SQLite\" to handle CVE-2020-11656.", + "cve": "CVE-2020-11656", + "id": "pyup.io-39904", + "more_info_path": "/vulnerabilities/CVE-2020-11656/39904", "specs": [ "<1.15.4", ">=2.0.0a0,<2.0.3", @@ -125223,10 +127166,10 @@ "v": "<1.15.4,>=2.0.0a0,<2.0.3,>=2.1.0rc0,<2.1.2,>=2.2.0rc0,<2.2.1" }, { - "advisory": "Tensorflow versions 1.15.4, 2.0.3, 2.1.2 and 2.2.1 updates its dependency \"SQLite\" to handle CVE-2020-13435.", - "cve": "CVE-2020-13435", - "id": "pyup.io-39902", - "more_info_path": "/vulnerabilities/CVE-2020-13435/39902", + "advisory": "Tensorflow versions 1.15.4, 2.0.3, 2.1.2 and 2.2.1 updates its dependency \"SQLite\" to handle CVE-2020-13434.", + "cve": "CVE-2020-13434", + "id": "pyup.io-39903", + "more_info_path": "/vulnerabilities/CVE-2020-13434/39903", "specs": [ "<1.15.4", ">=2.0.0a0,<2.0.3", @@ -125236,10 +127179,10 @@ "v": "<1.15.4,>=2.0.0a0,<2.0.3,>=2.1.0rc0,<2.1.2,>=2.2.0rc0,<2.2.1" }, { - "advisory": "Tensorflow versions 1.15.4, 2.0.3, 2.1.2 and 2.2.1 update its dependency \"SQLite\" to handle CVE-2020-9327.", - "cve": "CVE-2020-9327", - "id": "pyup.io-39906", - "more_info_path": "/vulnerabilities/CVE-2020-9327/39906", + "advisory": "Tensorflow versions 1.15.4, 2.0.3, 2.1.2 and 2.2.1 updates its dependency \"SQLite\" to handle CVE-2020-13871.", + "cve": "CVE-2020-13871", + "id": "pyup.io-39899", + "more_info_path": "/vulnerabilities/CVE-2020-13871/39899", "specs": [ "<1.15.4", ">=2.0.0a0,<2.0.3", @@ -125249,10 +127192,10 @@ "v": "<1.15.4,>=2.0.0a0,<2.0.3,>=2.1.0rc0,<2.1.2,>=2.2.0rc0,<2.2.1" }, { - "advisory": "Tensorflow versions 1.15.4, 2.0.3, 2.1.2 and 2.2.1 update its dependency \"SQLite\" to handle CVE-2020-11656.", - "cve": "CVE-2020-11656", - "id": "pyup.io-39904", - "more_info_path": "/vulnerabilities/CVE-2020-11656/39904", + "advisory": "Tensorflow versions 1.15.4, 2.0.3, 2.1.2 and 2.2.1 updates its dependency \"SQLite\" to handle CVE-2020-13631.", + "cve": "CVE-2020-13631", + "id": "pyup.io-39900", + "more_info_path": "/vulnerabilities/CVE-2020-13631/39900", "specs": [ "<1.15.4", ">=2.0.0a0,<2.0.3", @@ -125262,10 +127205,23 @@ "v": "<1.15.4,>=2.0.0a0,<2.0.3,>=2.1.0rc0,<2.1.2,>=2.2.0rc0,<2.2.1" }, { - "advisory": "Tensorflow versions 1.15.4, 2.0.3, 2.1.2 and 2.2.1 updates its dependency \"SQLite\" to handle CVE-2020-13434.", - "cve": "CVE-2020-13434", - "id": "pyup.io-39903", - "more_info_path": "/vulnerabilities/CVE-2020-13434/39903", + "advisory": "Tensorflow versions 1.15.4, 2.0.3, 2.1.2 and 2.2.1 updates its dependency \"SQLite\" to handle CVE-2020-13435.", + "cve": "CVE-2020-13435", + "id": "pyup.io-39902", + "more_info_path": "/vulnerabilities/CVE-2020-13435/39902", + "specs": [ + "<1.15.4", + ">=2.0.0a0,<2.0.3", + ">=2.1.0rc0,<2.1.2", + ">=2.2.0rc0,<2.2.1" + ], + "v": "<1.15.4,>=2.0.0a0,<2.0.3,>=2.1.0rc0,<2.1.2,>=2.2.0rc0,<2.2.1" + }, + { + "advisory": "Tensorflow versions 1.15.4, 2.0.3, 2.1.2 and 2.2.1 update its dependency \"SQLite\" to handle CVE-2020-9327.", + "cve": "CVE-2020-9327", + "id": "pyup.io-39906", + "more_info_path": "/vulnerabilities/CVE-2020-9327/39906", "specs": [ "<1.15.4", ">=2.0.0a0,<2.0.3", @@ -125303,10 +127259,10 @@ "v": "<1.15.4,>=2.0.0a0,<2.0.3,>=2.1.0rc0,<2.1.2,>=2.2.0rc0,<2.2.1,>=2.3.0rc0,<2.3.1" }, { - "advisory": "Tensorflow versions 1.15.5, 2.0.4, 2.1.3, 2.2.2 and 2.3.2 update its dependency \"PCRE\" to handle CVE-2020-14155.", - "cve": "CVE-2020-14155", - "id": "pyup.io-39725", - "more_info_path": "/vulnerabilities/CVE-2020-14155/39725", + "advisory": "Tensorflow versions 2.3.2, 2.2.2, 2.1.3, 2.0.4 and 1.15.5 update its dependency 'Junit4' to v4.13.1 to include a security fix.", + "cve": "CVE-2020-15250", + "id": "pyup.io-39724", + "more_info_path": "/vulnerabilities/CVE-2020-15250/39724", "specs": [ "<1.15.5", ">=2.0.0a0,<2.0.4", @@ -125317,10 +127273,10 @@ "v": "<1.15.5,>=2.0.0a0,<2.0.4,>=2.1.0rc0,<2.1.3,>=2.2.0rc0,<2.2.2,>=2.3.0rc0,<2.3.2" }, { - "advisory": "Tensorflow versions 2.3.2, 2.2.2, 2.1.3, 2.0.4 and 1.15.5 updates its dependency \"Libjpeg-turbo\" to handle CVE-2020-13790.", - "cve": "CVE-2020-13790", - "id": "pyup.io-39726", - "more_info_path": "/vulnerabilities/CVE-2020-13790/39726", + "advisory": "Tensorflow versions 1.15.5, 2.0.4, 2.1.3, 2.2.2 and 2.3.2 update its dependency \"PCRE\" to handle CVE-2020-14155.", + "cve": "CVE-2020-14155", + "id": "pyup.io-39725", + "more_info_path": "/vulnerabilities/CVE-2020-14155/39725", "specs": [ "<1.15.5", ">=2.0.0a0,<2.0.4", @@ -125331,10 +127287,10 @@ "v": "<1.15.5,>=2.0.0a0,<2.0.4,>=2.1.0rc0,<2.1.3,>=2.2.0rc0,<2.2.2,>=2.3.0rc0,<2.3.2" }, { - "advisory": "Tensorflow versions 2.3.2, 2.2.2, 2.1.3, 2.0.4 and 1.15.5 update its dependency 'Junit4' to v4.13.1 to include a security fix.", - "cve": "CVE-2020-15250", - "id": "pyup.io-39724", - "more_info_path": "/vulnerabilities/CVE-2020-15250/39724", + "advisory": "Tensorflow versions 2.3.2, 2.2.2, 2.1.3, 2.0.4 and 1.15.5 updates its dependency \"Libjpeg-turbo\" to handle CVE-2020-13790.", + "cve": "CVE-2020-13790", + "id": "pyup.io-39726", + "more_info_path": "/vulnerabilities/CVE-2020-13790/39726", "specs": [ "<1.15.5", ">=2.0.0a0,<2.0.4", @@ -125494,28 +127450,6 @@ ], "v": "<2.11.1,>=2.12.0rc0,<2.12.0" }, - { - "advisory": "Tensorflow 2.11.1 and 2.12.0 include a fix for CVE-2023-25675: When running versions prior to 2.12.0 and 2.11.1 with XLA, 'tf.raw_ops.Bincount' segfaults when given a parameter 'weights' that is neither the same shape as parameter 'arr' nor a length-0 tensor.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-7x4v-9gxg-9hwj", - "cve": "CVE-2023-25675", - "id": "pyup.io-53861", - "more_info_path": "/vulnerabilities/CVE-2023-25675/53861", - "specs": [ - "<2.11.1", - ">=2.12.0rc0,<2.12.0" - ], - "v": "<2.11.1,>=2.12.0rc0,<2.12.0" - }, - { - "advisory": "Tensorflow 2.11.1 and 2.12.0 include a fix for CVE-2023-25671: There is out-of-bounds access due to mismatched integer type sizes.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-j5w9-hmfh-4cr6", - "cve": "CVE-2023-25671", - "id": "pyup.io-53857", - "more_info_path": "/vulnerabilities/CVE-2023-25671/53857", - "specs": [ - "<2.11.1", - ">=2.12.0rc0,<2.12.0" - ], - "v": "<2.11.1,>=2.12.0rc0,<2.12.0" - }, { "advisory": "Tensorflow 2.11.1 and 2.12.0 include a fix for CVE-2023-25676: When running versions prior to 2.12.0 and 2.11.1 with XLA, 'tf.raw_ops.ParallelConcat' segfaults with a nullptr dereference when given a parameter 'shape' with rank that is not greater than zero.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-6wfh-89q8-44jq", "cve": "CVE-2023-25676", @@ -125527,28 +127461,6 @@ ], "v": "<2.11.1,>=2.12.0rc0,<2.12.0" }, - { - "advisory": "Tensorflow 2.11.1 and 2.12.0 include a fix for CVE-2023-25660: Prior to versions 2.12.0 and 2.11.1, when the parameter 'summarize' of 'tf.raw_ops.Print' is zero, the new method 'SummarizeArray' will reference to a nullptr, leading to a seg fault.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-qjqc-vqcf-5qvj", - "cve": "CVE-2023-25660", - "id": "pyup.io-53847", - "more_info_path": "/vulnerabilities/CVE-2023-25660/53847", - "specs": [ - "<2.11.1", - ">=2.12.0rc0,<2.12.0" - ], - "v": "<2.11.1,>=2.12.0rc0,<2.12.0" - }, - { - "advisory": "Tensorflow 2.11.1 and 2.12.0 include a fix for CVE-2023-25658: Prior to versions 2.12.0 and 2.11.1, an out of bounds read is in GRUBlockCellGrad.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-68v3-g9cm-rmm6", - "cve": "CVE-2023-25658", - "id": "pyup.io-53845", - "more_info_path": "/vulnerabilities/CVE-2023-25658/53845", - "specs": [ - "<2.11.1", - ">=2.12.0rc0,<2.12.0" - ], - "v": "<2.11.1,>=2.12.0rc0,<2.12.0" - }, { "advisory": "Tensorflow 2.11.1 and 2.12.0 include a fix for CVE-2023-25668: Attackers using Tensorflow prior to 2.12.0 or 2.11.1 can access heap memory which is not in the control of user, leading to a crash or remote code execution.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-gw97-ff7c-9v96", "cve": "CVE-2023-25668", @@ -125560,17 +127472,6 @@ ], "v": "<2.11.1,>=2.12.0rc0,<2.12.0" }, - { - "advisory": "Tensorflow 2.11.1 and 2.12.0 include a fix for CVE-2023-25801: Prior to versions 2.12.0 and 2.11.1, 'nn_ops.fractional_avg_pool_v2' and 'nn_ops.fractional_max_pool_v2' require the first and fourth elements of their parameter 'pooling_ratio' to be equal to 1.0, as pooling on batch and channel dimensions is not supported.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-f49c-87jh-g47q", - "cve": "CVE-2023-25801", - "id": "pyup.io-53863", - "more_info_path": "/vulnerabilities/CVE-2023-25801/53863", - "specs": [ - "<2.11.1", - ">=2.12.0rc0,<2.12.0" - ], - "v": "<2.11.1,>=2.12.0rc0,<2.12.0" - }, { "advisory": "Tensorflow 2.11.1 and 2.12.0 include a fix for CVE-2023-27579: Constructing a tflite model with a paramater 'filter_input_channel' of less than 1 gives a FPE.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-5w96-866f-6rm8", "cve": "CVE-2023-27579", @@ -125648,6 +127549,83 @@ ], "v": "<2.11.1,>=2.12.0rc0,<2.12.0" }, + { + "advisory": "Tensorflow 2.11.1 and 2.12.0 include a fix for CVE-2023-25673: Versions prior to 2.12.0 and 2.11.1 have a Floating Point Exception in TensorListSplit with XLA. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.", + "cve": "CVE-2023-25673", + "id": "pyup.io-53859", + "more_info_path": "/vulnerabilities/CVE-2023-25673/53859", + "specs": [ + "<2.11.1", + ">=2.12.0rc0,<2.12.0" + ], + "v": "<2.11.1,>=2.12.0rc0,<2.12.0" + }, + { + "advisory": "Tensorflow 2.11.1 and 2.12.0 include a fix for CVE-2023-25663: Prior to versions 2.12.0 and 2.11.1, when 'ctx->step_containter()' is a null ptr, the Lookup function will be executed with a null pointer.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-64jg-wjww-7c5w", + "cve": "CVE-2023-25663", + "id": "pyup.io-53849", + "more_info_path": "/vulnerabilities/CVE-2023-25663/53849", + "specs": [ + "<2.11.1", + ">=2.12.0rc0,<2.12.0" + ], + "v": "<2.11.1,>=2.12.0rc0,<2.12.0" + }, + { + "advisory": "Tensorflow 2.11.1 and 2.12.0 include a fix for CVE-2023-25675: When running versions prior to 2.12.0 and 2.11.1 with XLA, 'tf.raw_ops.Bincount' segfaults when given a parameter 'weights' that is neither the same shape as parameter 'arr' nor a length-0 tensor.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-7x4v-9gxg-9hwj", + "cve": "CVE-2023-25675", + "id": "pyup.io-53861", + "more_info_path": "/vulnerabilities/CVE-2023-25675/53861", + "specs": [ + "<2.11.1", + ">=2.12.0rc0,<2.12.0" + ], + "v": "<2.11.1,>=2.12.0rc0,<2.12.0" + }, + { + "advisory": "Tensorflow 2.11.1 and 2.12.0 include a fix for CVE-2023-25671: There is out-of-bounds access due to mismatched integer type sizes.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-j5w9-hmfh-4cr6", + "cve": "CVE-2023-25671", + "id": "pyup.io-53857", + "more_info_path": "/vulnerabilities/CVE-2023-25671/53857", + "specs": [ + "<2.11.1", + ">=2.12.0rc0,<2.12.0" + ], + "v": "<2.11.1,>=2.12.0rc0,<2.12.0" + }, + { + "advisory": "Tensorflow 2.11.1 and 2.12.0 include a fix for CVE-2023-25660: Prior to versions 2.12.0 and 2.11.1, when the parameter 'summarize' of 'tf.raw_ops.Print' is zero, the new method 'SummarizeArray' will reference to a nullptr, leading to a seg fault.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-qjqc-vqcf-5qvj", + "cve": "CVE-2023-25660", + "id": "pyup.io-53847", + "more_info_path": "/vulnerabilities/CVE-2023-25660/53847", + "specs": [ + "<2.11.1", + ">=2.12.0rc0,<2.12.0" + ], + "v": "<2.11.1,>=2.12.0rc0,<2.12.0" + }, + { + "advisory": "Tensorflow 2.11.1 and 2.12.0 include a fix for CVE-2023-25658: Prior to versions 2.12.0 and 2.11.1, an out of bounds read is in GRUBlockCellGrad.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-68v3-g9cm-rmm6", + "cve": "CVE-2023-25658", + "id": "pyup.io-53845", + "more_info_path": "/vulnerabilities/CVE-2023-25658/53845", + "specs": [ + "<2.11.1", + ">=2.12.0rc0,<2.12.0" + ], + "v": "<2.11.1,>=2.12.0rc0,<2.12.0" + }, + { + "advisory": "Tensorflow 2.11.1 and 2.12.0 include a fix for CVE-2023-25801: Prior to versions 2.12.0 and 2.11.1, 'nn_ops.fractional_avg_pool_v2' and 'nn_ops.fractional_max_pool_v2' require the first and fourth elements of their parameter 'pooling_ratio' to be equal to 1.0, as pooling on batch and channel dimensions is not supported.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-f49c-87jh-g47q", + "cve": "CVE-2023-25801", + "id": "pyup.io-53863", + "more_info_path": "/vulnerabilities/CVE-2023-25801/53863", + "specs": [ + "<2.11.1", + ">=2.12.0rc0,<2.12.0" + ], + "v": "<2.11.1,>=2.12.0rc0,<2.12.0" + }, { "advisory": "Tensorflow 2.11.1 and 2.12.0 include a fix for CVE-2023-25659: Prior to versions 2.12.0 and 2.11.1, if the parameter 'indices' for 'DynamicStitch' does not match the shape of the parameter 'data', it can trigger an stack OOB read.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-93vr-9q9m-pj8p", "cve": "CVE-2023-25659", @@ -125681,17 +127659,6 @@ ], "v": "<2.11.1,>=2.12.0rc0,<2.12.0" }, - { - "advisory": "Tensorflow 2.11.1 and 2.12.0 include a fix for CVE-2023-25673: Versions prior to 2.12.0 and 2.11.1 have a Floating Point Exception in TensorListSplit with XLA. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.", - "cve": "CVE-2023-25673", - "id": "pyup.io-53859", - "more_info_path": "/vulnerabilities/CVE-2023-25673/53859", - "specs": [ - "<2.11.1", - ">=2.12.0rc0,<2.12.0" - ], - "v": "<2.11.1,>=2.12.0rc0,<2.12.0" - }, { "advisory": "Tensorflow 2.11.1 and 2.12.0 include a fix for CVE-2023-25667: Prior to versions 2.12.0 and 2.11.1, integer overflow occurs when '2^31 <= num_frames * height * width * channels < 2^32', for example Full HD screencast of at least 346 frames.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-fqm2-gh8w-gr68", "cve": "CVE-2023-25667", @@ -125703,17 +127670,6 @@ ], "v": "<2.11.1,>=2.12.0rc0,<2.12.0" }, - { - "advisory": "Tensorflow 2.11.1 and 2.12.0 include a fix for CVE-2023-25663: Prior to versions 2.12.0 and 2.11.1, when 'ctx->step_containter()' is a null ptr, the Lookup function will be executed with a null pointer.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-64jg-wjww-7c5w", - "cve": "CVE-2023-25663", - "id": "pyup.io-53849", - "more_info_path": "/vulnerabilities/CVE-2023-25663/53849", - "specs": [ - "<2.11.1", - ">=2.12.0rc0,<2.12.0" - ], - "v": "<2.11.1,>=2.12.0rc0,<2.12.0" - }, { "advisory": "TensorFlow 2.4.0 includes a fix for CVE-2020-15265: In Tensorflow before version 2.4.0, an attacker can pass an invalid `axis` value to `tf.quantization.quantize_and_dequantize`. This results in accessing a dimension outside the rank of the input tensor in the C++ kernel implementation. However, dim_size only does a DCHECK to validate the argument and then uses it to access the corresponding element of an array. Since in normal builds, `DCHECK`-like macros are no-ops, this results in segfault and access out of bounds of the array. The issue is patched in eccb7ec454e6617738554a255d77f08e60ee0808 and TensorFlow 2.4.0 will be released containing the patch. TensorFlow nightly packages after this commit will also have the issue resolved.", "cve": "CVE-2020-15265", @@ -125735,10 +127691,10 @@ "v": "<2.4.0" }, { - "advisory": "Tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41195: In affected versions, the implementation of 'tf.math.segment_*' operations results in a 'CHECK'-fail related abort (and denial of service) if a segment id in 'segment_ids' is large. This is similar to CVE-2021-29584 (and similar to other reported vulnerabilities in TensorFlow localized to specific APIs): the implementation (both on CPU and GPU) computes the output shape using 'AddDim'. However, if the number of elements in the tensor overflows an 'int64_t' value, 'AddDim' results in a 'CHECK' failure which provokes a 'std::abort'. Instead, code should use 'AddDimWithStatus'. The fix is included in TensorFlow 2.7.0.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-cq76-mxrc-vchh", - "cve": "CVE-2021-41195", - "id": "pyup.io-42442", - "more_info_path": "/vulnerabilities/CVE-2021-41195/42442", + "advisory": "Tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41213: In affected versions, the code behind 'tf.function' API can be made to deadlock when two 'tf.function' decorated Python functions are mutually recursive. This occurs due to using a non-reentrant 'Lock' Python object. Loading any model which contains mutually recursive functions is vulnerable. An attacker can cause denial of service by causing users to load such models and calling a recursive 'tf.function', although this is not a frequent scenario.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-h67m-xg8f-fxcf\r\nhttps://github.com/tensorflow/tensorflow/commit/afac8158d43691661ad083f6dd9e56f327c1dcb7", + "cve": "CVE-2021-41213", + "id": "pyup.io-42460", + "more_info_path": "/vulnerabilities/CVE-2021-41213/42460", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -125747,10 +127703,10 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "Tensorflow versions 2.4.4, 2.5.2 and 2.6.1 update its dependency 'curl' to v7.78.0 to handle CVE-2021-22925.", - "cve": "CVE-2021-22925", - "id": "pyup.io-43749", - "more_info_path": "/vulnerabilities/CVE-2021-22925/43749", + "advisory": "Tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41218: In affected versions, the shape inference code for 'AllToAll' can be made to execute a division by 0. This occurs whenever the 'split_count' argument is 0. The fix is included in TensorFlow 2.7.0.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9crf-c6qr-r273\r\nhttps://github.com/tensorflow/tensorflow/commit/a8ad3e5e79c75f36edb81e0ba3f3c0c5442aeddc", + "cve": "CVE-2021-41218", + "id": "pyup.io-42465", + "more_info_path": "/vulnerabilities/CVE-2021-41218/42465", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -125759,10 +127715,10 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "Tensorflow versions 2.4.4, 2.5.2 and 2.6.1 update its dependency 'curl' to v7.78.0 to handle CVE-2021-22923.", - "cve": "CVE-2021-22923", - "id": "pyup.io-43747", - "more_info_path": "/vulnerabilities/CVE-2021-22923/43747", + "advisory": "Tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41207: In affected versions, the implementation of 'ParallelConcat' misses some input validation and can produce a division by 0. The fix is included in TensorFlow 2.7.0.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-7v94-64hj-m82h\r\nhttps://github.com/tensorflow/tensorflow/commit/f2c3931113eaafe9ef558faaddd48e00a6606235", + "cve": "CVE-2021-41207", + "id": "pyup.io-42454", + "more_info_path": "/vulnerabilities/CVE-2021-41207/42454", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -125771,10 +127727,10 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "Tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41210: In affected versions, the shape inference functions for 'SparseCountSparseOutput' can trigger a read outside of bounds of heap allocated array. The fix is included in TensorFlow 2.7.0.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-m342-ff57-4jcc\r\nhttps://github.com/tensorflow/tensorflow/commit/701cfaca222a82afbeeb17496bd718baa65a67d2", - "cve": "CVE-2021-41210", - "id": "pyup.io-42457", - "more_info_path": "/vulnerabilities/CVE-2021-41210/42457", + "advisory": "Tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41209: In affected versions, the implementations for convolution operators trigger a division by 0 if passed empty filter tensor arguments. The fix is included in TensorFlow 2.7.0.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-6hpv-v2rx-c5g6\r\nhttps://github.com/tensorflow/tensorflow/commit/f2c3931113eaafe9ef558faaddd48e00a6606235", + "cve": "CVE-2021-41209", + "id": "pyup.io-42456", + "more_info_path": "/vulnerabilities/CVE-2021-41209/42456", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -125783,10 +127739,10 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "Tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41203: In affected versions, an attacker can trigger undefined behavior, integer overflows, segfaults and 'CHECK'-fail crashes if they can change saved checkpoints from outside of TensorFlow. This is because the checkpoints loading infrastructure is missing validation for invalid file formats.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-7pxj-m4jf-r6h2", - "cve": "CVE-2021-41203", - "id": "pyup.io-42450", - "more_info_path": "/vulnerabilities/CVE-2021-41203/42450", + "advisory": "TensorFlow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41226: In affected versions, the implementation of 'SparseBinCount' is vulnerable to a heap OOB access. This is because of missing validation between the elements of the 'values' argument and the shape of the sparse output. The fix is also included in TensorFlow 2.7.0.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-374m-jm66-3vj8\r\nhttps://github.com/tensorflow/tensorflow/commit/f410212e373eb2aec4c9e60bf3702eba99a38aba", + "cve": "CVE-2021-41226", + "id": "pyup.io-42473", + "more_info_path": "/vulnerabilities/CVE-2021-41226/42473", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -125795,10 +127751,10 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "Tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41217: In affected versions, the process of building the control flow graph for a TensorFlow model is vulnerable to a null pointer exception when nodes that should be paired are not. This occurs because the code assumes that the first node in the pairing (e.g., an 'Enter' node) always exists when encountering the second node (e.g., an 'Exit' node). When this is not the case, 'parent' is 'nullptr' so dereferencing it causes a crash. The fix is included in TensorFlow 2.7.0.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-5crj-c72x-m7gq\r\nhttps://github.com/tensorflow/tensorflow/commit/05cbebd3c6bb8f517a158b0155debb8df79017ff", - "cve": "CVE-2021-41217", - "id": "pyup.io-42464", - "more_info_path": "/vulnerabilities/CVE-2021-41217/42464", + "advisory": "Tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41199: In affected versions, if 'tf.image.resize' is called with a large input argument then the TensorFlow process will crash due to a 'CHECK'-failure caused by an overflow. The number of elements in the output tensor is too much for the 'int64_t' type and the overflow is detected via a 'CHECK' statement. This aborts the process. The fix is included in TensorFlow 2.7.0.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-5hx2-qx8j-qjqm", + "cve": "CVE-2021-41199", + "id": "pyup.io-42446", + "more_info_path": "/vulnerabilities/CVE-2021-41199/42446", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -125807,10 +127763,10 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "Tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41223: In affected versions, the implementation of 'FusedBatchNorm' kernels is vulnerable to a heap OOB access. The fix is included in TensorFlow 2.7.0.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-f54p-f6jp-4rhr\r\nhttps://github.com/tensorflow/tensorflow/commit/aab9998916c2ffbd8f0592059fad352622f89cda", - "cve": "CVE-2021-41223", - "id": "pyup.io-42470", - "more_info_path": "/vulnerabilities/CVE-2021-41223/42470", + "advisory": "Tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41195: In affected versions, the implementation of 'tf.math.segment_*' operations results in a 'CHECK'-fail related abort (and denial of service) if a segment id in 'segment_ids' is large. This is similar to CVE-2021-29584 (and similar to other reported vulnerabilities in TensorFlow localized to specific APIs): the implementation (both on CPU and GPU) computes the output shape using 'AddDim'. However, if the number of elements in the tensor overflows an 'int64_t' value, 'AddDim' results in a 'CHECK' failure which provokes a 'std::abort'. Instead, code should use 'AddDimWithStatus'. The fix is included in TensorFlow 2.7.0.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-cq76-mxrc-vchh", + "cve": "CVE-2021-41195", + "id": "pyup.io-42442", + "more_info_path": "/vulnerabilities/CVE-2021-41195/42442", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -125819,10 +127775,10 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "Tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41213: In affected versions, the code behind 'tf.function' API can be made to deadlock when two 'tf.function' decorated Python functions are mutually recursive. This occurs due to using a non-reentrant 'Lock' Python object. Loading any model which contains mutually recursive functions is vulnerable. An attacker can cause denial of service by causing users to load such models and calling a recursive 'tf.function', although this is not a frequent scenario.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-h67m-xg8f-fxcf\r\nhttps://github.com/tensorflow/tensorflow/commit/afac8158d43691661ad083f6dd9e56f327c1dcb7", - "cve": "CVE-2021-41213", - "id": "pyup.io-42460", - "more_info_path": "/vulnerabilities/CVE-2021-41213/42460", + "advisory": "Tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41205: In affected versions, the shape inference functions for the 'QuantizeAndDequantizeV*' operations can trigger a read outside of bounds of heap allocated array. The fix is included in TensorFlow 2.7.0.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-49rx-x2rw-pc6f\r\nhttps://github.com/tensorflow/tensorflow/commit/7cf73a2274732c9d82af51c2bc2cf90d13cd7e6d", + "cve": "CVE-2021-41205", + "id": "pyup.io-42452", + "more_info_path": "/vulnerabilities/CVE-2021-41205/42452", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -125831,10 +127787,10 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "Tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41218: In affected versions, the shape inference code for 'AllToAll' can be made to execute a division by 0. This occurs whenever the 'split_count' argument is 0. The fix is included in TensorFlow 2.7.0.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9crf-c6qr-r273\r\nhttps://github.com/tensorflow/tensorflow/commit/a8ad3e5e79c75f36edb81e0ba3f3c0c5442aeddc", - "cve": "CVE-2021-41218", - "id": "pyup.io-42465", - "more_info_path": "/vulnerabilities/CVE-2021-41218/42465", + "advisory": "Tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41196: In affected versions, the Keras pooling layers can trigger a segfault if the size of the pool is 0 or if a dimension is negative. This is due to the TensorFlow's implementation of pooling operations where the values in the sliding window are not checked to be strictly positive. The fix is included in TensorFlow 2.7.0.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-m539-j985-hcr8", + "cve": "CVE-2021-41196", + "id": "pyup.io-42443", + "more_info_path": "/vulnerabilities/CVE-2021-41196/42443", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -125843,10 +127799,10 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "Tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41216: In affected versions, the shape inference function for 'Transpose' is vulnerable to a heap buffer overflow. This occurs whenever 'perm' contains negative elements. The shape inference function does not validate that the indices in 'perm' are all valid. The fix is included in TensorFlow 2.7.0.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-3ff2-r28g-w7h9\r\nhttps://github.com/tensorflow/tensorflow/commit/c79ba87153ee343401dbe9d1954d7f79e521eb14", - "cve": "CVE-2021-41216", - "id": "pyup.io-42463", - "more_info_path": "/vulnerabilities/CVE-2021-41216/42463", + "advisory": "Tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41221: In affected versions, the shape inference code for the 'Cudnn*' operations can be tricked into accessing invalid memory via a heap buffer overflow. This occurs because the ranks of the 'input', 'input_h' and 'input_c' parameters are not validated, but code assumes they have certain values. The fix is included in TensorFlow 2.7.0.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-cqv6-3phm-hcwx\r\nhttps://github.com/tensorflow/tensorflow/commit/af5fcebb37c8b5d71c237f4e59c6477015c78ce6", + "cve": "CVE-2021-41221", + "id": "pyup.io-42468", + "more_info_path": "/vulnerabilities/CVE-2021-41221/42468", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -125855,10 +127811,10 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "Tensorflow versions 2.4.4, 2.5.2 and 2.6.1 update its dependency 'curl' to v7.78.0 to handle CVE-2021-22926.", - "cve": "CVE-2021-22926", - "id": "pyup.io-43750", - "more_info_path": "/vulnerabilities/CVE-2021-22926/43750", + "advisory": "Tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41224: In affected versions, the implementation of 'SparseFillEmptyRows' can be made to trigger a heap OOB access. This occurs whenever the size of 'indices' does not match the size of 'values'. The fix is included in TensorFlow 2.7.0.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-rg3m-hqc5-344v\r\nhttps://github.com/tensorflow/tensorflow/commit/67bfd9feeecfb3c61d80f0e46d89c170fbee682b", + "cve": "CVE-2021-41224", + "id": "pyup.io-42471", + "more_info_path": "/vulnerabilities/CVE-2021-41224/42471", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -125867,10 +127823,10 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "Tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41204: In affected versions, during TensorFlow's Grappler optimizer phase, constant folding might attempt to deep copy a resource tensor. This results in a segfault, as these tensors are supposed to not change. The fix is included in TensorFlow 2.7.0.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-786j-5qwq-r36x\r\nhttps://github.com/tensorflow/tensorflow/commit/7731e8dfbe4a56773be5dc94d631611211156659", - "cve": "CVE-2021-41204", - "id": "pyup.io-42451", - "more_info_path": "/vulnerabilities/CVE-2021-41204/42451", + "advisory": "Tensorflow versions 2.4.4, 2.5.2 and 2.6.1 update its dependency 'curl' to v7.78.0 to handle CVE-2021-22925.", + "cve": "CVE-2021-22925", + "id": "pyup.io-43749", + "more_info_path": "/vulnerabilities/CVE-2021-22925/43749", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -125879,10 +127835,10 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "Tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41212: In affected versions, the shape inference code for 'tf.ragged.cross' can trigger a read outside of bounds of heap allocated array. The fix is included in TensorFlow 2.7.0.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-fr77-rrx3-cp7g\r\nhttps://github.com/tensorflow/tensorflow/commit/fa6b7782fbb14aa08d767bc799c531f5e1fb3bb8", - "cve": "CVE-2021-41212", - "id": "pyup.io-42459", - "more_info_path": "/vulnerabilities/CVE-2021-41212/42459", + "advisory": "Tensorflow versions 2.4.4, 2.5.2 and 2.6.1 update its dependency 'curl' to v7.78.0 to handle CVE-2021-22923.", + "cve": "CVE-2021-22923", + "id": "pyup.io-43747", + "more_info_path": "/vulnerabilities/CVE-2021-22923/43747", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -125891,10 +127847,10 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "Tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41219: In affected versions, the code for sparse matrix multiplication is vulnerable to undefined behavior via binding a reference to 'nullptr'. This occurs whenever the dimensions of 'a' or 'b' are 0 or less. In the case on one of these is 0, an empty output tensor should be allocated (to conserve the invariant that output tensors are always allocated when the operation is successful) but nothing should be written to it (that is, it should return early from the kernel implementation). Otherwise, attempts to write to this empty tensor would result in heap OOB access. The fix is included in TensorFlow 2.7.0.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-4f99-p9c2-3j8x\r\nhttps://github.com/tensorflow/tensorflow/commit/e6cf28c72ba2eb949ca950d834dd6d66bb01cfae", - "cve": "CVE-2021-41219", - "id": "pyup.io-42466", - "more_info_path": "/vulnerabilities/CVE-2021-41219/42466", + "advisory": "Tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41210: In affected versions, the shape inference functions for 'SparseCountSparseOutput' can trigger a read outside of bounds of heap allocated array. The fix is included in TensorFlow 2.7.0.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-m342-ff57-4jcc\r\nhttps://github.com/tensorflow/tensorflow/commit/701cfaca222a82afbeeb17496bd718baa65a67d2", + "cve": "CVE-2021-41210", + "id": "pyup.io-42457", + "more_info_path": "/vulnerabilities/CVE-2021-41210/42457", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -125903,10 +127859,10 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "Tensorflow versions 2.4.4, 2.5.2 and 2.6.1 update its dependency 'curl' to v7.78.0 to handle CVE-2021-22924.", - "cve": "CVE-2021-22924", - "id": "pyup.io-43748", - "more_info_path": "/vulnerabilities/CVE-2021-22924/43748", + "advisory": "Tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41203: In affected versions, an attacker can trigger undefined behavior, integer overflows, segfaults and 'CHECK'-fail crashes if they can change saved checkpoints from outside of TensorFlow. This is because the checkpoints loading infrastructure is missing validation for invalid file formats.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-7pxj-m4jf-r6h2", + "cve": "CVE-2021-41203", + "id": "pyup.io-42450", + "more_info_path": "/vulnerabilities/CVE-2021-41203/42450", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -125915,10 +127871,10 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "Tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41201: In affected versions, during execution, 'EinsumHelper::ParseEquation()' is supposed to set the flags in 'input_has_ellipsis' vector and '*output_has_ellipsis' boolean to indicate whether there is ellipsis in the corresponding inputs and output. However, the code only changes these flags to 'true' and never assigns 'false'. This results in unitialized variable access if callers assume that 'EinsumHelper::ParseEquation()' always sets these flags. The fix is included in TensorFlow 2.7.0.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-j86v-p27c-73fm\r\nhttps://github.com/tensorflow/tensorflow/commit/f09caa532b6e1ac8d2aa61b7832c78c5b79300c6", - "cve": "CVE-2021-41201", - "id": "pyup.io-42448", - "more_info_path": "/vulnerabilities/CVE-2021-41201/42448", + "advisory": "Tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41217: In affected versions, the process of building the control flow graph for a TensorFlow model is vulnerable to a null pointer exception when nodes that should be paired are not. This occurs because the code assumes that the first node in the pairing (e.g., an 'Enter' node) always exists when encountering the second node (e.g., an 'Exit' node). When this is not the case, 'parent' is 'nullptr' so dereferencing it causes a crash. The fix is included in TensorFlow 2.7.0.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-5crj-c72x-m7gq\r\nhttps://github.com/tensorflow/tensorflow/commit/05cbebd3c6bb8f517a158b0155debb8df79017ff", + "cve": "CVE-2021-41217", + "id": "pyup.io-42464", + "more_info_path": "/vulnerabilities/CVE-2021-41217/42464", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -125927,10 +127883,10 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "Tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41207: In affected versions, the implementation of 'ParallelConcat' misses some input validation and can produce a division by 0. The fix is included in TensorFlow 2.7.0.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-7v94-64hj-m82h\r\nhttps://github.com/tensorflow/tensorflow/commit/f2c3931113eaafe9ef558faaddd48e00a6606235", - "cve": "CVE-2021-41207", - "id": "pyup.io-42454", - "more_info_path": "/vulnerabilities/CVE-2021-41207/42454", + "advisory": "Tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41223: In affected versions, the implementation of 'FusedBatchNorm' kernels is vulnerable to a heap OOB access. The fix is included in TensorFlow 2.7.0.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-f54p-f6jp-4rhr\r\nhttps://github.com/tensorflow/tensorflow/commit/aab9998916c2ffbd8f0592059fad352622f89cda", + "cve": "CVE-2021-41223", + "id": "pyup.io-42470", + "more_info_path": "/vulnerabilities/CVE-2021-41223/42470", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -125939,10 +127895,10 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "Tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41200: In affected versions, if 'tf.summary.create_file_writer' is called with non-scalar arguments, code crashes due to a 'CHECK'-fail. The fix is included in TensorFlow 2.7.0.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-gh8h-7j2j-qv4f", - "cve": "CVE-2021-41200", - "id": "pyup.io-42447", - "more_info_path": "/vulnerabilities/CVE-2021-41200/42447", + "advisory": "Tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41216: In affected versions, the shape inference function for 'Transpose' is vulnerable to a heap buffer overflow. This occurs whenever 'perm' contains negative elements. The shape inference function does not validate that the indices in 'perm' are all valid. The fix is included in TensorFlow 2.7.0.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-3ff2-r28g-w7h9\r\nhttps://github.com/tensorflow/tensorflow/commit/c79ba87153ee343401dbe9d1954d7f79e521eb14", + "cve": "CVE-2021-41216", + "id": "pyup.io-42463", + "more_info_path": "/vulnerabilities/CVE-2021-41216/42463", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -125951,10 +127907,10 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "Tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41209: In affected versions, the implementations for convolution operators trigger a division by 0 if passed empty filter tensor arguments. The fix is included in TensorFlow 2.7.0.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-6hpv-v2rx-c5g6\r\nhttps://github.com/tensorflow/tensorflow/commit/f2c3931113eaafe9ef558faaddd48e00a6606235", - "cve": "CVE-2021-41209", - "id": "pyup.io-42456", - "more_info_path": "/vulnerabilities/CVE-2021-41209/42456", + "advisory": "Tensorflow versions 2.4.4, 2.5.2 and 2.6.1 update its dependency 'curl' to v7.78.0 to handle CVE-2021-22926.", + "cve": "CVE-2021-22926", + "id": "pyup.io-43750", + "more_info_path": "/vulnerabilities/CVE-2021-22926/43750", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -125963,10 +127919,10 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "Tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41228: In affected versions, TensorFlow's 'saved_model_cli' tool is vulnerable to a code injection as it calls 'eval' on user supplied strings. This can be used by attackers to run arbitrary code on the plaform where the CLI tool runs. However, given that the tool is always run manually, the impact of this is not severe. The issue has been patched by adding a 'safe' flag which defaults to 'True' and an explicit warning for users.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-3rcw-9p9x-582v\r\nhttps://github.com/tensorflow/tensorflow/commit/8b202f08d52e8206af2bdb2112a62fafbc546ec7", - "cve": "CVE-2021-41228", - "id": "pyup.io-42475", - "more_info_path": "/vulnerabilities/CVE-2021-41228/42475", + "advisory": "Tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41204: In affected versions, during TensorFlow's Grappler optimizer phase, constant folding might attempt to deep copy a resource tensor. This results in a segfault, as these tensors are supposed to not change. The fix is included in TensorFlow 2.7.0.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-786j-5qwq-r36x\r\nhttps://github.com/tensorflow/tensorflow/commit/7731e8dfbe4a56773be5dc94d631611211156659", + "cve": "CVE-2021-41204", + "id": "pyup.io-42451", + "more_info_path": "/vulnerabilities/CVE-2021-41204/42451", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -125975,10 +127931,10 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "TensorFlow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41226: In affected versions, the implementation of 'SparseBinCount' is vulnerable to a heap OOB access. This is because of missing validation between the elements of the 'values' argument and the shape of the sparse output. The fix is also included in TensorFlow 2.7.0.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-374m-jm66-3vj8\r\nhttps://github.com/tensorflow/tensorflow/commit/f410212e373eb2aec4c9e60bf3702eba99a38aba", - "cve": "CVE-2021-41226", - "id": "pyup.io-42473", - "more_info_path": "/vulnerabilities/CVE-2021-41226/42473", + "advisory": "Tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41212: In affected versions, the shape inference code for 'tf.ragged.cross' can trigger a read outside of bounds of heap allocated array. The fix is included in TensorFlow 2.7.0.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-fr77-rrx3-cp7g\r\nhttps://github.com/tensorflow/tensorflow/commit/fa6b7782fbb14aa08d767bc799c531f5e1fb3bb8", + "cve": "CVE-2021-41212", + "id": "pyup.io-42459", + "more_info_path": "/vulnerabilities/CVE-2021-41212/42459", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -125987,10 +127943,10 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "Tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41199: In affected versions, if 'tf.image.resize' is called with a large input argument then the TensorFlow process will crash due to a 'CHECK'-failure caused by an overflow. The number of elements in the output tensor is too much for the 'int64_t' type and the overflow is detected via a 'CHECK' statement. This aborts the process. The fix is included in TensorFlow 2.7.0.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-5hx2-qx8j-qjqm", - "cve": "CVE-2021-41199", - "id": "pyup.io-42446", - "more_info_path": "/vulnerabilities/CVE-2021-41199/42446", + "advisory": "Tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41219: In affected versions, the code for sparse matrix multiplication is vulnerable to undefined behavior via binding a reference to 'nullptr'. This occurs whenever the dimensions of 'a' or 'b' are 0 or less. In the case on one of these is 0, an empty output tensor should be allocated (to conserve the invariant that output tensors are always allocated when the operation is successful) but nothing should be written to it (that is, it should return early from the kernel implementation). Otherwise, attempts to write to this empty tensor would result in heap OOB access. The fix is included in TensorFlow 2.7.0.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-4f99-p9c2-3j8x\r\nhttps://github.com/tensorflow/tensorflow/commit/e6cf28c72ba2eb949ca950d834dd6d66bb01cfae", + "cve": "CVE-2021-41219", + "id": "pyup.io-42466", + "more_info_path": "/vulnerabilities/CVE-2021-41219/42466", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -125999,10 +127955,10 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "Tensorflow versions 2.4.4, 2.5.2 and 2.6.1 update its dependency 'curl' to v7.78.0 to handle CVE-2021-22922.", - "cve": "CVE-2021-22922", - "id": "pyup.io-43613", - "more_info_path": "/vulnerabilities/CVE-2021-22922/43613", + "advisory": "Tensorflow versions 2.4.4, 2.5.2 and 2.6.1 update its dependency 'curl' to v7.78.0 to handle CVE-2021-22924.", + "cve": "CVE-2021-22924", + "id": "pyup.io-43748", + "more_info_path": "/vulnerabilities/CVE-2021-22924/43748", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -126011,10 +127967,10 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "Tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41205: In affected versions, the shape inference functions for the 'QuantizeAndDequantizeV*' operations can trigger a read outside of bounds of heap allocated array. The fix is included in TensorFlow 2.7.0.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-49rx-x2rw-pc6f\r\nhttps://github.com/tensorflow/tensorflow/commit/7cf73a2274732c9d82af51c2bc2cf90d13cd7e6d", - "cve": "CVE-2021-41205", - "id": "pyup.io-42452", - "more_info_path": "/vulnerabilities/CVE-2021-41205/42452", + "advisory": "Tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41201: In affected versions, during execution, 'EinsumHelper::ParseEquation()' is supposed to set the flags in 'input_has_ellipsis' vector and '*output_has_ellipsis' boolean to indicate whether there is ellipsis in the corresponding inputs and output. However, the code only changes these flags to 'true' and never assigns 'false'. This results in unitialized variable access if callers assume that 'EinsumHelper::ParseEquation()' always sets these flags. The fix is included in TensorFlow 2.7.0.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-j86v-p27c-73fm\r\nhttps://github.com/tensorflow/tensorflow/commit/f09caa532b6e1ac8d2aa61b7832c78c5b79300c6", + "cve": "CVE-2021-41201", + "id": "pyup.io-42448", + "more_info_path": "/vulnerabilities/CVE-2021-41201/42448", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -126023,10 +127979,10 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "TensorFlow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41225: In affected versions, TensorFlow's Grappler optimizer has a use of unitialized variable. If the 'train_nodes' vector (obtained from the saved model that gets optimized) does not contain a 'Dequeue' node, then 'dequeue_node' is left unitialized. The fix is also included in TensorFlow 2.7.0.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-7r94-xv9v-63jw\r\nhttps://github.com/tensorflow/tensorflow/commit/68867bf01239d9e1048f98cbad185bf4761bedd3", - "cve": "CVE-2021-41225", - "id": "pyup.io-42472", - "more_info_path": "/vulnerabilities/CVE-2021-41225/42472", + "advisory": "Tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41200: In affected versions, if 'tf.summary.create_file_writer' is called with non-scalar arguments, code crashes due to a 'CHECK'-fail. The fix is included in TensorFlow 2.7.0.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-gh8h-7j2j-qv4f", + "cve": "CVE-2021-41200", + "id": "pyup.io-42447", + "more_info_path": "/vulnerabilities/CVE-2021-41200/42447", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -126035,10 +127991,10 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "Tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41196: In affected versions, the Keras pooling layers can trigger a segfault if the size of the pool is 0 or if a dimension is negative. This is due to the TensorFlow's implementation of pooling operations where the values in the sliding window are not checked to be strictly positive. The fix is included in TensorFlow 2.7.0.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-m539-j985-hcr8", - "cve": "CVE-2021-41196", - "id": "pyup.io-42443", - "more_info_path": "/vulnerabilities/CVE-2021-41196/42443", + "advisory": "Tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41228: In affected versions, TensorFlow's 'saved_model_cli' tool is vulnerable to a code injection as it calls 'eval' on user supplied strings. This can be used by attackers to run arbitrary code on the plaform where the CLI tool runs. However, given that the tool is always run manually, the impact of this is not severe. The issue has been patched by adding a 'safe' flag which defaults to 'True' and an explicit warning for users.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-3rcw-9p9x-582v\r\nhttps://github.com/tensorflow/tensorflow/commit/8b202f08d52e8206af2bdb2112a62fafbc546ec7", + "cve": "CVE-2021-41228", + "id": "pyup.io-42475", + "more_info_path": "/vulnerabilities/CVE-2021-41228/42475", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -126047,10 +128003,10 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "Tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41221: In affected versions, the shape inference code for the 'Cudnn*' operations can be tricked into accessing invalid memory via a heap buffer overflow. This occurs because the ranks of the 'input', 'input_h' and 'input_c' parameters are not validated, but code assumes they have certain values. The fix is included in TensorFlow 2.7.0.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-cqv6-3phm-hcwx\r\nhttps://github.com/tensorflow/tensorflow/commit/af5fcebb37c8b5d71c237f4e59c6477015c78ce6", - "cve": "CVE-2021-41221", - "id": "pyup.io-42468", - "more_info_path": "/vulnerabilities/CVE-2021-41221/42468", + "advisory": "Tensorflow versions 2.4.4, 2.5.2 and 2.6.1 update its dependency 'curl' to v7.78.0 to handle CVE-2021-22922.", + "cve": "CVE-2021-22922", + "id": "pyup.io-43613", + "more_info_path": "/vulnerabilities/CVE-2021-22922/43613", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -126059,10 +128015,10 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "TensorFlow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41227: In affected versions, the 'ImmutableConst' operation in TensorFlow can be tricked into reading arbitrary memory contents. This is because the 'tstring' TensorFlow string class has a special case for memory mapped strings but the operation itself does not offer any support for this datatype. The fix is also included in TensorFlow 2.7.0.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-j8c8-67vp-6mx7\r\nhttps://github.com/tensorflow/tensorflow/commit/1cb6bb6c2a6019417c9adaf9e6843ba75ee2580b\r\nhttps://github.com/tensorflow/tensorflow/commit/3712a2d3455e6ccb924daa5724a3652a86f6b585", - "cve": "CVE-2021-41227", - "id": "pyup.io-42474", - "more_info_path": "/vulnerabilities/CVE-2021-41227/42474", + "advisory": "TensorFlow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41225: In affected versions, TensorFlow's Grappler optimizer has a use of unitialized variable. If the 'train_nodes' vector (obtained from the saved model that gets optimized) does not contain a 'Dequeue' node, then 'dequeue_node' is left unitialized. The fix is also included in TensorFlow 2.7.0.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-7r94-xv9v-63jw\r\nhttps://github.com/tensorflow/tensorflow/commit/68867bf01239d9e1048f98cbad185bf4761bedd3", + "cve": "CVE-2021-41225", + "id": "pyup.io-42472", + "more_info_path": "/vulnerabilities/CVE-2021-41225/42472", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -126071,10 +128027,10 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "Tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41214: In affected versions, the shape inference code for 'tf.ragged.cross' has an undefined behavior due to binding a reference to 'nullptr'. The fix is included in TensorFlow 2.7.0.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-vwhq-49r4-gj9v\r\nhttps://github.com/tensorflow/tensorflow/commit/fa6b7782fbb14aa08d767bc799c531f5e1fb3bb8", - "cve": "CVE-2021-41214", - "id": "pyup.io-42461", - "more_info_path": "/vulnerabilities/CVE-2021-41214/42461", + "advisory": "TensorFlow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41227: In affected versions, the 'ImmutableConst' operation in TensorFlow can be tricked into reading arbitrary memory contents. This is because the 'tstring' TensorFlow string class has a special case for memory mapped strings but the operation itself does not offer any support for this datatype. The fix is also included in TensorFlow 2.7.0.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-j8c8-67vp-6mx7\r\nhttps://github.com/tensorflow/tensorflow/commit/1cb6bb6c2a6019417c9adaf9e6843ba75ee2580b\r\nhttps://github.com/tensorflow/tensorflow/commit/3712a2d3455e6ccb924daa5724a3652a86f6b585", + "cve": "CVE-2021-41227", + "id": "pyup.io-42474", + "more_info_path": "/vulnerabilities/CVE-2021-41227/42474", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -126083,10 +128039,10 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "Tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41224: In affected versions, the implementation of 'SparseFillEmptyRows' can be made to trigger a heap OOB access. This occurs whenever the size of 'indices' does not match the size of 'values'. The fix is included in TensorFlow 2.7.0.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-rg3m-hqc5-344v\r\nhttps://github.com/tensorflow/tensorflow/commit/67bfd9feeecfb3c61d80f0e46d89c170fbee682b", - "cve": "CVE-2021-41224", - "id": "pyup.io-42471", - "more_info_path": "/vulnerabilities/CVE-2021-41224/42471", + "advisory": "Tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41214: In affected versions, the shape inference code for 'tf.ragged.cross' has an undefined behavior due to binding a reference to 'nullptr'. The fix is included in TensorFlow 2.7.0.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-vwhq-49r4-gj9v\r\nhttps://github.com/tensorflow/tensorflow/commit/fa6b7782fbb14aa08d767bc799c531f5e1fb3bb8", + "cve": "CVE-2021-41214", + "id": "pyup.io-42461", + "more_info_path": "/vulnerabilities/CVE-2021-41214/42461", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -126142,6 +128098,30 @@ ], "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, + { + "advisory": "The Grappler component of TensorFlow has a susceptibility to a denial-of-service through a CHECK-failure during constant folding. This issue arises from the output_prop tensor, which has a user-controlled shape and can trigger one of the PartialTensorShape constructor's CHECKs. This flaw has been designated as TFSA-2021-198.\r\n\r\nThe problem has been addressed and rectified in the GitHub commit be7b286d40bc68cb0b56f702186cc4837d508058, which will be incorporated in TensorFlow 2.8.0. This fix will also be applied to TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3 versions as they too are within the affected and presently supported range.\r\n\r\nFor comprehensive information regarding our security model, how to get in touch with us for any queries or concerns, please refer to our security guide.", + "cve": "PVE-2023-99912", + "id": "pyup.io-62009", + "more_info_path": "/vulnerabilities/PVE-2023-99912/62009", + "specs": [ + "<2.5.3", + "==2.7.0", + ">=2.6.0,<2.6.3" + ], + "v": "<2.5.3,==2.7.0,>=2.6.0,<2.6.3" + }, + { + "advisory": "The way `tf.sparse.split` is implemented doesn't entirely check the validity of the input parameters.", + "cve": "PVE-2023-99926", + "id": "pyup.io-61948", + "more_info_path": "/vulnerabilities/PVE-2023-99926/61948", + "specs": [ + "<2.5.3", + "==2.7.0", + ">=2.6.0,<2.6.3" + ], + "v": "<2.5.3,==2.7.0,>=2.6.0,<2.6.3" + }, { "advisory": "Tensorflow versions 2.5.3, 2.6.3 and 2.7.1 update its dependency 'icu' to v69.1 to include a security fix.", "cve": "CVE-2020-10531", @@ -126194,10 +128174,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow is an Open Source Machine Learning Framework. There is a typo in TensorFlow's `SpecializeType` which results in heap OOB read/write. Due to a typo, `arg` is initialized to the `i`th mutable argument in a loop where the loop index is `j`. Hence it is possible to assign to `arg` from outside the vector of arguments. Since this is a mutable proto value, it allows both read and write to outside of bounds data. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, and TensorFlow 2.6.3, as these are also affected and still in supported range.", - "cve": "CVE-2022-23574", - "id": "pyup.io-44859", - "more_info_path": "/vulnerabilities/CVE-2022-23574/44859", + "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23563: In multiple places, TensorFlow uses 'tempfile.mktemp' to create temporary files. While this is acceptable in testing, in utilities and libraries it is dangerous as a different process can create the file between the check for the filename in 'mktemp' and the actual creation of the file by a subsequent operation (a TOC/TOU type of weakness). In several instances, TensorFlow was supposed to actually create a temporary directory instead of a file. This logic bug is hidden away by the 'mktemp' function usage. It was replaced 'mktemp' with the safer 'mkstemp'/'mkdtemp' functions, according to the usage pattern.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-wc4g-r73w-x8mm", + "cve": "CVE-2022-23563", + "id": "pyup.io-44851", + "more_info_path": "/vulnerabilities/CVE-2022-23563/44851", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -126207,10 +128187,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23563: In multiple places, TensorFlow uses 'tempfile.mktemp' to create temporary files. While this is acceptable in testing, in utilities and libraries it is dangerous as a different process can create the file between the check for the filename in 'mktemp' and the actual creation of the file by a subsequent operation (a TOC/TOU type of weakness). In several instances, TensorFlow was supposed to actually create a temporary directory instead of a file. This logic bug is hidden away by the 'mktemp' function usage. It was replaced 'mktemp' with the safer 'mkstemp'/'mkdtemp' functions, according to the usage pattern.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-wc4g-r73w-x8mm", - "cve": "CVE-2022-23563", - "id": "pyup.io-44851", - "more_info_path": "/vulnerabilities/CVE-2022-23563/44851", + "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21740: The implementation of 'SparseCountSparseOutput' is vulnerable to a heap overflow.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-44qp-9wwf-734r", + "cve": "CVE-2022-21740", + "id": "pyup.io-44792", + "more_info_path": "/vulnerabilities/CVE-2022-21740/44792", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -126220,10 +128200,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23580: During shape inference, TensorFlow can allocate a large vector based on a value from a tensor controlled by the user.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-627q-g293-49q7", - "cve": "CVE-2022-23580", - "id": "pyup.io-44865", - "more_info_path": "/vulnerabilities/CVE-2022-23580/44865", + "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21736: The implementation of 'SparseTensorSliceDataset' has an undefined behavior: under certain conditions, it can be made to dereference a 'nullptr' value. The 3 input arguments to 'SparseTensorSliceDataset' represent a sparse tensor. However, there are some preconditions that these arguments must satisfy, but these are not validated in the implementation.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-pfjj-m3jj-9jc9", + "cve": "CVE-2022-21736", + "id": "pyup.io-44788", + "more_info_path": "/vulnerabilities/CVE-2022-21736/44788", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -126233,10 +128213,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, TensorFlow can fail to specialize a type during shape inference. This case is covered by the 'DCHECK' function however, 'DCHECK' is a no-op in production builds and an assertion failure in debug builds. In the first case execution proceeds to the 'ValueOrDie' line. This results in an assertion failure as 'ret' contains an error 'Status', not a value. In the second case we also get a crash due to the assertion failure. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, and TensorFlow 2.6.3, as these are also affected and still in supported range.", - "cve": "CVE-2022-23572", - "id": "pyup.io-44857", - "more_info_path": "/vulnerabilities/CVE-2022-23572/44857", + "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23564: When decoding a resource handle tensor from protobuf, a TensorFlow process can encounter cases where a 'CHECK' assertion is invalidated based on user controlled arguments. This allows attackers to cause denial of services in TensorFlow processes.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-8rcj-c8pj-v3m3", + "cve": "CVE-2022-23564", + "id": "pyup.io-44852", + "more_info_path": "/vulnerabilities/CVE-2022-23564/44852", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -126246,10 +128226,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21739: The implementation of 'QuantizedMaxPool' has an undefined behavior where user controlled inputs can trigger a reference binding to null pointer.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-3mw4-6rj6-74g5", - "cve": "CVE-2022-21739", - "id": "pyup.io-44791", - "more_info_path": "/vulnerabilities/CVE-2022-21739/44791", + "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21734: The implementation of 'MapStage' is vulnerable to a 'CHECK'-fail if the key tensor is not a scalar.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-gcvh-66ff-4mwm", + "cve": "CVE-2022-21734", + "id": "pyup.io-44786", + "more_info_path": "/vulnerabilities/CVE-2022-21734/44786", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -126259,10 +128239,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21740: The implementation of 'SparseCountSparseOutput' is vulnerable to a heap overflow.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-44qp-9wwf-734r", - "cve": "CVE-2022-21740", - "id": "pyup.io-44792", - "more_info_path": "/vulnerabilities/CVE-2022-21740/44792", + "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21727: The implementation of shape inference for 'Dequantize' is vulnerable to an integer overflow weakness. The 'axis' argument can be '-1' (the default value for the optional argument) or any other positive value at most the number of dimensions of the input. Unfortunately, the upper bound is not checked, and, since the code computes 'axis + 1', an attacker can trigger an integer overflow.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-c6fh-56w7-fvjw", + "cve": "CVE-2022-21727", + "id": "pyup.io-44779", + "more_info_path": "/vulnerabilities/CVE-2022-21727/44779", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -126272,10 +128252,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21736: The implementation of 'SparseTensorSliceDataset' has an undefined behavior: under certain conditions, it can be made to dereference a 'nullptr' value. The 3 input arguments to 'SparseTensorSliceDataset' represent a sparse tensor. However, there are some preconditions that these arguments must satisfy, but these are not validated in the implementation.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-pfjj-m3jj-9jc9", - "cve": "CVE-2022-21736", - "id": "pyup.io-44788", - "more_info_path": "/vulnerabilities/CVE-2022-21736/44788", + "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23561: An attacker can craft a TFLite model that would cause a write outside of bounds of an array in TFLite. In fact, the attacker can override the linked list used by the memory allocator. This can be leveraged for an arbitrary write primitive under certain conditions.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9c78-vcq7-7vxq", + "cve": "CVE-2022-23561", + "id": "pyup.io-44849", + "more_info_path": "/vulnerabilities/CVE-2022-23561/44849", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -126285,10 +128265,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21726: The implementation of 'Dequantize' does not fully validate the value of 'axis' and can result in heap OOB accesses. The 'axis' argument can be '-1' (the default value for the optional argument) or any other positive value at most the number of dimensions of the input. Unfortunately, the upper bound is not checked and this results in reading past the end of the array containing the dimensions of the input tensor.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-23hm-7w47-xw72", - "cve": "CVE-2022-21726", - "id": "pyup.io-44778", - "more_info_path": "/vulnerabilities/CVE-2022-21726/44778", + "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21731: The implementation of shape inference for 'ConcatV2' can be used to trigger a denial of service attack via a segfault caused by a type confusion. The 'axis' argument is translated into 'concat_dim' in the 'ConcatShapeHelper' helper function. Then, a value for 'min_rank' is computed based on 'concat_dim'. This is then used to validate that the 'values' tensor has at least the required rank. However, 'WithRankAtLeast' receives the lower bound as a 64-bits value and then compares it against the maximum 32-bits integer value that could be represented. Due to the fact that 'min_rank' is a 32-bits value and the value of 'axis', the 'rank' argument is a negative value, so the error check is bypassed.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-m4hf-j54p-p353", + "cve": "CVE-2022-21731", + "id": "pyup.io-44783", + "more_info_path": "/vulnerabilities/CVE-2022-21731/44783", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -126298,10 +128278,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, TensorFlow might do a null-dereference if attributes of some mutable arguments to some operations are missing from the proto. This is guarded by a `DCHECK`. However, `DCHECK` is a no-op in production builds and an assertion failure in debug builds. In the first case execution proceeds to the dereferencing of the null pointer, whereas in the second case it results in a crash due to the assertion failure. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, and TensorFlow 2.6.3, as these are also affected and still in supported range.", - "cve": "CVE-2022-23570", - "id": "pyup.io-44855", - "more_info_path": "/vulnerabilities/CVE-2022-23570/44855", + "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21729: The implementation of 'UnravelIndex' is vulnerable to a division by zero caused by an integer overflow bug.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-34f9-hjfq-rr8j", + "cve": "CVE-2022-21729", + "id": "pyup.io-44781", + "more_info_path": "/vulnerabilities/CVE-2022-21729/44781", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -126311,10 +128291,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that assertions in `function.cc` would be falsified and crash the Python interpreter. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", - "cve": "CVE-2022-23586", - "id": "pyup.io-44871", - "more_info_path": "/vulnerabilities/CVE-2022-23586/44871", + "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21732: The implementation of 'ThreadPoolHandle' can be used to trigger a denial of service attack by allocating too much memory. This is because the 'num_threads' argument is only checked to not be negative, but there is no upper bound on its value.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-c582-c96p-r5cq", + "cve": "CVE-2022-21732", + "id": "pyup.io-44784", + "more_info_path": "/vulnerabilities/CVE-2022-21732/44784", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -126324,10 +128304,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow is an Open Source Machine Learning Framework. The implementation of `GetInitOp` is vulnerable to a crash caused by dereferencing a null pointer. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", - "cve": "CVE-2022-23577", - "id": "pyup.io-44862", - "more_info_path": "/vulnerabilities/CVE-2022-23577/44862", + "advisory": "Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a use after free behavior when decoding PNG images. After `png::CommonFreeDecode(&decode)` gets called, the values of `decode.width` and `decode.height` are in an unspecified state. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", + "cve": "CVE-2022-23584", + "id": "pyup.io-44869", + "more_info_path": "/vulnerabilities/CVE-2022-23584/44869", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -126337,10 +128317,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23565: An attacker can trigger denial of service via assertion failure by altering a 'SavedModel' on disk such that 'AttrDef's of some operation are duplicated.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-4v5p-v5h9-6xjx", - "cve": "CVE-2022-23565", - "id": "pyup.io-44853", - "more_info_path": "/vulnerabilities/CVE-2022-23565/44853", + "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21728: The implementation of shape inference for 'ReverseSequence' does not fully validate the value of 'batch_dim' and can result in a heap OOB read. There is a check to make sure the value of 'batch_dim' does not go over the rank of the input, but there is no check for negative values. Negative dimensions are allowed in some cases to mimic Python's negative indexing (i.e., indexing from the end of the array), however if the value is too negative then the implementation of 'Dim' would access elements before the start of an array.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-6gmv-pjp9-p8w8", + "cve": "CVE-2022-21728", + "id": "pyup.io-44780", + "more_info_path": "/vulnerabilities/CVE-2022-21728/44780", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -126350,10 +128330,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23564: When decoding a resource handle tensor from protobuf, a TensorFlow process can encounter cases where a 'CHECK' assertion is invalidated based on user controlled arguments. This allows attackers to cause denial of services in TensorFlow processes.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-8rcj-c8pj-v3m3", - "cve": "CVE-2022-23564", - "id": "pyup.io-44852", - "more_info_path": "/vulnerabilities/CVE-2022-23564/44852", + "advisory": "Tensorflow is an Open Source Machine Learning Framework. The implementation of `OpLevelCostEstimator::CalculateTensorSize` is vulnerable to an integer overflow if an attacker can create an operation which would involve a tensor with large enough number of elements. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", + "cve": "CVE-2022-23575", + "id": "pyup.io-44860", + "more_info_path": "/vulnerabilities/CVE-2022-23575/44860", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -126363,10 +128343,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21730: The implementation of 'FractionalAvgPoolGrad' does not consider cases where the input tensors are invalid allowing an attacker to read from outside of bounds of heap.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-vjg4-v33c-ggc4", - "cve": "CVE-2022-21730", - "id": "pyup.io-44782", - "more_info_path": "/vulnerabilities/CVE-2022-21730/44782", + "advisory": "Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow is vulnerable to an integer overflow during cost estimation for crop and resize. Since the cropping parameters are user controlled, a malicious person can trigger undefined behavior. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", + "cve": "CVE-2022-23587", + "id": "pyup.io-44872", + "more_info_path": "/vulnerabilities/CVE-2022-23587/44872", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -126376,10 +128356,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21725: The estimator for the cost of some convolution operations can be made to execute a division by 0. The function fails to check that the stride argument is strictly positive. Hence, the fix is to add a check for the stride argument to ensure it is valid.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-v3f7-j968-4h5f", - "cve": "CVE-2022-21725", - "id": "pyup.io-44777", - "more_info_path": "/vulnerabilities/CVE-2022-21725/44777", + "advisory": "Tensorflow is an Open Source Machine Learning Framework. When decoding PNG images TensorFlow can produce a memory leak if the image is invalid. After calling `png::CommonInitDecode(..., &decode)`, the `decode` value contains allocated buffers which can only be freed by calling `png::CommonFreeDecode(&decode)`. However, several error case in the function implementation invoke the `OP_REQUIRES` macro which immediately terminates the execution of the function, without allowing for the memory free to occur. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", + "cve": "CVE-2022-23585", + "id": "pyup.io-44870", + "more_info_path": "/vulnerabilities/CVE-2022-23585/44870", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -126389,10 +128369,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21738: The implementation of 'SparseCountSparseOutput' can be made to crash a TensorFlow process by an integer overflow whose result is then used in a memory allocation.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-x4qx-4fjv-hmw6", - "cve": "CVE-2022-21738", - "id": "pyup.io-44790", - "more_info_path": "/vulnerabilities/CVE-2022-21738/44790", + "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23559: An attacker can craft a TFLite model that would cause an integer overflow in embedding lookup operations. Both 'embedding_size' and 'lookup_size' are products of values provided by the user. Hence, a malicious user could trigger overflows in the multiplication. In certain scenarios, this can then result in heap OOB read/write.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-98p5-x8x4-c9m5", + "cve": "CVE-2022-23559", + "id": "pyup.io-44847", + "more_info_path": "/vulnerabilities/CVE-2022-23559/44847", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -126402,10 +128382,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21734: The implementation of 'MapStage' is vulnerable to a 'CHECK'-fail if the key tensor is not a scalar.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-gcvh-66ff-4mwm", - "cve": "CVE-2022-21734", - "id": "pyup.io-44786", - "more_info_path": "/vulnerabilities/CVE-2022-21734/44786", + "advisory": "Tensorflow is an Open Source Machine Learning Framework. There is a typo in TensorFlow's `SpecializeType` which results in heap OOB read/write. Due to a typo, `arg` is initialized to the `i`th mutable argument in a loop where the loop index is `j`. Hence it is possible to assign to `arg` from outside the vector of arguments. Since this is a mutable proto value, it allows both read and write to outside of bounds data. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, and TensorFlow 2.6.3, as these are also affected and still in supported range.", + "cve": "CVE-2022-23574", + "id": "pyup.io-44859", + "more_info_path": "/vulnerabilities/CVE-2022-23574/44859", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -126415,10 +128395,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, a TensorFlow process can encounter cases where a `CHECK` assertion is invalidated based on user controlled arguments, if the tensors have an invalid `dtype` and 0 elements or an invalid shape. This allows attackers to cause denial of services in TensorFlow processes. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", - "cve": "CVE-2022-23571", - "id": "pyup.io-44856", - "more_info_path": "/vulnerabilities/CVE-2022-23571/44856", + "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23580: During shape inference, TensorFlow can allocate a large vector based on a value from a tensor controlled by the user.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-627q-g293-49q7", + "cve": "CVE-2022-23580", + "id": "pyup.io-44865", + "more_info_path": "/vulnerabilities/CVE-2022-23580/44865", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -126428,10 +128408,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow is an Open Source Machine Learning Framework. TensorFlow is vulnerable to a heap OOB write in `Grappler`. The `set_output` function writes to an array at the specified index. Hence, this gives a malicious user a write primitive. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", - "cve": "CVE-2022-23566", - "id": "pyup.io-44854", - "more_info_path": "/vulnerabilities/CVE-2022-23566/44854", + "advisory": "Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, TensorFlow can fail to specialize a type during shape inference. This case is covered by the 'DCHECK' function however, 'DCHECK' is a no-op in production builds and an assertion failure in debug builds. In the first case execution proceeds to the 'ValueOrDie' line. This results in an assertion failure as 'ret' contains an error 'Status', not a value. In the second case we also get a crash due to the assertion failure. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, and TensorFlow 2.6.3, as these are also affected and still in supported range.", + "cve": "CVE-2022-23572", + "id": "pyup.io-44857", + "more_info_path": "/vulnerabilities/CVE-2022-23572/44857", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -126441,10 +128421,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23568: The implementation of 'AddManySparseToTensorsMap' is vulnerable to an integer overflow which results in a 'CHECK'-fail when building new 'TensorShape' objects (so, an assert failure based denial of service). There are missing some validation on the shapes of the input tensors as well as directly constructing a large 'TensorShape' with user-provided dimensions.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-6445-fm66-fvq2", - "cve": "CVE-2022-23568", - "id": "pyup.io-44795", - "more_info_path": "/vulnerabilities/CVE-2022-23568/44795", + "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21739: The implementation of 'QuantizedMaxPool' has an undefined behavior where user controlled inputs can trigger a reference binding to null pointer.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-3mw4-6rj6-74g5", + "cve": "CVE-2022-21739", + "id": "pyup.io-44791", + "more_info_path": "/vulnerabilities/CVE-2022-21739/44791", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -126454,10 +128434,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23595: When building an XLA compilation cache, if default settings are used, TensorFlow triggers a null pointer dereference. In the default scenario, all devices are allowed, so 'flr->config_proto' is 'nullptr'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-fpcp-9h7m-ffpx", - "cve": "CVE-2022-23595", - "id": "pyup.io-44880", - "more_info_path": "/vulnerabilities/CVE-2022-23595/44880", + "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21726: The implementation of 'Dequantize' does not fully validate the value of 'axis' and can result in heap OOB accesses. The 'axis' argument can be '-1' (the default value for the optional argument) or any other positive value at most the number of dimensions of the input. Unfortunately, the upper bound is not checked and this results in reading past the end of the array containing the dimensions of the input tensor.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-23hm-7w47-xw72", + "cve": "CVE-2022-21726", + "id": "pyup.io-44778", + "more_info_path": "/vulnerabilities/CVE-2022-21726/44778", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -126467,10 +128447,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21741: An attacker can craft a TFLite model that would trigger a division by zero in the implementation of depthwise convolutions. The parameters of the convolution can be user controlled and are also used within a division operation to determine the size of the padding that needs to be added before applying the convolution. There is no check before this division that the divisor is strictly positive.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-428x-9xc2-m8mj", - "cve": "CVE-2022-21741", - "id": "pyup.io-44793", - "more_info_path": "/vulnerabilities/CVE-2022-21741/44793", + "advisory": "Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, TensorFlow might do a null-dereference if attributes of some mutable arguments to some operations are missing from the proto. This is guarded by a `DCHECK`. However, `DCHECK` is a no-op in production builds and an assertion failure in debug builds. In the first case execution proceeds to the dereferencing of the null pointer, whereas in the second case it results in a crash due to the assertion failure. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, and TensorFlow 2.6.3, as these are also affected and still in supported range.", + "cve": "CVE-2022-23570", + "id": "pyup.io-44855", + "more_info_path": "/vulnerabilities/CVE-2022-23570/44855", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -126480,10 +128460,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21727: The implementation of shape inference for 'Dequantize' is vulnerable to an integer overflow weakness. The 'axis' argument can be '-1' (the default value for the optional argument) or any other positive value at most the number of dimensions of the input. Unfortunately, the upper bound is not checked, and, since the code computes 'axis + 1', an attacker can trigger an integer overflow.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-c6fh-56w7-fvjw", - "cve": "CVE-2022-21727", - "id": "pyup.io-44779", - "more_info_path": "/vulnerabilities/CVE-2022-21727/44779", + "advisory": "Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that assertions in `function.cc` would be falsified and crash the Python interpreter. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", + "cve": "CVE-2022-23586", + "id": "pyup.io-44871", + "more_info_path": "/vulnerabilities/CVE-2022-23586/44871", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -126493,10 +128473,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23561: An attacker can craft a TFLite model that would cause a write outside of bounds of an array in TFLite. In fact, the attacker can override the linked list used by the memory allocator. This can be leveraged for an arbitrary write primitive under certain conditions.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9c78-vcq7-7vxq", - "cve": "CVE-2022-23561", - "id": "pyup.io-44849", - "more_info_path": "/vulnerabilities/CVE-2022-23561/44849", + "advisory": "Tensorflow is an Open Source Machine Learning Framework. The implementation of `GetInitOp` is vulnerable to a crash caused by dereferencing a null pointer. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", + "cve": "CVE-2022-23577", + "id": "pyup.io-44862", + "more_info_path": "/vulnerabilities/CVE-2022-23577/44862", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -126506,10 +128486,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21731: The implementation of shape inference for 'ConcatV2' can be used to trigger a denial of service attack via a segfault caused by a type confusion. The 'axis' argument is translated into 'concat_dim' in the 'ConcatShapeHelper' helper function. Then, a value for 'min_rank' is computed based on 'concat_dim'. This is then used to validate that the 'values' tensor has at least the required rank. However, 'WithRankAtLeast' receives the lower bound as a 64-bits value and then compares it against the maximum 32-bits integer value that could be represented. Due to the fact that 'min_rank' is a 32-bits value and the value of 'axis', the 'rank' argument is a negative value, so the error check is bypassed.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-m4hf-j54p-p353", - "cve": "CVE-2022-21731", - "id": "pyup.io-44783", - "more_info_path": "/vulnerabilities/CVE-2022-21731/44783", + "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23565: An attacker can trigger denial of service via assertion failure by altering a 'SavedModel' on disk such that 'AttrDef's of some operation are duplicated.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-4v5p-v5h9-6xjx", + "cve": "CVE-2022-23565", + "id": "pyup.io-44853", + "more_info_path": "/vulnerabilities/CVE-2022-23565/44853", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -126519,10 +128499,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow is an Open Source Machine Learning Framework. The implementation of `AssignOp` can result in copying uninitialized data to a new tensor. This later results in undefined behavior. The implementation has a check that the left hand side of the assignment is initialized (to minimize number of allocations), but does not check that the right hand side is also initialized. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", - "cve": "CVE-2022-23573", - "id": "pyup.io-44858", - "more_info_path": "/vulnerabilities/CVE-2022-23573/44858", + "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21730: The implementation of 'FractionalAvgPoolGrad' does not consider cases where the input tensors are invalid allowing an attacker to read from outside of bounds of heap.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-vjg4-v33c-ggc4", + "cve": "CVE-2022-21730", + "id": "pyup.io-44782", + "more_info_path": "/vulnerabilities/CVE-2022-21730/44782", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -126532,10 +128512,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21729: The implementation of 'UnravelIndex' is vulnerable to a division by zero caused by an integer overflow bug.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-34f9-hjfq-rr8j", - "cve": "CVE-2022-21729", - "id": "pyup.io-44781", - "more_info_path": "/vulnerabilities/CVE-2022-21729/44781", + "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21725: The estimator for the cost of some convolution operations can be made to execute a division by 0. The function fails to check that the stride argument is strictly positive. Hence, the fix is to add a check for the stride argument to ensure it is valid.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-v3f7-j968-4h5f", + "cve": "CVE-2022-21725", + "id": "pyup.io-44777", + "more_info_path": "/vulnerabilities/CVE-2022-21725/44777", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -126545,10 +128525,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23560: An attacker can craft a TFLite model that would allow limited reads and writes outside of arrays in TFLite. This exploits missing validation in the conversion from sparse tensors to dense tensors.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-4hvf-hxvg-f67v", - "cve": "CVE-2022-23560", - "id": "pyup.io-44848", - "more_info_path": "/vulnerabilities/CVE-2022-23560/44848", + "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21738: The implementation of 'SparseCountSparseOutput' can be made to crash a TensorFlow process by an integer overflow whose result is then used in a memory allocation.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-x4qx-4fjv-hmw6", + "cve": "CVE-2022-21738", + "id": "pyup.io-44790", + "more_info_path": "/vulnerabilities/CVE-2022-21738/44790", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -126558,10 +128538,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a 'SavedModel' such that any binary op would trigger 'CHECK' failures. This occurs when the protobuf part corresponding to the tensor arguments is modified such that the 'dtype' no longer matches the 'dtype' expected by the op. In that case, calling the templated binary operator for the binary op would receive corrupted data, due to the type confusion involved. If 'Tin' and 'Tout' don't match the type of data in 'out' and 'input_*' tensors then 'flat<*>' would interpret it wrongly. In most cases, this would be a silent failure, but we have noticed scenarios where this results in a 'CHECK' crash, hence a denial of service. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", - "cve": "CVE-2022-23583", - "id": "pyup.io-44868", - "more_info_path": "/vulnerabilities/CVE-2022-23583/44868", + "advisory": "Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, a TensorFlow process can encounter cases where a `CHECK` assertion is invalidated based on user controlled arguments, if the tensors have an invalid `dtype` and 0 elements or an invalid shape. This allows attackers to cause denial of services in TensorFlow processes. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", + "cve": "CVE-2022-23571", + "id": "pyup.io-44856", + "more_info_path": "/vulnerabilities/CVE-2022-23571/44856", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -126571,10 +128551,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23581: The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a 'SavedModel' such that 'IsSimplifiableReshape' would trigger 'CHECK' failures.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-fq86-3f29-px2c", - "cve": "CVE-2022-23581", - "id": "pyup.io-44866", - "more_info_path": "/vulnerabilities/CVE-2022-23581/44866", + "advisory": "Tensorflow is an Open Source Machine Learning Framework. TensorFlow is vulnerable to a heap OOB write in `Grappler`. The `set_output` function writes to an array at the specified index. Hence, this gives a malicious user a write primitive. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", + "cve": "CVE-2022-23566", + "id": "pyup.io-44854", + "more_info_path": "/vulnerabilities/CVE-2022-23566/44854", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -126584,10 +128564,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21732: The implementation of 'ThreadPoolHandle' can be used to trigger a denial of service attack by allocating too much memory. This is because the 'num_threads' argument is only checked to not be negative, but there is no upper bound on its value.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-c582-c96p-r5cq", - "cve": "CVE-2022-21732", - "id": "pyup.io-44784", - "more_info_path": "/vulnerabilities/CVE-2022-21732/44784", + "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23568: The implementation of 'AddManySparseToTensorsMap' is vulnerable to an integer overflow which results in a 'CHECK'-fail when building new 'TensorShape' objects (so, an assert failure based denial of service). There are missing some validation on the shapes of the input tensors as well as directly constructing a large 'TensorShape' with user-provided dimensions.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-6445-fm66-fvq2", + "cve": "CVE-2022-23568", + "id": "pyup.io-44795", + "more_info_path": "/vulnerabilities/CVE-2022-23568/44795", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -126597,10 +128577,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23579: The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a 'SavedModel' such that 'SafeToRemoveIdentity' would trigger 'CHECK' failures.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-5f2r-qp73-37mr", - "cve": "CVE-2022-23579", - "id": "pyup.io-44864", - "more_info_path": "/vulnerabilities/CVE-2022-23579/44864", + "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23595: When building an XLA compilation cache, if default settings are used, TensorFlow triggers a null pointer dereference. In the default scenario, all devices are allowed, so 'flr->config_proto' is 'nullptr'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-fpcp-9h7m-ffpx", + "cve": "CVE-2022-23595", + "id": "pyup.io-44880", + "more_info_path": "/vulnerabilities/CVE-2022-23595/44880", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -126610,10 +128590,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23557: An attacker can craft a TFLite model that would trigger a division by zero in 'BiasAndClamp' implementation. There is no check that the 'bias_size' is non zero.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-gf2j-f278-xh4v", - "cve": "CVE-2022-23557", - "id": "pyup.io-44845", - "more_info_path": "/vulnerabilities/CVE-2022-23557/44845", + "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21741: An attacker can craft a TFLite model that would trigger a division by zero in the implementation of depthwise convolutions. The parameters of the convolution can be user controlled and are also used within a division operation to determine the size of the padding that needs to be added before applying the convolution. There is no check before this division that the divisor is strictly positive.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-428x-9xc2-m8mj", + "cve": "CVE-2022-21741", + "id": "pyup.io-44793", + "more_info_path": "/vulnerabilities/CVE-2022-21741/44793", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -126623,10 +128603,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23558: An attacker can craft a TFLite model that would cause an integer overflow in 'TfLiteIntArrayCreate'. The 'TfLiteIntArrayGetSizeInBytes' returns an 'int' instead of a 'size_t'. An attacker can control model inputs such that 'computed_size' overflows the size of 'int' datatype.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9gwq-6cwj-47h3", - "cve": "CVE-2022-23558", - "id": "pyup.io-44846", - "more_info_path": "/vulnerabilities/CVE-2022-23558/44846", + "advisory": "Tensorflow is an Open Source Machine Learning Framework. The implementation of `AssignOp` can result in copying uninitialized data to a new tensor. This later results in undefined behavior. The implementation has a check that the left hand side of the assignment is initialized (to minimize number of allocations), but does not check that the right hand side is also initialized. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", + "cve": "CVE-2022-23573", + "id": "pyup.io-44858", + "more_info_path": "/vulnerabilities/CVE-2022-23573/44858", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -126636,10 +128616,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21735: The implementation of 'FractionalMaxPool' can be made to crash a TensorFlow process via a division by 0.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-87v6-crgm-2gfj", - "cve": "CVE-2022-21735", - "id": "pyup.io-44787", - "more_info_path": "/vulnerabilities/CVE-2022-21735/44787", + "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23560: An attacker can craft a TFLite model that would allow limited reads and writes outside of arrays in TFLite. This exploits missing validation in the conversion from sparse tensors to dense tensors.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-4hvf-hxvg-f67v", + "cve": "CVE-2022-23560", + "id": "pyup.io-44848", + "more_info_path": "/vulnerabilities/CVE-2022-23560/44848", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -126649,10 +128629,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23591: The 'GraphDef' format in TensorFlow does not allow self recursive functions. The runtime assumes that this invariant is satisfied. However, a 'GraphDef' containing a fragment such as the following can be consumed when loading a 'SavedModel'. This would result in a stack overflow during execution as resolving each 'NodeDef' means resolving the function itself and its nodes.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-247x-2f9f-5wp7", - "cve": "CVE-2022-23591", - "id": "pyup.io-44876", - "more_info_path": "/vulnerabilities/CVE-2022-23591/44876", + "advisory": "Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a 'SavedModel' such that any binary op would trigger 'CHECK' failures. This occurs when the protobuf part corresponding to the tensor arguments is modified such that the 'dtype' no longer matches the 'dtype' expected by the op. In that case, calling the templated binary operator for the binary op would receive corrupted data, due to the type confusion involved. If 'Tin' and 'Tout' don't match the type of data in 'out' and 'input_*' tensors then 'flat<*>' would interpret it wrongly. In most cases, this would be a silent failure, but we have noticed scenarios where this results in a 'CHECK' crash, hence a denial of service. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", + "cve": "CVE-2022-23583", + "id": "pyup.io-44868", + "more_info_path": "/vulnerabilities/CVE-2022-23583/44868", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -126662,10 +128642,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a use after free behavior when decoding PNG images. After `png::CommonFreeDecode(&decode)` gets called, the values of `decode.width` and `decode.height` are in an unspecified state. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", - "cve": "CVE-2022-23584", - "id": "pyup.io-44869", - "more_info_path": "/vulnerabilities/CVE-2022-23584/44869", + "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23581: The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a 'SavedModel' such that 'IsSimplifiableReshape' would trigger 'CHECK' failures.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-fq86-3f29-px2c", + "cve": "CVE-2022-23581", + "id": "pyup.io-44866", + "more_info_path": "/vulnerabilities/CVE-2022-23581/44866", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -126675,10 +128655,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23582: A malicious user can cause a denial of service by altering a 'SavedModel' such that 'TensorByteSize' would trigger 'CHECK' failures. 'TensorShape' constructor throws a 'CHECK'-fail if shape is partial or has a number of elements that would overflow the size of an 'int'. The 'PartialTensorShape' constructor instead does not cause a 'CHECK'-abort if the shape is partial, which is exactly what this function needs to be able to return '-1'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-4j82-5ccr-4r8v", - "cve": "CVE-2022-23582", - "id": "pyup.io-44867", - "more_info_path": "/vulnerabilities/CVE-2022-23582/44867", + "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23579: The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a 'SavedModel' such that 'SafeToRemoveIdentity' would trigger 'CHECK' failures.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-5f2r-qp73-37mr", + "cve": "CVE-2022-23579", + "id": "pyup.io-44864", + "more_info_path": "/vulnerabilities/CVE-2022-23579/44864", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -126688,10 +128668,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23567: The implementations of 'Sparse*Cwise*' ops are vulnerable to integer overflows. These can be used to trigger large allocations (so, OOM based denial of service) or 'CHECK'-fails when building new 'TensorShape' objects (so, assert failures based denial of service). There are missing some validation on the shapes of the input tensors as well as directly constructing a large 'TensorShape' with user-provided dimensions.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-rrx2-r989-2c43", - "cve": "CVE-2022-23567", - "id": "pyup.io-44794", - "more_info_path": "/vulnerabilities/CVE-2022-23567/44794", + "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23557: An attacker can craft a TFLite model that would trigger a division by zero in 'BiasAndClamp' implementation. There is no check that the 'bias_size' is non zero.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-gf2j-f278-xh4v", + "cve": "CVE-2022-23557", + "id": "pyup.io-44845", + "more_info_path": "/vulnerabilities/CVE-2022-23557/44845", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -126701,10 +128681,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21733: The implementation of 'StringNGrams' can be used to trigger a denial of service attack by causing an out of memory condition after an integer overflow. There is missing a validation on 'pad_witdh' and that result in computing a negative value for 'ngram_width' which is later used to allocate parts of the output.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-98j8-c9q4-r38g", - "cve": "CVE-2022-21733", - "id": "pyup.io-44785", - "more_info_path": "/vulnerabilities/CVE-2022-21733/44785", + "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23558: An attacker can craft a TFLite model that would cause an integer overflow in 'TfLiteIntArrayCreate'. The 'TfLiteIntArrayGetSizeInBytes' returns an 'int' instead of a 'size_t'. An attacker can control model inputs such that 'computed_size' overflows the size of 'int' datatype.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9gwq-6cwj-47h3", + "cve": "CVE-2022-23558", + "id": "pyup.io-44846", + "more_info_path": "/vulnerabilities/CVE-2022-23558/44846", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -126714,10 +128694,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21728: The implementation of shape inference for 'ReverseSequence' does not fully validate the value of 'batch_dim' and can result in a heap OOB read. There is a check to make sure the value of 'batch_dim' does not go over the rank of the input, but there is no check for negative values. Negative dimensions are allowed in some cases to mimic Python's negative indexing (i.e., indexing from the end of the array), however if the value is too negative then the implementation of 'Dim' would access elements before the start of an array.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-6gmv-pjp9-p8w8", - "cve": "CVE-2022-21728", - "id": "pyup.io-44780", - "more_info_path": "/vulnerabilities/CVE-2022-21728/44780", + "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21735: The implementation of 'FractionalMaxPool' can be made to crash a TensorFlow process via a division by 0.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-87v6-crgm-2gfj", + "cve": "CVE-2022-21735", + "id": "pyup.io-44787", + "more_info_path": "/vulnerabilities/CVE-2022-21735/44787", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -126727,10 +128707,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23569: Multiple operations in TensorFlow can be used to trigger a denial of service via 'CHECK'-fails (i.e., assertion failures). This is similar to CVE-2021-41197 and has a similar fix. It is possible that other similar instances exist.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-qj5r-f9mv-rffh", - "cve": "CVE-2022-23569", - "id": "pyup.io-44796", - "more_info_path": "/vulnerabilities/CVE-2022-23569/44796", + "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23591: The 'GraphDef' format in TensorFlow does not allow self recursive functions. The runtime assumes that this invariant is satisfied. However, a 'GraphDef' containing a fragment such as the following can be consumed when loading a 'SavedModel'. This would result in a stack overflow during execution as resolving each 'NodeDef' means resolving the function itself and its nodes.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-247x-2f9f-5wp7", + "cve": "CVE-2022-23591", + "id": "pyup.io-44876", + "more_info_path": "/vulnerabilities/CVE-2022-23591/44876", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -126740,10 +128720,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow is an Open Source Machine Learning Framework. The implementation of `OpLevelCostEstimator::CalculateTensorSize` is vulnerable to an integer overflow if an attacker can create an operation which would involve a tensor with large enough number of elements. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", - "cve": "CVE-2022-23575", - "id": "pyup.io-44860", - "more_info_path": "/vulnerabilities/CVE-2022-23575/44860", + "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23582: A malicious user can cause a denial of service by altering a 'SavedModel' such that 'TensorByteSize' would trigger 'CHECK' failures. 'TensorShape' constructor throws a 'CHECK'-fail if shape is partial or has a number of elements that would overflow the size of an 'int'. The 'PartialTensorShape' constructor instead does not cause a 'CHECK'-abort if the shape is partial, which is exactly what this function needs to be able to return '-1'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-4j82-5ccr-4r8v", + "cve": "CVE-2022-23582", + "id": "pyup.io-44867", + "more_info_path": "/vulnerabilities/CVE-2022-23582/44867", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -126753,10 +128733,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow is an Open Source Machine Learning Framework. If a graph node is invalid, TensorFlow can leak memory in the implementation of `ImmutableExecutorState::Initialize`. Here, we set `item->kernel` to `nullptr` but it is a simple `OpKernel*` pointer so the memory that was previously allocated to it would leak. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", - "cve": "CVE-2022-23578", - "id": "pyup.io-44863", - "more_info_path": "/vulnerabilities/CVE-2022-23578/44863", + "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23567: The implementations of 'Sparse*Cwise*' ops are vulnerable to integer overflows. These can be used to trigger large allocations (so, OOM based denial of service) or 'CHECK'-fails when building new 'TensorShape' objects (so, assert failures based denial of service). There are missing some validation on the shapes of the input tensors as well as directly constructing a large 'TensorShape' with user-provided dimensions.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-rrx2-r989-2c43", + "cve": "CVE-2022-23567", + "id": "pyup.io-44794", + "more_info_path": "/vulnerabilities/CVE-2022-23567/44794", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -126766,10 +128746,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow is vulnerable to an integer overflow during cost estimation for crop and resize. Since the cropping parameters are user controlled, a malicious person can trigger undefined behavior. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", - "cve": "CVE-2022-23587", - "id": "pyup.io-44872", - "more_info_path": "/vulnerabilities/CVE-2022-23587/44872", + "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21733: The implementation of 'StringNGrams' can be used to trigger a denial of service attack by causing an out of memory condition after an integer overflow. There is missing a validation on 'pad_witdh' and that result in computing a negative value for 'ngram_width' which is later used to allocate parts of the output.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-98j8-c9q4-r38g", + "cve": "CVE-2022-21733", + "id": "pyup.io-44785", + "more_info_path": "/vulnerabilities/CVE-2022-21733/44785", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -126779,10 +128759,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow is an Open Source Machine Learning Framework. When decoding PNG images TensorFlow can produce a memory leak if the image is invalid. After calling `png::CommonInitDecode(..., &decode)`, the `decode` value contains allocated buffers which can only be freed by calling `png::CommonFreeDecode(&decode)`. However, several error case in the function implementation invoke the `OP_REQUIRES` macro which immediately terminates the execution of the function, without allowing for the memory free to occur. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", - "cve": "CVE-2022-23585", - "id": "pyup.io-44870", - "more_info_path": "/vulnerabilities/CVE-2022-23585/44870", + "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23569: Multiple operations in TensorFlow can be used to trigger a denial of service via 'CHECK'-fails (i.e., assertion failures). This is similar to CVE-2021-41197 and has a similar fix. It is possible that other similar instances exist.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-qj5r-f9mv-rffh", + "cve": "CVE-2022-23569", + "id": "pyup.io-44796", + "more_info_path": "/vulnerabilities/CVE-2022-23569/44796", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -126792,10 +128772,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that Grappler optimizer would attempt to build a tensor using a reference `dtype`. This would result in a crash due to a `CHECK`-fail in the `Tensor` constructor as reference types are not allowed. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", - "cve": "CVE-2022-23588", - "id": "pyup.io-44873", - "more_info_path": "/vulnerabilities/CVE-2022-23588/44873", + "advisory": "Tensorflow is an Open Source Machine Learning Framework. If a graph node is invalid, TensorFlow can leak memory in the implementation of `ImmutableExecutorState::Initialize`. Here, we set `item->kernel` to `nullptr` but it is a simple `OpKernel*` pointer so the memory that was previously allocated to it would leak. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", + "cve": "CVE-2022-23578", + "id": "pyup.io-44863", + "more_info_path": "/vulnerabilities/CVE-2022-23578/44863", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -126805,10 +128785,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow can trigger a null pointer dereference. There are 2 places where this can occur, for the same malicious alteration of a `SavedModel` file (fixing the first one would trigger the same dereference in the second place). First, during constant folding, the `GraphDef` might not have the required nodes for the binary operation. If a node is missing, the correposning `mul_*child` would be null, and the dereference in the subsequent line would be incorrect. We have a similar issue during `IsIdentityConsumingSwitch`. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", - "cve": "CVE-2022-23589", - "id": "pyup.io-44874", - "more_info_path": "/vulnerabilities/CVE-2022-23589/44874", + "advisory": "Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that Grappler optimizer would attempt to build a tensor using a reference `dtype`. This would result in a crash due to a `CHECK`-fail in the `Tensor` constructor as reference types are not allowed. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", + "cve": "CVE-2022-23588", + "id": "pyup.io-44873", + "more_info_path": "/vulnerabilities/CVE-2022-23588/44873", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -126818,10 +128798,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23559: An attacker can craft a TFLite model that would cause an integer overflow in embedding lookup operations. Both 'embedding_size' and 'lookup_size' are products of values provided by the user. Hence, a malicious user could trigger overflows in the multiplication. In certain scenarios, this can then result in heap OOB read/write.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-98p5-x8x4-c9m5", - "cve": "CVE-2022-23559", - "id": "pyup.io-44847", - "more_info_path": "/vulnerabilities/CVE-2022-23559/44847", + "advisory": "Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow can trigger a null pointer dereference. There are 2 places where this can occur, for the same malicious alteration of a `SavedModel` file (fixing the first one would trigger the same dereference in the second place). First, during constant folding, the `GraphDef` might not have the required nodes for the binary operation. If a node is missing, the correposning `mul_*child` would be null, and the dereference in the subsequent line would be incorrect. We have a similar issue during `IsIdentityConsumingSwitch`. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", + "cve": "CVE-2022-23589", + "id": "pyup.io-44874", + "more_info_path": "/vulnerabilities/CVE-2022-23589/44874", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -126831,10 +128811,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow versions 2.5.3, 2.6.3 and 2.7.1 include a fix for CVE-2021-41208: In affected versions, the code for boosted trees in TensorFlow is still missing validation. As a result, attackers can trigger denial of service (via dereferencing 'nullptr's or via 'CHECK'-failures) as well as abuse undefined behavior (binding references to 'nullptr's). An attacker can also read and write from heap buffers, depending on the API that gets used and the arguments that are passed to the call. Given that the boosted trees implementation in TensorFlow is unmaintained, it is recommend to no longer use these APIs. TensorFlow's boosted trees APIs will be deprecated in subsequent releases.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-57wx-m983-2f88\r\nhttps://github.com/tensorflow/tensorflow/commit/5c8c9a8bfe750f9743d0c859bae112060b216f5c\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-h6gw-r52c-724r", - "cve": "CVE-2021-41208", - "id": "pyup.io-42455", - "more_info_path": "/vulnerabilities/CVE-2021-41208/42455", + "advisory": "Tensorflow versions 2.5.3, 2.6.3 and 2.7.1 include a fix for CVE-2021-41206: In affected versions, several TensorFlow operations are missing validation for the shapes of the tensor arguments involved in the call. Depending on the API, this can result in undefined behavior and segfault or 'CHECK'-fail related crashes but in some scenarios writes and reads from heap populated arrays are also possible. These issues were discovered internally via tooling while working on improving/testing GPU op determinism. As such, there aren't reproducers and there will be multiple fixes for these issues.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-pgcq-h79j-2f69\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-43q8-3fv7-pr5x", + "cve": "CVE-2021-41206", + "id": "pyup.io-42453", + "more_info_path": "/vulnerabilities/CVE-2021-41206/42453", "specs": [ "<2.5.3", ">=2.6.0rc0,<2.6.3", @@ -126843,10 +128823,10 @@ "v": "<2.5.3,>=2.6.0rc0,<2.6.3,>=2.7.0rc0,<2.7.1" }, { - "advisory": "Tensorflow versions 2.5.3, 2.6.3 and 2.7.1 include a fix for CVE-2021-41206: In affected versions, several TensorFlow operations are missing validation for the shapes of the tensor arguments involved in the call. Depending on the API, this can result in undefined behavior and segfault or 'CHECK'-fail related crashes but in some scenarios writes and reads from heap populated arrays are also possible. These issues were discovered internally via tooling while working on improving/testing GPU op determinism. As such, there aren't reproducers and there will be multiple fixes for these issues.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-pgcq-h79j-2f69\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-43q8-3fv7-pr5x", - "cve": "CVE-2021-41206", - "id": "pyup.io-42453", - "more_info_path": "/vulnerabilities/CVE-2021-41206/42453", + "advisory": "Tensorflow versions 2.5.3, 2.6.3 and 2.7.1 include a fix for CVE-2021-41208: In affected versions, the code for boosted trees in TensorFlow is still missing validation. As a result, attackers can trigger denial of service (via dereferencing 'nullptr's or via 'CHECK'-failures) as well as abuse undefined behavior (binding references to 'nullptr's). An attacker can also read and write from heap buffers, depending on the API that gets used and the arguments that are passed to the call. Given that the boosted trees implementation in TensorFlow is unmaintained, it is recommend to no longer use these APIs. TensorFlow's boosted trees APIs will be deprecated in subsequent releases.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-57wx-m983-2f88\r\nhttps://github.com/tensorflow/tensorflow/commit/5c8c9a8bfe750f9743d0c859bae112060b216f5c\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-h6gw-r52c-724r", + "cve": "CVE-2021-41208", + "id": "pyup.io-42455", + "more_info_path": "/vulnerabilities/CVE-2021-41208/42455", "specs": [ "<2.5.3", ">=2.6.0rc0,<2.6.3", @@ -126893,6 +128873,58 @@ ], "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, + { + "advisory": "Tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29213: Crashes stemming from incomplete validation in signal ops.", + "cve": "CVE-2022-29213", + "id": "pyup.io-48653", + "more_info_path": "/vulnerabilities/CVE-2022-29213/48653", + "specs": [ + "<2.6.4", + ">=2.7.0rc0,<2.7.2", + ">=2.8.0rc0,<2.8.1", + ">=2.9.0rc0,<2.9.0" + ], + "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" + }, + { + "advisory": "Tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29204: Missing validation which causes denial of service via 'Conv3DBackpropFilterV2'.", + "cve": "CVE-2022-29204", + "id": "pyup.io-48647", + "more_info_path": "/vulnerabilities/CVE-2022-29204/48647", + "specs": [ + "<2.6.4", + ">=2.7.0rc0,<2.7.2", + ">=2.8.0rc0,<2.8.1", + ">=2.9.0rc0,<2.9.0" + ], + "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" + }, + { + "advisory": "Tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29200: Missing validation which causes denial of service via 'LSTMBlockCell'.", + "cve": "CVE-2022-29200", + "id": "pyup.io-48641", + "more_info_path": "/vulnerabilities/CVE-2022-29200/48641", + "specs": [ + "<2.6.4", + ">=2.7.0rc0,<2.7.2", + ">=2.8.0rc0,<2.8.1", + ">=2.9.0rc0,<2.9.0" + ], + "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" + }, + { + "advisory": "Tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29206: Missing validation which results in undefined behavior in 'SparseTensorDenseAdd'.", + "cve": "CVE-2022-29206", + "id": "pyup.io-48645", + "more_info_path": "/vulnerabilities/CVE-2022-29206/48645", + "specs": [ + "<2.6.4", + ">=2.7.0rc0,<2.7.2", + ">=2.8.0rc0,<2.8.1", + ">=2.9.0rc0,<2.9.0" + ], + "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" + }, { "advisory": "Tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 update 'curl' to v7.83.1 to handle CVE-2022-27776.", "cve": "CVE-2022-27776", @@ -126920,10 +128952,10 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29202: Denial of service in 'tf.ragged.constant' due to lack of validation.", - "cve": "CVE-2022-29202", - "id": "pyup.io-48650", - "more_info_path": "/vulnerabilities/CVE-2022-29202/48650", + "advisory": "Tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 update 'curl' to v7.83.1 to handle CVE-2022-30115.", + "cve": "CVE-2022-30115", + "id": "pyup.io-48664", + "more_info_path": "/vulnerabilities/CVE-2022-30115/48664", "specs": [ "<2.6.4", ">=2.7.0rc0,<2.7.2", @@ -126933,10 +128965,10 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 update 'curl' to v7.83.1 to handle CVE-2022-27778.", - "cve": "CVE-2022-27778", - "id": "pyup.io-48659", - "more_info_path": "/vulnerabilities/CVE-2022-27778/48659", + "advisory": "Tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 update 'curl' to v7.83.1 to handle CVE-2022-22576.", + "cve": "CVE-2022-22576", + "id": "pyup.io-48655", + "more_info_path": "/vulnerabilities/CVE-2022-22576/48655", "specs": [ "<2.6.4", ">=2.7.0rc0,<2.7.2", @@ -126946,10 +128978,10 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 update 'curl' to v7.83.1 to handle CVE-2022-27780.", - "cve": "CVE-2022-27780", - "id": "pyup.io-48661", - "more_info_path": "/vulnerabilities/CVE-2022-27780/48661", + "advisory": "Tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29202: Denial of service in 'tf.ragged.constant' due to lack of validation.", + "cve": "CVE-2022-29202", + "id": "pyup.io-48650", + "more_info_path": "/vulnerabilities/CVE-2022-29202/48650", "specs": [ "<2.6.4", ">=2.7.0rc0,<2.7.2", @@ -126959,10 +128991,10 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2021-41197: Affected versions allow tensors to have a large number of dimensions and each dimension can be as large as desired. However, the total number of elements in a tensor must fit within an 'int64_t'. If an overflow occurs, 'MultiplyWithoutOverflow' would return a negative result. In the majority of TensorFlow codebase this then results in a 'CHECK'-failure. Newer constructs exist which return a 'Status' instead of crashing the binary. This is similar to CVE-2021-29584.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-prcg-wp5q-rv7p\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-wcv5-vrvr-3rx2\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-mw6j-hh29-h379", - "cve": "CVE-2021-41197", - "id": "pyup.io-42444", - "more_info_path": "/vulnerabilities/CVE-2021-41197/42444", + "advisory": "Tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 update 'curl' to v7.83.1 to handle CVE-2022-27778.", + "cve": "CVE-2022-27778", + "id": "pyup.io-48659", + "more_info_path": "/vulnerabilities/CVE-2022-27778/48659", "specs": [ "<2.6.4", ">=2.7.0rc0,<2.7.2", @@ -126972,10 +129004,10 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29213: Crashes stemming from incomplete validation in signal ops.", - "cve": "CVE-2022-29213", - "id": "pyup.io-48653", - "more_info_path": "/vulnerabilities/CVE-2022-29213/48653", + "advisory": "Tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 update 'curl' to v7.83.1 to handle CVE-2022-27780.", + "cve": "CVE-2022-27780", + "id": "pyup.io-48661", + "more_info_path": "/vulnerabilities/CVE-2022-27780/48661", "specs": [ "<2.6.4", ">=2.7.0rc0,<2.7.2", @@ -126985,10 +129017,10 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29204: Missing validation which causes denial of service via 'Conv3DBackpropFilterV2'.", - "cve": "CVE-2022-29204", - "id": "pyup.io-48647", - "more_info_path": "/vulnerabilities/CVE-2022-29204/48647", + "advisory": "Tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2021-41197: Affected versions allow tensors to have a large number of dimensions and each dimension can be as large as desired. However, the total number of elements in a tensor must fit within an 'int64_t'. If an overflow occurs, 'MultiplyWithoutOverflow' would return a negative result. In the majority of TensorFlow codebase this then results in a 'CHECK'-failure. Newer constructs exist which return a 'Status' instead of crashing the binary. This is similar to CVE-2021-29584.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-prcg-wp5q-rv7p\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-wcv5-vrvr-3rx2\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-mw6j-hh29-h379", + "cve": "CVE-2021-41197", + "id": "pyup.io-42444", + "more_info_path": "/vulnerabilities/CVE-2021-41197/42444", "specs": [ "<2.6.4", ">=2.7.0rc0,<2.7.2", @@ -127075,19 +129107,6 @@ ], "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, - { - "advisory": "Tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29200: Missing validation which causes denial of service via 'LSTMBlockCell'.", - "cve": "CVE-2022-29200", - "id": "pyup.io-48641", - "more_info_path": "/vulnerabilities/CVE-2022-29200/48641", - "specs": [ - "<2.6.4", - ">=2.7.0rc0,<2.7.2", - ">=2.8.0rc0,<2.8.1", - ">=2.9.0rc0,<2.9.0" - ], - "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" - }, { "advisory": "Tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29216: Code injection in 'saved_model_cli'.", "cve": "CVE-2022-29216", @@ -127205,19 +129224,6 @@ ], "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, - { - "advisory": "Tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29206: Missing validation which results in undefined behavior in 'SparseTensorDenseAdd'.", - "cve": "CVE-2022-29206", - "id": "pyup.io-48645", - "more_info_path": "/vulnerabilities/CVE-2022-29206/48645", - "specs": [ - "<2.6.4", - ">=2.7.0rc0,<2.7.2", - ">=2.8.0rc0,<2.8.1", - ">=2.9.0rc0,<2.9.0" - ], - "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" - }, { "advisory": "Tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 update 'curl' to v7.83.1 to handle CVE-2022-27782.", "cve": "CVE-2022-27782", @@ -127244,32 +129250,6 @@ ], "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, - { - "advisory": "Tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 update 'curl' to v7.83.1 to handle CVE-2022-30115.", - "cve": "CVE-2022-30115", - "id": "pyup.io-48664", - "more_info_path": "/vulnerabilities/CVE-2022-30115/48664", - "specs": [ - "<2.6.4", - ">=2.7.0rc0,<2.7.2", - ">=2.8.0rc0,<2.8.1", - ">=2.9.0rc0,<2.9.0" - ], - "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" - }, - { - "advisory": "Tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 update 'curl' to v7.83.1 to handle CVE-2022-22576.", - "cve": "CVE-2022-22576", - "id": "pyup.io-48655", - "more_info_path": "/vulnerabilities/CVE-2022-22576/48655", - "specs": [ - "<2.6.4", - ">=2.7.0rc0,<2.7.2", - ">=2.8.0rc0,<2.8.1", - ">=2.9.0rc0,<2.9.0" - ], - "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" - }, { "advisory": "Tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29191: Missing validation which causes denial of service via 'GetSessionTensor'.", "cve": "CVE-2022-29191", @@ -127322,10 +129302,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35994: 'CHECK' fail in 'CollectiveGather'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-fhfc-2q7x-929f", - "cve": "CVE-2022-35994", - "id": "pyup.io-51083", - "more_info_path": "/vulnerabilities/CVE-2022-35994/51083", + "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35941: 'CHECK' failure in 'AvgPoolOp'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-mgmh-g2v6-mqw5", + "cve": "CVE-2022-35941", + "id": "pyup.io-51053", + "more_info_path": "/vulnerabilities/CVE-2022-35941/51053", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -127334,10 +129314,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35970: Segfault in 'QuantizedInstanceNorm'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-g35r-369w-3fqp", - "cve": "CVE-2022-35970", - "id": "pyup.io-51064", - "more_info_path": "/vulnerabilities/CVE-2022-35970/51064", + "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35997: 'CHECK' fail in 'tf.sparse.cross'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-p7hr-f446-x6qf", + "cve": "CVE-2022-35997", + "id": "pyup.io-51086", + "more_info_path": "/vulnerabilities/CVE-2022-35997/51086", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -127346,10 +129326,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35941: 'CHECK' failure in 'AvgPoolOp'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-mgmh-g2v6-mqw5", - "cve": "CVE-2022-35941", - "id": "pyup.io-51053", - "more_info_path": "/vulnerabilities/CVE-2022-35941/51053", + "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35999: 'CHECK' fail in 'Conv2DBackpropInput'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-37jf-mjv6-xfqw", + "cve": "CVE-2022-35999", + "id": "pyup.io-51088", + "more_info_path": "/vulnerabilities/CVE-2022-35999/51088", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -127358,10 +129338,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35940: Int overflow in 'RaggedRangeOp'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-x989-q2pq-4q5x", - "cve": "CVE-2022-35940", - "id": "pyup.io-51052", - "more_info_path": "/vulnerabilities/CVE-2022-35940/51052", + "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36027: Segfault TFLite converter on per-channel quantized transposed convolutions.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-79h2-q768-fpxr", + "cve": "CVE-2022-36027", + "id": "pyup.io-51105", + "more_info_path": "/vulnerabilities/CVE-2022-36027/51105", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -127370,10 +129350,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35952: 'CHECK' failures in 'UnbatchGradOp'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-h5vq-gw2c-pq47", - "cve": "CVE-2022-35952", - "id": "pyup.io-51054", - "more_info_path": "/vulnerabilities/CVE-2022-35952/51054", + "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35983: 'CHECK' fail in 'Save' and 'SaveSlices'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-m6vp-8q9j-whx4", + "cve": "CVE-2022-35983", + "id": "pyup.io-51072", + "more_info_path": "/vulnerabilities/CVE-2022-35983/51072", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -127382,10 +129362,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35997: 'CHECK' fail in 'tf.sparse.cross'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-p7hr-f446-x6qf", - "cve": "CVE-2022-35997", - "id": "pyup.io-51086", - "more_info_path": "/vulnerabilities/CVE-2022-35997/51086", + "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35960: 'CHECK' failure in 'TensorListReserve' via missing validation.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-v5xg-3q2c-c2r4", + "cve": "CVE-2022-35960", + "id": "pyup.io-51056", + "more_info_path": "/vulnerabilities/CVE-2022-35960/51056", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -127394,10 +129374,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35993: 'CHECK' fail in 'SetSize'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-wq6q-6m32-9rv9", - "cve": "CVE-2022-35993", - "id": "pyup.io-51082", - "more_info_path": "/vulnerabilities/CVE-2022-35993/51082", + "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36003: 'CHECK' fail in 'RandomPoissonV2'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-cv2p-32v3-vhwq", + "cve": "CVE-2022-36003", + "id": "pyup.io-51092", + "more_info_path": "/vulnerabilities/CVE-2022-36003/51092", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -127406,10 +129386,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35937: OOB read in 'Gather_nd' op in TF Lite.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-pxrw-j2fv-hx3h", - "cve": "CVE-2022-35937", - "id": "pyup.io-51049", - "more_info_path": "/vulnerabilities/CVE-2022-35937/51049", + "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35988: 'CHECK' fail in 'tf.linalg.matrix_rank'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9vqj-64pv-w55c", + "cve": "CVE-2022-35988", + "id": "pyup.io-51077", + "more_info_path": "/vulnerabilities/CVE-2022-35988/51077", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -127418,10 +129398,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35999: 'CHECK' fail in 'Conv2DBackpropInput'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-37jf-mjv6-xfqw", - "cve": "CVE-2022-35999", - "id": "pyup.io-51088", - "more_info_path": "/vulnerabilities/CVE-2022-35999/51088", + "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35981: 'CHECK' fail in 'FractionalMaxPoolGrad'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-vxv8-r8q2-63xw", + "cve": "CVE-2022-35981", + "id": "pyup.io-51070", + "more_info_path": "/vulnerabilities/CVE-2022-35981/51070", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -127430,10 +129410,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36027: Segfault TFLite converter on per-channel quantized transposed convolutions.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-79h2-q768-fpxr", - "cve": "CVE-2022-36027", - "id": "pyup.io-51105", - "more_info_path": "/vulnerabilities/CVE-2022-36027/51105", + "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35986: Segfault in 'RaggedBincount'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-wr9v-g9vf-c74v", + "cve": "CVE-2022-35986", + "id": "pyup.io-51075", + "more_info_path": "/vulnerabilities/CVE-2022-35986/51075", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -127442,10 +129422,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35985: 'CHECK' fail in 'LRNGrad'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9942-r22v-78cp", - "cve": "CVE-2022-35985", - "id": "pyup.io-51074", - "more_info_path": "/vulnerabilities/CVE-2022-35985/51074", + "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35992: 'CHECK' fail in 'TensorListFromTensor'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9v8w-xmr4-wgxp", + "cve": "CVE-2022-35992", + "id": "pyup.io-51081", + "more_info_path": "/vulnerabilities/CVE-2022-35992/51081", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -127454,10 +129434,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36017: Segfault in 'Requantize'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-wqmc-pm8c-2jhc", - "cve": "CVE-2022-36017", - "id": "pyup.io-51101", - "more_info_path": "/vulnerabilities/CVE-2022-36017/51101", + "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35979: Segfault in 'QuantizedRelu' and 'QuantizedRelu6'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-v7vw-577f-vp8x", + "cve": "CVE-2022-35979", + "id": "pyup.io-51069", + "more_info_path": "/vulnerabilities/CVE-2022-35979/51069", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -127466,10 +129446,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35969: 'CHECK' fail in 'Conv2DBackpropInput'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-q2c3-jpmc-gfjx", - "cve": "CVE-2022-35969", - "id": "pyup.io-51063", - "more_info_path": "/vulnerabilities/CVE-2022-35969/51063", + "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35990: 'CHECK' fail in 'FakeQuantWithMinMaxVarsPerChannelGradient'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-h7ff-cfc9-wmmh", + "cve": "CVE-2022-35990", + "id": "pyup.io-51079", + "more_info_path": "/vulnerabilities/CVE-2022-35990/51079", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -127478,10 +129458,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36012: Assertion fail on MLIR empty edge names.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-jvhc-5hhr-w3v5", - "cve": "CVE-2022-36012", - "id": "pyup.io-51096", - "more_info_path": "/vulnerabilities/CVE-2022-36012/51096", + "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35995: 'CHECK' fail in 'AudioSummaryV2'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-g9h5-vr8m-x2h4", + "cve": "CVE-2022-35995", + "id": "pyup.io-51084", + "more_info_path": "/vulnerabilities/CVE-2022-35995/51084", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -127490,10 +129470,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36026: 'CHECK' fail in 'QuantizeAndDequantizeV3'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9cr2-8pwr-fhfq", - "cve": "CVE-2022-36026", - "id": "pyup.io-51104", - "more_info_path": "/vulnerabilities/CVE-2022-36026/51104", + "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36005: 'CHECK' fail in 'FakeQuantWithMinMaxVarsGradient'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-r26c-679w-mrjm", + "cve": "CVE-2022-36005", + "id": "pyup.io-51094", + "more_info_path": "/vulnerabilities/CVE-2022-36005/51094", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -127502,10 +129482,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35998: 'CHECK' fail in 'EmptyTensorList'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-qhw4-wwr7-gjc5", - "cve": "CVE-2022-35998", - "id": "pyup.io-51087", - "more_info_path": "/vulnerabilities/CVE-2022-35998/51087", + "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35973: Segfault in 'QuantizedMatMul'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-689c-r7h2-fv9v", + "cve": "CVE-2022-35973", + "id": "pyup.io-51067", + "more_info_path": "/vulnerabilities/CVE-2022-35973/51067", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -127514,10 +129494,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35963: 'CHECK' failures in 'FractionalAvgPoolGrad'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-84jm-4cf3-9jfm", - "cve": "CVE-2022-35963", - "id": "pyup.io-51057", - "more_info_path": "/vulnerabilities/CVE-2022-35963/51057", + "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35971: 'CHECK' fail in 'FakeQuantWithMinMaxVars'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9fpg-838v-wpv7", + "cve": "CVE-2022-35971", + "id": "pyup.io-51065", + "more_info_path": "/vulnerabilities/CVE-2022-35971/51065", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -127526,10 +129506,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36015: Integer overflow in math ops. \r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-rh87-q4vg-m45j", - "cve": "CVE-2022-36015", - "id": "pyup.io-51099", - "more_info_path": "/vulnerabilities/CVE-2022-36015/51099", + "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36002: 'CHECK' fail in 'Unbatch'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-mh3m-62v7-68xg", + "cve": "CVE-2022-36002", + "id": "pyup.io-51091", + "more_info_path": "/vulnerabilities/CVE-2022-36002/51091", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -127538,10 +129518,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35983: 'CHECK' fail in 'Save' and 'SaveSlices'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-m6vp-8q9j-whx4", - "cve": "CVE-2022-35983", - "id": "pyup.io-51072", - "more_info_path": "/vulnerabilities/CVE-2022-35983/51072", + "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35968: 'CHECK' fail in 'AvgPoolGrad'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-2475-53vw-vp25", + "cve": "CVE-2022-35968", + "id": "pyup.io-51062", + "more_info_path": "/vulnerabilities/CVE-2022-35968/51062", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -127550,10 +129530,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35960: 'CHECK' failure in 'TensorListReserve' via missing validation.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-v5xg-3q2c-c2r4", - "cve": "CVE-2022-35960", - "id": "pyup.io-51056", - "more_info_path": "/vulnerabilities/CVE-2022-35960/51056", + "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35996: Floating point exception in 'Conv2D'. \r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-q5jv-m6qw-5g37", + "cve": "CVE-2022-35996", + "id": "pyup.io-51085", + "more_info_path": "/vulnerabilities/CVE-2022-35996/51085", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -127562,10 +129542,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36003: 'CHECK' fail in 'RandomPoissonV2'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-cv2p-32v3-vhwq", - "cve": "CVE-2022-36003", - "id": "pyup.io-51092", - "more_info_path": "/vulnerabilities/CVE-2022-36003/51092", + "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35984: 'CHECK' fail in 'ParameterizedTruncatedNormal'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-p2xf-8hgm-hpw5", + "cve": "CVE-2022-35984", + "id": "pyup.io-51073", + "more_info_path": "/vulnerabilities/CVE-2022-35984/51073", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -127574,10 +129554,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35988: 'CHECK' fail in 'tf.linalg.matrix_rank'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9vqj-64pv-w55c", - "cve": "CVE-2022-35988", - "id": "pyup.io-51077", - "more_info_path": "/vulnerabilities/CVE-2022-35988/51077", + "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36014: Null-dereference in 'mlir::tfg::TFOp::nameAttr'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-7j3m-8g3c-9qqq", + "cve": "CVE-2022-36014", + "id": "pyup.io-51098", + "more_info_path": "/vulnerabilities/CVE-2022-36014/51098", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -127586,10 +129566,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35981: 'CHECK' fail in 'FractionalMaxPoolGrad'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-vxv8-r8q2-63xw", - "cve": "CVE-2022-35981", - "id": "pyup.io-51070", - "more_info_path": "/vulnerabilities/CVE-2022-35981/51070", + "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35965: Segfault in 'LowerBound' and 'UpperBound'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-qxpx-j395-pw36", + "cve": "CVE-2022-35965", + "id": "pyup.io-51059", + "more_info_path": "/vulnerabilities/CVE-2022-35965/51059", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -127598,10 +129578,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35986: Segfault in 'RaggedBincount'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-wr9v-g9vf-c74v", - "cve": "CVE-2022-35986", - "id": "pyup.io-51075", - "more_info_path": "/vulnerabilities/CVE-2022-35986/51075", + "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36018: 'CHECK' fail in 'RaggedTensorToVariant'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-m6cv-4fmf-66xf", + "cve": "CVE-2022-36018", + "id": "pyup.io-51102", + "more_info_path": "/vulnerabilities/CVE-2022-36018/51102", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -127610,10 +129590,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35992: 'CHECK' fail in 'TensorListFromTensor'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9v8w-xmr4-wgxp", - "cve": "CVE-2022-35992", - "id": "pyup.io-51081", - "more_info_path": "/vulnerabilities/CVE-2022-35992/51081", + "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36013: Null-dereference in 'mlir::tfg::GraphDefImporter::ConvertNodeDef'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-828c-5j5q-vrjq", + "cve": "CVE-2022-36013", + "id": "pyup.io-51097", + "more_info_path": "/vulnerabilities/CVE-2022-36013/51097", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -127622,10 +129602,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36016: 'CHECK'-fail in 'tensorflow::full_type::SubstituteFromAttrs'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-g468-qj8g-vcjc", - "cve": "CVE-2022-36016", - "id": "pyup.io-51100", - "more_info_path": "/vulnerabilities/CVE-2022-36016/51100", + "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35994: 'CHECK' fail in 'CollectiveGather'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-fhfc-2q7x-929f", + "cve": "CVE-2022-35994", + "id": "pyup.io-51083", + "more_info_path": "/vulnerabilities/CVE-2022-35994/51083", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -127634,10 +129614,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35979: Segfault in 'QuantizedRelu' and 'QuantizedRelu6'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-v7vw-577f-vp8x", - "cve": "CVE-2022-35979", - "id": "pyup.io-51069", - "more_info_path": "/vulnerabilities/CVE-2022-35979/51069", + "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35982: Segfault in 'SparseBincount'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-397c-5g2j-qxpv", + "cve": "CVE-2022-35982", + "id": "pyup.io-51071", + "more_info_path": "/vulnerabilities/CVE-2022-35982/51071", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -127646,10 +129626,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36011: Null dereference on MLIR on empty function attributes.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-fv43-93gv-vm8f", - "cve": "CVE-2022-36011", - "id": "pyup.io-51095", - "more_info_path": "/vulnerabilities/CVE-2022-36011/51095", + "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35934: 'CHECK' failure in tf.reshape via overflows.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-f4w6-h4f5-wx45", + "cve": "CVE-2022-35934", + "id": "pyup.io-51047", + "more_info_path": "/vulnerabilities/CVE-2022-35934/51047", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -127658,10 +129638,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35959: 'CHECK' failures in 'AvgPool3DGrad'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-wxjj-cgcx-r3vq", - "cve": "CVE-2022-35959", - "id": "pyup.io-51055", - "more_info_path": "/vulnerabilities/CVE-2022-35959/51055", + "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35966: Segfault in 'QuantizedAvgPool'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-4w68-4x85-mjj9", + "cve": "CVE-2022-35966", + "id": "pyup.io-51060", + "more_info_path": "/vulnerabilities/CVE-2022-35966/51060", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -127670,10 +129650,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35964: Segfault in 'BlockLSTMGradV2'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-f7r5-q7cx-h668", - "cve": "CVE-2022-35964", - "id": "pyup.io-51058", - "more_info_path": "/vulnerabilities/CVE-2022-35964/51058", + "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35970: Segfault in 'QuantizedInstanceNorm'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-g35r-369w-3fqp", + "cve": "CVE-2022-35970", + "id": "pyup.io-51064", + "more_info_path": "/vulnerabilities/CVE-2022-35970/51064", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -127682,10 +129662,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35990: 'CHECK' fail in 'FakeQuantWithMinMaxVarsPerChannelGradient'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-h7ff-cfc9-wmmh", - "cve": "CVE-2022-35990", - "id": "pyup.io-51079", - "more_info_path": "/vulnerabilities/CVE-2022-35990/51079", + "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35940: Int overflow in 'RaggedRangeOp'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-x989-q2pq-4q5x", + "cve": "CVE-2022-35940", + "id": "pyup.io-51052", + "more_info_path": "/vulnerabilities/CVE-2022-35940/51052", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -127694,10 +129674,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35995: 'CHECK' fail in 'AudioSummaryV2'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-g9h5-vr8m-x2h4", - "cve": "CVE-2022-35995", - "id": "pyup.io-51084", - "more_info_path": "/vulnerabilities/CVE-2022-35995/51084", + "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35952: 'CHECK' failures in 'UnbatchGradOp'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-h5vq-gw2c-pq47", + "cve": "CVE-2022-35952", + "id": "pyup.io-51054", + "more_info_path": "/vulnerabilities/CVE-2022-35952/51054", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -127706,10 +129686,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35972: Segfault in 'QuantizedBiasAdd'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-4pc4-m9mj-v2r9", - "cve": "CVE-2022-35972", - "id": "pyup.io-51066", - "more_info_path": "/vulnerabilities/CVE-2022-35972/51066", + "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35993: 'CHECK' fail in 'SetSize'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-wq6q-6m32-9rv9", + "cve": "CVE-2022-35993", + "id": "pyup.io-51082", + "more_info_path": "/vulnerabilities/CVE-2022-35993/51082", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -127718,10 +129698,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36005: 'CHECK' fail in 'FakeQuantWithMinMaxVarsGradient'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-r26c-679w-mrjm", - "cve": "CVE-2022-36005", - "id": "pyup.io-51094", - "more_info_path": "/vulnerabilities/CVE-2022-36005/51094", + "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35937: OOB read in 'Gather_nd' op in TF Lite.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-pxrw-j2fv-hx3h", + "cve": "CVE-2022-35937", + "id": "pyup.io-51049", + "more_info_path": "/vulnerabilities/CVE-2022-35937/51049", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -127730,10 +129710,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35967: Segfault in 'QuantizedAdd'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-v6h3-348g-6h5x", - "cve": "CVE-2022-35967", - "id": "pyup.io-51061", - "more_info_path": "/vulnerabilities/CVE-2022-35967/51061", + "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35985: 'CHECK' fail in 'LRNGrad'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9942-r22v-78cp", + "cve": "CVE-2022-35985", + "id": "pyup.io-51074", + "more_info_path": "/vulnerabilities/CVE-2022-35985/51074", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -127742,10 +129722,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35974: Segfault in 'QuantizeDownAndShrinkRange'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-vgvh-2pf4-jr2x", - "cve": "CVE-2022-35974", - "id": "pyup.io-51068", - "more_info_path": "/vulnerabilities/CVE-2022-35974/51068", + "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36017: Segfault in 'Requantize'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-wqmc-pm8c-2jhc", + "cve": "CVE-2022-36017", + "id": "pyup.io-51101", + "more_info_path": "/vulnerabilities/CVE-2022-36017/51101", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -127754,10 +129734,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35973: Segfault in 'QuantizedMatMul'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-689c-r7h2-fv9v", - "cve": "CVE-2022-35973", - "id": "pyup.io-51067", - "more_info_path": "/vulnerabilities/CVE-2022-35973/51067", + "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35969: 'CHECK' fail in 'Conv2DBackpropInput'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-q2c3-jpmc-gfjx", + "cve": "CVE-2022-35969", + "id": "pyup.io-51063", + "more_info_path": "/vulnerabilities/CVE-2022-35969/51063", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -127766,10 +129746,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35971: 'CHECK' fail in 'FakeQuantWithMinMaxVars'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9fpg-838v-wpv7", - "cve": "CVE-2022-35971", - "id": "pyup.io-51065", - "more_info_path": "/vulnerabilities/CVE-2022-35971/51065", + "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36012: Assertion fail on MLIR empty edge names.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-jvhc-5hhr-w3v5", + "cve": "CVE-2022-36012", + "id": "pyup.io-51096", + "more_info_path": "/vulnerabilities/CVE-2022-36012/51096", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -127778,10 +129758,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36002: 'CHECK' fail in 'Unbatch'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-mh3m-62v7-68xg", - "cve": "CVE-2022-36002", - "id": "pyup.io-51091", - "more_info_path": "/vulnerabilities/CVE-2022-36002/51091", + "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36026: 'CHECK' fail in 'QuantizeAndDequantizeV3'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9cr2-8pwr-fhfq", + "cve": "CVE-2022-36026", + "id": "pyup.io-51104", + "more_info_path": "/vulnerabilities/CVE-2022-36026/51104", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -127790,10 +129770,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36019: 'CHECK' fail in 'FakeQuantWithMinMaxVarsPerChannel'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9j4v-pp28-mxv7", - "cve": "CVE-2022-36019", - "id": "pyup.io-51103", - "more_info_path": "/vulnerabilities/CVE-2022-36019/51103", + "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35998: 'CHECK' fail in 'EmptyTensorList'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-qhw4-wwr7-gjc5", + "cve": "CVE-2022-35998", + "id": "pyup.io-51087", + "more_info_path": "/vulnerabilities/CVE-2022-35998/51087", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -127802,10 +129782,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35968: 'CHECK' fail in 'AvgPoolGrad'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-2475-53vw-vp25", - "cve": "CVE-2022-35968", - "id": "pyup.io-51062", - "more_info_path": "/vulnerabilities/CVE-2022-35968/51062", + "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35963: 'CHECK' failures in 'FractionalAvgPoolGrad'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-84jm-4cf3-9jfm", + "cve": "CVE-2022-35963", + "id": "pyup.io-51057", + "more_info_path": "/vulnerabilities/CVE-2022-35963/51057", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -127814,10 +129794,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35996: Floating point exception in 'Conv2D'. \r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-q5jv-m6qw-5g37", - "cve": "CVE-2022-35996", - "id": "pyup.io-51085", - "more_info_path": "/vulnerabilities/CVE-2022-35996/51085", + "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36015: Integer overflow in math ops. \r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-rh87-q4vg-m45j", + "cve": "CVE-2022-36015", + "id": "pyup.io-51099", + "more_info_path": "/vulnerabilities/CVE-2022-36015/51099", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -127826,10 +129806,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35984: 'CHECK' fail in 'ParameterizedTruncatedNormal'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-p2xf-8hgm-hpw5", - "cve": "CVE-2022-35984", - "id": "pyup.io-51073", - "more_info_path": "/vulnerabilities/CVE-2022-35984/51073", + "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36016: 'CHECK'-fail in 'tensorflow::full_type::SubstituteFromAttrs'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-g468-qj8g-vcjc", + "cve": "CVE-2022-36016", + "id": "pyup.io-51100", + "more_info_path": "/vulnerabilities/CVE-2022-36016/51100", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -127838,10 +129818,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36014: Null-dereference in 'mlir::tfg::TFOp::nameAttr'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-7j3m-8g3c-9qqq", - "cve": "CVE-2022-36014", - "id": "pyup.io-51098", - "more_info_path": "/vulnerabilities/CVE-2022-36014/51098", + "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36011: Null dereference on MLIR on empty function attributes.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-fv43-93gv-vm8f", + "cve": "CVE-2022-36011", + "id": "pyup.io-51095", + "more_info_path": "/vulnerabilities/CVE-2022-36011/51095", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -127850,10 +129830,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35965: Segfault in 'LowerBound' and 'UpperBound'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-qxpx-j395-pw36", - "cve": "CVE-2022-35965", - "id": "pyup.io-51059", - "more_info_path": "/vulnerabilities/CVE-2022-35965/51059", + "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35959: 'CHECK' failures in 'AvgPool3DGrad'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-wxjj-cgcx-r3vq", + "cve": "CVE-2022-35959", + "id": "pyup.io-51055", + "more_info_path": "/vulnerabilities/CVE-2022-35959/51055", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -127862,10 +129842,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36018: 'CHECK' fail in 'RaggedTensorToVariant'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-m6cv-4fmf-66xf", - "cve": "CVE-2022-36018", - "id": "pyup.io-51102", - "more_info_path": "/vulnerabilities/CVE-2022-36018/51102", + "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35964: Segfault in 'BlockLSTMGradV2'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-f7r5-q7cx-h668", + "cve": "CVE-2022-35964", + "id": "pyup.io-51058", + "more_info_path": "/vulnerabilities/CVE-2022-35964/51058", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -127874,10 +129854,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36013: Null-dereference in 'mlir::tfg::GraphDefImporter::ConvertNodeDef'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-828c-5j5q-vrjq", - "cve": "CVE-2022-36013", - "id": "pyup.io-51097", - "more_info_path": "/vulnerabilities/CVE-2022-36013/51097", + "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35972: Segfault in 'QuantizedBiasAdd'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-4pc4-m9mj-v2r9", + "cve": "CVE-2022-35972", + "id": "pyup.io-51066", + "more_info_path": "/vulnerabilities/CVE-2022-35972/51066", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -127886,10 +129866,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35982: Segfault in 'SparseBincount'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-397c-5g2j-qxpv", - "cve": "CVE-2022-35982", - "id": "pyup.io-51071", - "more_info_path": "/vulnerabilities/CVE-2022-35982/51071", + "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35967: Segfault in 'QuantizedAdd'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-v6h3-348g-6h5x", + "cve": "CVE-2022-35967", + "id": "pyup.io-51061", + "more_info_path": "/vulnerabilities/CVE-2022-35967/51061", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -127898,10 +129878,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35934: 'CHECK' failure in tf.reshape via overflows.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-f4w6-h4f5-wx45", - "cve": "CVE-2022-35934", - "id": "pyup.io-51047", - "more_info_path": "/vulnerabilities/CVE-2022-35934/51047", + "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35974: Segfault in 'QuantizeDownAndShrinkRange'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-vgvh-2pf4-jr2x", + "cve": "CVE-2022-35974", + "id": "pyup.io-51068", + "more_info_path": "/vulnerabilities/CVE-2022-35974/51068", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -127910,10 +129890,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35966: Segfault in 'QuantizedAvgPool'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-4w68-4x85-mjj9", - "cve": "CVE-2022-35966", - "id": "pyup.io-51060", - "more_info_path": "/vulnerabilities/CVE-2022-35966/51060", + "advisory": "TensorFlow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36019: 'CHECK' fail in 'FakeQuantWithMinMaxVarsPerChannel'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9j4v-pp28-mxv7", + "cve": "CVE-2022-36019", + "id": "pyup.io-51103", + "more_info_path": "/vulnerabilities/CVE-2022-36019/51103", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -127981,6 +129961,102 @@ ], "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, + { + "advisory": "Impact: A recurring instance of CVE-2022-35935 has been observed and addressed. In this case, `SobolSample` is prone to denial of service due to assumed scalar inputs. You can replicate this using the following code in Python:\r\n\r\n```python \r\nimport tensorflow as tf \r\ntf.raw_ops.SobolSample(dim=tf.constant([1,0]), num_results=tf.constant([1]), skip=tf.constant([1])) \r\n```\r\n\r\nPatches: Corrective measures have been taken and the issue has been patched via GitHub commits c65c67f88ad770662e8f191269a907bf2b94b1bf and 02400ea266bd811fc016a848445de1bbff3a23a0. These fixes will be integrated in the forthcoming TensorFlow 2.11 release and will also be added to TensorFlow 2.10.1, 2.9.3, and 2.8.4 as they fall within the supported range. Furthermore, the initial commit will be incorporated into TensorFlow 2.7.4.\r\n\r\nFor more information: You can refer to the TensorFlow's security guide for comprehensive insights into the security model and for details on how to contact them for queries or issues.\r\n\r\nAttribution: This vulnerability was reported by Kang Hong Jin from Singapore Management University, Neophytos Christou from Secure Systems Labs at Brown University, Liu Liyuan from the Information System & Security and Countermeasures Experiments Center at Beijing Institute of Technology, and Pattarakrit Rattankul.", + "cve": "PVE-2023-99921", + "id": "pyup.io-61990", + "more_info_path": "/vulnerabilities/PVE-2023-99921/61990", + "specs": [ + "<2.8.4", + ">=2.10.0,<2.10.1", + ">=2.9.0,<2.9.3" + ], + "v": "<2.8.4,>=2.10.0,<2.10.1,>=2.9.0,<2.9.3" + }, + { + "advisory": "The effect of CVE-2022-35991 was seen once more, where TensorListScatter and TensorListScatterV2 could potentially crash due to non scalar inputs in the element_shape parameter while in eager mode. This issue has been identified and resolved. The issue was identified when the following Python code was executed:\r\n\r\n```python \r\nimport tensorflow as tf \r\narg_0=tf.random.uniform(shape=(2, 2, 2), dtype=tf.float16, maxval=None) \r\narg_1=tf.random.uniform(shape=(2, 2, 2), dtype=tf.int32, maxval=65536) \r\narg_2=tf.random.uniform(shape=(2, 2, 2), dtype=tf.int32, maxval=65536) \r\narg_3='' \r\ntf.raw_ops.TensorListScatter(tensor=arg_0, indices=arg_1, element_shape=arg_2, name=arg_3) \r\n```\r\n\r\nA patch to resolve this issue is available in the GitHub commit bf9932fc907aff0e9e8cccf769e8b00d30fd81a1. This fix will be part of TensorFlow 2.11. Additionally, the commitment will be selected for TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these versions are also known to be affected and still under supported range.\r\n\r\nFor further details, please refer to TensorFlow's security guide. If there is any issue or question, contact us please.\r\n\r\nThe person who brought this vulnerability to our attention is Pattarakrit Rattankul.", + "cve": "PVE-2023-99920", + "id": "pyup.io-61991", + "more_info_path": "/vulnerabilities/PVE-2023-99920/61991", + "specs": [ + "<2.8.4", + ">=2.10.0,<2.10.1", + ">=2.9.0,<2.9.3" + ], + "v": "<2.8.4,>=2.10.0,<2.10.1,>=2.9.0,<2.9.3" + }, + { + "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41890: If 'BCast::ToShape' is given input larger than an 'int32', it will crash, despite being supposed to handle up to an 'int64'. An example can be seen in 'tf.experimental.numpy.outer' by passing in large input to the input 'b'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-h246-cgh4-7475", + "cve": "CVE-2022-41890", + "id": "pyup.io-51949", + "more_info_path": "/vulnerabilities/CVE-2022-41890/51949", + "specs": [ + "<2.8.4", + ">=2.9.0rc0,<2.9.3", + ">=2.10.0rc0,<2.10.1" + ], + "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" + }, + { + "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41894: The reference kernel of the 'CONV_3D_TRANSPOSE' TensorFlow Lite operator wrongly increments the data_ptr when adding the bias to the result. Instead of 'data_ptr += num_channels;' it should be 'data_ptr += output_num_channels;' as if the number of input channels is different than the number of output channels, the wrong result will be returned and a buffer overflow will occur if num_channels > output_num_channels. An attacker can craft a model with a specific number of input channels. It is then possible to write specific values through the bias of the layer outside the bounds of the buffer. This attack only works if the reference kernel resolver is used in the interpreter.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-h6q3-vv32-2cq5", + "cve": "CVE-2022-41894", + "id": "pyup.io-51952", + "more_info_path": "/vulnerabilities/CVE-2022-41894/51952", + "specs": [ + "<2.8.4", + ">=2.9.0rc0,<2.9.3", + ">=2.10.0rc0,<2.10.1" + ], + "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" + }, + { + "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41889: If a list of quantized tensors is assigned to an attribute, the pywrap code fails to parse the tensor and returns a 'nullptr', which is not caught. An example can be seen in 'tf.compat.v1.extract_volume_patches' by passing in quantized tensors as input 'ksizes'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-xxcj-rhqg-m46g", + "cve": "CVE-2022-41889", + "id": "pyup.io-51948", + "more_info_path": "/vulnerabilities/CVE-2022-41889/51948", + "specs": [ + "<2.8.4", + ">=2.9.0rc0,<2.9.3", + ">=2.10.0rc0,<2.10.1" + ], + "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" + }, + { + "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41909: An input 'encoded' that is not a valid 'CompositeTensorVariant' tensor will trigger a segfault in 'tf.raw_ops.CompositeTensorVariantToComponents'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-rjx6-v474-2ch9", + "cve": "CVE-2022-41909", + "id": "pyup.io-51962", + "more_info_path": "/vulnerabilities/CVE-2022-41909/51962", + "specs": [ + "<2.8.4", + ">=2.9.0rc0,<2.9.3", + ">=2.10.0rc0,<2.10.1" + ], + "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" + }, + { + "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41891: If 'tf.raw_ops.TensorListConcat' is given 'element_shape=[]', it results segmentation fault which can be used to trigger a denial of service attack.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-66vq-54fq-6jvv", + "cve": "CVE-2022-41891", + "id": "pyup.io-51950", + "more_info_path": "/vulnerabilities/CVE-2022-41891/51950", + "specs": [ + "<2.8.4", + ">=2.9.0rc0,<2.9.3", + ">=2.10.0rc0,<2.10.1" + ], + "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" + }, + { + "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41886: When 'tf.raw_ops.ImageProjectiveTransformV2' is given a large output shape, it overflows.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-54pp-c6pp-7fpx", + "cve": "CVE-2022-41886", + "id": "pyup.io-51945", + "more_info_path": "/vulnerabilities/CVE-2022-41886/51945", + "specs": [ + "<2.8.4", + ">=2.9.0rc0,<2.9.3", + ">=2.10.0rc0,<2.10.1" + ], + "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" + }, { "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41907: When 'tf.raw_ops.ResizeNearestNeighborGrad' is given a large 'size' input, it overflows.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-368v-7v32-52fx", "cve": "CVE-2022-41907", @@ -128041,18 +130117,6 @@ ], "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, - { - "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41890: If 'BCast::ToShape' is given input larger than an 'int32', it will crash, despite being supposed to handle up to an 'int64'. An example can be seen in 'tf.experimental.numpy.outer' by passing in large input to the input 'b'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-h246-cgh4-7475", - "cve": "CVE-2022-41890", - "id": "pyup.io-51949", - "more_info_path": "/vulnerabilities/CVE-2022-41890/51949", - "specs": [ - "<2.8.4", - ">=2.9.0rc0,<2.9.3", - ">=2.10.0rc0,<2.10.1" - ], - "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" - }, { "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41893: If 'tf.raw_ops.TensorListResize' is given a nonscalar value for input 'size', it results 'CHECK' fail which can be used to trigger a denial of service attack.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-67pf-62xr-q35m", "cve": "CVE-2022-41893", @@ -128065,18 +130129,6 @@ ], "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, - { - "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41894: The reference kernel of the 'CONV_3D_TRANSPOSE' TensorFlow Lite operator wrongly increments the data_ptr when adding the bias to the result. Instead of 'data_ptr += num_channels;' it should be 'data_ptr += output_num_channels;' as if the number of input channels is different than the number of output channels, the wrong result will be returned and a buffer overflow will occur if num_channels > output_num_channels. An attacker can craft a model with a specific number of input channels. It is then possible to write specific values through the bias of the layer outside the bounds of the buffer. This attack only works if the reference kernel resolver is used in the interpreter.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-h6q3-vv32-2cq5", - "cve": "CVE-2022-41894", - "id": "pyup.io-51952", - "more_info_path": "/vulnerabilities/CVE-2022-41894/51952", - "specs": [ - "<2.8.4", - ">=2.9.0rc0,<2.9.3", - ">=2.10.0rc0,<2.10.1" - ], - "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" - }, { "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41898: If 'SparseFillEmptyRowsGrad' is given empty inputs, TensorFlow will crash.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-hq7g-wwwp-q46h", "cve": "CVE-2022-41898", @@ -128125,18 +130177,6 @@ ], "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, - { - "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41889: If a list of quantized tensors is assigned to an attribute, the pywrap code fails to parse the tensor and returns a 'nullptr', which is not caught. An example can be seen in 'tf.compat.v1.extract_volume_patches' by passing in quantized tensors as input 'ksizes'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-xxcj-rhqg-m46g", - "cve": "CVE-2022-41889", - "id": "pyup.io-51948", - "more_info_path": "/vulnerabilities/CVE-2022-41889/51948", - "specs": [ - "<2.8.4", - ">=2.9.0rc0,<2.9.3", - ">=2.10.0rc0,<2.10.1" - ], - "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" - }, { "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41885: When 'tf.raw_ops.FusedResizeAndPadConv2D' is given a large tensor shape, it overflows.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-762h-vpvw-3rcx", "cve": "CVE-2022-41885", @@ -128149,18 +130189,6 @@ ], "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, - { - "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41909: An input 'encoded' that is not a valid 'CompositeTensorVariant' tensor will trigger a segfault in 'tf.raw_ops.CompositeTensorVariantToComponents'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-rjx6-v474-2ch9", - "cve": "CVE-2022-41909", - "id": "pyup.io-51962", - "more_info_path": "/vulnerabilities/CVE-2022-41909/51962", - "specs": [ - "<2.8.4", - ">=2.9.0rc0,<2.9.3", - ">=2.10.0rc0,<2.10.1" - ], - "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" - }, { "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41896: If 'ThreadUnsafeUnigramCandidateSampler' is given input 'filterbank_channel_count' greater than the allowed max size, TensorFlow will crash.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-rmg2-f698-wq35", "cve": "CVE-2022-41896", @@ -128209,18 +130237,6 @@ ], "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, - { - "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41891: If 'tf.raw_ops.TensorListConcat' is given 'element_shape=[]', it results segmentation fault which can be used to trigger a denial of service attack.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-66vq-54fq-6jvv", - "cve": "CVE-2022-41891", - "id": "pyup.io-51950", - "more_info_path": "/vulnerabilities/CVE-2022-41891/51950", - "specs": [ - "<2.8.4", - ">=2.9.0rc0,<2.9.3", - ">=2.10.0rc0,<2.10.1" - ], - "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" - }, { "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41897: If 'FractionMaxPoolGrad' is given outsize inputs 'row_pooling_sequence' and 'col_pooling_sequence', TensorFlow will crash.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-f2w8-jw48-fr7j", "cve": "CVE-2022-41897", @@ -128233,18 +130249,6 @@ ], "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, - { - "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41886: When 'tf.raw_ops.ImageProjectiveTransformV2' is given a large output shape, it overflows.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-54pp-c6pp-7fpx", - "cve": "CVE-2022-41886", - "id": "pyup.io-51945", - "more_info_path": "/vulnerabilities/CVE-2022-41886/51945", - "specs": [ - "<2.8.4", - ">=2.9.0rc0,<2.9.3", - ">=2.10.0rc0,<2.10.1" - ], - "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" - }, { "advisory": "TensorFlow is an open source platform for machine learning. An input 'sparse_matrix' that is not a matrix with a shape with rank 0 will trigger a 'CHECK' fail in 'tf.raw_ops.SparseMatrixNNZ'. We have patched the issue in GitHub commit f856d02e5322821aad155dad9b3acab1e9f5d693. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.", "cve": "CVE-2022-41901", @@ -128319,10 +130323,10 @@ "v": ">=1.15.0rc0,<1.15.4,>=2.0.0a0,<2.0.3,>=2.1.0rc0,<2.1.2,>=2.2.0rc0,<2.2.1,>=2.3.0rc0,<2.3.1" }, { - "advisory": "Tensorflow versions 1.15.2 and 2.0.1 update its dependency \"SQLite\" to handle CVE-2019-19646.", - "cve": "CVE-2019-19646", - "id": "pyup.io-39537", - "more_info_path": "/vulnerabilities/CVE-2019-19646/39537", + "advisory": "Tensorflow versions 1.15.2 and 2.0.1 updates 'sqlite3' to handle CVE-2019-16168.", + "cve": "CVE-2019-16168", + "id": "pyup.io-39568", + "more_info_path": "/vulnerabilities/CVE-2019-16168/39568", "specs": [ ">=2.0.0a0,<2.0.1", "<1.15.2" @@ -128330,10 +130334,10 @@ "v": ">=2.0.0a0,<2.0.1,<1.15.2" }, { - "advisory": "Tensorflow versions 1.15.2 and 2.0.1 updates 'sqlite3' to handle CVE-2019-16168.", - "cve": "CVE-2019-16168", - "id": "pyup.io-39568", - "more_info_path": "/vulnerabilities/CVE-2019-16168/39568", + "advisory": "Tensorflow versions 1.15.2 and 2.0.1 update its dependency \"SQLite\" to handle CVE-2019-19646.", + "cve": "CVE-2019-19646", + "id": "pyup.io-39537", + "more_info_path": "/vulnerabilities/CVE-2019-19646/39537", "specs": [ ">=2.0.0a0,<2.0.1", "<1.15.2" @@ -128464,30 +130468,30 @@ "v": ">=2.2.0rc0,<2.2.1,>=2.3.0rc0,<2.3.1" }, { - "advisory": "TensorFlow version 2.3.1 includes a fix for CVE-2020-15197: In Tensorflow before version 2.3.1, the \"SparseCountSparseOutput\" implementation does not validate that the input arguments form a valid sparse tensor. In particular, there is no validation that the \"indices\" tensor has rank 2. This tensor must be a matrix because code assumes its elements are accessed as elements of a matrix. However, malicious users can pass in tensors of different rank, resulting in a \"CHECK\" assertion failure and a crash. This can be used to cause denial of service in serving installations, if users are allowed to control the components of the input sparse tensor. The issue was patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02.", - "cve": "CVE-2020-15197", - "id": "pyup.io-39866", - "more_info_path": "/vulnerabilities/CVE-2020-15197/39866", + "advisory": "TensorFlow 2.3.1 includes a fix for CVE-2020-15201: In Tensorflow before version 2.3.1, the \"RaggedCountSparseOutput\" implementation does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the values in the \"splits\" tensor generate a valid partitioning of the \"values\" tensor. Hence, the code is prone to heap buffer overflow. If \"split_values\" does not end with a value at least \"num_values\" then the \"while\" loop condition will trigger a read outside of the bounds of \"split_values\" once \"batch_idx\" grows too large. The issue was patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-p5f8-gfw5-33w4", + "cve": "CVE-2020-15201", + "id": "pyup.io-39862", + "more_info_path": "/vulnerabilities/CVE-2020-15201/39862", "specs": [ ">=2.3.0rc0,<2.3.1" ], "v": ">=2.3.0rc0,<2.3.1" }, { - "advisory": "TensorFlow 2.3.1 includes a fix for CVE-2020-15201: In Tensorflow before version 2.3.1, the \"RaggedCountSparseOutput\" implementation does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the values in the \"splits\" tensor generate a valid partitioning of the \"values\" tensor. Hence, the code is prone to heap buffer overflow. If \"split_values\" does not end with a value at least \"num_values\" then the \"while\" loop condition will trigger a read outside of the bounds of \"split_values\" once \"batch_idx\" grows too large. The issue was patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-p5f8-gfw5-33w4", - "cve": "CVE-2020-15201", - "id": "pyup.io-39862", - "more_info_path": "/vulnerabilities/CVE-2020-15201/39862", + "advisory": "TensorFlow version 2.3.1 includes a fix for CVE-2020-15196: In Tensorflow version 2.3.0, the \"SparseCountSparseOutput\" and \"RaggedCountSparseOutput\" implementations don't validate that the \"weights\" tensor has the same shape as the data. The check exists for \"DenseCountSparseOutput\", where both tensors are fully specified. In the sparse and ragged count weights are still accessed in parallel with the data. But, since there is no validation, a user passing fewer weights than the values for the tensors can generate a read from outside the bounds of the heap buffer allocated for the weights. The issue was patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-pg59-2f92-5cph", + "cve": "CVE-2020-15196", + "id": "pyup.io-39867", + "more_info_path": "/vulnerabilities/CVE-2020-15196/39867", "specs": [ ">=2.3.0rc0,<2.3.1" ], "v": ">=2.3.0rc0,<2.3.1" }, { - "advisory": "TensorFlow 2.3.1 includes a fix for CVE-2020-15199: In Tensorflow before version 2.3.1, the \"RaggedCountSparseOutput\" does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the \"splits\" tensor has the minimum required number of elements. Code uses this quantity to initialize a different data structure. Since \"BatchedMap\" is equivalent to a vector, it needs to have at least one element to not be \"nullptr\". If user passes a \"splits\" tensor that is empty or has exactly one element, we get a \"SIGABRT\" signal raised by the operating system. The issue was patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-x5cp-9pcf-pp3h", - "cve": "CVE-2020-15199", - "id": "pyup.io-39864", - "more_info_path": "/vulnerabilities/CVE-2020-15199/39864", + "advisory": "TensorFlow version 2.3.1 includes a fix for CVE-2020-15197: In Tensorflow before version 2.3.1, the \"SparseCountSparseOutput\" implementation does not validate that the input arguments form a valid sparse tensor. In particular, there is no validation that the \"indices\" tensor has rank 2. This tensor must be a matrix because code assumes its elements are accessed as elements of a matrix. However, malicious users can pass in tensors of different rank, resulting in a \"CHECK\" assertion failure and a crash. This can be used to cause denial of service in serving installations, if users are allowed to control the components of the input sparse tensor. The issue was patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02.", + "cve": "CVE-2020-15197", + "id": "pyup.io-39866", + "more_info_path": "/vulnerabilities/CVE-2020-15197/39866", "specs": [ ">=2.3.0rc0,<2.3.1" ], @@ -128503,6 +130507,16 @@ ], "v": ">=2.3.0rc0,<2.3.1" }, + { + "advisory": "TensorFlow 2.3.1 includes a fix for CVE-2020-15199: In Tensorflow before version 2.3.1, the \"RaggedCountSparseOutput\" does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the \"splits\" tensor has the minimum required number of elements. Code uses this quantity to initialize a different data structure. Since \"BatchedMap\" is equivalent to a vector, it needs to have at least one element to not be \"nullptr\". If user passes a \"splits\" tensor that is empty or has exactly one element, we get a \"SIGABRT\" signal raised by the operating system. The issue was patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-x5cp-9pcf-pp3h", + "cve": "CVE-2020-15199", + "id": "pyup.io-39864", + "more_info_path": "/vulnerabilities/CVE-2020-15199/39864", + "specs": [ + ">=2.3.0rc0,<2.3.1" + ], + "v": ">=2.3.0rc0,<2.3.1" + }, { "advisory": "TensorFlow 2.3.1 includes a fix for CVE-2020-15198: In Tensorflow before version 2.3.1, the \"SparseCountSparseOutput\" implementation does not validate that the input arguments form a valid sparse tensor. In particular, there is no validation that the \"indices\" tensor has the same shape as the \"values\" one. The values in these tensors are always accessed in parallel. Thus, a shape mismatch can result in accesses outside the bounds of heap allocated buffers. The issue was patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-jc87-6vpp-7ff3", "cve": "CVE-2020-15198", @@ -128514,14 +130528,30 @@ "v": ">=2.3.0rc0,<2.3.1" }, { - "advisory": "TensorFlow version 2.3.1 includes a fix for CVE-2020-15196: In Tensorflow version 2.3.0, the \"SparseCountSparseOutput\" and \"RaggedCountSparseOutput\" implementations don't validate that the \"weights\" tensor has the same shape as the data. The check exists for \"DenseCountSparseOutput\", where both tensors are fully specified. In the sparse and ragged count weights are still accessed in parallel with the data. But, since there is no validation, a user passing fewer weights than the values for the tensors can generate a read from outside the bounds of the heap buffer allocated for the weights. The issue was patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-pg59-2f92-5cph", - "cve": "CVE-2020-15196", - "id": "pyup.io-39867", - "more_info_path": "/vulnerabilities/CVE-2020-15196/39867", + "advisory": "TensorFlow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37642: In affected versions the implementation of 'tf.raw_ops.ResourceScatterDiv' is vulnerable to a division by 0 error. The implementation (https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/resource_variable_ops.cc#L865) uses a common class for all binary operations but fails to treat the division by 0 case separately. The Tensorflow team has patched the issue in GitHub commit 4aacb30888638da75023e6601149415b39763d76.", + "cve": "CVE-2021-37642", + "id": "pyup.io-41117", + "more_info_path": "/vulnerabilities/CVE-2021-37642/41117", "specs": [ - ">=2.3.0rc0,<2.3.1" + ">=2.3.0rc0,<2.3.4", + ">=2.4.0rc0,<2.4.3", + ">=2.5.0rc0,<2.5.1", + ">=2.6.0rc0,<2.6.0" ], - "v": ">=2.3.0rc0,<2.3.1" + "v": ">=2.3.0rc0,<2.3.4,>=2.4.0rc0,<2.4.3,>=2.5.0rc0,<2.5.1,>=2.6.0rc0,<2.6.0" + }, + { + "advisory": "TensorFlow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37637: It is possible to trigger a null pointer dereference in TensorFlow by passing an invalid input to `tf.raw_ops.CompressElement`. The [implementation](https://github.com/tensorflow/tensorflow/blob/47a06f40411a69c99f381495f490536972152ac0/tensorflow/core/data/compression_utils.cc#L34) was accessing the size of a buffer obtained from the return of a separate function call before validating that said buffer is valid. The Tensorflow team has patched the issue in GitHub commit 5dc7f6981fdaf74c8c5be41f393df705841fb7c5.", + "cve": "CVE-2021-37637", + "id": "pyup.io-41112", + "more_info_path": "/vulnerabilities/CVE-2021-37637/41112", + "specs": [ + ">=2.3.0rc0,<2.3.4", + ">=2.4.0rc0,<2.4.3", + ">=2.5.0rc0,<2.5.1", + ">=2.6.0rc0,<2.6.0" + ], + "v": ">=2.3.0rc0,<2.3.4,>=2.4.0rc0,<2.4.3,>=2.5.0rc0,<2.5.1,>=2.6.0rc0,<2.6.0" }, { "advisory": "TensorFlow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37671: In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in 'tf.raw_ops.Map*' and 'tf.raw_ops.OrderedMap*' operations. The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/map_stage_op.cc#L222-L248) has a check in place to ensure that 'indices' is in ascending order, but does not check that 'indices' is not empty. The Tensorflow team has patched the issue in GitHub commit 532f5c5a547126c634fefd43bbad1dc6417678ac.", @@ -128588,19 +130618,6 @@ ], "v": ">=2.3.0rc0,<2.3.4,>=2.4.0rc0,<2.4.3,>=2.5.0rc0,<2.5.1,>=2.6.0rc0,<2.6.0" }, - { - "advisory": "TensorFlow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37642: In affected versions the implementation of 'tf.raw_ops.ResourceScatterDiv' is vulnerable to a division by 0 error. The implementation (https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/resource_variable_ops.cc#L865) uses a common class for all binary operations but fails to treat the division by 0 case separately. The Tensorflow team has patched the issue in GitHub commit 4aacb30888638da75023e6601149415b39763d76.", - "cve": "CVE-2021-37642", - "id": "pyup.io-41117", - "more_info_path": "/vulnerabilities/CVE-2021-37642/41117", - "specs": [ - ">=2.3.0rc0,<2.3.4", - ">=2.4.0rc0,<2.4.3", - ">=2.5.0rc0,<2.5.1", - ">=2.6.0rc0,<2.6.0" - ], - "v": ">=2.3.0rc0,<2.3.4,>=2.4.0rc0,<2.4.3,>=2.5.0rc0,<2.5.1,>=2.6.0rc0,<2.6.0" - }, { "advisory": "TensorFlow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37683: In affected versions the implementation of division in TFLite is vulnerable to a division by 0 error (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/lite/kernels/div.cc). There is no check that the divisor tensor does not contain zero elements. The Tensorflow team has patched the issue in GitHub commit 1e206baedf8bef0334cca3eb92bab134ef525a28.", "cve": "CVE-2021-37683", @@ -128627,19 +130644,6 @@ ], "v": ">=2.3.0rc0,<2.3.4,>=2.4.0rc0,<2.4.3,>=2.5.0rc0,<2.5.1,>=2.6.0rc0,<2.6.0" }, - { - "advisory": "TensorFlow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37637: It is possible to trigger a null pointer dereference in TensorFlow by passing an invalid input to `tf.raw_ops.CompressElement`. The [implementation](https://github.com/tensorflow/tensorflow/blob/47a06f40411a69c99f381495f490536972152ac0/tensorflow/core/data/compression_utils.cc#L34) was accessing the size of a buffer obtained from the return of a separate function call before validating that said buffer is valid. The Tensorflow team has patched the issue in GitHub commit 5dc7f6981fdaf74c8c5be41f393df705841fb7c5.", - "cve": "CVE-2021-37637", - "id": "pyup.io-41112", - "more_info_path": "/vulnerabilities/CVE-2021-37637/41112", - "specs": [ - ">=2.3.0rc0,<2.3.4", - ">=2.4.0rc0,<2.4.3", - ">=2.5.0rc0,<2.5.1", - ">=2.6.0rc0,<2.6.0" - ], - "v": ">=2.3.0rc0,<2.3.4,>=2.4.0rc0,<2.4.3,>=2.5.0rc0,<2.5.1,>=2.6.0rc0,<2.6.0" - }, { "advisory": "TensorFlow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37636: In affected versions the implementation of 'tf.raw_ops.SparseDenseCwiseDiv' is vulnerable to a division by 0 error. The implementation (https://github.com/tensorflow/tensorflow/blob/a1bc56203f21a5a4995311825ffaba7a670d7747/tensorflow/core/kernels/sparse_dense_binary_op_shared.cc#L56) uses a common class for all binary operations but fails to treat the division by 0 case separately. The Tensorflow team has patched the issue in GitHub commit d9204be9f49520cdaaeb2541d1dc5187b23f31d9.", "cve": "CVE-2021-37636", @@ -128654,10 +130658,10 @@ "v": ">=2.3.0rc0,<2.3.4,>=2.4.0rc0,<2.4.3,>=2.5.0rc0,<2.5.1,>=2.6.0rc0,<2.6.0" }, { - "advisory": "TensorFlow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37649: The code for 'tf.raw_ops.UncompressElement' can be made to trigger a null pointer dereference. The implementation (https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/data/experimental/compression_ops.cc#L50-L53) obtains a pointer to a 'CompressedElement' from a 'Variant' tensor and then proceeds to dereference it for decompressing. There is no check that the 'Variant' tensor contained a 'CompressedElement', so the pointer is actually 'nullptr'. The Tensorflow team has patched the issue in GitHub commit 7bdf50bb4f5c54a4997c379092888546c97c3ebd.", - "cve": "CVE-2021-37649", - "id": "pyup.io-41124", - "more_info_path": "/vulnerabilities/CVE-2021-37649/41124", + "advisory": "TensorFlow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37647: When a user does not supply arguments that determine a valid sparse tensor, 'tf.raw_ops.SparseTensorSliceDataset' implementation can be made to dereference a null pointer. The implementation (https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/data/sparse_tensor_slice_dataset_op.cc#L240-L251) has some argument validation but fails to consider the case when either 'indices' or 'values' are provided for an empty sparse tensor when the other is not. If 'indices' is empty, then code that performs validation (https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/data/sparse_tensor_slice_dataset_op.cc#L260-L261) (i.e., checking that the indices are monotonically increasing) results in a null pointer dereference. If 'indices' as provided by the user is empty, then 'indices' in the C++ code above is backed by an empty 'std::vector', hence calling 'indices->dim_size(0)' results in null pointer dereferencing (same as calling 'std::vector::at()' on an empty vector). The Tensorflow team has patched the issue in GitHub commit 02cc160e29d20631de3859c6653184e3f876b9d7.", + "cve": "CVE-2021-37647", + "id": "pyup.io-41122", + "more_info_path": "/vulnerabilities/CVE-2021-37647/41122", "specs": [ ">=2.3.0rc0,<2.3.4", ">=2.5.0rc0,<2.5.1", @@ -128667,10 +130671,10 @@ "v": ">=2.3.0rc0,<2.3.4,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.6.0rc0,<2.6.0" }, { - "advisory": "TensorFlow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37647: When a user does not supply arguments that determine a valid sparse tensor, 'tf.raw_ops.SparseTensorSliceDataset' implementation can be made to dereference a null pointer. The implementation (https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/data/sparse_tensor_slice_dataset_op.cc#L240-L251) has some argument validation but fails to consider the case when either 'indices' or 'values' are provided for an empty sparse tensor when the other is not. If 'indices' is empty, then code that performs validation (https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/data/sparse_tensor_slice_dataset_op.cc#L260-L261) (i.e., checking that the indices are monotonically increasing) results in a null pointer dereference. If 'indices' as provided by the user is empty, then 'indices' in the C++ code above is backed by an empty 'std::vector', hence calling 'indices->dim_size(0)' results in null pointer dereferencing (same as calling 'std::vector::at()' on an empty vector). The Tensorflow team has patched the issue in GitHub commit 02cc160e29d20631de3859c6653184e3f876b9d7.", - "cve": "CVE-2021-37647", - "id": "pyup.io-41122", - "more_info_path": "/vulnerabilities/CVE-2021-37647/41122", + "advisory": "TensorFlow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37656: In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in 'tf.raw_ops.RaggedTensorToSparse'. The implementation (https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/ragged_tensor_to_sparse_kernel.cc#L30) has an incomplete validation of the splits values: it does not check that they are in increasing order. The Tensorflow team has patched the issue in GitHub commit 1071f554dbd09f7e101324d366eec5f4fe5a3ece.", + "cve": "CVE-2021-37656", + "id": "pyup.io-41131", + "more_info_path": "/vulnerabilities/CVE-2021-37656/41131", "specs": [ ">=2.3.0rc0,<2.3.4", ">=2.5.0rc0,<2.5.1", @@ -128680,10 +130684,10 @@ "v": ">=2.3.0rc0,<2.3.4,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.6.0rc0,<2.6.0" }, { - "advisory": "TensorFlow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37651: In affected versions the implementation for 'tf.raw_ops.FractionalAvgPoolGrad' can be tricked into accessing data outside of bounds of heap allocated buffers. The implementation (https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/fractional_avg_pool_op.cc#L205) does not validate that the input tensor is non-empty. Thus, code constructs an empty 'EigenDoubleMatrixMap' and then accesses this buffer with indices that are outside of the empty area. The Tensorflow team has patched the issue in GitHub commit 0f931751fb20f565c4e94aa6df58d54a003cdb30.", - "cve": "CVE-2021-37651", - "id": "pyup.io-41126", - "more_info_path": "/vulnerabilities/CVE-2021-37651/41126", + "advisory": "TensorFlow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37664: In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to `BoostedTreesSparseCalculateBestFeatureSplit`. The [implementation](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/boosted_trees/stats_ops.cc) needs to validate that each value in `stats_summary_indices` is in range. The Tensorflow team has patched the issue in GitHub commit e84c975313e8e8e38bb2ea118196369c45c51378.", + "cve": "CVE-2021-37664", + "id": "pyup.io-41139", + "more_info_path": "/vulnerabilities/CVE-2021-37664/41139", "specs": [ ">=2.3.0rc0,<2.3.4", ">=2.5.0rc0,<2.5.1", @@ -128693,10 +130697,10 @@ "v": ">=2.3.0rc0,<2.3.4,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.6.0rc0,<2.6.0" }, { - "advisory": "TensorFlow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37654: In affected versions an attacker can trigger a crash via a 'CHECK'-fail in debug builds of TensorFlow using 'tf.raw_ops.ResourceGather' or a read from outside the bounds of heap allocated data in the same API in a release build. The implementation (https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/resource_variable_ops.cc#L660-L668) does not check that the 'batch_dims' value that the user supplies is less than the rank of the input tensor. Since the implementation uses several for loops over the dimensions of 'tensor', this results in reading data from outside the bounds of heap allocated buffer backing the tensor. The Tensorflow team has patched the issue in GitHub commit bc9c546ce7015c57c2f15c168b3d9201de679a1d.", - "cve": "CVE-2021-37654", - "id": "pyup.io-41129", - "more_info_path": "/vulnerabilities/CVE-2021-37654/41129", + "advisory": "TensorFlow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37652: In affected versions the implementation for 'tf.raw_ops.BoostedTreesCreateEnsemble' can result in a use after free error if an attacker supplies specially crafted arguments. The implementation (https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/boosted_trees/resource_ops.cc#L55) uses a reference counted resource and decrements the refcount if the initialization fails, as it should. However, when the code was written, the resource was represented as a naked pointer but later refactoring has changed it to be a smart pointer. Thus, when the pointer leaves the scope, a subsequent 'free'-ing of the resource occurs, but this fails to take into account that the refcount has already reached 0, thus the resource has been already freed. During this double-free process, members of the resource object are accessed for cleanup but they are invalid as the entire resource has been freed. The Tensorflow team has patched the issue in GitHub commit 5ecec9c6fbdbc6be03295685190a45e7eee726ab.", + "cve": "CVE-2021-37652", + "id": "pyup.io-41127", + "more_info_path": "/vulnerabilities/CVE-2021-37652/41127", "specs": [ ">=2.3.0rc0,<2.3.4", ">=2.5.0rc0,<2.5.1", @@ -128706,10 +130710,10 @@ "v": ">=2.3.0rc0,<2.3.4,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.6.0rc0,<2.6.0" }, { - "advisory": "TensorFlow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37639: When restoring tensors via raw APIs, if the tensor name is not provided, TensorFlow can be tricked into dereferencing a null pointer. Alternatively, attackers can read memory outside the bounds of heap allocated data by providing some tensor names but not enough for a successful restoration. The implementation (https://github.com/tensorflow/tensorflow/blob/47a06f40411a69c99f381495f490536972152ac0/tensorflow/core/kernels/save_restore_tensor.cc#L158-L159) retrieves the tensor list corresponding to the 'tensor_name' user controlled input and immediately retrieves the tensor at the restoration index (controlled via 'preferred_shard' argument). This occurs without validating that the provided list has enough values. If the list is empty this results in dereferencing a null pointer (undefined behavior). If, however, the list has some elements and if the restoration index is outside the bounds, this results in heap OOB read. The Tensorflow team has patched the issue in GitHub commit 9e82dce6e6bd1f36a57e08fa85af213e2b2f2622.", - "cve": "CVE-2021-37639", - "id": "pyup.io-41114", - "more_info_path": "/vulnerabilities/CVE-2021-37639/41114", + "advisory": "TensorFlow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37649: The code for 'tf.raw_ops.UncompressElement' can be made to trigger a null pointer dereference. The implementation (https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/data/experimental/compression_ops.cc#L50-L53) obtains a pointer to a 'CompressedElement' from a 'Variant' tensor and then proceeds to dereference it for decompressing. There is no check that the 'Variant' tensor contained a 'CompressedElement', so the pointer is actually 'nullptr'. The Tensorflow team has patched the issue in GitHub commit 7bdf50bb4f5c54a4997c379092888546c97c3ebd.", + "cve": "CVE-2021-37649", + "id": "pyup.io-41124", + "more_info_path": "/vulnerabilities/CVE-2021-37649/41124", "specs": [ ">=2.3.0rc0,<2.3.4", ">=2.5.0rc0,<2.5.1", @@ -128719,10 +130723,10 @@ "v": ">=2.3.0rc0,<2.3.4,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.6.0rc0,<2.6.0" }, { - "advisory": "TensorFlow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37656: In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in 'tf.raw_ops.RaggedTensorToSparse'. The implementation (https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/ragged_tensor_to_sparse_kernel.cc#L30) has an incomplete validation of the splits values: it does not check that they are in increasing order. The Tensorflow team has patched the issue in GitHub commit 1071f554dbd09f7e101324d366eec5f4fe5a3ece.", - "cve": "CVE-2021-37656", - "id": "pyup.io-41131", - "more_info_path": "/vulnerabilities/CVE-2021-37656/41131", + "advisory": "TensorFlow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37651: In affected versions the implementation for 'tf.raw_ops.FractionalAvgPoolGrad' can be tricked into accessing data outside of bounds of heap allocated buffers. The implementation (https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/fractional_avg_pool_op.cc#L205) does not validate that the input tensor is non-empty. Thus, code constructs an empty 'EigenDoubleMatrixMap' and then accesses this buffer with indices that are outside of the empty area. The Tensorflow team has patched the issue in GitHub commit 0f931751fb20f565c4e94aa6df58d54a003cdb30.", + "cve": "CVE-2021-37651", + "id": "pyup.io-41126", + "more_info_path": "/vulnerabilities/CVE-2021-37651/41126", "specs": [ ">=2.3.0rc0,<2.3.4", ">=2.5.0rc0,<2.5.1", @@ -128732,10 +130736,10 @@ "v": ">=2.3.0rc0,<2.3.4,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.6.0rc0,<2.6.0" }, { - "advisory": "TensorFlow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37664: In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to `BoostedTreesSparseCalculateBestFeatureSplit`. The [implementation](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/boosted_trees/stats_ops.cc) needs to validate that each value in `stats_summary_indices` is in range. The Tensorflow team has patched the issue in GitHub commit e84c975313e8e8e38bb2ea118196369c45c51378.", - "cve": "CVE-2021-37664", - "id": "pyup.io-41139", - "more_info_path": "/vulnerabilities/CVE-2021-37664/41139", + "advisory": "TensorFlow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37654: In affected versions an attacker can trigger a crash via a 'CHECK'-fail in debug builds of TensorFlow using 'tf.raw_ops.ResourceGather' or a read from outside the bounds of heap allocated data in the same API in a release build. The implementation (https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/resource_variable_ops.cc#L660-L668) does not check that the 'batch_dims' value that the user supplies is less than the rank of the input tensor. Since the implementation uses several for loops over the dimensions of 'tensor', this results in reading data from outside the bounds of heap allocated buffer backing the tensor. The Tensorflow team has patched the issue in GitHub commit bc9c546ce7015c57c2f15c168b3d9201de679a1d.", + "cve": "CVE-2021-37654", + "id": "pyup.io-41129", + "more_info_path": "/vulnerabilities/CVE-2021-37654/41129", "specs": [ ">=2.3.0rc0,<2.3.4", ">=2.5.0rc0,<2.5.1", @@ -128745,10 +130749,10 @@ "v": ">=2.3.0rc0,<2.3.4,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.6.0rc0,<2.6.0" }, { - "advisory": "TensorFlow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37652: In affected versions the implementation for 'tf.raw_ops.BoostedTreesCreateEnsemble' can result in a use after free error if an attacker supplies specially crafted arguments. The implementation (https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/boosted_trees/resource_ops.cc#L55) uses a reference counted resource and decrements the refcount if the initialization fails, as it should. However, when the code was written, the resource was represented as a naked pointer but later refactoring has changed it to be a smart pointer. Thus, when the pointer leaves the scope, a subsequent 'free'-ing of the resource occurs, but this fails to take into account that the refcount has already reached 0, thus the resource has been already freed. During this double-free process, members of the resource object are accessed for cleanup but they are invalid as the entire resource has been freed. The Tensorflow team has patched the issue in GitHub commit 5ecec9c6fbdbc6be03295685190a45e7eee726ab.", - "cve": "CVE-2021-37652", - "id": "pyup.io-41127", - "more_info_path": "/vulnerabilities/CVE-2021-37652/41127", + "advisory": "TensorFlow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37639: When restoring tensors via raw APIs, if the tensor name is not provided, TensorFlow can be tricked into dereferencing a null pointer. Alternatively, attackers can read memory outside the bounds of heap allocated data by providing some tensor names but not enough for a successful restoration. The implementation (https://github.com/tensorflow/tensorflow/blob/47a06f40411a69c99f381495f490536972152ac0/tensorflow/core/kernels/save_restore_tensor.cc#L158-L159) retrieves the tensor list corresponding to the 'tensor_name' user controlled input and immediately retrieves the tensor at the restoration index (controlled via 'preferred_shard' argument). This occurs without validating that the provided list has enough values. If the list is empty this results in dereferencing a null pointer (undefined behavior). If, however, the list has some elements and if the restoration index is outside the bounds, this results in heap OOB read. The Tensorflow team has patched the issue in GitHub commit 9e82dce6e6bd1f36a57e08fa85af213e2b2f2622.", + "cve": "CVE-2021-37639", + "id": "pyup.io-41114", + "more_info_path": "/vulnerabilities/CVE-2021-37639/41114", "specs": [ ">=2.3.0rc0,<2.3.4", ">=2.5.0rc0,<2.5.1", @@ -128847,6 +130851,20 @@ ], "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" }, + { + "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2 and 2.5.0 fix a division by 0 in 'Conv3DBackprop*'. See CVE-2021-29522.", + "cve": "CVE-2021-29522", + "id": "pyup.io-40681", + "more_info_path": "/vulnerabilities/CVE-2021-29522/40681", + "specs": [ + ">=2.5.0rc0,<2.5.0", + ">=2.1.0rc0,<2.1.4", + ">=2.2.0rc0,<2.2.3", + ">=2.3.0rc0,<2.3.3", + ">=2.4.0rc0,<2.4.2" + ], + "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" + }, { "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2 and 2.5.0 fix a 'CHECK'-fail in 'SparseCross' caused by type confusion. See CVE-2021-29519.", "cve": "CVE-2021-29519", @@ -128862,10 +130880,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" }, { - "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2 and 2.5.0 fix a division by 0 in 'Conv3DBackprop*'. See CVE-2021-29522.", - "cve": "CVE-2021-29522", - "id": "pyup.io-40681", - "more_info_path": "/vulnerabilities/CVE-2021-29522/40681", + "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29549: An attacker can cause a runtime division by zero error and denial of service in `tf.raw_ops.QuantizedBatchNormWithGlobalNormalization`. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/6f26b3f3418201479c264f2a02000880d8df151c/tensorflow/core/kernels/quantized_add_op.cc#L289-L295) computes a modulo operation without validating that the divisor is not zero. Since `vector_num_elements` is determined based on input shapes (https://github.com/tensorflow/tensorflow/blob/6f26b3f3418201479c264f2a02000880d8df151c/tensorflow/core/kernels/quantized_add_op.cc#L522-L544), a user can trigger scenarios where this quantity is 0.", + "cve": "CVE-2021-29549", + "id": "pyup.io-40706", + "more_info_path": "/vulnerabilities/CVE-2021-29549/40706", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.1.0rc0,<2.1.4", @@ -128917,20 +130935,6 @@ ], "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" }, - { - "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29549: An attacker can cause a runtime division by zero error and denial of service in `tf.raw_ops.QuantizedBatchNormWithGlobalNormalization`. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/6f26b3f3418201479c264f2a02000880d8df151c/tensorflow/core/kernels/quantized_add_op.cc#L289-L295) computes a modulo operation without validating that the divisor is not zero. Since `vector_num_elements` is determined based on input shapes (https://github.com/tensorflow/tensorflow/blob/6f26b3f3418201479c264f2a02000880d8df151c/tensorflow/core/kernels/quantized_add_op.cc#L522-L544), a user can trigger scenarios where this quantity is 0.", - "cve": "CVE-2021-29549", - "id": "pyup.io-40706", - "more_info_path": "/vulnerabilities/CVE-2021-29549/40706", - "specs": [ - ">=2.5.0rc0,<2.5.0", - ">=2.1.0rc0,<2.1.4", - ">=2.2.0rc0,<2.2.3", - ">=2.3.0rc0,<2.3.3", - ">=2.4.0rc0,<2.4.2" - ], - "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" - }, { "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix fixes a heap buffer overflow caused by rounding. See CVE-2021-29529.", "cve": "CVE-2021-29529", @@ -129170,10 +131174,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3" }, { - "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap buffer overflow in 'StringNGrams'. See CVE-2021-29542.", - "cve": "CVE-2021-29542", - "id": "pyup.io-40699", - "more_info_path": "/vulnerabilities/CVE-2021-29542/40699", + "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29536: An attacker can cause a heap buffer overflow in 'QuantizedReshape' by passing in invalid thresholds for the quantization. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/a324ac84e573fba362a5e53d4e74d5de6729933e/tensorflow/core/kernels/quantized_reshape_op.cc#L38-L55) assumes that the 2 arguments are always valid scalars and tries to access the numeric value directly. However, if any of these tensors is empty, then '.flat()' is an empty buffer and accessing the element at position 0 results in overflow.", + "cve": "CVE-2021-29536", + "id": "pyup.io-40696", + "more_info_path": "/vulnerabilities/CVE-2021-29536/40696", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.1.0rc0,<2.1.4", @@ -129184,10 +131188,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2,>=2.2.0rc0,<2.2.3" }, { - "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29536: An attacker can cause a heap buffer overflow in 'QuantizedReshape' by passing in invalid thresholds for the quantization. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/a324ac84e573fba362a5e53d4e74d5de6729933e/tensorflow/core/kernels/quantized_reshape_op.cc#L38-L55) assumes that the 2 arguments are always valid scalars and tries to access the numeric value directly. However, if any of these tensors is empty, then '.flat()' is an empty buffer and accessing the element at position 0 results in overflow.", - "cve": "CVE-2021-29536", - "id": "pyup.io-40696", - "more_info_path": "/vulnerabilities/CVE-2021-29536/40696", + "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap buffer overflow in 'StringNGrams'. See CVE-2021-29542.", + "cve": "CVE-2021-29542", + "id": "pyup.io-40699", + "more_info_path": "/vulnerabilities/CVE-2021-29542/40699", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.1.0rc0,<2.1.4", @@ -129380,10 +131384,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3" }, { - "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix an undefined behavior in 'MaxPool3DGradGrad'. See CVE-2021-29574.", - "cve": "CVE-2021-29574", - "id": "pyup.io-40728", - "more_info_path": "/vulnerabilities/CVE-2021-29574/40728", + "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29617: An attacker can cause a denial of service via `CHECK`-fail in `tf.strings.substr` with invalid arguments.", + "cve": "CVE-2021-29617", + "id": "pyup.io-40770", + "more_info_path": "/vulnerabilities/CVE-2021-29617/40770", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.3.0rc0,<2.3.3", @@ -129394,10 +131398,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a segfault in 'CTCBeamSearchDecoder'. See CVE-2021-29581.", - "cve": "CVE-2021-29581", - "id": "pyup.io-40734", - "more_info_path": "/vulnerabilities/CVE-2021-29581/40734", + "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix an undefined behavior in 'MaxPool3DGradGrad'. See CVE-2021-29574.", + "cve": "CVE-2021-29574", + "id": "pyup.io-40728", + "more_info_path": "/vulnerabilities/CVE-2021-29574/40728", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.3.0rc0,<2.3.3", @@ -129408,10 +131412,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29617: An attacker can cause a denial of service via `CHECK`-fail in `tf.strings.substr` with invalid arguments.", - "cve": "CVE-2021-29617", - "id": "pyup.io-40770", - "more_info_path": "/vulnerabilities/CVE-2021-29617/40770", + "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a segfault in 'CTCBeamSearchDecoder'. See CVE-2021-29581.", + "cve": "CVE-2021-29581", + "id": "pyup.io-40734", + "more_info_path": "/vulnerabilities/CVE-2021-29581/40734", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.3.0rc0,<2.3.3", @@ -129533,6 +131537,20 @@ ], "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.1.0rc0,<2.1.4" }, + { + "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29514: If the 'splits' argument of 'RaggedBincount' does not specify a valid 'SparseTensor' (https://www.tensorflow.org/api_docs/python/tf/sparse/SparseTensor), then an attacker can trigger a heap buffer overflow. This will cause a read from outside the bounds of the 'splits' tensor buffer in the implementation of the 'RaggedBincount' op (https://github.com/tensorflow/tensorflow/blob/8b677d79167799f71c42fd3fa074476e0295413a/tensorflow/core/kernels/bincount_op.cc#L430-L446). Before the 'for' loop, 'batch_idx' is set to 0. The attacker sets 'splits(0)' to be 7, hence the 'while' loop does not execute and 'batch_idx' remains 0. This then results in writing to 'out(-1, bin)', which is before the heap allocated buffer for the output tensor.", + "cve": "CVE-2021-29514", + "id": "pyup.io-40466", + "more_info_path": "/vulnerabilities/CVE-2021-29514/40466", + "specs": [ + ">=2.5.0rc0,<2.5.0", + ">=2.4.0rc0,<2.4.2", + ">=2.3.0rc0,<2.3.3", + ">=2.1.0rc0,<2.1.4", + ">=2.2.0rc0,<2.2.3" + ], + "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3" + }, { "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29589: The reference implementation of the `GatherNd` TFLite operator is vulnerable to a division by zero error (https://github.com/tensorflow/tensorflow/blob/0d45ea1ca641b21b73bcf9c00e0179cda284e7e7/tensorflow/lite/kernels/internal/reference/reference_ops.h#L966). An attacker can craft a model such that `params` input would be an empty tensor. In turn, `params_shape.Dims(.)` would be zero, in at least one dimension.", "cve": "CVE-2021-29589", @@ -129631,20 +131649,6 @@ ], "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3" }, - { - "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29514: If the 'splits' argument of 'RaggedBincount' does not specify a valid 'SparseTensor' (https://www.tensorflow.org/api_docs/python/tf/sparse/SparseTensor), then an attacker can trigger a heap buffer overflow. This will cause a read from outside the bounds of the 'splits' tensor buffer in the implementation of the 'RaggedBincount' op (https://github.com/tensorflow/tensorflow/blob/8b677d79167799f71c42fd3fa074476e0295413a/tensorflow/core/kernels/bincount_op.cc#L430-L446). Before the 'for' loop, 'batch_idx' is set to 0. The attacker sets 'splits(0)' to be 7, hence the 'while' loop does not execute and 'batch_idx' remains 0. This then results in writing to 'out(-1, bin)', which is before the heap allocated buffer for the output tensor.", - "cve": "CVE-2021-29514", - "id": "pyup.io-40466", - "more_info_path": "/vulnerabilities/CVE-2021-29514/40466", - "specs": [ - ">=2.5.0rc0,<2.5.0", - ">=2.4.0rc0,<2.4.2", - ">=2.3.0rc0,<2.3.3", - ">=2.1.0rc0,<2.1.4", - ">=2.2.0rc0,<2.2.3" - ], - "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3" - }, { "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a 'CHECK'-fail due to integer overflow. See CVE-2021-29584.", "cve": "CVE-2021-29584", @@ -129688,10 +131692,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap buffer overflow in 'AvgPool3DGrad'. See CVE-2021-29577.", - "cve": "CVE-2021-29577", - "id": "pyup.io-40730", - "more_info_path": "/vulnerabilities/CVE-2021-29577/40730", + "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29566: An attacker can write outside the bounds of heap allocated arrays by passing invalid arguments to 'tf.raw_ops.Dilation2DBackpropInput'. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/afd954e65f15aea4d438d0a219136fc4a63a573d/tensorflow/core/kernels/dilation_ops.cc#L321-L322) does not validate before writing to the output array. The values for 'h_out' and 'w_out' are guaranteed to be in range for 'out_backprop' (as they are loop indices bounded by the size of the array). However, there are no similar guarantees relating 'h_in_max'/'w_in_max' and 'in_backprop'.", + "cve": "CVE-2021-29566", + "id": "pyup.io-40722", + "more_info_path": "/vulnerabilities/CVE-2021-29566/40722", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -129702,10 +131706,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by zero in TFLite's implementation of 'DepthwiseConv'. See CVE-2021-29602.", - "cve": "CVE-2021-29602", - "id": "pyup.io-40754", - "more_info_path": "/vulnerabilities/CVE-2021-29602/40754", + "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a integer overflow in TFLite concatentation. See CVE-2021-29601.", + "cve": "CVE-2021-29601", + "id": "pyup.io-40756", + "more_info_path": "/vulnerabilities/CVE-2021-29601/40756", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -129716,10 +131720,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29566: An attacker can write outside the bounds of heap allocated arrays by passing invalid arguments to 'tf.raw_ops.Dilation2DBackpropInput'. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/afd954e65f15aea4d438d0a219136fc4a63a573d/tensorflow/core/kernels/dilation_ops.cc#L321-L322) does not validate before writing to the output array. The values for 'h_out' and 'w_out' are guaranteed to be in range for 'out_backprop' (as they are loop indices bounded by the size of the array). However, there are no similar guarantees relating 'h_in_max'/'w_in_max' and 'in_backprop'.", - "cve": "CVE-2021-29566", - "id": "pyup.io-40722", - "more_info_path": "/vulnerabilities/CVE-2021-29566/40722", + "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29550: An attacker can cause a runtime division by zero error and denial of service in `tf.raw_ops.FractionalAvgPool`. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/acc8ee69f5f46f92a3f1f11230f49c6ac266f10c/tensorflow/core/kernels/fractional_avg_pool_op.cc#L85-L89) computes a divisor quantity by dividing two user controlled values. The user controls the values of `input_size[i]` and `pooling_ratio_[i]` (via the `value.shape()` and `pooling_ratio` arguments). If the value in `input_size[i]` is smaller than the `pooling_ratio_[i]`, then the floor operation results in `output_size[i]` being 0. The `DCHECK_GT` line is a no-op outside of debug mode, so in released versions of TF this does not trigger. Later, these computed values are used as arguments (https://github.com/tensorflow/tensorflow/blob/acc8ee69f5f46f92a3f1f11230f49c6ac266f10c/tensorflow/core/kernels/fractional_avg_pool_op.cc#L96-L99) to `GeneratePoolingSequence`(https://github.com/tensorflow/tensorflow/blob/acc8ee69f5f46f92a3f1f11230f49c6ac266f10c/tensorflow/core/kernels/fractional_pool_common.cc#L100-L108). There, the first computation is a division in a modulo operation. Since `output_length` can be 0, this results in runtime crashing.", + "cve": "CVE-2021-29550", + "id": "pyup.io-40707", + "more_info_path": "/vulnerabilities/CVE-2021-29550/40707", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -129730,10 +131734,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a integer overflow in TFLite concatentation. See CVE-2021-29601.", - "cve": "CVE-2021-29601", - "id": "pyup.io-40756", - "more_info_path": "/vulnerabilities/CVE-2021-29601/40756", + "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29608: TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in 'tf.raw_ops.RaggedTensorToTensor', an attacker can exploit an undefined behavior if input arguments are empty. The implementation (https://github.com/tensorflow/tensorflow/blob/656e7673b14acd7835dc778867f84916c6d1cac2/tensorflow/core/kernels/ragged_tensor_to_tensor_op.cc#L356-L360) only checks that one of the tensors is not empty, but does not check for the other ones. There are multiple 'DCHECK' validations to prevent heap OOB, but these are no-op in release builds, hence they don't prevent anything.", + "cve": "CVE-2021-29608", + "id": "pyup.io-40760", + "more_info_path": "/vulnerabilities/CVE-2021-29608/40760", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -129744,10 +131748,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by zero in TFLite's implementation of 'OneHot'. See CVE-2021-29600.", - "cve": "CVE-2021-29600", - "id": "pyup.io-40753", - "more_info_path": "/vulnerabilities/CVE-2021-29600/40753", + "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by 0 in 'MaxPoolGradWithArgmax'. See CVE-2021-29573.", + "cve": "CVE-2021-29573", + "id": "pyup.io-40727", + "more_info_path": "/vulnerabilities/CVE-2021-29573/40727", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -129758,10 +131762,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29550: An attacker can cause a runtime division by zero error and denial of service in `tf.raw_ops.FractionalAvgPool`. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/acc8ee69f5f46f92a3f1f11230f49c6ac266f10c/tensorflow/core/kernels/fractional_avg_pool_op.cc#L85-L89) computes a divisor quantity by dividing two user controlled values. The user controls the values of `input_size[i]` and `pooling_ratio_[i]` (via the `value.shape()` and `pooling_ratio` arguments). If the value in `input_size[i]` is smaller than the `pooling_ratio_[i]`, then the floor operation results in `output_size[i]` being 0. The `DCHECK_GT` line is a no-op outside of debug mode, so in released versions of TF this does not trigger. Later, these computed values are used as arguments (https://github.com/tensorflow/tensorflow/blob/acc8ee69f5f46f92a3f1f11230f49c6ac266f10c/tensorflow/core/kernels/fractional_avg_pool_op.cc#L96-L99) to `GeneratePoolingSequence`(https://github.com/tensorflow/tensorflow/blob/acc8ee69f5f46f92a3f1f11230f49c6ac266f10c/tensorflow/core/kernels/fractional_pool_common.cc#L100-L108). There, the first computation is a division in a modulo operation. Since `output_length` can be 0, this results in runtime crashing.", - "cve": "CVE-2021-29550", - "id": "pyup.io-40707", - "more_info_path": "/vulnerabilities/CVE-2021-29550/40707", + "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap buffer overflow in 'MaxPool3DGradGrad'. See CVE-2021-29576.", + "cve": "CVE-2021-29576", + "id": "pyup.io-40729", + "more_info_path": "/vulnerabilities/CVE-2021-29576/40729", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -129772,10 +131776,94 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29608: TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in 'tf.raw_ops.RaggedTensorToTensor', an attacker can exploit an undefined behavior if input arguments are empty. The implementation (https://github.com/tensorflow/tensorflow/blob/656e7673b14acd7835dc778867f84916c6d1cac2/tensorflow/core/kernels/ragged_tensor_to_tensor_op.cc#L356-L360) only checks that one of the tensors is not empty, but does not check for the other ones. There are multiple 'DCHECK' validations to prevent heap OOB, but these are no-op in release builds, hence they don't prevent anything.", - "cve": "CVE-2021-29608", - "id": "pyup.io-40760", - "more_info_path": "/vulnerabilities/CVE-2021-29608/40760", + "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29616: The implementation of TrySimplify (https://github.com/tensorflow/tensorflow/blob/c22d88d6ff33031aa113e48aa3fc9aa74ed79595/tensorflow/core/grappler/optimizers/arithmetic_optimizer.cc#L390-L401) has undefined behavior due to dereferencing a null pointer in corner cases that result in optimizing a node with no inputs.", + "cve": "CVE-2021-29616", + "id": "pyup.io-40768", + "more_info_path": "/vulnerabilities/CVE-2021-29616/40768", + "specs": [ + ">=2.5.0rc0,<2.5.0", + ">=2.4.0rc0,<2.4.2", + ">=2.3.0rc0,<2.3.3", + ">=2.2.0rc0,<2.2.3", + ">=2.1.0rc0,<2.1.4" + ], + "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" + }, + { + "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap OOB read in 'tf.raw_ops.Dequantize'. See CVE-2021-29582.", + "cve": "CVE-2021-29582", + "id": "pyup.io-40735", + "more_info_path": "/vulnerabilities/CVE-2021-29582/40735", + "specs": [ + ">=2.5.0rc0,<2.5.0", + ">=2.4.0rc0,<2.4.2", + ">=2.3.0rc0,<2.3.3", + ">=2.2.0rc0,<2.2.3", + ">=2.1.0rc0,<2.1.4" + ], + "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" + }, + { + "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix an overflow and a denial of service in 'tf.raw_ops.ReverseSequence'. See CVE-2021-29575.", + "cve": "CVE-2021-29575", + "id": "pyup.io-40726", + "more_info_path": "/vulnerabilities/CVE-2021-29575/40726", + "specs": [ + ">=2.5.0rc0,<2.5.0", + ">=2.4.0rc0,<2.4.2", + ">=2.3.0rc0,<2.3.3", + ">=2.2.0rc0,<2.2.3", + ">=2.1.0rc0,<2.1.4" + ], + "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" + }, + { + "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by zero in TFLite's implementation of 'DepthwiseConv'. See CVE-2021-29602.", + "cve": "CVE-2021-29602", + "id": "pyup.io-40754", + "more_info_path": "/vulnerabilities/CVE-2021-29602/40754", + "specs": [ + ">=2.5.0rc0,<2.5.0", + ">=2.4.0rc0,<2.4.2", + ">=2.3.0rc0,<2.3.3", + ">=2.2.0rc0,<2.2.3", + ">=2.1.0rc0,<2.1.4" + ], + "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" + }, + { + "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap buffer overflow in 'AvgPool3DGrad'. See CVE-2021-29577.", + "cve": "CVE-2021-29577", + "id": "pyup.io-40730", + "more_info_path": "/vulnerabilities/CVE-2021-29577/40730", + "specs": [ + ">=2.5.0rc0,<2.5.0", + ">=2.4.0rc0,<2.4.2", + ">=2.3.0rc0,<2.3.3", + ">=2.2.0rc0,<2.2.3", + ">=2.1.0rc0,<2.1.4" + ], + "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" + }, + { + "advisory": "Tensorflow 2.5.0, 2.4.2, 2.3.3, 2.2.3, and 2.1.4 include a fix for CVE-2021-29572: The implementation of `tf.raw_ops.SdcaOptimizer` triggers undefined behavior due to dereferencing a null pointer. The implementation (https://github.com/tensorflow/tensorflow/blob/60a45c8b6192a4699f2e2709a2645a751d435cc3/tensorflow/core/kernels/sdca_internal.cc) does not validate that the user supplied arguments satisfy all constraints expected by the op(https://www.tensorflow.org/api_docs/python/tf/raw_ops/SdcaOptimizer).", + "cve": "CVE-2021-29572", + "id": "pyup.io-40471", + "more_info_path": "/vulnerabilities/CVE-2021-29572/40471", + "specs": [ + ">=2.5.0rc0,<2.5.0", + ">=2.4.0rc0,<2.4.2", + ">=2.3.0rc0,<2.3.3", + ">=2.2.0rc0,<2.2.3", + ">=2.1.0rc0,<2.1.4" + ], + "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" + }, + { + "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by zero in TFLite's implementation of 'OneHot'. See CVE-2021-29600.", + "cve": "CVE-2021-29600", + "id": "pyup.io-40753", + "more_info_path": "/vulnerabilities/CVE-2021-29600/40753", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -129799,6 +131887,20 @@ ], "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, + { + "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29560: An attacker can cause a heap buffer overflow in `tf.raw_ops.RaggedTensorToTensor`. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/d94227d43aa125ad8b54115c03cece54f6a1977b/tensorflow/core/kernels/ragged_tensor_to_tensor_op.cc#L219-L222) uses the same index to access two arrays in parallel. Since the user controls the shape of the input arguments, an attacker could trigger a heap OOB access when 'parent_output_index' is shorter than 'row_split'.", + "cve": "CVE-2021-29560", + "id": "pyup.io-40717", + "more_info_path": "/vulnerabilities/CVE-2021-29560/40717", + "specs": [ + ">=2.5.0rc0,<2.5.0", + ">=2.4.0rc0,<2.4.2", + ">=2.3.0rc0,<2.3.3", + ">=2.2.0rc0,<2.2.3", + ">=2.1.0rc0,<2.1.4" + ], + "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" + }, { "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by 0 in 'DenseCountSparseOutput'. See CVE-2021-29554.", "cve": "CVE-2021-29554", @@ -129869,20 +131971,6 @@ ], "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, - { - "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by 0 in 'MaxPoolGradWithArgmax'. See CVE-2021-29573.", - "cve": "CVE-2021-29573", - "id": "pyup.io-40727", - "more_info_path": "/vulnerabilities/CVE-2021-29573/40727", - "specs": [ - ">=2.5.0rc0,<2.5.0", - ">=2.4.0rc0,<2.4.2", - ">=2.3.0rc0,<2.3.3", - ">=2.2.0rc0,<2.2.3", - ">=2.1.0rc0,<2.1.4" - ], - "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" - }, { "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by zero in TFLite's implementation of 'SVDF'. See CVE-2021-29598.", "cve": "CVE-2021-29598", @@ -129953,20 +132041,6 @@ ], "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, - { - "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap buffer overflow in 'MaxPool3DGradGrad'. See CVE-2021-29576.", - "cve": "CVE-2021-29576", - "id": "pyup.io-40729", - "more_info_path": "/vulnerabilities/CVE-2021-29576/40729", - "specs": [ - ">=2.5.0rc0,<2.5.0", - ">=2.4.0rc0,<2.4.2", - ">=2.3.0rc0,<2.3.3", - ">=2.2.0rc0,<2.2.3", - ">=2.1.0rc0,<2.1.4" - ], - "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" - }, { "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29587: TensorFlow is an end-to-end open source platform for machine learning. The `Prepare` step of the `SpaceToDepth` TFLite operator does not check for 0 before division (https://github.com/tensorflow/tensorflow/blob/5f7975d09eac0f10ed8a17dbb6f5964977725adc/tensorflow/lite/kernels/space_to_depth.cc#L63-L67). An attacker can craft a model such that `params->block_size` would be zero.", "cve": "CVE-2021-29587", @@ -130009,20 +132083,6 @@ ], "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, - { - "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29616: The implementation of TrySimplify (https://github.com/tensorflow/tensorflow/blob/c22d88d6ff33031aa113e48aa3fc9aa74ed79595/tensorflow/core/grappler/optimizers/arithmetic_optimizer.cc#L390-L401) has undefined behavior due to dereferencing a null pointer in corner cases that result in optimizing a node with no inputs.", - "cve": "CVE-2021-29616", - "id": "pyup.io-40768", - "more_info_path": "/vulnerabilities/CVE-2021-29616/40768", - "specs": [ - ">=2.5.0rc0,<2.5.0", - ">=2.4.0rc0,<2.4.2", - ">=2.3.0rc0,<2.3.3", - ">=2.2.0rc0,<2.2.3", - ">=2.1.0rc0,<2.1.4" - ], - "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" - }, { "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a stack overflow due to looping TFLite subgraph. See CVE-2021-29591.", "cve": "CVE-2021-29591", @@ -130163,20 +132223,6 @@ ], "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, - { - "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap OOB read in 'tf.raw_ops.Dequantize'. See CVE-2021-29582.", - "cve": "CVE-2021-29582", - "id": "pyup.io-40735", - "more_info_path": "/vulnerabilities/CVE-2021-29582/40735", - "specs": [ - ">=2.5.0rc0,<2.5.0", - ">=2.4.0rc0,<2.4.2", - ">=2.3.0rc0,<2.3.3", - ">=2.2.0rc0,<2.2.3", - ">=2.1.0rc0,<2.1.4" - ], - "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" - }, { "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by zero in TFLite's implementation of 'SpaceToBatchNd'. See CVE-2021-29597.", "cve": "CVE-2021-29597", @@ -130191,20 +132237,6 @@ ], "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, - { - "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix an overflow and a denial of service in 'tf.raw_ops.ReverseSequence'. See CVE-2021-29575.", - "cve": "CVE-2021-29575", - "id": "pyup.io-40726", - "more_info_path": "/vulnerabilities/CVE-2021-29575/40726", - "specs": [ - ">=2.5.0rc0,<2.5.0", - ">=2.4.0rc0,<2.4.2", - ">=2.3.0rc0,<2.3.3", - ">=2.2.0rc0,<2.2.3", - ">=2.1.0rc0,<2.1.4" - ], - "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" - }, { "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by zero in optimized pooling implementations in TFLite. See CVE-2021-29586.", "cve": "CVE-2021-29586", @@ -130359,34 +132391,6 @@ ], "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, - { - "advisory": "Tensorflow 2.5.0, 2.4.2, 2.3.3, 2.2.3, and 2.1.4 include a fix for CVE-2021-29572: The implementation of `tf.raw_ops.SdcaOptimizer` triggers undefined behavior due to dereferencing a null pointer. The implementation (https://github.com/tensorflow/tensorflow/blob/60a45c8b6192a4699f2e2709a2645a751d435cc3/tensorflow/core/kernels/sdca_internal.cc) does not validate that the user supplied arguments satisfy all constraints expected by the op(https://www.tensorflow.org/api_docs/python/tf/raw_ops/SdcaOptimizer).", - "cve": "CVE-2021-29572", - "id": "pyup.io-40471", - "more_info_path": "/vulnerabilities/CVE-2021-29572/40471", - "specs": [ - ">=2.5.0rc0,<2.5.0", - ">=2.4.0rc0,<2.4.2", - ">=2.3.0rc0,<2.3.3", - ">=2.2.0rc0,<2.2.3", - ">=2.1.0rc0,<2.1.4" - ], - "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" - }, - { - "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29560: An attacker can cause a heap buffer overflow in `tf.raw_ops.RaggedTensorToTensor`. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/d94227d43aa125ad8b54115c03cece54f6a1977b/tensorflow/core/kernels/ragged_tensor_to_tensor_op.cc#L219-L222) uses the same index to access two arrays in parallel. Since the user controls the shape of the input arguments, an attacker could trigger a heap OOB access when 'parent_output_index' is shorter than 'row_split'.", - "cve": "CVE-2021-29560", - "id": "pyup.io-40717", - "more_info_path": "/vulnerabilities/CVE-2021-29560/40717", - "specs": [ - ">=2.5.0rc0,<2.5.0", - ">=2.4.0rc0,<2.4.2", - ">=2.3.0rc0,<2.3.3", - ">=2.2.0rc0,<2.2.3", - ">=2.1.0rc0,<2.1.4" - ], - "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" - }, { "advisory": "Tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29568: An attacker can trigger undefined behavior by binding to null pointer in `tf.raw_ops.ParameterizedTruncatedNormal`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/3f6fe4dfef6f57e768260b48166c27d148f3015f/tensorflow/core/kernels/parameterized_truncated_normal_op.cc#L630) does not validate input arguments before accessing the first element of `shape`. If `shape` argument is empty, then `shape_tensor.flat()` is an empty array.", "cve": "CVE-2021-29568", @@ -130441,10 +132445,10 @@ "v": ">=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.3.0rc0,<2.3.4,>=2.6.0rc0,<2.6.0" }, { - "advisory": "Tensorflow versions 2.5.1 and 2.6.0 include a fix for CVE-2021-37692:\r\nIn affected versions under certain conditions, Go code can trigger a segfault in string deallocation. For string tensors, \"C.TF_TString_Dealloc\" is called during garbage collection within a finalizer function. However, tensor structure isn't checked until encoding to avoid a performance penalty. The current method for dealloc assumes that encoding succeeded, but segfaults when a string tensor is garbage collected whose encoding failed (e.g., due to mismatched dimensions). To fix this, the call to set the finalizer function is deferred until \"NewTensor\" returns and, if encoding failed for a string tensor, deallocs are determined based on bytes written. The Tensorflow team has patched the issue in GitHub commit:\r\nhttps://github.com/tensorflow/tensorflow/commit/8721ba96e5760c229217b594f6d2ba332beedf22\r\nhttps://github.com/tensorflow/tensorflow/pull/50508\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-cmgw-8vpc-rc59", - "cve": "CVE-2021-37692", - "id": "pyup.io-41168", - "more_info_path": "/vulnerabilities/CVE-2021-37692/41168", + "advisory": "TensorFlow 2.5.1 and 2.6.0 include a fix for CVE-2021-37640: In affected versions the implementation of 'tf.raw_ops.SparseReshape' can be made to trigger an integral division by 0 exception. The implementation (https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/reshape_util.cc#L176-L181) calls the reshaping functor whenever there is at least an index in the input but does not check that shape of the input or the target shape have both a non-zero number of elements. The reshape functor (https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/reshape_util.cc#L40-L78) blindly divides by the dimensions of the target shape. Hence, if this is not checked, code will result in a division by 0. The Tensorflow team has patched the issue in GitHub commit 4923de56ec94fff7770df259ab7f2288a74feb41.", + "cve": "CVE-2021-37640", + "id": "pyup.io-41115", + "more_info_path": "/vulnerabilities/CVE-2021-37640/41115", "specs": [ ">=2.5.0rc0,<2.5.1", ">=2.6.0rc0,<2.6.0" @@ -130452,10 +132456,10 @@ "v": ">=2.5.0rc0,<2.5.1,>=2.6.0rc0,<2.6.0" }, { - "advisory": "TensorFlow 2.5.1 and 2.6.0 include a fix for CVE-2021-37640: In affected versions the implementation of 'tf.raw_ops.SparseReshape' can be made to trigger an integral division by 0 exception. The implementation (https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/reshape_util.cc#L176-L181) calls the reshaping functor whenever there is at least an index in the input but does not check that shape of the input or the target shape have both a non-zero number of elements. The reshape functor (https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/reshape_util.cc#L40-L78) blindly divides by the dimensions of the target shape. Hence, if this is not checked, code will result in a division by 0. The Tensorflow team has patched the issue in GitHub commit 4923de56ec94fff7770df259ab7f2288a74feb41.", - "cve": "CVE-2021-37640", - "id": "pyup.io-41115", - "more_info_path": "/vulnerabilities/CVE-2021-37640/41115", + "advisory": "Tensorflow versions 2.5.1 and 2.6.0 include a fix for CVE-2021-37692:\r\nIn affected versions under certain conditions, Go code can trigger a segfault in string deallocation. For string tensors, \"C.TF_TString_Dealloc\" is called during garbage collection within a finalizer function. However, tensor structure isn't checked until encoding to avoid a performance penalty. The current method for dealloc assumes that encoding succeeded, but segfaults when a string tensor is garbage collected whose encoding failed (e.g., due to mismatched dimensions). To fix this, the call to set the finalizer function is deferred until \"NewTensor\" returns and, if encoding failed for a string tensor, deallocs are determined based on bytes written. The Tensorflow team has patched the issue in GitHub commit:\r\nhttps://github.com/tensorflow/tensorflow/commit/8721ba96e5760c229217b594f6d2ba332beedf22\r\nhttps://github.com/tensorflow/tensorflow/pull/50508\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-cmgw-8vpc-rc59", + "cve": "CVE-2021-37692", + "id": "pyup.io-41168", + "more_info_path": "/vulnerabilities/CVE-2021-37692/41168", "specs": [ ">=2.5.0rc0,<2.5.1", ">=2.6.0rc0,<2.6.0" @@ -130476,10 +132480,10 @@ "v": ">=2.6.0a1,<2.6.0,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.3.0rc0,<2.3.4" }, { - "advisory": "Tensorflow version 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37668:\r\nIn affected versions, an attacker can cause denial of service in applications serving models using \"tf.raw_ops.UnravelIndex\" by triggering a division by 0. The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/unravel_index_op.cc#L36) does not check that the tensor subsumed by \"dims\" is not empty. Hence, if one element of \"dims\" is 0, the implementation does a division by 0. The Tensorflow team has patched the issue in GitHub commit a776040a5e7ebf76eeb7eb923bf1ae417dd4d233.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-2wmv-37vq-52g5\r\nhttps://github.com/tensorflow/tensorflow/commit/a776040a5e7ebf76eeb7eb923bf1ae417dd4d233", - "cve": "CVE-2021-37668", - "id": "pyup.io-41143", - "more_info_path": "/vulnerabilities/CVE-2021-37668/41143", + "advisory": "TensorFlow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37685: In affected versions TFLite's 'expand_dims.cc' (https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels/expand_dims.cc#L36-L50) contains a vulnerability which allows reading one element outside of bounds of heap allocated data. If 'axis' is a large negative value (e.g., '-100000'), then after the first 'if' it would still be negative. The check following the 'if' statement will pass and the 'for' loop would read one element before the start of 'input_dims.data' (when 'i = 0'). The Tensorflow team has patched the issue in GitHub commit d94ffe08a65400f898241c0374e9edc6fa8ed257.", + "cve": "CVE-2021-37685", + "id": "pyup.io-41160", + "more_info_path": "/vulnerabilities/CVE-2021-37685/41160", "specs": [ ">=2.6.0rc0,<2.6.0", ">=2.3.0rc0,<2.3.4", @@ -130489,10 +132493,23 @@ "v": ">=2.6.0rc0,<2.6.0,>=2.3.0rc0,<2.3.4,>=2.4.0rc0,<2.4.3,>=2.5.0rc0,<2.5.1" }, { - "advisory": "TensorFlow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37685: In affected versions TFLite's 'expand_dims.cc' (https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels/expand_dims.cc#L36-L50) contains a vulnerability which allows reading one element outside of bounds of heap allocated data. If 'axis' is a large negative value (e.g., '-100000'), then after the first 'if' it would still be negative. The check following the 'if' statement will pass and the 'for' loop would read one element before the start of 'input_dims.data' (when 'i = 0'). The Tensorflow team has patched the issue in GitHub commit d94ffe08a65400f898241c0374e9edc6fa8ed257.", - "cve": "CVE-2021-37685", - "id": "pyup.io-41160", - "more_info_path": "/vulnerabilities/CVE-2021-37685/41160", + "advisory": "TensorFlow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37676: In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in 'tf.raw_ops.SparseFillEmptyRows'. The shape inference implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/ops/sparse_ops.cc#L608-L634) does not validate that the input arguments are not empty tensors. The Tensorflow team has patched the issue in GitHub commit 578e634b4f1c1c684d4b4294f9e5281b2133b3ed.", + "cve": "CVE-2021-37676", + "id": "pyup.io-41151", + "more_info_path": "/vulnerabilities/CVE-2021-37676/41151", + "specs": [ + ">=2.6.0rc0,<2.6.0", + ">=2.3.0rc0,<2.3.4", + ">=2.4.0rc0,<2.4.3", + ">=2.5.0rc0,<2.5.1" + ], + "v": ">=2.6.0rc0,<2.6.0,>=2.3.0rc0,<2.3.4,>=2.4.0rc0,<2.4.3,>=2.5.0rc0,<2.5.1" + }, + { + "advisory": "Tensorflow version 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37668:\r\nIn affected versions, an attacker can cause denial of service in applications serving models using \"tf.raw_ops.UnravelIndex\" by triggering a division by 0. The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/unravel_index_op.cc#L36) does not check that the tensor subsumed by \"dims\" is not empty. Hence, if one element of \"dims\" is 0, the implementation does a division by 0. The Tensorflow team has patched the issue in GitHub commit a776040a5e7ebf76eeb7eb923bf1ae417dd4d233.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-2wmv-37vq-52g5\r\nhttps://github.com/tensorflow/tensorflow/commit/a776040a5e7ebf76eeb7eb923bf1ae417dd4d233", + "cve": "CVE-2021-37668", + "id": "pyup.io-41143", + "more_info_path": "/vulnerabilities/CVE-2021-37668/41143", "specs": [ ">=2.6.0rc0,<2.6.0", ">=2.3.0rc0,<2.3.4", @@ -130553,19 +132570,6 @@ ], "v": ">=2.6.0rc0,<2.6.0,>=2.3.0rc0,<2.3.4,>=2.4.0rc0,<2.4.3,>=2.5.0rc0,<2.5.1" }, - { - "advisory": "TensorFlow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37676: In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in 'tf.raw_ops.SparseFillEmptyRows'. The shape inference implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/ops/sparse_ops.cc#L608-L634) does not validate that the input arguments are not empty tensors. The Tensorflow team has patched the issue in GitHub commit 578e634b4f1c1c684d4b4294f9e5281b2133b3ed.", - "cve": "CVE-2021-37676", - "id": "pyup.io-41151", - "more_info_path": "/vulnerabilities/CVE-2021-37676/41151", - "specs": [ - ">=2.6.0rc0,<2.6.0", - ">=2.3.0rc0,<2.3.4", - ">=2.4.0rc0,<2.4.3", - ">=2.5.0rc0,<2.5.1" - ], - "v": ">=2.6.0rc0,<2.6.0,>=2.3.0rc0,<2.3.4,>=2.4.0rc0,<2.4.3,>=2.5.0rc0,<2.5.1" - }, { "advisory": "TensorFlow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37687: In affected versions TFLite's 'GatherNd' implementation (https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels/gather_nd.cc#L124) does not support negative indices but there are no checks for this situation. Hence, an attacker can read arbitrary data from the heap by carefully crafting a model with negative values in 'indices'. Similar issue exists in 'Gather' implementation (https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels/gather.cc). The Tensorflow team has patched the issue in GitHub commits bb6a0383ed553c286f87ca88c207f6774d5c4a8f and eb921122119a6b6e470ee98b89e65d721663179d.", "cve": "CVE-2021-37687", @@ -130748,6 +132752,32 @@ ], "v": ">=2.6.0rc0,<2.6.0,>=2.4.0rc0,<2.4.3,>=2.3.0rc0,<2.3.4,>=2.5.0rc0,<2.5.1" }, + { + "advisory": "Tensorflow 2.3.4, 2.4.3, 2.5.1, and 2.6.0 updates its dependency 'curl' to v7.77.0 to include security fixes.", + "cve": "CVE-2021-22876", + "id": "pyup.io-41107", + "more_info_path": "/vulnerabilities/CVE-2021-22876/41107", + "specs": [ + ">=2.6.0rc0,<2.6.0", + ">=2.5.0rc0,<2.5.1", + ">=2.4.0rc0,<2.4.3", + ">=2.3.0rc0,<2.3.4" + ], + "v": ">=2.6.0rc0,<2.6.0,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.3.0rc0,<2.3.4" + }, + { + "advisory": "Tensorflow version 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37670:\r\nIn affected versions, an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to \"tf.raw_ops.UpperBound\". The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/searchsorted_op.cc#L85-L104) does not validate the rank of \"sorted_input\" argument. A similar issue occurs in \"tf.raw_ops.LowerBound\". The Tensorflow team has patched the issue in GitHub commit 42459e4273c2e47a3232cc16c4f4fff3b3a35c38.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9697-98pf-4rw7\r\nhttps://github.com/tensorflow/tensorflow/commit/42459e4273c2e47a3232cc16c4f4fff3b3a35c38", + "cve": "CVE-2021-37670", + "id": "pyup.io-41145", + "more_info_path": "/vulnerabilities/CVE-2021-37670/41145", + "specs": [ + ">=2.6.0rc0,<2.6.0", + ">=2.5.0rc0,<2.5.1", + ">=2.4.0rc0,<2.4.3", + ">=2.3.0rc0,<2.3.4" + ], + "v": ">=2.6.0rc0,<2.6.0,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.3.0rc0,<2.3.4" + }, { "advisory": "TensorFlow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37655: TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a read from outside of bounds of heap allocated data by sending invalid arguments to 'tf.raw_ops.ResourceScatterUpdate'. The implementation (https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/resource_variable_ops.cc#L919-L923) has an incomplete validation of the relationship between the shapes of 'indices' and 'updates': instead of checking that the shape of 'indices' is a prefix of the shape of 'updates' (so that broadcasting can happen), code only checks that the number of elements in these two tensors are in a divisibility relationship. The Tensorflow team has patched the issue in GitHub commit 01cff3f986259d661103412a20745928c727326f.", "cve": "CVE-2021-37655", @@ -130761,6 +132791,19 @@ ], "v": ">=2.6.0rc0,<2.6.0,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.3.0rc0,<2.3.4" }, + { + "advisory": "Tensorflow version 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37673:\r\nIn affected versions, an attacker can trigger a denial of service via a \"CHECK\"-fail in \"tf.raw_ops.MapStage\". The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/map_stage_op.cc#L513) does not check that the \"key\" input is a valid non-empty tensor. The Tensorflow team has patched the issue in GitHub commit d7de67733925de196ec8863a33445b73f9562d1d.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-278g-rq84-9hmg\r\nhttps://github.com/tensorflow/tensorflow/commit/d7de67733925de196ec8863a33445b73f9562d1d", + "cve": "CVE-2021-37673", + "id": "pyup.io-41148", + "more_info_path": "/vulnerabilities/CVE-2021-37673/41148", + "specs": [ + ">=2.6.0rc0,<2.6.0", + ">=2.5.0rc0,<2.5.1", + ">=2.4.0rc0,<2.4.3", + ">=2.3.0rc0,<2.3.4" + ], + "v": ">=2.6.0rc0,<2.6.0,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.3.0rc0,<2.3.4" + }, { "advisory": "Tensorflow 2.3.4, 2.4.3, 2.5.1, and 2.6.0 updates its dependency 'curl' to v7.77.0 to include security fixes.", "cve": "CVE-2021-22901", @@ -130826,19 +132869,6 @@ ], "v": ">=2.6.0rc0,<2.6.0,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.3.0rc0,<2.3.4" }, - { - "advisory": "Tensorflow 2.3.4, 2.4.3, 2.5.1, and 2.6.0 updates its dependency 'curl' to v7.77.0 to include security fixes.", - "cve": "CVE-2021-22876", - "id": "pyup.io-41107", - "more_info_path": "/vulnerabilities/CVE-2021-22876/41107", - "specs": [ - ">=2.6.0rc0,<2.6.0", - ">=2.5.0rc0,<2.5.1", - ">=2.4.0rc0,<2.4.3", - ">=2.3.0rc0,<2.3.4" - ], - "v": ">=2.6.0rc0,<2.6.0,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.3.0rc0,<2.3.4" - }, { "advisory": "Tensorflow version 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37679:\r\nIn affected versions it is possible to nest a \"tf.map_fn\" within another \"tf.map_fn\" call. However, if the input tensor is a \"RaggedTensor\" and there is no function signature provided, code assumes the output is a fully specified tensor and fills output buffer with uninitialized contents from the heap. The \"t\" and \"z\" outputs should be identical, however this is not the case. The last row of \"t\" contains data from the heap which can be used to leak other memory information. The bug lies in the conversion from a \"Variant\" tensor to a \"RaggedTensor\". The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/ragged_tensor_from_variant_op.cc#L177-L190) does not check that all inner shapes match and this results in the additional dimensions. The same implementation can result in data loss, if input tensor is tweaked. The Tensorflow team has patched the issue in GitHub commit 4e2565483d0ffcadc719bd44893fb7f609bb5f12.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-g8wg-cjwc-xhhp\r\nhttps://github.com/tensorflow/tensorflow/commit/4e2565483d0ffcadc719bd44893fb7f609bb5f12", "cve": "CVE-2021-37679", @@ -130852,19 +132882,6 @@ ], "v": ">=2.6.0rc0,<2.6.0,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.3.0rc0,<2.3.4" }, - { - "advisory": "Tensorflow version 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37670:\r\nIn affected versions, an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to \"tf.raw_ops.UpperBound\". The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/searchsorted_op.cc#L85-L104) does not validate the rank of \"sorted_input\" argument. A similar issue occurs in \"tf.raw_ops.LowerBound\". The Tensorflow team has patched the issue in GitHub commit 42459e4273c2e47a3232cc16c4f4fff3b3a35c38.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9697-98pf-4rw7\r\nhttps://github.com/tensorflow/tensorflow/commit/42459e4273c2e47a3232cc16c4f4fff3b3a35c38", - "cve": "CVE-2021-37670", - "id": "pyup.io-41145", - "more_info_path": "/vulnerabilities/CVE-2021-37670/41145", - "specs": [ - ">=2.6.0rc0,<2.6.0", - ">=2.5.0rc0,<2.5.1", - ">=2.4.0rc0,<2.4.3", - ">=2.3.0rc0,<2.3.4" - ], - "v": ">=2.6.0rc0,<2.6.0,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.3.0rc0,<2.3.4" - }, { "advisory": "Tensorflow version 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37677: In affected versions the shape inference code for \"tf.raw_ops.Dequantize\" has a vulnerability that could trigger a denial of service via a segfault if an attacker provides invalid arguments. The shape inference implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/ops/array_ops.cc#L2999-L3014) uses \"axis\" to select between two different values for \"minmax_rank\" which is then used to retrieve tensor dimensions. However, code assumes that \"axis\" can be either \"-1\" or a value greater than \"-1\", with no validation for the other values. The Tensorflow team has patched the issue in GitHub commit da857cfa0fde8f79ad0afdbc94e88b5d4bbec764.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-qfpc-5pjr-mh26\r\nhttps://github.com/tensorflow/tensorflow/commit/da857cfa0fde8f79ad0afdbc94e88b5d4bbec764", "cve": "CVE-2021-37677", @@ -130891,19 +132908,6 @@ ], "v": ">=2.6.0rc0,<2.6.0,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.3.0rc0,<2.3.4" }, - { - "advisory": "Tensorflow version 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37673:\r\nIn affected versions, an attacker can trigger a denial of service via a \"CHECK\"-fail in \"tf.raw_ops.MapStage\". The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/map_stage_op.cc#L513) does not check that the \"key\" input is a valid non-empty tensor. The Tensorflow team has patched the issue in GitHub commit d7de67733925de196ec8863a33445b73f9562d1d.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-278g-rq84-9hmg\r\nhttps://github.com/tensorflow/tensorflow/commit/d7de67733925de196ec8863a33445b73f9562d1d", - "cve": "CVE-2021-37673", - "id": "pyup.io-41148", - "more_info_path": "/vulnerabilities/CVE-2021-37673/41148", - "specs": [ - ">=2.6.0rc0,<2.6.0", - ">=2.5.0rc0,<2.5.1", - ">=2.4.0rc0,<2.4.3", - ">=2.3.0rc0,<2.3.4" - ], - "v": ">=2.6.0rc0,<2.6.0,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.3.0rc0,<2.3.4" - }, { "advisory": "Tensorflow version 2.3.4, 2.4.3, 2.5.1, 2.6.0 and 2.7.0 include a fix for CVE-2021-37678:\r\nIn affected versions, TensorFlow and Keras can be tricked to perform arbitrary code execution when deserializing a Keras model from YAML format. The implementation(https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/python/keras/saving/model_config.py#L66-L104) uses \"yaml.unsafe_load\" which can perform arbitrary code execution on the input. Given that YAML format support requires a significant amount of work, the Tensorflow team has removed it for now. The Tensorflow team has patched the issue in GitHub commit 23d6383eb6c14084a8fc3bdf164043b974818012.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-r6jx-9g48-2r5r\r\nhttps://github.com/tensorflow/tensorflow/commit/23d6383eb6c14084a8fc3bdf164043b974818012", "cve": "CVE-2021-37678", @@ -132286,18 +134290,6 @@ ], "v": "<1.15.3,>=2.0.0a0,<2.0.2,>=2.1.0rc0,<2.1.1" }, - { - "advisory": "Tensorflow-cpu versions 1.15.3, 2.0.2 and 2.1.1 updates its dependency \"libjpeg-turbo\" to handle CVE-2018-20330.", - "cve": "CVE-2018-20330", - "id": "pyup.io-55874", - "more_info_path": "/vulnerabilities/CVE-2018-20330/55874", - "specs": [ - "<1.15.3", - ">=2.0.0a0,<2.0.2", - ">=2.1.0rc0,<2.1.1" - ], - "v": "<1.15.3,>=2.0.0a0,<2.0.2,>=2.1.0rc0,<2.1.1" - }, { "advisory": "Tensorflow-cpu versions 1.15.3, 2.0.2 and 2.1.1 updates its dependency \"libjpeg-turbo\" to handle CVE-2019-13960.", "cve": "CVE-2019-13960", @@ -132311,10 +134303,10 @@ "v": "<1.15.3,>=2.0.0a0,<2.0.2,>=2.1.0rc0,<2.1.1" }, { - "advisory": "Tensorflow-cpu versions 1.15.3, 2.0.2 and 2.1.1 update its dependency \"SQLite3\" to handle CVE-2019-19880.", - "cve": "CVE-2019-19880", - "id": "pyup.io-55870", - "more_info_path": "/vulnerabilities/CVE-2019-19880/55870", + "advisory": "Tensorflow-cpu versions 1.15.3, 2.0.2 and 2.1.1 updates its dependency \"libjpeg-turbo\" to handle CVE-2018-20330.", + "cve": "CVE-2018-20330", + "id": "pyup.io-55874", + "more_info_path": "/vulnerabilities/CVE-2018-20330/55874", "specs": [ "<1.15.3", ">=2.0.0a0,<2.0.2", @@ -132358,6 +134350,18 @@ ], "v": "<1.15.3,>=2.0.0a0,<2.0.2,>=2.1.0rc0,<2.1.1" }, + { + "advisory": "Tensorflow-cpu versions 1.15.3, 2.0.2 and 2.1.1 update its dependency \"SQLite3\" to handle CVE-2019-19880.", + "cve": "CVE-2019-19880", + "id": "pyup.io-55870", + "more_info_path": "/vulnerabilities/CVE-2019-19880/55870", + "specs": [ + "<1.15.3", + ">=2.0.0a0,<2.0.2", + ">=2.1.0rc0,<2.1.1" + ], + "v": "<1.15.3,>=2.0.0a0,<2.0.2,>=2.1.0rc0,<2.1.1" + }, { "advisory": "Tensorflow-cpu versions 1.15.3, 2.0.2 and 2.1.1 update its dependency \"Apache Spark\" to handle CVE-2018-11770.", "cve": "CVE-2018-11770", @@ -132385,10 +134389,10 @@ "v": "<1.15.4,>=2.0.0a0,<2.0.3,>=2.1.0a0,<2.1.2,>=2.2.0a0,<2.2.1,>=2.3.0a0,<2.3.1" }, { - "advisory": "Tensorflow-cpu versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 include a fix for CVE-2020-15195: In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the implementation of 'SparseFillEmptyRowsGrad' uses a double indexing pattern. It is possible for 'reverse_index_map(i)' to be an index outside of bounds of 'grad_values', thus resulting in a heap buffer overflow.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-63xm-rx5p-xvqr", - "cve": "CVE-2020-15195", - "id": "pyup.io-55846", - "more_info_path": "/vulnerabilities/CVE-2020-15195/55846", + "advisory": "Tensorflow-cpu versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, and 2.3.1 include a fix for CVE-2020-15206: In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, changing the TensorFlow's \"SavedModel\" protocol buffer and altering the name of required keys results in segfaults and data corruption while loading the model. This can cause a denial of service in products using \"Tensorflow-cpu-serving\" or other inference-as-a-service installments. Fixed were added in commits f760f88b4267d981e13f4b302c437ae800445968 and fcfef195637c6e365577829c4d67681695956e7d. However, this was not enough, as #41097 reported a different failure mode. The issue was finally patched in commit df095206f25471e864a8e63a0f1caef53a0e3a6", + "cve": "CVE-2020-15206", + "id": "pyup.io-55847", + "more_info_path": "/vulnerabilities/CVE-2020-15206/55847", "specs": [ "<1.15.4", ">=2.0.0a0,<2.0.3", @@ -132413,10 +134417,10 @@ "v": "<1.15.4,>=2.0.0a0,<2.0.3,>=2.1.0a0,<2.1.2,>=2.2.0a0,<2.2.1,>=2.3.0a0,<2.3.1" }, { - "advisory": "Tensorflow-cpu versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 include a fix for CVE-2020-15207: In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, to mimic Python's indexing with negative values, TFLite uses 'ResolveAxis' to convert negative values to positive indices. However, the only check that the converted index is now valid is only present in debug builds. If the 'DCHECK' does not trigger, then code execution moves ahead with a negative index. This, in turn, results in accessing data out of bounds which results in segfaults and/or data corruption.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-q4qf-3fc6-8x34", - "cve": "CVE-2020-15207", - "id": "pyup.io-55855", - "more_info_path": "/vulnerabilities/CVE-2020-15207/55855", + "advisory": "Tensorflow-cpu versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 include a fix for CVE-2020-15195: In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the implementation of 'SparseFillEmptyRowsGrad' uses a double indexing pattern. It is possible for 'reverse_index_map(i)' to be an index outside of bounds of 'grad_values', thus resulting in a heap buffer overflow.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-63xm-rx5p-xvqr", + "cve": "CVE-2020-15195", + "id": "pyup.io-55846", + "more_info_path": "/vulnerabilities/CVE-2020-15195/55846", "specs": [ "<1.15.4", ">=2.0.0a0,<2.0.3", @@ -132427,10 +134431,10 @@ "v": "<1.15.4,>=2.0.0a0,<2.0.3,>=2.1.0a0,<2.1.2,>=2.2.0a0,<2.2.1,>=2.3.0a0,<2.3.1" }, { - "advisory": "Tensorflow-cpu versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, and 2.3.1 include a fix for CVE-2020-15209: In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a \"nullptr\" buffer. This can be achieved by changing a buffer index in the flatbuffer serialization to convert a read-only tensor to a read-write one. The runtime assumes that these buffers are written to before a possible read, hence they are initialized with \"nullptr\". However, by changing the buffer index for a tensor and implicitly converting that tensor to be a read-write one, as there is nothing in the model that writes to it, we get a null pointer dereference. The issue was patched in commit 0b5662bc.", - "cve": "CVE-2020-15209", - "id": "pyup.io-55852", - "more_info_path": "/vulnerabilities/CVE-2020-15209/55852", + "advisory": "Tensorflow-cpu versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 include a fix for CVE-2020-15207: In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, to mimic Python's indexing with negative values, TFLite uses 'ResolveAxis' to convert negative values to positive indices. However, the only check that the converted index is now valid is only present in debug builds. If the 'DCHECK' does not trigger, then code execution moves ahead with a negative index. This, in turn, results in accessing data out of bounds which results in segfaults and/or data corruption.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-q4qf-3fc6-8x34", + "cve": "CVE-2020-15207", + "id": "pyup.io-55855", + "more_info_path": "/vulnerabilities/CVE-2020-15207/55855", "specs": [ "<1.15.4", ">=2.0.0a0,<2.0.3", @@ -132441,10 +134445,10 @@ "v": "<1.15.4,>=2.0.0a0,<2.0.3,>=2.1.0a0,<2.1.2,>=2.2.0a0,<2.2.1,>=2.3.0a0,<2.3.1" }, { - "advisory": "Tensorflow-cpu versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, and 2.3.1 include a fix for CVE-2020-15206: In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, changing the TensorFlow's \"SavedModel\" protocol buffer and altering the name of required keys results in segfaults and data corruption while loading the model. This can cause a denial of service in products using \"Tensorflow-cpu-serving\" or other inference-as-a-service installments. Fixed were added in commits f760f88b4267d981e13f4b302c437ae800445968 and fcfef195637c6e365577829c4d67681695956e7d. However, this was not enough, as #41097 reported a different failure mode. The issue was finally patched in commit df095206f25471e864a8e63a0f1caef53a0e3a6", - "cve": "CVE-2020-15206", - "id": "pyup.io-55847", - "more_info_path": "/vulnerabilities/CVE-2020-15206/55847", + "advisory": "Tensorflow-cpu versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, and 2.3.1 include a fix for CVE-2020-15209: In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a \"nullptr\" buffer. This can be achieved by changing a buffer index in the flatbuffer serialization to convert a read-only tensor to a read-write one. The runtime assumes that these buffers are written to before a possible read, hence they are initialized with \"nullptr\". However, by changing the buffer index for a tensor and implicitly converting that tensor to be a read-write one, as there is nothing in the model that writes to it, we get a null pointer dereference. The issue was patched in commit 0b5662bc.", + "cve": "CVE-2020-15209", + "id": "pyup.io-55852", + "more_info_path": "/vulnerabilities/CVE-2020-15209/55852", "specs": [ "<1.15.4", ">=2.0.0a0,<2.0.3", @@ -132551,23 +134555,10 @@ "v": "<1.15.4,>=2.0.0a0,<2.0.3,>=2.1.0rc0,<2.1.2,>=2.2.0rc0,<2.2.1" }, { - "advisory": "Tensorflow-cpu versions 1.15.4, 2.0.3, 2.1.2 and 2.2.1 updates its dependency \"SQLite\" to handle CVE-2020-13434.", - "cve": "CVE-2020-13434", - "id": "pyup.io-55837", - "more_info_path": "/vulnerabilities/CVE-2020-13434/55837", - "specs": [ - "<1.15.4", - ">=2.0.0a0,<2.0.3", - ">=2.1.0rc0,<2.1.2", - ">=2.2.0rc0,<2.2.1" - ], - "v": "<1.15.4,>=2.0.0a0,<2.0.3,>=2.1.0rc0,<2.1.2,>=2.2.0rc0,<2.2.1" - }, - { - "advisory": "Tensorflow-cpu versions 1.15.4, 2.0.3, 2.1.2 and 2.2.1 update its dependency \"SQLite\" to handle CVE-2020-11655.", - "cve": "CVE-2020-11655", - "id": "pyup.io-55839", - "more_info_path": "/vulnerabilities/CVE-2020-11655/55839", + "advisory": "Tensorflow-cpu versions 1.15.4, 2.0.3, 2.1.2 and 2.2.1 updates its dependency \"SQLite\" to handle CVE-2020-13871.", + "cve": "CVE-2020-13871", + "id": "pyup.io-55835", + "more_info_path": "/vulnerabilities/CVE-2020-13871/55835", "specs": [ "<1.15.4", ">=2.0.0a0,<2.0.3", @@ -132590,10 +134581,10 @@ "v": "<1.15.4,>=2.0.0a0,<2.0.3,>=2.1.0rc0,<2.1.2,>=2.2.0rc0,<2.2.1" }, { - "advisory": "Tensorflow-cpu versions 1.15.4, 2.0.3, 2.1.2 and 2.2.1 updates its dependency \"SQLite\" to handle CVE-2020-13871.", - "cve": "CVE-2020-13871", - "id": "pyup.io-55835", - "more_info_path": "/vulnerabilities/CVE-2020-13871/55835", + "advisory": "Tensorflow-cpu versions 1.15.4, 2.0.3, 2.1.2 and 2.2.1 updates its dependency \"SQLite\" to handle CVE-2020-13434.", + "cve": "CVE-2020-13434", + "id": "pyup.io-55837", + "more_info_path": "/vulnerabilities/CVE-2020-13434/55837", "specs": [ "<1.15.4", ">=2.0.0a0,<2.0.3", @@ -132628,6 +134619,19 @@ ], "v": "<1.15.4,>=2.0.0a0,<2.0.3,>=2.1.0rc0,<2.1.2,>=2.2.0rc0,<2.2.1" }, + { + "advisory": "Tensorflow-cpu versions 1.15.4, 2.0.3, 2.1.2 and 2.2.1 update its dependency \"SQLite\" to handle CVE-2020-11655.", + "cve": "CVE-2020-11655", + "id": "pyup.io-55839", + "more_info_path": "/vulnerabilities/CVE-2020-11655/55839", + "specs": [ + "<1.15.4", + ">=2.0.0a0,<2.0.3", + ">=2.1.0rc0,<2.1.2", + ">=2.2.0rc0,<2.2.1" + ], + "v": "<1.15.4,>=2.0.0a0,<2.0.3,>=2.1.0rc0,<2.1.2,>=2.2.0rc0,<2.2.1" + }, { "advisory": "Tensorflow-cpu 2.4.0 includes a fix for CVE-2020-15194: In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `SparseFillEmptyRowsGrad` implementation has incomplete validation of the shapes of its arguments. Although `reverse_index_map_t` and `grad_values_t` are accessed in a similar pattern, only `reverse_index_map_t` is validated to be of proper shape. Hence, malicious users can pass a bad `grad_values_t` to trigger an assertion failure in `vec`, causing denial of service in serving installations. The issue is patched in commit 390611e0d45c5793c7066110af37c8514e6a6c54, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.\"", "cve": "CVE-2020-15194", @@ -132788,10 +134792,10 @@ "v": "<1.15.5,>=2.0.0a0,<2.0.4,>=2.1.0rc0,<2.1.3,>=2.2.0rc0,<2.2.2,>=2.3.0rc0,<2.3.2,>=2.4.0rc0,<2.4.0" }, { - "advisory": "Tensorflow-cpu 2.11.1 and 2.12.0 include a fix for CVE-2023-25662: Versions prior to 2.12.0 and 2.11.1 are vulnerable to integer overflow in EditDistance.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-7jvm-xxmr-v5cw", - "cve": "CVE-2023-25662", - "id": "pyup.io-55429", - "more_info_path": "/vulnerabilities/CVE-2023-25662/55429", + "advisory": "Tensorflow-cpu 2.11.1 and 2.12.0 include a fix for CVE-2023-27579: Constructing a tflite model with a paramater 'filter_input_channel' of less than 1 gives a FPE.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-5w96-866f-6rm8", + "cve": "CVE-2023-27579", + "id": "pyup.io-55422", + "more_info_path": "/vulnerabilities/CVE-2023-27579/55422", "specs": [ "<2.11.1", ">=2.12.0rc0,<2.12.0" @@ -132810,10 +134814,10 @@ "v": "<2.11.1,>=2.12.0rc0,<2.12.0" }, { - "advisory": "Tensorflow-cpu 2.11.1 and 2.12.0 include a fix for CVE-2023-27579: Constructing a tflite model with a paramater 'filter_input_channel' of less than 1 gives a FPE.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-5w96-866f-6rm8", - "cve": "CVE-2023-27579", - "id": "pyup.io-55422", - "more_info_path": "/vulnerabilities/CVE-2023-27579/55422", + "advisory": "Tensorflow-cpu 2.11.1 and 2.12.0 include a fix for CVE-2023-25662: Versions prior to 2.12.0 and 2.11.1 are vulnerable to integer overflow in EditDistance.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-7jvm-xxmr-v5cw", + "cve": "CVE-2023-25662", + "id": "pyup.io-55429", + "more_info_path": "/vulnerabilities/CVE-2023-25662/55429", "specs": [ "<2.11.1", ">=2.12.0rc0,<2.12.0" @@ -132843,10 +134847,10 @@ "v": "<2.11.1,>=2.12.0rc0,<2.12.0" }, { - "advisory": "Tensorflow-cpu 2.11.1 and 2.12.0 include a fix for CVE-2023-25673: Versions prior to 2.12.0 and 2.11.1 have a Floating Point Exception in TensorListSplit with XLA. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.", - "cve": "CVE-2023-25673", - "id": "pyup.io-55412", - "more_info_path": "/vulnerabilities/CVE-2023-25673/55412", + "advisory": "Tensorflow-cpu 2.11.1 and 2.12.0 include a fix for CVE-2023-25675: When running versions prior to 2.12.0 and 2.11.1 with XLA, 'tf.raw_ops.Bincount' segfaults when given a parameter 'weights' that is neither the same shape as parameter 'arr' nor a length-0 tensor.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-7x4v-9gxg-9hwj", + "cve": "CVE-2023-25675", + "id": "pyup.io-55420", + "more_info_path": "/vulnerabilities/CVE-2023-25675/55420", "specs": [ "<2.11.1", ">=2.12.0rc0,<2.12.0" @@ -132854,10 +134858,10 @@ "v": "<2.11.1,>=2.12.0rc0,<2.12.0" }, { - "advisory": "Tensorflow-cpu 2.11.1 and 2.12.0 include a fix for CVE-2023-25675: When running versions prior to 2.12.0 and 2.11.1 with XLA, 'tf.raw_ops.Bincount' segfaults when given a parameter 'weights' that is neither the same shape as parameter 'arr' nor a length-0 tensor.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-7x4v-9gxg-9hwj", - "cve": "CVE-2023-25675", - "id": "pyup.io-55420", - "more_info_path": "/vulnerabilities/CVE-2023-25675/55420", + "advisory": "Tensorflow-cpu 2.11.1 and 2.12.0 include a fix for CVE-2023-25670: Versions prior to 2.12.0 and 2.11.1 have a null point error in QuantizedMatMulWithBiasAndDequantize with MKL enabled.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-49rq-hwc3-x77w", + "cve": "CVE-2023-25670", + "id": "pyup.io-55424", + "more_info_path": "/vulnerabilities/CVE-2023-25670/55424", "specs": [ "<2.11.1", ">=2.12.0rc0,<2.12.0" @@ -132865,10 +134869,10 @@ "v": "<2.11.1,>=2.12.0rc0,<2.12.0" }, { - "advisory": "Tensorflow-cpu 2.11.1 and 2.12.0 include a fix for CVE-2023-25667: Prior to versions 2.12.0 and 2.11.1, integer overflow occurs when '2^31 <= num_frames * height * width * channels < 2^32', for example Full HD screencast of at least 346 frames.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-fqm2-gh8w-gr68", - "cve": "CVE-2023-25667", - "id": "pyup.io-55416", - "more_info_path": "/vulnerabilities/CVE-2023-25667/55416", + "advisory": "Tensorflow-cpu 2.11.1 and 2.12.0 include a fix for CVE-2023-25668: Attackers using Tensorflow prior to 2.12.0 or 2.11.1 can access heap memory which is not in the control of user, leading to a crash or remote code execution.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-gw97-ff7c-9v96", + "cve": "CVE-2023-25668", + "id": "pyup.io-55426", + "more_info_path": "/vulnerabilities/CVE-2023-25668/55426", "specs": [ "<2.11.1", ">=2.12.0rc0,<2.12.0" @@ -132876,10 +134880,10 @@ "v": "<2.11.1,>=2.12.0rc0,<2.12.0" }, { - "advisory": "Tensorflow-cpu 2.11.1 and 2.12.0 include a fix for CVE-2023-25659: Prior to versions 2.12.0 and 2.11.1, if the parameter 'indices' for 'DynamicStitch' does not match the shape of the parameter 'data', it can trigger an stack OOB read.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-93vr-9q9m-pj8p", - "cve": "CVE-2023-25659", - "id": "pyup.io-55431", - "more_info_path": "/vulnerabilities/CVE-2023-25659/55431", + "advisory": "Tensorflow-cpu 2.11.1 and 2.12.0 include a fix for CVE-2023-25676: When running versions prior to 2.12.0 and 2.11.1 with XLA, 'tf.raw_ops.ParallelConcat' segfaults with a nullptr dereference when given a parameter 'shape' with rank that is not greater than zero.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-6wfh-89q8-44jq", + "cve": "CVE-2023-25676", + "id": "pyup.io-55414", + "more_info_path": "/vulnerabilities/CVE-2023-25676/55414", "specs": [ "<2.11.1", ">=2.12.0rc0,<2.12.0" @@ -132887,10 +134891,10 @@ "v": "<2.11.1,>=2.12.0rc0,<2.12.0" }, { - "advisory": "Tensorflow-cpu 2.11.1 and 2.12.0 include a fix for CVE-2023-25672: The function 'tf.raw_ops.LookupTableImportV2' cannot handle scalars in the 'values' parameter and gives an NPE. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.", - "cve": "CVE-2023-25672", - "id": "pyup.io-55413", - "more_info_path": "/vulnerabilities/CVE-2023-25672/55413", + "advisory": "Tensorflow-cpu 2.11.1 and 2.12.0 include a fix for CVE-2023-25660: Prior to versions 2.12.0 and 2.11.1, when the parameter 'summarize' of 'tf.raw_ops.Print' is zero, the new method 'SummarizeArray' will reference to a nullptr, leading to a seg fault.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-qjqc-vqcf-5qvj", + "cve": "CVE-2023-25660", + "id": "pyup.io-55430", + "more_info_path": "/vulnerabilities/CVE-2023-25660/55430", "specs": [ "<2.11.1", ">=2.12.0rc0,<2.12.0" @@ -132898,10 +134902,10 @@ "v": "<2.11.1,>=2.12.0rc0,<2.12.0" }, { - "advisory": "Tensorflow-cpu 2.11.1 and 2.12.0 include a fix for CVE-2023-25670: Versions prior to 2.12.0 and 2.11.1 have a null point error in QuantizedMatMulWithBiasAndDequantize with MKL enabled.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-49rq-hwc3-x77w", - "cve": "CVE-2023-25670", - "id": "pyup.io-55424", - "more_info_path": "/vulnerabilities/CVE-2023-25670/55424", + "advisory": "Tensorflow-cpu 2.11.1 and 2.12.0 include a fix for CVE-2023-25673: Versions prior to 2.12.0 and 2.11.1 have a Floating Point Exception in TensorListSplit with XLA. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.", + "cve": "CVE-2023-25673", + "id": "pyup.io-55412", + "more_info_path": "/vulnerabilities/CVE-2023-25673/55412", "specs": [ "<2.11.1", ">=2.12.0rc0,<2.12.0" @@ -132909,10 +134913,10 @@ "v": "<2.11.1,>=2.12.0rc0,<2.12.0" }, { - "advisory": "Tensorflow-cpu 2.11.1 and 2.12.0 include a fix for CVE-2023-25658: Prior to versions 2.12.0 and 2.11.1, an out of bounds read is in GRUBlockCellGrad.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-68v3-g9cm-rmm6", - "cve": "CVE-2023-25658", - "id": "pyup.io-55432", - "more_info_path": "/vulnerabilities/CVE-2023-25658/55432", + "advisory": "Tensorflow-cpu 2.11.1 and 2.12.0 include a fix for CVE-2023-25661: In versions prior to 2.11.1 a malicious invalid input crashes a tensorflow model (Check Failed) and can be used to trigger a denial of service attack. A proof of concept can be constructed with the 'Convolution3DTranspose' function. This Convolution3DTranspose layer is a very common API in modern neural networks. The ML models containing such vulnerable components could be deployed in ML applications or as cloud services. This failure could be potentially used to trigger a denial of service attack on ML cloud services. An attacker must have privilege to provide input to a 'Convolution3DTranspose' call.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-fxgc-95xx-grvq", + "cve": "CVE-2023-25661", + "id": "pyup.io-55418", + "more_info_path": "/vulnerabilities/CVE-2023-25661/55418", "specs": [ "<2.11.1", ">=2.12.0rc0,<2.12.0" @@ -132920,10 +134924,10 @@ "v": "<2.11.1,>=2.12.0rc0,<2.12.0" }, { - "advisory": "Tensorflow-cpu 2.11.1 and 2.12.0 include a fix for CVE-2023-25663: Prior to versions 2.12.0 and 2.11.1, when 'ctx->step_containter()' is a null ptr, the Lookup function will be executed with a null pointer.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-64jg-wjww-7c5w", - "cve": "CVE-2023-25663", - "id": "pyup.io-55428", - "more_info_path": "/vulnerabilities/CVE-2023-25663/55428", + "advisory": "Tensorflow-cpu 2.11.1 and 2.12.0 include a fix for CVE-2023-25667: Prior to versions 2.12.0 and 2.11.1, integer overflow occurs when '2^31 <= num_frames * height * width * channels < 2^32', for example Full HD screencast of at least 346 frames.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-fqm2-gh8w-gr68", + "cve": "CVE-2023-25667", + "id": "pyup.io-55416", + "more_info_path": "/vulnerabilities/CVE-2023-25667/55416", "specs": [ "<2.11.1", ">=2.12.0rc0,<2.12.0" @@ -132931,10 +134935,10 @@ "v": "<2.11.1,>=2.12.0rc0,<2.12.0" }, { - "advisory": "Tensorflow-cpu 2.11.1 and 2.12.0 include a fix for CVE-2023-25676: When running versions prior to 2.12.0 and 2.11.1 with XLA, 'tf.raw_ops.ParallelConcat' segfaults with a nullptr dereference when given a parameter 'shape' with rank that is not greater than zero.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-6wfh-89q8-44jq", - "cve": "CVE-2023-25676", - "id": "pyup.io-55414", - "more_info_path": "/vulnerabilities/CVE-2023-25676/55414", + "advisory": "Tensorflow-cpu 2.11.1 and 2.12.0 include a fix for CVE-2023-25659: Prior to versions 2.12.0 and 2.11.1, if the parameter 'indices' for 'DynamicStitch' does not match the shape of the parameter 'data', it can trigger an stack OOB read.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-93vr-9q9m-pj8p", + "cve": "CVE-2023-25659", + "id": "pyup.io-55431", + "more_info_path": "/vulnerabilities/CVE-2023-25659/55431", "specs": [ "<2.11.1", ">=2.12.0rc0,<2.12.0" @@ -132942,10 +134946,10 @@ "v": "<2.11.1,>=2.12.0rc0,<2.12.0" }, { - "advisory": "Tensorflow-cpu 2.11.1 and 2.12.0 include a fix for CVE-2023-25668: Attackers using Tensorflow prior to 2.12.0 or 2.11.1 can access heap memory which is not in the control of user, leading to a crash or remote code execution.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-gw97-ff7c-9v96", - "cve": "CVE-2023-25668", - "id": "pyup.io-55426", - "more_info_path": "/vulnerabilities/CVE-2023-25668/55426", + "advisory": "Tensorflow-cpu 2.11.1 and 2.12.0 include a fix for CVE-2023-25672: The function 'tf.raw_ops.LookupTableImportV2' cannot handle scalars in the 'values' parameter and gives an NPE. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.", + "cve": "CVE-2023-25672", + "id": "pyup.io-55413", + "more_info_path": "/vulnerabilities/CVE-2023-25672/55413", "specs": [ "<2.11.1", ">=2.12.0rc0,<2.12.0" @@ -132953,10 +134957,21 @@ "v": "<2.11.1,>=2.12.0rc0,<2.12.0" }, { - "advisory": "Tensorflow-cpu 2.11.1 and 2.12.0 include a fix for CVE-2023-25660: Prior to versions 2.12.0 and 2.11.1, when the parameter 'summarize' of 'tf.raw_ops.Print' is zero, the new method 'SummarizeArray' will reference to a nullptr, leading to a seg fault.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-qjqc-vqcf-5qvj", - "cve": "CVE-2023-25660", - "id": "pyup.io-55430", - "more_info_path": "/vulnerabilities/CVE-2023-25660/55430", + "advisory": "Tensorflow-cpu 2.11.1 and 2.12.0 include a fix for CVE-2023-25658: Prior to versions 2.12.0 and 2.11.1, an out of bounds read is in GRUBlockCellGrad.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-68v3-g9cm-rmm6", + "cve": "CVE-2023-25658", + "id": "pyup.io-55432", + "more_info_path": "/vulnerabilities/CVE-2023-25658/55432", + "specs": [ + "<2.11.1", + ">=2.12.0rc0,<2.12.0" + ], + "v": "<2.11.1,>=2.12.0rc0,<2.12.0" + }, + { + "advisory": "Tensorflow-cpu 2.11.1 and 2.12.0 include a fix for CVE-2023-25663: Prior to versions 2.12.0 and 2.11.1, when 'ctx->step_containter()' is a null ptr, the Lookup function will be executed with a null pointer.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-64jg-wjww-7c5w", + "cve": "CVE-2023-25663", + "id": "pyup.io-55428", + "more_info_path": "/vulnerabilities/CVE-2023-25663/55428", "specs": [ "<2.11.1", ">=2.12.0rc0,<2.12.0" @@ -132996,17 +135011,6 @@ ], "v": "<2.11.1,>=2.12.0rc0,<2.12.0" }, - { - "advisory": "Tensorflow-cpu 2.11.1 and 2.12.0 include a fix for CVE-2023-25661: In versions prior to 2.11.1 a malicious invalid input crashes a tensorflow model (Check Failed) and can be used to trigger a denial of service attack. A proof of concept can be constructed with the 'Convolution3DTranspose' function. This Convolution3DTranspose layer is a very common API in modern neural networks. The ML models containing such vulnerable components could be deployed in ML applications or as cloud services. This failure could be potentially used to trigger a denial of service attack on ML cloud services. An attacker must have privilege to provide input to a 'Convolution3DTranspose' call.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-fxgc-95xx-grvq", - "cve": "CVE-2023-25661", - "id": "pyup.io-55418", - "more_info_path": "/vulnerabilities/CVE-2023-25661/55418", - "specs": [ - "<2.11.1", - ">=2.12.0rc0,<2.12.0" - ], - "v": "<2.11.1,>=2.12.0rc0,<2.12.0" - }, { "advisory": "Tensorflow-cpu 2.11.1 and 2.12.0 include a fix for CVE-2023-25671: There is out-of-bounds access due to mismatched integer type sizes.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-j5w9-hmfh-4cr6", "cve": "CVE-2023-25671", @@ -133082,6 +135086,18 @@ ], "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, + { + "advisory": "Tensorflow-cpu versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41210: In affected versions, the shape inference functions for 'SparseCountSparseOutput' can trigger a read outside of bounds of heap allocated array. The fix is included in TensorFlow 2.7.0.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-m342-ff57-4jcc\r\nhttps://github.com/tensorflow/tensorflow/commit/701cfaca222a82afbeeb17496bd718baa65a67d2", + "cve": "CVE-2021-41210", + "id": "pyup.io-55643", + "more_info_path": "/vulnerabilities/CVE-2021-41210/55643", + "specs": [ + "<2.4.4", + ">=2.5.0rc0,<2.5.2", + ">=2.6.0rc0,<2.6.1" + ], + "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" + }, { "advisory": "Tensorflow-cpu versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41200: In affected versions, if 'tf.summary.create_file_writer' is called with non-scalar arguments, code crashes due to a 'CHECK'-fail. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-gh8h-7j2j-qv4f", "cve": "CVE-2021-41200", @@ -133154,18 +135170,6 @@ ], "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, - { - "advisory": "Tensorflow-cpu versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41210: In affected versions, the shape inference functions for 'SparseCountSparseOutput' can trigger a read outside of bounds of heap allocated array. The fix is included in TensorFlow 2.7.0.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-m342-ff57-4jcc\r\nhttps://github.com/tensorflow/tensorflow/commit/701cfaca222a82afbeeb17496bd718baa65a67d2", - "cve": "CVE-2021-41210", - "id": "pyup.io-55643", - "more_info_path": "/vulnerabilities/CVE-2021-41210/55643", - "specs": [ - "<2.4.4", - ">=2.5.0rc0,<2.5.2", - ">=2.6.0rc0,<2.6.1" - ], - "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" - }, { "advisory": "Tensorflow-cpu versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41204: In affected versions, during TensorFlow's Grappler optimizer phase, constant folding might attempt to deep copy a resource tensor. This results in a segfault, as these tensors are supposed to not change. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-786j-5qwq-r36x\nhttps://github.com/tensorflow/tensorflow/commit/7731e8dfbe4a56773be5dc94d631611211156659", "cve": "CVE-2021-41204", @@ -133191,10 +135195,10 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "Tensorflow-cpu versions 2.4.4, 2.5.2 and 2.6.1 update its dependency 'curl' to v7.78.0 to handle CVE-2021-22926.", - "cve": "CVE-2021-22926", - "id": "pyup.io-55619", - "more_info_path": "/vulnerabilities/CVE-2021-22926/55619", + "advisory": "Tensorflow-cpu versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41221: In affected versions, the shape inference code for the 'Cudnn*' operations can be tricked into accessing invalid memory via a heap buffer overflow. This occurs because the ranks of the 'input', 'input_h' and 'input_c' parameters are not validated, but code assumes they have certain values. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-cqv6-3phm-hcwx\nhttps://github.com/tensorflow/tensorflow/commit/af5fcebb37c8b5d71c237f4e59c6477015c78ce6", + "cve": "CVE-2021-41221", + "id": "pyup.io-55639", + "more_info_path": "/vulnerabilities/CVE-2021-41221/55639", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -133203,10 +135207,10 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "Tensorflow-cpu versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41214: In affected versions, the shape inference code for 'tf.ragged.cross' has an undefined behavior due to binding a reference to 'nullptr'. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-vwhq-49r4-gj9v\nhttps://github.com/tensorflow/tensorflow/commit/fa6b7782fbb14aa08d767bc799c531f5e1fb3bb8", - "cve": "CVE-2021-41214", - "id": "pyup.io-55625", - "more_info_path": "/vulnerabilities/CVE-2021-41214/55625", + "advisory": "Tensorflow-cpu versions 2.4.4, 2.5.2 and 2.6.1 update its dependency 'curl' to v7.78.0 to handle CVE-2021-22925.", + "cve": "CVE-2021-22925", + "id": "pyup.io-55610", + "more_info_path": "/vulnerabilities/CVE-2021-22925/55610", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -133215,10 +135219,10 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "Tensorflow-cpu versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41198: In affected versions, if 'tf.tile' is called with a large input argument, then the TensorFlow process will crash due to a 'CHECK'-failure caused by an overflow. The number of elements in the output tensor is too much for the 'int64_t' type and the overflow is detected via a 'CHECK' statement. This aborts the process. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-2p25-55c9-h58q", - "cve": "CVE-2021-41198", - "id": "pyup.io-55642", - "more_info_path": "/vulnerabilities/CVE-2021-41198/55642", + "advisory": "Tensorflow-cpu versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41224: In affected versions, the implementation of 'SparseFillEmptyRows' can be made to trigger a heap OOB access. This occurs whenever the size of 'indices' does not match the size of 'values'. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-rg3m-hqc5-344v\nhttps://github.com/tensorflow/tensorflow/commit/67bfd9feeecfb3c61d80f0e46d89c170fbee682b", + "cve": "CVE-2021-41224", + "id": "pyup.io-55622", + "more_info_path": "/vulnerabilities/CVE-2021-41224/55622", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -133227,10 +135231,10 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "Tensorflow-cpu versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41223: In affected versions, the implementation of 'FusedBatchNorm' kernels is vulnerable to a heap OOB access. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-f54p-f6jp-4rhr\nhttps://github.com/tensorflow/tensorflow/commit/aab9998916c2ffbd8f0592059fad352622f89cda", - "cve": "CVE-2021-41223", - "id": "pyup.io-55621", - "more_info_path": "/vulnerabilities/CVE-2021-41223/55621", + "advisory": "Tensorflow-cpu versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41201: In affected versions, during execution, 'EinsumHelper::ParseEquation()' is supposed to set the flags in 'input_has_ellipsis' vector and '*output_has_ellipsis' boolean to indicate whether there is ellipsis in the corresponding inputs and output. However, the code only changes these flags to 'true' and never assigns 'false'. This results in unitialized variable access if callers assume that 'EinsumHelper::ParseEquation()' always sets these flags. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-j86v-p27c-73fm\nhttps://github.com/tensorflow/tensorflow/commit/f09caa532b6e1ac8d2aa61b7832c78c5b79300c6", + "cve": "CVE-2021-41201", + "id": "pyup.io-55615", + "more_info_path": "/vulnerabilities/CVE-2021-41201/55615", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -133239,10 +135243,10 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "Tensorflow-cpu versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41221: In affected versions, the shape inference code for the 'Cudnn*' operations can be tricked into accessing invalid memory via a heap buffer overflow. This occurs because the ranks of the 'input', 'input_h' and 'input_c' parameters are not validated, but code assumes they have certain values. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-cqv6-3phm-hcwx\nhttps://github.com/tensorflow/tensorflow/commit/af5fcebb37c8b5d71c237f4e59c6477015c78ce6", - "cve": "CVE-2021-41221", - "id": "pyup.io-55639", - "more_info_path": "/vulnerabilities/CVE-2021-41221/55639", + "advisory": "Tensorflow-cpu versions 2.4.4, 2.5.2 and 2.6.1 update its dependency 'curl' to v7.78.0 to handle CVE-2021-22926.", + "cve": "CVE-2021-22926", + "id": "pyup.io-55619", + "more_info_path": "/vulnerabilities/CVE-2021-22926/55619", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -133251,10 +135255,10 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "Tensorflow-cpu versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41209: In affected versions, the implementations for convolution operators trigger a division by 0 if passed empty filter tensor arguments. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-6hpv-v2rx-c5g6\nhttps://github.com/tensorflow/tensorflow/commit/f2c3931113eaafe9ef558faaddd48e00a6606235", - "cve": "CVE-2021-41209", - "id": "pyup.io-55616", - "more_info_path": "/vulnerabilities/CVE-2021-41209/55616", + "advisory": "Tensorflow-cpu versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41214: In affected versions, the shape inference code for 'tf.ragged.cross' has an undefined behavior due to binding a reference to 'nullptr'. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-vwhq-49r4-gj9v\nhttps://github.com/tensorflow/tensorflow/commit/fa6b7782fbb14aa08d767bc799c531f5e1fb3bb8", + "cve": "CVE-2021-41214", + "id": "pyup.io-55625", + "more_info_path": "/vulnerabilities/CVE-2021-41214/55625", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -133263,10 +135267,10 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "Tensorflow-cpu versions 2.4.4, 2.5.2 and 2.6.1 update its dependency 'curl' to v7.78.0 to handle CVE-2021-22922.", - "cve": "CVE-2021-22922", - "id": "pyup.io-55611", - "more_info_path": "/vulnerabilities/CVE-2021-22922/55611", + "advisory": "Tensorflow-cpu versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41227: In affected versions, the 'ImmutableConst' operation in TensorFlow can be tricked into reading arbitrary memory contents. This is because the 'tstring' TensorFlow string class has a special case for memory mapped strings but the operation itself does not offer any support for this datatype. The fix is also included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-j8c8-67vp-6mx7\nhttps://github.com/tensorflow/tensorflow/commit/1cb6bb6c2a6019417c9adaf9e6843ba75ee2580b\nhttps://github.com/tensorflow/tensorflow/commit/3712a2d3455e6ccb924daa5724a3652a86f6b585", + "cve": "CVE-2021-41227", + "id": "pyup.io-55612", + "more_info_path": "/vulnerabilities/CVE-2021-41227/55612", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -133275,10 +135279,10 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "Tensorflow-cpu versions 2.4.4, 2.5.2 and 2.6.1 update its dependency 'curl' to v7.78.0 to handle CVE-2021-22925.", - "cve": "CVE-2021-22925", - "id": "pyup.io-55610", - "more_info_path": "/vulnerabilities/CVE-2021-22925/55610", + "advisory": "Tensorflow-cpu versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41202: In affected versions, while calculating the size of the output within the 'tf.range' kernel, there is a conditional statement of type 'int64 = condition ? int64 : double'. Due to C++ implicit conversion rules, both branches of the condition will be cast to 'double' and the result would be truncated before the assignment. This result in overflows. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-xrqm-fpgr-6hhx", + "cve": "CVE-2021-41202", + "id": "pyup.io-55631", + "more_info_path": "/vulnerabilities/CVE-2021-41202/55631", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -133287,10 +135291,10 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "Tensorflow-cpu versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41207: In affected versions, the implementation of 'ParallelConcat' misses some input validation and can produce a division by 0. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-7v94-64hj-m82h\nhttps://github.com/tensorflow/tensorflow/commit/f2c3931113eaafe9ef558faaddd48e00a6606235", - "cve": "CVE-2021-41207", - "id": "pyup.io-55630", - "more_info_path": "/vulnerabilities/CVE-2021-41207/55630", + "advisory": "Tensorflow-cpu versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41198: In affected versions, if 'tf.tile' is called with a large input argument, then the TensorFlow process will crash due to a 'CHECK'-failure caused by an overflow. The number of elements in the output tensor is too much for the 'int64_t' type and the overflow is detected via a 'CHECK' statement. This aborts the process. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-2p25-55c9-h58q", + "cve": "CVE-2021-41198", + "id": "pyup.io-55642", + "more_info_path": "/vulnerabilities/CVE-2021-41198/55642", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -133299,10 +135303,10 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "Tensorflow-cpu versions 2.4.4, 2.5.2 and 2.6.1 update its dependency 'curl' to v7.78.0 to handle CVE-2021-22923.", - "cve": "CVE-2021-22923", - "id": "pyup.io-55628", - "more_info_path": "/vulnerabilities/CVE-2021-22923/55628", + "advisory": "Tensorflow-cpu versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41223: In affected versions, the implementation of 'FusedBatchNorm' kernels is vulnerable to a heap OOB access. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-f54p-f6jp-4rhr\nhttps://github.com/tensorflow/tensorflow/commit/aab9998916c2ffbd8f0592059fad352622f89cda", + "cve": "CVE-2021-41223", + "id": "pyup.io-55621", + "more_info_path": "/vulnerabilities/CVE-2021-41223/55621", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -133311,10 +135315,10 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "Tensorflow-cpu versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41224: In affected versions, the implementation of 'SparseFillEmptyRows' can be made to trigger a heap OOB access. This occurs whenever the size of 'indices' does not match the size of 'values'. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-rg3m-hqc5-344v\nhttps://github.com/tensorflow/tensorflow/commit/67bfd9feeecfb3c61d80f0e46d89c170fbee682b", - "cve": "CVE-2021-41224", - "id": "pyup.io-55622", - "more_info_path": "/vulnerabilities/CVE-2021-41224/55622", + "advisory": "Tensorflow-cpu versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41209: In affected versions, the implementations for convolution operators trigger a division by 0 if passed empty filter tensor arguments. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-6hpv-v2rx-c5g6\nhttps://github.com/tensorflow/tensorflow/commit/f2c3931113eaafe9ef558faaddd48e00a6606235", + "cve": "CVE-2021-41209", + "id": "pyup.io-55616", + "more_info_path": "/vulnerabilities/CVE-2021-41209/55616", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -133323,10 +135327,10 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "Tensorflow-cpu versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41201: In affected versions, during execution, 'EinsumHelper::ParseEquation()' is supposed to set the flags in 'input_has_ellipsis' vector and '*output_has_ellipsis' boolean to indicate whether there is ellipsis in the corresponding inputs and output. However, the code only changes these flags to 'true' and never assigns 'false'. This results in unitialized variable access if callers assume that 'EinsumHelper::ParseEquation()' always sets these flags. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-j86v-p27c-73fm\nhttps://github.com/tensorflow/tensorflow/commit/f09caa532b6e1ac8d2aa61b7832c78c5b79300c6", - "cve": "CVE-2021-41201", - "id": "pyup.io-55615", - "more_info_path": "/vulnerabilities/CVE-2021-41201/55615", + "advisory": "Tensorflow-cpu versions 2.4.4, 2.5.2 and 2.6.1 update its dependency 'curl' to v7.78.0 to handle CVE-2021-22922.", + "cve": "CVE-2021-22922", + "id": "pyup.io-55611", + "more_info_path": "/vulnerabilities/CVE-2021-22922/55611", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -133335,10 +135339,22 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "Tensorflow-cpu versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41227: In affected versions, the 'ImmutableConst' operation in TensorFlow can be tricked into reading arbitrary memory contents. This is because the 'tstring' TensorFlow string class has a special case for memory mapped strings but the operation itself does not offer any support for this datatype. The fix is also included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-j8c8-67vp-6mx7\nhttps://github.com/tensorflow/tensorflow/commit/1cb6bb6c2a6019417c9adaf9e6843ba75ee2580b\nhttps://github.com/tensorflow/tensorflow/commit/3712a2d3455e6ccb924daa5724a3652a86f6b585", - "cve": "CVE-2021-41227", - "id": "pyup.io-55612", - "more_info_path": "/vulnerabilities/CVE-2021-41227/55612", + "advisory": "Tensorflow-cpu versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41207: In affected versions, the implementation of 'ParallelConcat' misses some input validation and can produce a division by 0. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-7v94-64hj-m82h\nhttps://github.com/tensorflow/tensorflow/commit/f2c3931113eaafe9ef558faaddd48e00a6606235", + "cve": "CVE-2021-41207", + "id": "pyup.io-55630", + "more_info_path": "/vulnerabilities/CVE-2021-41207/55630", + "specs": [ + "<2.4.4", + ">=2.5.0rc0,<2.5.2", + ">=2.6.0rc0,<2.6.1" + ], + "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" + }, + { + "advisory": "Tensorflow-cpu versions 2.4.4, 2.5.2 and 2.6.1 update its dependency 'curl' to v7.78.0 to handle CVE-2021-22923.", + "cve": "CVE-2021-22923", + "id": "pyup.io-55628", + "more_info_path": "/vulnerabilities/CVE-2021-22923/55628", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -133406,18 +135422,6 @@ ], "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, - { - "advisory": "Tensorflow-cpu versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41202: In affected versions, while calculating the size of the output within the 'tf.range' kernel, there is a conditional statement of type 'int64 = condition ? int64 : double'. Due to C++ implicit conversion rules, both branches of the condition will be cast to 'double' and the result would be truncated before the assignment. This result in overflows. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-xrqm-fpgr-6hhx", - "cve": "CVE-2021-41202", - "id": "pyup.io-55631", - "more_info_path": "/vulnerabilities/CVE-2021-41202/55631", - "specs": [ - "<2.4.4", - ">=2.5.0rc0,<2.5.2", - ">=2.6.0rc0,<2.6.1" - ], - "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" - }, { "advisory": "Tensorflow-cpu versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41216: In affected versions, the shape inference function for 'Transpose' is vulnerable to a heap buffer overflow. This occurs whenever 'perm' contains negative elements. The shape inference function does not validate that the indices in 'perm' are all valid. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-3ff2-r28g-w7h9\nhttps://github.com/tensorflow/tensorflow/commit/c79ba87153ee343401dbe9d1954d7f79e521eb14", "cve": "CVE-2021-41216", @@ -133466,6 +135470,18 @@ ], "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, + { + "advisory": "The TensorFlow Grappler component is susceptible to a denial of service due to a `CHECK`-failure during constant folding. This issue arises when the user-controlled `output_prop` tensor's shape triggers one of the `CHECK`s in the `PartialTensorShape` constructor. This vulnerability has been identified as TFSA-2021-198.\r\n\r\nThe problem has been resolved in GitHub commit be7b286d40bc68cb0b56f702186cc4837d508058, and the fix will be implemented in TensorFlow 2.8.0. Additionally, this patched commit will be incorporated into TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these versions are also affected and within the currently supported range.\r\n\r\nFurther information on this issue, along with details about our security model and how to get in touch with us for queries or concerns, can be found in our security guide.", + "cve": "PVE-2023-99918", + "id": "pyup.io-61994", + "more_info_path": "/vulnerabilities/PVE-2023-99918/61994", + "specs": [ + "<2.5.3", + "==2.7.0", + ">=2.6.0,<2.6.3" + ], + "v": "<2.5.3,==2.7.0,>=2.6.0,<2.6.3" + }, { "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3 and 2.7.1 update its dependency 'icu' to v69.1 to include a security fix.", "cve": "CVE-2020-10531", @@ -133479,10 +135495,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1" }, { - "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21730: The implementation of 'FractionalAvgPoolGrad' does not consider cases where the input tensors are invalid allowing an attacker to read from outside of bounds of heap.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-vjg4-v33c-ggc4", - "cve": "CVE-2022-21730", - "id": "pyup.io-55561", - "more_info_path": "/vulnerabilities/CVE-2022-21730/55561", + "advisory": "Tensorflow-cpu is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, TensorFlow might do a null-dereference if attributes of some mutable arguments to some operations are missing from the proto. This is guarded by a `DCHECK`. However, `DCHECK` is a no-op in production builds and an assertion failure in debug builds. In the first case execution proceeds to the dereferencing of the null pointer, whereas in the second case it results in a crash due to the assertion failure. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, and TensorFlow 2.6.3, as these are also affected and still in supported range.", + "cve": "CVE-2022-23570", + "id": "pyup.io-55565", + "more_info_path": "/vulnerabilities/CVE-2022-23570/55565", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -133492,10 +135508,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow-cpu is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, TensorFlow might do a null-dereference if attributes of some mutable arguments to some operations are missing from the proto. This is guarded by a `DCHECK`. However, `DCHECK` is a no-op in production builds and an assertion failure in debug builds. In the first case execution proceeds to the dereferencing of the null pointer, whereas in the second case it results in a crash due to the assertion failure. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, and TensorFlow 2.6.3, as these are also affected and still in supported range.", - "cve": "CVE-2022-23570", - "id": "pyup.io-55565", - "more_info_path": "/vulnerabilities/CVE-2022-23570/55565", + "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21732: The implementation of 'ThreadPoolHandle' can be used to trigger a denial of service attack by allocating too much memory. This is because the 'num_threads' argument is only checked to not be negative, but there is no upper bound on its value.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-c582-c96p-r5cq", + "cve": "CVE-2022-21732", + "id": "pyup.io-55598", + "more_info_path": "/vulnerabilities/CVE-2022-21732/55598", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -133505,10 +135521,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21732: The implementation of 'ThreadPoolHandle' can be used to trigger a denial of service attack by allocating too much memory. This is because the 'num_threads' argument is only checked to not be negative, but there is no upper bound on its value.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-c582-c96p-r5cq", - "cve": "CVE-2022-21732", - "id": "pyup.io-55598", - "more_info_path": "/vulnerabilities/CVE-2022-21732/55598", + "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21739: The implementation of 'QuantizedMaxPool' has an undefined behavior where user controlled inputs can trigger a reference binding to null pointer.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-3mw4-6rj6-74g5", + "cve": "CVE-2022-21739", + "id": "pyup.io-55580", + "more_info_path": "/vulnerabilities/CVE-2022-21739/55580", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -133518,10 +135534,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a 'SavedModel' such that any binary op would trigger 'CHECK' failures. This occurs when the protobuf part corresponding to the tensor arguments is modified such that the 'dtype' no longer matches the 'dtype' expected by the op. In that case, calling the templated binary operator for the binary op would receive corrupted data, due to the type confusion involved. If 'Tin' and 'Tout' don't match the type of data in 'out' and 'input_*' tensors then 'flat<*>' would interpret it wrongly. In most cases, this would be a silent failure, but we have noticed scenarios where this results in a 'CHECK' crash, hence a denial of service. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", - "cve": "CVE-2022-23583", - "id": "pyup.io-55569", - "more_info_path": "/vulnerabilities/CVE-2022-23583/55569", + "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21725: The estimator for the cost of some convolution operations can be made to execute a division by 0. The function fails to check that the stride argument is strictly positive. Hence, the fix is to add a check for the stride argument to ensure it is valid.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-v3f7-j968-4h5f", + "cve": "CVE-2022-21725", + "id": "pyup.io-55590", + "more_info_path": "/vulnerabilities/CVE-2022-21725/55590", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -133531,10 +135547,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow-cpu is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow is vulnerable to an integer overflow during cost estimation for crop and resize. Since the cropping parameters are user controlled, a malicious person can trigger undefined behavior. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", - "cve": "CVE-2022-23587", - "id": "pyup.io-55589", - "more_info_path": "/vulnerabilities/CVE-2022-23587/55589", + "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23561: An attacker can craft a TFLite model that would cause a write outside of bounds of an array in TFLite. In fact, the attacker can override the linked list used by the memory allocator. This can be leveraged for an arbitrary write primitive under certain conditions.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9c78-vcq7-7vxq", + "cve": "CVE-2022-23561", + "id": "pyup.io-55608", + "more_info_path": "/vulnerabilities/CVE-2022-23561/55608", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -133544,10 +135560,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21739: The implementation of 'QuantizedMaxPool' has an undefined behavior where user controlled inputs can trigger a reference binding to null pointer.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-3mw4-6rj6-74g5", - "cve": "CVE-2022-21739", - "id": "pyup.io-55580", - "more_info_path": "/vulnerabilities/CVE-2022-21739/55580", + "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23579: The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a 'SavedModel' such that 'SafeToRemoveIdentity' would trigger 'CHECK' failures.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-5f2r-qp73-37mr", + "cve": "CVE-2022-23579", + "id": "pyup.io-55601", + "more_info_path": "/vulnerabilities/CVE-2022-23579/55601", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -133557,10 +135573,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21725: The estimator for the cost of some convolution operations can be made to execute a division by 0. The function fails to check that the stride argument is strictly positive. Hence, the fix is to add a check for the stride argument to ensure it is valid.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-v3f7-j968-4h5f", - "cve": "CVE-2022-21725", - "id": "pyup.io-55590", - "more_info_path": "/vulnerabilities/CVE-2022-21725/55590", + "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21730: The implementation of 'FractionalAvgPoolGrad' does not consider cases where the input tensors are invalid allowing an attacker to read from outside of bounds of heap.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-vjg4-v33c-ggc4", + "cve": "CVE-2022-21730", + "id": "pyup.io-55561", + "more_info_path": "/vulnerabilities/CVE-2022-21730/55561", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -133570,10 +135586,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23557: An attacker can craft a TFLite model that would trigger a division by zero in 'BiasAndClamp' implementation. There is no check that the 'bias_size' is non zero.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-gf2j-f278-xh4v", - "cve": "CVE-2022-23557", - "id": "pyup.io-55592", - "more_info_path": "/vulnerabilities/CVE-2022-23557/55592", + "advisory": "Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a 'SavedModel' such that any binary op would trigger 'CHECK' failures. This occurs when the protobuf part corresponding to the tensor arguments is modified such that the 'dtype' no longer matches the 'dtype' expected by the op. In that case, calling the templated binary operator for the binary op would receive corrupted data, due to the type confusion involved. If 'Tin' and 'Tout' don't match the type of data in 'out' and 'input_*' tensors then 'flat<*>' would interpret it wrongly. In most cases, this would be a silent failure, but we have noticed scenarios where this results in a 'CHECK' crash, hence a denial of service. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", + "cve": "CVE-2022-23583", + "id": "pyup.io-55569", + "more_info_path": "/vulnerabilities/CVE-2022-23583/55569", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -133583,10 +135599,23 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23561: An attacker can craft a TFLite model that would cause a write outside of bounds of an array in TFLite. In fact, the attacker can override the linked list used by the memory allocator. This can be leveraged for an arbitrary write primitive under certain conditions.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9c78-vcq7-7vxq", - "cve": "CVE-2022-23561", - "id": "pyup.io-55608", - "more_info_path": "/vulnerabilities/CVE-2022-23561/55608", + "advisory": "Tensorflow-cpu is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow is vulnerable to an integer overflow during cost estimation for crop and resize. Since the cropping parameters are user controlled, a malicious person can trigger undefined behavior. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", + "cve": "CVE-2022-23587", + "id": "pyup.io-55589", + "more_info_path": "/vulnerabilities/CVE-2022-23587/55589", + "specs": [ + "<2.5.3", + ">=2.6.0a0,<2.6.3", + ">=2.7.0a0,<2.7.1", + ">=2.8.0a0,<2.8.0" + ], + "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" + }, + { + "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23557: An attacker can craft a TFLite model that would trigger a division by zero in 'BiasAndClamp' implementation. There is no check that the 'bias_size' is non zero.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-gf2j-f278-xh4v", + "cve": "CVE-2022-23557", + "id": "pyup.io-55592", + "more_info_path": "/vulnerabilities/CVE-2022-23557/55592", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -133622,10 +135651,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23579: The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a 'SavedModel' such that 'SafeToRemoveIdentity' would trigger 'CHECK' failures.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-5f2r-qp73-37mr", - "cve": "CVE-2022-23579", - "id": "pyup.io-55601", - "more_info_path": "/vulnerabilities/CVE-2022-23579/55601", + "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23595: When building an XLA compilation cache, if default settings are used, TensorFlow triggers a null pointer dereference. In the default scenario, all devices are allowed, so 'flr->config_proto' is 'nullptr'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-fpcp-9h7m-ffpx", + "cve": "CVE-2022-23595", + "id": "pyup.io-55563", + "more_info_path": "/vulnerabilities/CVE-2022-23595/55563", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -133635,10 +135664,153 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23595: When building an XLA compilation cache, if default settings are used, TensorFlow triggers a null pointer dereference. In the default scenario, all devices are allowed, so 'flr->config_proto' is 'nullptr'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-fpcp-9h7m-ffpx", - "cve": "CVE-2022-23595", - "id": "pyup.io-55563", - "more_info_path": "/vulnerabilities/CVE-2022-23595/55563", + "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23558: An attacker can craft a TFLite model that would cause an integer overflow in 'TfLiteIntArrayCreate'. The 'TfLiteIntArrayGetSizeInBytes' returns an 'int' instead of a 'size_t'. An attacker can control model inputs such that 'computed_size' overflows the size of 'int' datatype.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9gwq-6cwj-47h3", + "cve": "CVE-2022-23558", + "id": "pyup.io-55578", + "more_info_path": "/vulnerabilities/CVE-2022-23558/55578", + "specs": [ + "<2.5.3", + ">=2.6.0a0,<2.6.3", + ">=2.7.0a0,<2.7.1", + ">=2.8.0a0,<2.8.0" + ], + "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" + }, + { + "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21735: The implementation of 'FractionalMaxPool' can be made to crash a TensorFlow process via a division by 0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-87v6-crgm-2gfj", + "cve": "CVE-2022-21735", + "id": "pyup.io-55591", + "more_info_path": "/vulnerabilities/CVE-2022-21735/55591", + "specs": [ + "<2.5.3", + ">=2.6.0a0,<2.6.3", + ">=2.7.0a0,<2.7.1", + ">=2.8.0a0,<2.8.0" + ], + "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" + }, + { + "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23581: The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a 'SavedModel' such that 'IsSimplifiableReshape' would trigger 'CHECK' failures.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-fq86-3f29-px2c", + "cve": "CVE-2022-23581", + "id": "pyup.io-55573", + "more_info_path": "/vulnerabilities/CVE-2022-23581/55573", + "specs": [ + "<2.5.3", + ">=2.6.0a0,<2.6.3", + ">=2.7.0a0,<2.7.1", + ">=2.8.0a0,<2.8.0" + ], + "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" + }, + { + "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21736: The implementation of 'SparseTensorSliceDataset' has an undefined behavior: under certain conditions, it can be made to dereference a 'nullptr' value. The 3 input arguments to 'SparseTensorSliceDataset' represent a sparse tensor. However, there are some preconditions that these arguments must satisfy, but these are not validated in the implementation.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-pfjj-m3jj-9jc9", + "cve": "CVE-2022-21736", + "id": "pyup.io-55562", + "more_info_path": "/vulnerabilities/CVE-2022-21736/55562", + "specs": [ + "<2.5.3", + ">=2.6.0a0,<2.6.3", + ">=2.7.0a0,<2.7.1", + ">=2.8.0a0,<2.8.0" + ], + "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" + }, + { + "advisory": "Tensorflow-cpu is an Open Source Machine Learning Framework. If a graph node is invalid, TensorFlow can leak memory in the implementation of `ImmutableExecutorState::Initialize`. Here, we set `item->kernel` to `nullptr` but it is a simple `OpKernel*` pointer so the memory that was previously allocated to it would leak. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", + "cve": "CVE-2022-23578", + "id": "pyup.io-55571", + "more_info_path": "/vulnerabilities/CVE-2022-23578/55571", + "specs": [ + "<2.5.3", + ">=2.6.0a0,<2.6.3", + ">=2.7.0a0,<2.7.1", + ">=2.8.0a0,<2.8.0" + ], + "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" + }, + { + "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21741: An attacker can craft a TFLite model that would trigger a division by zero in the implementation of depthwise convolutions. The parameters of the convolution can be user controlled and are also used within a division operation to determine the size of the padding that needs to be added before applying the convolution. There is no check before this division that the divisor is strictly positive.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-428x-9xc2-m8mj", + "cve": "CVE-2022-21741", + "id": "pyup.io-55564", + "more_info_path": "/vulnerabilities/CVE-2022-21741/55564", + "specs": [ + "<2.5.3", + ">=2.6.0a0,<2.6.3", + ">=2.7.0a0,<2.7.1", + ">=2.8.0a0,<2.8.0" + ], + "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" + }, + { + "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21728: The implementation of shape inference for 'ReverseSequence' does not fully validate the value of 'batch_dim' and can result in a heap OOB read. There is a check to make sure the value of 'batch_dim' does not go over the rank of the input, but there is no check for negative values. Negative dimensions are allowed in some cases to mimic Python's negative indexing (i.e., indexing from the end of the array), however if the value is too negative then the implementation of 'Dim' would access elements before the start of an array.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-6gmv-pjp9-p8w8", + "cve": "CVE-2022-21728", + "id": "pyup.io-55559", + "more_info_path": "/vulnerabilities/CVE-2022-21728/55559", + "specs": [ + "<2.5.3", + ">=2.6.0a0,<2.6.3", + ">=2.7.0a0,<2.7.1", + ">=2.8.0a0,<2.8.0" + ], + "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" + }, + { + "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23582: A malicious user can cause a denial of service by altering a 'SavedModel' such that 'TensorByteSize' would trigger 'CHECK' failures. 'TensorShape' constructor throws a 'CHECK'-fail if shape is partial or has a number of elements that would overflow the size of an 'int'. The 'PartialTensorShape' constructor instead does not cause a 'CHECK'-abort if the shape is partial, which is exactly what this function needs to be able to return '-1'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-4j82-5ccr-4r8v", + "cve": "CVE-2022-23582", + "id": "pyup.io-55606", + "more_info_path": "/vulnerabilities/CVE-2022-23582/55606", + "specs": [ + "<2.5.3", + ">=2.6.0a0,<2.6.3", + ">=2.7.0a0,<2.7.1", + ">=2.8.0a0,<2.8.0" + ], + "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" + }, + { + "advisory": "Tensorflow-cpu is an Open Source Machine Learning Framework. When decoding PNG images TensorFlow can produce a memory leak if the image is invalid. After calling `png::CommonInitDecode(..., &decode)`, the `decode` value contains allocated buffers which can only be freed by calling `png::CommonFreeDecode(&decode)`. However, several error case in the function implementation invoke the `OP_REQUIRES` macro which immediately terminates the execution of the function, without allowing for the memory free to occur. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", + "cve": "CVE-2022-23585", + "id": "pyup.io-55567", + "more_info_path": "/vulnerabilities/CVE-2022-23585/55567", + "specs": [ + "<2.5.3", + ">=2.6.0a0,<2.6.3", + ">=2.7.0a0,<2.7.1", + ">=2.8.0a0,<2.8.0" + ], + "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" + }, + { + "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23562: The implementation of 'Range' suffers from integer overflows. These can trigger undefined behavior or, in some scenarios, extremely large allocations.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-qx3f-p745-w4hr", + "cve": "CVE-2022-23562", + "id": "pyup.io-55602", + "more_info_path": "/vulnerabilities/CVE-2022-23562/55602", + "specs": [ + "<2.5.3", + ">=2.6.0a0,<2.6.3", + ">=2.7.0a0,<2.7.1", + ">=2.8.0a0,<2.8.0" + ], + "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" + }, + { + "advisory": "Tensorflow is an Open Source Machine Learning Framework. The 'GraphDef' format in TensorFlow does not allow self recursive functions. The runtime assumes that this invariant is satisfied. However, a 'GraphDef' containing a fragment such as the following can be consumed when loading a 'SavedModel'. This would result in a stack overflow during execution as resolving each 'NodeDef' means resolving the function itself and its nodes. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", + "cve": "CVE-2022-23591", + "id": "pyup.io-55597", + "more_info_path": "/vulnerabilities/CVE-2022-23591/55597", + "specs": [ + "<2.5.3", + ">=2.6.0a0,<2.6.3", + ">=2.7.0a0,<2.7.1", + ">=2.8.0a0,<2.8.0" + ], + "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" + }, + { + "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21731: The implementation of shape inference for 'ConcatV2' can be used to trigger a denial of service attack via a segfault caused by a type confusion. The 'axis' argument is translated into 'concat_dim' in the 'ConcatShapeHelper' helper function. Then, a value for 'min_rank' is computed based on 'concat_dim'. This is then used to validate that the 'values' tensor has at least the required rank. However, 'WithRankAtLeast' receives the lower bound as a 64-bits value and then compares it against the maximum 32-bits integer value that could be represented. Due to the fact that 'min_rank' is a 32-bits value and the value of 'axis', the 'rank' argument is a negative value, so the error check is bypassed.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-m4hf-j54p-p353", + "cve": "CVE-2022-21731", + "id": "pyup.io-55609", + "more_info_path": "/vulnerabilities/CVE-2022-21731/55609", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -133673,19 +135845,6 @@ ], "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, - { - "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23558: An attacker can craft a TFLite model that would cause an integer overflow in 'TfLiteIntArrayCreate'. The 'TfLiteIntArrayGetSizeInBytes' returns an 'int' instead of a 'size_t'. An attacker can control model inputs such that 'computed_size' overflows the size of 'int' datatype.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9gwq-6cwj-47h3", - "cve": "CVE-2022-23558", - "id": "pyup.io-55578", - "more_info_path": "/vulnerabilities/CVE-2022-23558/55578", - "specs": [ - "<2.5.3", - ">=2.6.0a0,<2.6.3", - ">=2.7.0a0,<2.7.1", - ">=2.8.0a0,<2.8.0" - ], - "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" - }, { "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23567: The implementations of 'Sparse*Cwise*' ops are vulnerable to integer overflows. These can be used to trigger large allocations (so, OOM based denial of service) or 'CHECK'-fails when building new 'TensorShape' objects (so, assert failures based denial of service). There are missing some validation on the shapes of the input tensors as well as directly constructing a large 'TensorShape' with user-provided dimensions.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-rrx2-r989-2c43", "cve": "CVE-2022-23567", @@ -133777,32 +135936,6 @@ ], "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, - { - "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21735: The implementation of 'FractionalMaxPool' can be made to crash a TensorFlow process via a division by 0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-87v6-crgm-2gfj", - "cve": "CVE-2022-21735", - "id": "pyup.io-55591", - "more_info_path": "/vulnerabilities/CVE-2022-21735/55591", - "specs": [ - "<2.5.3", - ">=2.6.0a0,<2.6.3", - ">=2.7.0a0,<2.7.1", - ">=2.8.0a0,<2.8.0" - ], - "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" - }, - { - "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23581: The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a 'SavedModel' such that 'IsSimplifiableReshape' would trigger 'CHECK' failures.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-fq86-3f29-px2c", - "cve": "CVE-2022-23581", - "id": "pyup.io-55573", - "more_info_path": "/vulnerabilities/CVE-2022-23581/55573", - "specs": [ - "<2.5.3", - ">=2.6.0a0,<2.6.3", - ">=2.7.0a0,<2.7.1", - ">=2.8.0a0,<2.8.0" - ], - "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" - }, { "advisory": "Tensorflow-cpu is an Open Source Machine Learning Framework. The implementation of `GetInitOp` is vulnerable to a crash caused by dereferencing a null pointer. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "cve": "CVE-2022-23577", @@ -133829,19 +135962,6 @@ ], "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, - { - "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21736: The implementation of 'SparseTensorSliceDataset' has an undefined behavior: under certain conditions, it can be made to dereference a 'nullptr' value. The 3 input arguments to 'SparseTensorSliceDataset' represent a sparse tensor. However, there are some preconditions that these arguments must satisfy, but these are not validated in the implementation.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-pfjj-m3jj-9jc9", - "cve": "CVE-2022-21736", - "id": "pyup.io-55562", - "more_info_path": "/vulnerabilities/CVE-2022-21736/55562", - "specs": [ - "<2.5.3", - ">=2.6.0a0,<2.6.3", - ">=2.7.0a0,<2.7.1", - ">=2.8.0a0,<2.8.0" - ], - "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" - }, { "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23559: An attacker can craft a TFLite model that would cause an integer overflow in embedding lookup operations. Both 'embedding_size' and 'lookup_size' are products of values provided by the user. Hence, a malicious user could trigger overflows in the multiplication. In certain scenarios, this can then result in heap OOB read/write.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-98p5-x8x4-c9m5", "cve": "CVE-2022-23559", @@ -133946,19 +136066,6 @@ ], "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, - { - "advisory": "Tensorflow-cpu is an Open Source Machine Learning Framework. If a graph node is invalid, TensorFlow can leak memory in the implementation of `ImmutableExecutorState::Initialize`. Here, we set `item->kernel` to `nullptr` but it is a simple `OpKernel*` pointer so the memory that was previously allocated to it would leak. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", - "cve": "CVE-2022-23578", - "id": "pyup.io-55571", - "more_info_path": "/vulnerabilities/CVE-2022-23578/55571", - "specs": [ - "<2.5.3", - ">=2.6.0a0,<2.6.3", - ">=2.7.0a0,<2.7.1", - ">=2.8.0a0,<2.8.0" - ], - "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" - }, { "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21740: The implementation of 'SparseCountSparseOutput' is vulnerable to a heap overflow.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-44qp-9wwf-734r", "cve": "CVE-2022-21740", @@ -133972,19 +136079,6 @@ ], "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, - { - "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21741: An attacker can craft a TFLite model that would trigger a division by zero in the implementation of depthwise convolutions. The parameters of the convolution can be user controlled and are also used within a division operation to determine the size of the padding that needs to be added before applying the convolution. There is no check before this division that the divisor is strictly positive.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-428x-9xc2-m8mj", - "cve": "CVE-2022-21741", - "id": "pyup.io-55564", - "more_info_path": "/vulnerabilities/CVE-2022-21741/55564", - "specs": [ - "<2.5.3", - ">=2.6.0a0,<2.6.3", - ">=2.7.0a0,<2.7.1", - ">=2.8.0a0,<2.8.0" - ], - "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" - }, { "advisory": "Tensorflow-cpu is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow can trigger a null pointer dereference. There are 2 places where this can occur, for the same malicious alteration of a `SavedModel` file (fixing the first one would trigger the same dereference in the second place). First, during constant folding, the `GraphDef` might not have the required nodes for the binary operation. If a node is missing, the correposning `mul_*child` would be null, and the dereference in the subsequent line would be incorrect. We have a similar issue during `IsIdentityConsumingSwitch`. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "cve": "CVE-2022-23589", @@ -134024,19 +136118,6 @@ ], "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, - { - "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21728: The implementation of shape inference for 'ReverseSequence' does not fully validate the value of 'batch_dim' and can result in a heap OOB read. There is a check to make sure the value of 'batch_dim' does not go over the rank of the input, but there is no check for negative values. Negative dimensions are allowed in some cases to mimic Python's negative indexing (i.e., indexing from the end of the array), however if the value is too negative then the implementation of 'Dim' would access elements before the start of an array.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-6gmv-pjp9-p8w8", - "cve": "CVE-2022-21728", - "id": "pyup.io-55559", - "more_info_path": "/vulnerabilities/CVE-2022-21728/55559", - "specs": [ - "<2.5.3", - ">=2.6.0a0,<2.6.3", - ">=2.7.0a0,<2.7.1", - ">=2.8.0a0,<2.8.0" - ], - "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" - }, { "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23568: The implementation of 'AddManySparseToTensorsMap' is vulnerable to an integer overflow which results in a 'CHECK'-fail when building new 'TensorShape' objects (so, an assert failure based denial of service). There are missing some validation on the shapes of the input tensors as well as directly constructing a large 'TensorShape' with user-provided dimensions.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-6445-fm66-fvq2", "cve": "CVE-2022-23568", @@ -134063,32 +136144,6 @@ ], "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, - { - "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23582: A malicious user can cause a denial of service by altering a 'SavedModel' such that 'TensorByteSize' would trigger 'CHECK' failures. 'TensorShape' constructor throws a 'CHECK'-fail if shape is partial or has a number of elements that would overflow the size of an 'int'. The 'PartialTensorShape' constructor instead does not cause a 'CHECK'-abort if the shape is partial, which is exactly what this function needs to be able to return '-1'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-4j82-5ccr-4r8v", - "cve": "CVE-2022-23582", - "id": "pyup.io-55606", - "more_info_path": "/vulnerabilities/CVE-2022-23582/55606", - "specs": [ - "<2.5.3", - ">=2.6.0a0,<2.6.3", - ">=2.7.0a0,<2.7.1", - ">=2.8.0a0,<2.8.0" - ], - "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" - }, - { - "advisory": "Tensorflow-cpu is an Open Source Machine Learning Framework. When decoding PNG images TensorFlow can produce a memory leak if the image is invalid. After calling `png::CommonInitDecode(..., &decode)`, the `decode` value contains allocated buffers which can only be freed by calling `png::CommonFreeDecode(&decode)`. However, several error case in the function implementation invoke the `OP_REQUIRES` macro which immediately terminates the execution of the function, without allowing for the memory free to occur. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", - "cve": "CVE-2022-23585", - "id": "pyup.io-55567", - "more_info_path": "/vulnerabilities/CVE-2022-23585/55567", - "specs": [ - "<2.5.3", - ">=2.6.0a0,<2.6.3", - ">=2.7.0a0,<2.7.1", - ">=2.8.0a0,<2.8.0" - ], - "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" - }, { "advisory": "Tensorflow-cpu is an Open Source Machine Learning Framework. There is a typo in TensorFlow's `SpecializeType` which results in heap OOB read/write. Due to a typo, `arg` is initialized to the `i`th mutable argument in a loop where the loop index is `j`. Hence it is possible to assign to `arg` from outside the vector of arguments. Since this is a mutable proto value, it allows both read and write to outside of bounds data. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, and TensorFlow 2.6.3, as these are also affected and still in supported range.", "cve": "CVE-2022-23574", @@ -134102,45 +136157,6 @@ ], "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, - { - "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23562: The implementation of 'Range' suffers from integer overflows. These can trigger undefined behavior or, in some scenarios, extremely large allocations.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-qx3f-p745-w4hr", - "cve": "CVE-2022-23562", - "id": "pyup.io-55602", - "more_info_path": "/vulnerabilities/CVE-2022-23562/55602", - "specs": [ - "<2.5.3", - ">=2.6.0a0,<2.6.3", - ">=2.7.0a0,<2.7.1", - ">=2.8.0a0,<2.8.0" - ], - "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" - }, - { - "advisory": "Tensorflow is an Open Source Machine Learning Framework. The 'GraphDef' format in TensorFlow does not allow self recursive functions. The runtime assumes that this invariant is satisfied. However, a 'GraphDef' containing a fragment such as the following can be consumed when loading a 'SavedModel'. This would result in a stack overflow during execution as resolving each 'NodeDef' means resolving the function itself and its nodes. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", - "cve": "CVE-2022-23591", - "id": "pyup.io-55597", - "more_info_path": "/vulnerabilities/CVE-2022-23591/55597", - "specs": [ - "<2.5.3", - ">=2.6.0a0,<2.6.3", - ">=2.7.0a0,<2.7.1", - ">=2.8.0a0,<2.8.0" - ], - "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" - }, - { - "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21731: The implementation of shape inference for 'ConcatV2' can be used to trigger a denial of service attack via a segfault caused by a type confusion. The 'axis' argument is translated into 'concat_dim' in the 'ConcatShapeHelper' helper function. Then, a value for 'min_rank' is computed based on 'concat_dim'. This is then used to validate that the 'values' tensor has at least the required rank. However, 'WithRankAtLeast' receives the lower bound as a 64-bits value and then compares it against the maximum 32-bits integer value that could be represented. Due to the fact that 'min_rank' is a 32-bits value and the value of 'axis', the 'rank' argument is a negative value, so the error check is bypassed.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-m4hf-j54p-p353", - "cve": "CVE-2022-21731", - "id": "pyup.io-55609", - "more_info_path": "/vulnerabilities/CVE-2022-21731/55609", - "specs": [ - "<2.5.3", - ">=2.6.0a0,<2.6.3", - ">=2.7.0a0,<2.7.1", - ">=2.8.0a0,<2.8.0" - ], - "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" - }, { "advisory": "Tensorflow-cpu versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21726: The implementation of 'Dequantize' does not fully validate the value of 'axis' and can result in heap OOB accesses. The 'axis' argument can be '-1' (the default value for the optional argument) or any other positive value at most the number of dimensions of the input. Unfortunately, the upper bound is not checked and this results in reading past the end of the array containing the dimensions of the input tensor.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-23hm-7w47-xw72", "cve": "CVE-2022-21726", @@ -134179,10 +136195,10 @@ "v": "<2.5.3,>=2.6.0rc0,<2.6.3,>=2.7.0rc0,<2.7.1" }, { - "advisory": "Tensorflow-cpu versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29199: Missing validation which causes denial of service via 'LoadAndRemapMatrix'.", - "cve": "CVE-2022-29199", - "id": "pyup.io-55544", - "more_info_path": "/vulnerabilities/CVE-2022-29199/55544", + "advisory": "Tensorflow-cpu versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29208: Segfault and OOB write due to incomplete validation in 'EditDistance'.", + "cve": "CVE-2022-29208", + "id": "pyup.io-55525", + "more_info_path": "/vulnerabilities/CVE-2022-29208/55525", "specs": [ "<2.6.4", ">=2.7.0rc0,<2.7.2", @@ -134192,10 +136208,10 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Tensorflow-cpu versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29208: Segfault and OOB write due to incomplete validation in 'EditDistance'.", - "cve": "CVE-2022-29208", - "id": "pyup.io-55525", - "more_info_path": "/vulnerabilities/CVE-2022-29208/55525", + "advisory": "Tensorflow-cpu versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29199: Missing validation which causes denial of service via 'LoadAndRemapMatrix'.", + "cve": "CVE-2022-29199", + "id": "pyup.io-55544", + "more_info_path": "/vulnerabilities/CVE-2022-29199/55544", "specs": [ "<2.6.4", ">=2.7.0rc0,<2.7.2", @@ -134218,10 +136234,10 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Tensorflow-cpu versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29203: Integer overflow in 'SpaceToBatchND'.", - "cve": "CVE-2022-29203", - "id": "pyup.io-55535", - "more_info_path": "/vulnerabilities/CVE-2022-29203/55535", + "advisory": "Tensorflow-cpu versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29197: Missing validation which causes denial of service via 'UnsortedSegmentJoin'.", + "cve": "CVE-2022-29197", + "id": "pyup.io-55524", + "more_info_path": "/vulnerabilities/CVE-2022-29197/55524", "specs": [ "<2.6.4", ">=2.7.0rc0,<2.7.2", @@ -134231,10 +136247,10 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Tensorflow-cpu versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29197: Missing validation which causes denial of service via 'UnsortedSegmentJoin'.", - "cve": "CVE-2022-29197", - "id": "pyup.io-55524", - "more_info_path": "/vulnerabilities/CVE-2022-29197/55524", + "advisory": "Tensorflow-cpu versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29203: Integer overflow in 'SpaceToBatchND'.", + "cve": "CVE-2022-29203", + "id": "pyup.io-55535", + "more_info_path": "/vulnerabilities/CVE-2022-29203/55535", "specs": [ "<2.6.4", ">=2.7.0rc0,<2.7.2", @@ -134256,6 +136272,58 @@ ], "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, + { + "advisory": "Tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29200: Missing validation which causes denial of service via 'LSTMBlockCell'.", + "cve": "CVE-2022-29200", + "id": "pyup.io-55520", + "more_info_path": "/vulnerabilities/CVE-2022-29200/55520", + "specs": [ + "<2.6.4", + ">=2.7.0rc0,<2.7.2", + ">=2.8.0rc0,<2.8.1", + ">=2.9.0rc0,<2.9.0" + ], + "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" + }, + { + "advisory": "Tensorflow-cpu versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2021-41197: Affected versions allow tensors to have a large number of dimensions and each dimension can be as large as desired. However, the total number of elements in a tensor must fit within an 'int64_t'. If an overflow occurs, 'MultiplyWithoutOverflow' would return a negative result. In the majority of TensorFlow codebase this then results in a 'CHECK'-failure. Newer constructs exist which return a 'Status' instead of crashing the binary. This is similar to CVE-2021-29584.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-prcg-wp5q-rv7p\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-wcv5-vrvr-3rx2\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-mw6j-hh29-h379", + "cve": "CVE-2021-41197", + "id": "pyup.io-55528", + "more_info_path": "/vulnerabilities/CVE-2021-41197/55528", + "specs": [ + "<2.6.4", + ">=2.7.0rc0,<2.7.2", + ">=2.8.0rc0,<2.8.1", + ">=2.9.0rc0,<2.9.0" + ], + "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" + }, + { + "advisory": "Tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29201: Missing validation which results in undefined behavior in 'QuantizedConv2D'.", + "cve": "CVE-2022-29201", + "id": "pyup.io-55537", + "more_info_path": "/vulnerabilities/CVE-2022-29201/55537", + "specs": [ + "<2.6.4", + ">=2.7.0rc0,<2.7.2", + ">=2.8.0rc0,<2.8.1", + ">=2.9.0rc0,<2.9.0" + ], + "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" + }, + { + "advisory": "Tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29196: Missing validation which causes denial of service via 'Conv3DBackpropFilterV2'.", + "cve": "CVE-2022-29196", + "id": "pyup.io-55522", + "more_info_path": "/vulnerabilities/CVE-2022-29196/55522", + "specs": [ + "<2.6.4", + ">=2.7.0rc0,<2.7.2", + ">=2.8.0rc0,<2.8.1", + ">=2.9.0rc0,<2.9.0" + ], + "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" + }, { "advisory": "Tensorflow-cpu versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 update 'zlib' to v1.2.12 to handle CVE-2018-25032.", "cve": "CVE-2018-25032", @@ -134360,19 +136428,6 @@ ], "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, - { - "advisory": "Tensorflow-cpu versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29206: Missing validation which results in undefined behavior in 'SparseTensorDenseAdd'.", - "cve": "CVE-2022-29206", - "id": "pyup.io-55538", - "more_info_path": "/vulnerabilities/CVE-2022-29206/55538", - "specs": [ - "<2.6.4", - ">=2.7.0rc0,<2.7.2", - ">=2.8.0rc0,<2.8.1", - ">=2.9.0rc0,<2.9.0" - ], - "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" - }, { "advisory": "Tensorflow-cpu versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 update 'curl' to v7.83.1 to handle CVE-2022-27780.", "cve": "CVE-2022-27780", @@ -134387,10 +136442,10 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Tensorflow-cpu versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29192: missing validation which crashes 'QuantizeAndDequantizeV4Grad'.", - "cve": "CVE-2022-29192", - "id": "pyup.io-55541", - "more_info_path": "/vulnerabilities/CVE-2022-29192/55541", + "advisory": "Tensorflow-cpu versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29206: Missing validation which results in undefined behavior in 'SparseTensorDenseAdd'.", + "cve": "CVE-2022-29206", + "id": "pyup.io-55538", + "more_info_path": "/vulnerabilities/CVE-2022-29206/55538", "specs": [ "<2.6.4", ">=2.7.0rc0,<2.7.2", @@ -134413,10 +136468,10 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29200: Missing validation which causes denial of service via 'LSTMBlockCell'.", - "cve": "CVE-2022-29200", - "id": "pyup.io-55520", - "more_info_path": "/vulnerabilities/CVE-2022-29200/55520", + "advisory": "Tensorflow-cpu versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29192: missing validation which crashes 'QuantizeAndDequantizeV4Grad'.", + "cve": "CVE-2022-29192", + "id": "pyup.io-55541", + "more_info_path": "/vulnerabilities/CVE-2022-29192/55541", "specs": [ "<2.6.4", ">=2.7.0rc0,<2.7.2", @@ -134438,19 +136493,6 @@ ], "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, - { - "advisory": "Tensorflow-cpu versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2021-41197: Affected versions allow tensors to have a large number of dimensions and each dimension can be as large as desired. However, the total number of elements in a tensor must fit within an 'int64_t'. If an overflow occurs, 'MultiplyWithoutOverflow' would return a negative result. In the majority of TensorFlow codebase this then results in a 'CHECK'-failure. Newer constructs exist which return a 'Status' instead of crashing the binary. This is similar to CVE-2021-29584.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-prcg-wp5q-rv7p\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-wcv5-vrvr-3rx2\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-mw6j-hh29-h379", - "cve": "CVE-2021-41197", - "id": "pyup.io-55528", - "more_info_path": "/vulnerabilities/CVE-2021-41197/55528", - "specs": [ - "<2.6.4", - ">=2.7.0rc0,<2.7.2", - ">=2.8.0rc0,<2.8.1", - ">=2.9.0rc0,<2.9.0" - ], - "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" - }, { "advisory": "Tensorflow-cpu versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 update 'curl' to v7.83.1 to handle CVE-2022-27779.", "cve": "CVE-2022-27779", @@ -134464,32 +136506,6 @@ ], "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, - { - "advisory": "Tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29201: Missing validation which results in undefined behavior in 'QuantizedConv2D'.", - "cve": "CVE-2022-29201", - "id": "pyup.io-55537", - "more_info_path": "/vulnerabilities/CVE-2022-29201/55537", - "specs": [ - "<2.6.4", - ">=2.7.0rc0,<2.7.2", - ">=2.8.0rc0,<2.8.1", - ">=2.9.0rc0,<2.9.0" - ], - "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" - }, - { - "advisory": "Tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29196: Missing validation which causes denial of service via 'Conv3DBackpropFilterV2'.", - "cve": "CVE-2022-29196", - "id": "pyup.io-55522", - "more_info_path": "/vulnerabilities/CVE-2022-29196/55522", - "specs": [ - "<2.6.4", - ">=2.7.0rc0,<2.7.2", - ">=2.8.0rc0,<2.8.1", - ">=2.9.0rc0,<2.9.0" - ], - "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" - }, { "advisory": "Tensorflow-cpu versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29198: Missing validation which causes denial of service via 'SparseTensorToCSRSparseMatrix'.", "cve": "CVE-2022-29198", @@ -134543,10 +136559,10 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Tensorflow-cpu versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29205: Segfault due to missing support for quantized types.", - "cve": "CVE-2022-29205", - "id": "pyup.io-55543", - "more_info_path": "/vulnerabilities/CVE-2022-29205/55543", + "advisory": "Tensorflow-cpu versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29195: Missing validation which causes denial of service via 'StagePeek'.", + "cve": "CVE-2022-29195", + "id": "pyup.io-55526", + "more_info_path": "/vulnerabilities/CVE-2022-29195/55526", "specs": [ "<2.6.4", ">=2.7.0rc0,<2.7.2", @@ -134556,10 +136572,10 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Tensorflow-cpu versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29195: Missing validation which causes denial of service via 'StagePeek'.", - "cve": "CVE-2022-29195", - "id": "pyup.io-55526", - "more_info_path": "/vulnerabilities/CVE-2022-29195/55526", + "advisory": "Tensorflow-cpu versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29205: Segfault due to missing support for quantized types.", + "cve": "CVE-2022-29205", + "id": "pyup.io-55543", + "more_info_path": "/vulnerabilities/CVE-2022-29205/55543", "specs": [ "<2.6.4", ">=2.7.0rc0,<2.7.2", @@ -134634,10 +136650,10 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36016: 'CHECK'-fail in 'tensorflow::full_type::SubstituteFromAttrs'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-g468-qj8g-vcjc", - "cve": "CVE-2022-36016", - "id": "pyup.io-55497", - "more_info_path": "/vulnerabilities/CVE-2022-36016/55497", + "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35987: 'CHECK' fail in 'DenseBincount'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-w62h-8xjm-fv49", + "cve": "CVE-2022-35987", + "id": "pyup.io-55487", + "more_info_path": "/vulnerabilities/CVE-2022-35987/55487", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -134646,10 +136662,34 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35987: 'CHECK' fail in 'DenseBincount'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-w62h-8xjm-fv49", - "cve": "CVE-2022-35987", - "id": "pyup.io-55487", - "more_info_path": "/vulnerabilities/CVE-2022-35987/55487", + "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35963: 'CHECK' failures in 'FractionalAvgPoolGrad'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-84jm-4cf3-9jfm", + "cve": "CVE-2022-35963", + "id": "pyup.io-55507", + "more_info_path": "/vulnerabilities/CVE-2022-35963/55507", + "specs": [ + "<2.7.4", + ">=2.8.0rc0,<2.8.3", + ">=2.9.0rc0,<2.9.2" + ], + "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" + }, + { + "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35937: OOB read in 'Gather_nd' op in TF Lite.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-pxrw-j2fv-hx3h", + "cve": "CVE-2022-35937", + "id": "pyup.io-55459", + "more_info_path": "/vulnerabilities/CVE-2022-35937/55459", + "specs": [ + "<2.7.4", + ">=2.8.0rc0,<2.8.3", + ">=2.9.0rc0,<2.9.2" + ], + "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" + }, + { + "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36016: 'CHECK'-fail in 'tensorflow::full_type::SubstituteFromAttrs'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-g468-qj8g-vcjc", + "cve": "CVE-2022-36016", + "id": "pyup.io-55497", + "more_info_path": "/vulnerabilities/CVE-2022-36016/55497", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -134693,18 +136733,6 @@ ], "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, - { - "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35963: 'CHECK' failures in 'FractionalAvgPoolGrad'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-84jm-4cf3-9jfm", - "cve": "CVE-2022-35963", - "id": "pyup.io-55507", - "more_info_path": "/vulnerabilities/CVE-2022-35963/55507", - "specs": [ - "<2.7.4", - ">=2.8.0rc0,<2.8.3", - ">=2.9.0rc0,<2.9.2" - ], - "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" - }, { "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35992: 'CHECK' fail in 'TensorListFromTensor'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9v8w-xmr4-wgxp", "cve": "CVE-2022-35992", @@ -134741,18 +136769,6 @@ ], "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, - { - "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35937: OOB read in 'Gather_nd' op in TF Lite.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-pxrw-j2fv-hx3h", - "cve": "CVE-2022-35937", - "id": "pyup.io-55459", - "more_info_path": "/vulnerabilities/CVE-2022-35937/55459", - "specs": [ - "<2.7.4", - ">=2.8.0rc0,<2.8.3", - ">=2.9.0rc0,<2.9.2" - ], - "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" - }, { "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35967: Segfault in 'QuantizedAdd'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-v6h3-348g-6h5x", "cve": "CVE-2022-35967", @@ -134813,6 +136829,66 @@ ], "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, + { + "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35999: 'CHECK' fail in 'Conv2DBackpropInput'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-37jf-mjv6-xfqw", + "cve": "CVE-2022-35999", + "id": "pyup.io-55508", + "more_info_path": "/vulnerabilities/CVE-2022-35999/55508", + "specs": [ + "<2.7.4", + ">=2.8.0rc0,<2.8.3", + ">=2.9.0rc0,<2.9.2" + ], + "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" + }, + { + "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35974: Segfault in 'QuantizeDownAndShrinkRange'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-vgvh-2pf4-jr2x", + "cve": "CVE-2022-35974", + "id": "pyup.io-55485", + "more_info_path": "/vulnerabilities/CVE-2022-35974/55485", + "specs": [ + "<2.7.4", + ">=2.8.0rc0,<2.8.3", + ">=2.9.0rc0,<2.9.2" + ], + "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" + }, + { + "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36017: Segfault in 'Requantize'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-wqmc-pm8c-2jhc", + "cve": "CVE-2022-36017", + "id": "pyup.io-55464", + "more_info_path": "/vulnerabilities/CVE-2022-36017/55464", + "specs": [ + "<2.7.4", + ">=2.8.0rc0,<2.8.3", + ">=2.9.0rc0,<2.9.2" + ], + "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" + }, + { + "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35940: Int overflow in 'RaggedRangeOp'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-x989-q2pq-4q5x", + "cve": "CVE-2022-35940", + "id": "pyup.io-55505", + "more_info_path": "/vulnerabilities/CVE-2022-35940/55505", + "specs": [ + "<2.7.4", + ">=2.8.0rc0,<2.8.3", + ">=2.9.0rc0,<2.9.2" + ], + "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" + }, + { + "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36003: 'CHECK' fail in 'RandomPoissonV2'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-cv2p-32v3-vhwq", + "cve": "CVE-2022-36003", + "id": "pyup.io-55466", + "more_info_path": "/vulnerabilities/CVE-2022-36003/55466", + "specs": [ + "<2.7.4", + ">=2.8.0rc0,<2.8.3", + ">=2.9.0rc0,<2.9.2" + ], + "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" + }, { "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36000: 'CHECK' fail in 'Eig'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-fqxc-pvf8-2w9v", "cve": "CVE-2022-36000", @@ -134826,10 +136902,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36014: Null-dereference in 'mlir::tfg::TFOp::nameAttr'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-7j3m-8g3c-9qqq", - "cve": "CVE-2022-36014", - "id": "pyup.io-55495", - "more_info_path": "/vulnerabilities/CVE-2022-36014/55495", + "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36018: 'CHECK' fail in 'RaggedTensorToVariant'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-m6cv-4fmf-66xf", + "cve": "CVE-2022-36018", + "id": "pyup.io-55512", + "more_info_path": "/vulnerabilities/CVE-2022-36018/55512", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -134838,10 +136914,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35999: 'CHECK' fail in 'Conv2DBackpropInput'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-37jf-mjv6-xfqw", - "cve": "CVE-2022-35999", - "id": "pyup.io-55508", - "more_info_path": "/vulnerabilities/CVE-2022-35999/55508", + "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35970: Segfault in 'QuantizedInstanceNorm'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-g35r-369w-3fqp", + "cve": "CVE-2022-35970", + "id": "pyup.io-55503", + "more_info_path": "/vulnerabilities/CVE-2022-35970/55503", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -134850,10 +136926,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35974: Segfault in 'QuantizeDownAndShrinkRange'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-vgvh-2pf4-jr2x", - "cve": "CVE-2022-35974", - "id": "pyup.io-55485", - "more_info_path": "/vulnerabilities/CVE-2022-35974/55485", + "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35973: Segfault in 'QuantizedMatMul'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-689c-r7h2-fv9v", + "cve": "CVE-2022-35973", + "id": "pyup.io-55486", + "more_info_path": "/vulnerabilities/CVE-2022-35973/55486", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -134862,10 +136938,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35979: Segfault in 'QuantizedRelu' and 'QuantizedRelu6'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-v7vw-577f-vp8x", - "cve": "CVE-2022-35979", - "id": "pyup.io-55463", - "more_info_path": "/vulnerabilities/CVE-2022-35979/55463", + "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35985: 'CHECK' fail in 'LRNGrad'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9942-r22v-78cp", + "cve": "CVE-2022-35985", + "id": "pyup.io-55467", + "more_info_path": "/vulnerabilities/CVE-2022-35985/55467", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -134874,10 +136950,34 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36017: Segfault in 'Requantize'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-wqmc-pm8c-2jhc", - "cve": "CVE-2022-36017", - "id": "pyup.io-55464", - "more_info_path": "/vulnerabilities/CVE-2022-36017/55464", + "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35959: 'CHECK' failures in 'AvgPool3DGrad'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-wxjj-cgcx-r3vq", + "cve": "CVE-2022-35959", + "id": "pyup.io-55476", + "more_info_path": "/vulnerabilities/CVE-2022-35959/55476", + "specs": [ + "<2.7.4", + ">=2.8.0rc0,<2.8.3", + ">=2.9.0rc0,<2.9.2" + ], + "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" + }, + { + "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36014: Null-dereference in 'mlir::tfg::TFOp::nameAttr'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-7j3m-8g3c-9qqq", + "cve": "CVE-2022-36014", + "id": "pyup.io-55495", + "more_info_path": "/vulnerabilities/CVE-2022-36014/55495", + "specs": [ + "<2.7.4", + ">=2.8.0rc0,<2.8.3", + ">=2.9.0rc0,<2.9.2" + ], + "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" + }, + { + "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35979: Segfault in 'QuantizedRelu' and 'QuantizedRelu6'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-v7vw-577f-vp8x", + "cve": "CVE-2022-35979", + "id": "pyup.io-55463", + "more_info_path": "/vulnerabilities/CVE-2022-35979/55463", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -134921,18 +137021,6 @@ ], "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, - { - "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36015: Integer overflow in math ops. \nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-rh87-q4vg-m45j", - "cve": "CVE-2022-36015", - "id": "pyup.io-55465", - "more_info_path": "/vulnerabilities/CVE-2022-36015/55465", - "specs": [ - "<2.7.4", - ">=2.8.0rc0,<2.8.3", - ">=2.9.0rc0,<2.9.2" - ], - "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" - }, { "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35952: 'CHECK' failures in 'UnbatchGradOp'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-h5vq-gw2c-pq47", "cve": "CVE-2022-35952", @@ -134958,10 +137046,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35984: 'CHECK' fail in 'ParameterizedTruncatedNormal'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-p2xf-8hgm-hpw5", - "cve": "CVE-2022-35984", - "id": "pyup.io-55473", - "more_info_path": "/vulnerabilities/CVE-2022-35984/55473", + "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36015: Integer overflow in math ops. \nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-rh87-q4vg-m45j", + "cve": "CVE-2022-36015", + "id": "pyup.io-55465", + "more_info_path": "/vulnerabilities/CVE-2022-36015/55465", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -134982,10 +137070,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36013: Null-dereference in 'mlir::tfg::GraphDefImporter::ConvertNodeDef'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-828c-5j5q-vrjq", - "cve": "CVE-2022-36013", - "id": "pyup.io-55480", - "more_info_path": "/vulnerabilities/CVE-2022-36013/55480", + "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35984: 'CHECK' fail in 'ParameterizedTruncatedNormal'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-p2xf-8hgm-hpw5", + "cve": "CVE-2022-35984", + "id": "pyup.io-55473", + "more_info_path": "/vulnerabilities/CVE-2022-35984/55473", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -135006,10 +137094,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35965: Segfault in 'LowerBound' and 'UpperBound'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-qxpx-j395-pw36", - "cve": "CVE-2022-35965", - "id": "pyup.io-55499", - "more_info_path": "/vulnerabilities/CVE-2022-35965/55499", + "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36013: Null-dereference in 'mlir::tfg::GraphDefImporter::ConvertNodeDef'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-828c-5j5q-vrjq", + "cve": "CVE-2022-36013", + "id": "pyup.io-55480", + "more_info_path": "/vulnerabilities/CVE-2022-36013/55480", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -135018,10 +137106,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35994: 'CHECK' fail in 'CollectiveGather'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-fhfc-2q7x-929f", - "cve": "CVE-2022-35994", - "id": "pyup.io-55504", - "more_info_path": "/vulnerabilities/CVE-2022-35994/55504", + "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35965: Segfault in 'LowerBound' and 'UpperBound'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-qxpx-j395-pw36", + "cve": "CVE-2022-35965", + "id": "pyup.io-55499", + "more_info_path": "/vulnerabilities/CVE-2022-35965/55499", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -135030,10 +137118,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35940: Int overflow in 'RaggedRangeOp'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-x989-q2pq-4q5x", - "cve": "CVE-2022-35940", - "id": "pyup.io-55505", - "more_info_path": "/vulnerabilities/CVE-2022-35940/55505", + "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35994: 'CHECK' fail in 'CollectiveGather'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-fhfc-2q7x-929f", + "cve": "CVE-2022-35994", + "id": "pyup.io-55504", + "more_info_path": "/vulnerabilities/CVE-2022-35994/55504", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -135053,18 +137141,6 @@ ], "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, - { - "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36003: 'CHECK' fail in 'RandomPoissonV2'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-cv2p-32v3-vhwq", - "cve": "CVE-2022-36003", - "id": "pyup.io-55466", - "more_info_path": "/vulnerabilities/CVE-2022-36003/55466", - "specs": [ - "<2.7.4", - ">=2.8.0rc0,<2.8.3", - ">=2.9.0rc0,<2.9.2" - ], - "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" - }, { "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36019: 'CHECK' fail in 'FakeQuantWithMinMaxVarsPerChannel'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9j4v-pp28-mxv7", "cve": "CVE-2022-36019", @@ -135089,18 +137165,6 @@ ], "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, - { - "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36018: 'CHECK' fail in 'RaggedTensorToVariant'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-m6cv-4fmf-66xf", - "cve": "CVE-2022-36018", - "id": "pyup.io-55512", - "more_info_path": "/vulnerabilities/CVE-2022-36018/55512", - "specs": [ - "<2.7.4", - ">=2.8.0rc0,<2.8.3", - ">=2.9.0rc0,<2.9.2" - ], - "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" - }, { "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36012: Assertion fail on MLIR empty edge names.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-jvhc-5hhr-w3v5", "cve": "CVE-2022-36012", @@ -135113,18 +137177,6 @@ ], "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, - { - "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35970: Segfault in 'QuantizedInstanceNorm'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-g35r-369w-3fqp", - "cve": "CVE-2022-35970", - "id": "pyup.io-55503", - "more_info_path": "/vulnerabilities/CVE-2022-35970/55503", - "specs": [ - "<2.7.4", - ">=2.8.0rc0,<2.8.3", - ">=2.9.0rc0,<2.9.2" - ], - "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" - }, { "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35971: 'CHECK' fail in 'FakeQuantWithMinMaxVars'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9fpg-838v-wpv7", "cve": "CVE-2022-35971", @@ -135161,18 +137213,6 @@ ], "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, - { - "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35964: Segfault in 'BlockLSTMGradV2'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-f7r5-q7cx-h668", - "cve": "CVE-2022-35964", - "id": "pyup.io-55477", - "more_info_path": "/vulnerabilities/CVE-2022-35964/55477", - "specs": [ - "<2.7.4", - ">=2.8.0rc0,<2.8.3", - ">=2.9.0rc0,<2.9.2" - ], - "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" - }, { "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35981: 'CHECK' fail in 'FractionalMaxPoolGrad'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-vxv8-r8q2-63xw", "cve": "CVE-2022-35981", @@ -135186,10 +137226,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35973: Segfault in 'QuantizedMatMul'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-689c-r7h2-fv9v", - "cve": "CVE-2022-35973", - "id": "pyup.io-55486", - "more_info_path": "/vulnerabilities/CVE-2022-35973/55486", + "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35964: Segfault in 'BlockLSTMGradV2'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-f7r5-q7cx-h668", + "cve": "CVE-2022-35964", + "id": "pyup.io-55477", + "more_info_path": "/vulnerabilities/CVE-2022-35964/55477", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -135221,18 +137261,6 @@ ], "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, - { - "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35985: 'CHECK' fail in 'LRNGrad'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9942-r22v-78cp", - "cve": "CVE-2022-35985", - "id": "pyup.io-55467", - "more_info_path": "/vulnerabilities/CVE-2022-35985/55467", - "specs": [ - "<2.7.4", - ">=2.8.0rc0,<2.8.3", - ">=2.9.0rc0,<2.9.2" - ], - "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" - }, { "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35968: 'CHECK' fail in 'AvgPoolGrad'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-2475-53vw-vp25", "cve": "CVE-2022-35968", @@ -135245,18 +137273,6 @@ ], "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, - { - "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35959: 'CHECK' failures in 'AvgPool3DGrad'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-wxjj-cgcx-r3vq", - "cve": "CVE-2022-35959", - "id": "pyup.io-55476", - "more_info_path": "/vulnerabilities/CVE-2022-35959/55476", - "specs": [ - "<2.7.4", - ">=2.8.0rc0,<2.8.3", - ">=2.9.0rc0,<2.9.2" - ], - "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" - }, { "advisory": "Tensorflow-cpu 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35986: Segfault in 'RaggedBincount'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-wr9v-g9vf-c74v", "cve": "CVE-2022-35986", @@ -135389,6 +137405,42 @@ ], "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, + { + "advisory": "Tensorflow-cpu 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41907: When 'tf.raw_ops.ResizeNearestNeighborGrad' is given a large 'size' input, it overflows.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-368v-7v32-52fx", + "cve": "CVE-2022-41907", + "id": "pyup.io-55448", + "more_info_path": "/vulnerabilities/CVE-2022-41907/55448", + "specs": [ + "<2.8.4", + ">=2.9.0rc0,<2.9.3", + ">=2.10.0rc0,<2.10.1" + ], + "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" + }, + { + "advisory": "Tensorflow-cpu 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41885: When 'tf.raw_ops.FusedResizeAndPadConv2D' is given a large tensor shape, it overflows.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-762h-vpvw-3rcx", + "cve": "CVE-2022-41885", + "id": "pyup.io-55440", + "more_info_path": "/vulnerabilities/CVE-2022-41885/55440", + "specs": [ + "<2.8.4", + ">=2.9.0rc0,<2.9.3", + ">=2.10.0rc0,<2.10.1" + ], + "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" + }, + { + "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41898: If 'SparseFillEmptyRowsGrad' is given empty inputs, TensorFlow will crash.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-hq7g-wwwp-q46h", + "cve": "CVE-2022-41898", + "id": "pyup.io-55455", + "more_info_path": "/vulnerabilities/CVE-2022-41898/55455", + "specs": [ + "<2.8.4", + ">=2.9.0rc0,<2.9.3", + ">=2.10.0rc0,<2.10.1" + ], + "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" + }, { "advisory": "Tensorflow-cpu 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41894: The reference kernel of the 'CONV_3D_TRANSPOSE' TensorFlow Lite operator wrongly increments the data_ptr when adding the bias to the result. Instead of 'data_ptr += num_channels;' it should be 'data_ptr += output_num_channels;' as if the number of input channels is different than the number of output channels, the wrong result will be returned and a buffer overflow will occur if num_channels > output_num_channels. An attacker can craft a model with a specific number of input channels. It is then possible to write specific values through the bias of the layer outside the bounds of the buffer. This attack only works if the reference kernel resolver is used in the interpreter.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-h6q3-vv32-2cq5", "cve": "CVE-2022-41894", @@ -135402,10 +137454,10 @@ "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, { - "advisory": "Tensorflow-cpu 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41895: If 'MirrorPadGrad' is given outsize input 'paddings', TensorFlow will give a heap OOB error.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-gq2j-cr96-gvqx", - "cve": "CVE-2022-41895", - "id": "pyup.io-55436", - "more_info_path": "/vulnerabilities/CVE-2022-41895/55436", + "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41891: If 'tf.raw_ops.TensorListConcat' is given 'element_shape=[]', it results segmentation fault which can be used to trigger a denial of service attack.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-66vq-54fq-6jvv", + "cve": "CVE-2022-41891", + "id": "pyup.io-55437", + "more_info_path": "/vulnerabilities/CVE-2022-41891/55437", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -135414,10 +137466,10 @@ "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, { - "advisory": "Tensorflow-cpu 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41907: When 'tf.raw_ops.ResizeNearestNeighborGrad' is given a large 'size' input, it overflows.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-368v-7v32-52fx", - "cve": "CVE-2022-41907", - "id": "pyup.io-55448", - "more_info_path": "/vulnerabilities/CVE-2022-41907/55448", + "advisory": "Tensorflow-cpu 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41897: If 'FractionMaxPoolGrad' is given outsize inputs 'row_pooling_sequence' and 'col_pooling_sequence', TensorFlow will crash.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-f2w8-jw48-fr7j", + "cve": "CVE-2022-41897", + "id": "pyup.io-55452", + "more_info_path": "/vulnerabilities/CVE-2022-41897/55452", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -135426,10 +137478,10 @@ "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, { - "advisory": "Tensorflow-cpu 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41885: When 'tf.raw_ops.FusedResizeAndPadConv2D' is given a large tensor shape, it overflows.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-762h-vpvw-3rcx", - "cve": "CVE-2022-41885", - "id": "pyup.io-55440", - "more_info_path": "/vulnerabilities/CVE-2022-41885/55440", + "advisory": "Tensorflow-cpu 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41895: If 'MirrorPadGrad' is given outsize input 'paddings', TensorFlow will give a heap OOB error.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-gq2j-cr96-gvqx", + "cve": "CVE-2022-41895", + "id": "pyup.io-55436", + "more_info_path": "/vulnerabilities/CVE-2022-41895/55436", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -135497,18 +137549,6 @@ ], "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, - { - "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41898: If 'SparseFillEmptyRowsGrad' is given empty inputs, TensorFlow will crash.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-hq7g-wwwp-q46h", - "cve": "CVE-2022-41898", - "id": "pyup.io-55455", - "more_info_path": "/vulnerabilities/CVE-2022-41898/55455", - "specs": [ - "<2.8.4", - ">=2.9.0rc0,<2.9.3", - ">=2.10.0rc0,<2.10.1" - ], - "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" - }, { "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41909: An input 'encoded' that is not a valid 'CompositeTensorVariant' tensor will trigger a segfault in 'tf.raw_ops.CompositeTensorVariantToComponents'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-rjx6-v474-2ch9", "cve": "CVE-2022-41909", @@ -135533,30 +137573,6 @@ ], "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, - { - "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41891: If 'tf.raw_ops.TensorListConcat' is given 'element_shape=[]', it results segmentation fault which can be used to trigger a denial of service attack.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-66vq-54fq-6jvv", - "cve": "CVE-2022-41891", - "id": "pyup.io-55437", - "more_info_path": "/vulnerabilities/CVE-2022-41891/55437", - "specs": [ - "<2.8.4", - ">=2.9.0rc0,<2.9.3", - ">=2.10.0rc0,<2.10.1" - ], - "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" - }, - { - "advisory": "Tensorflow-cpu 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41897: If 'FractionMaxPoolGrad' is given outsize inputs 'row_pooling_sequence' and 'col_pooling_sequence', TensorFlow will crash.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-f2w8-jw48-fr7j", - "cve": "CVE-2022-41897", - "id": "pyup.io-55452", - "more_info_path": "/vulnerabilities/CVE-2022-41897/55452", - "specs": [ - "<2.8.4", - ">=2.9.0rc0,<2.9.3", - ">=2.10.0rc0,<2.10.1" - ], - "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" - }, { "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41899: TensorFlow is an open source platform for machine learning. Inputs 'dense_features' or 'example_state_data' not of rank 2 will trigger a 'CHECK' fail in 'SdcaOptimizer'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-27rc-728f-x5w2", "cve": "CVE-2022-41899", @@ -135621,10 +137637,10 @@ "v": ">=1.15.0rc0,<1.15.4,>=2.0.0a0,<2.0.3,>=2.1.0rc0,<2.1.2,>=2.2.0rc0,<2.2.1,>=2.3.0rc0,<2.3.1" }, { - "advisory": "Tensorflow-cpu versions 1.15.2 and 2.0.1 update its dependency \"SQLite\" to handle CVE-2019-19646.", - "cve": "CVE-2019-19646", - "id": "pyup.io-55882", - "more_info_path": "/vulnerabilities/CVE-2019-19646/55882", + "advisory": "Tensorflow-cpu versions 1.15.2 and 2.0.1 updates 'sqlite3' to handle CVE-2019-16168.", + "cve": "CVE-2019-16168", + "id": "pyup.io-55880", + "more_info_path": "/vulnerabilities/CVE-2019-16168/55880", "specs": [ ">=2.0.0a0,<2.0.1", "<1.15.2" @@ -135632,10 +137648,10 @@ "v": ">=2.0.0a0,<2.0.1,<1.15.2" }, { - "advisory": "Tensorflow-cpu versions 1.15.2 and 2.0.1 updates its dependency \"curl\" to handle CVE-2019-5481.", - "cve": "CVE-2019-5481", - "id": "pyup.io-55884", - "more_info_path": "/vulnerabilities/CVE-2019-5481/55884", + "advisory": "Tensorflow-cpu versions 1.15.2 and 2.0.1 update its dependency \"SQLite\" to handle CVE-2019-19646.", + "cve": "CVE-2019-19646", + "id": "pyup.io-55882", + "more_info_path": "/vulnerabilities/CVE-2019-19646/55882", "specs": [ ">=2.0.0a0,<2.0.1", "<1.15.2" @@ -135654,10 +137670,10 @@ "v": ">=2.0.0a0,<2.0.1,<1.15.2" }, { - "advisory": "Tensorflow-cpu versions 1.15.2 and 2.0.1 updates 'sqlite3' to handle CVE-2019-16168.", - "cve": "CVE-2019-16168", - "id": "pyup.io-55880", - "more_info_path": "/vulnerabilities/CVE-2019-16168/55880", + "advisory": "Tensorflow-cpu versions 1.15.2 and 2.0.1 updates its dependency \"curl\" to handle CVE-2019-5481.", + "cve": "CVE-2019-5481", + "id": "pyup.io-55884", + "more_info_path": "/vulnerabilities/CVE-2019-5481/55884", "specs": [ ">=2.0.0a0,<2.0.1", "<1.15.2" @@ -135710,17 +137726,6 @@ ], "v": ">=2.10.0rc0,<2.10.1" }, - { - "advisory": "Tensorflow-cpu versions 2.2.1 and 2.3.1 include a fix for CVE-2020-15192: In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes a list of strings to 'dlpack.to_dlpack' there is a memory leak following an expected validation failure. The issue occurs because the 'status' argument during validation failures is not properly checked. Since each of the above methods can return an error status, the 'status' value must be checked before continuing.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-8fxw-76px-3rxv", - "cve": "CVE-2020-15192", - "id": "pyup.io-55867", - "more_info_path": "/vulnerabilities/CVE-2020-15192/55867", - "specs": [ - ">=2.2.0rc0,<2.2.1", - ">=2.3.0rc0,<2.3.1" - ], - "v": ">=2.2.0rc0,<2.2.1,>=2.3.0rc0,<2.3.1" - }, { "advisory": "Tensorflow-cpu versions 2.2.1 and 2.3.1 includes a fix for CVE-2020-15212: In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor. Users having access to \"segment_ids_data\" can alter \"output_index\" and then write to outside of \"output_data\" buffer. This might result in a segmentation fault but it can also be used to further corrupt the memory and can be chained with other vulnerabilities to create more advanced exploits. The issue was patched in commit 204945b19e44b57906c9344c0d00120eeeae178a. A potential workaround is to add a custom \"Verifier\" to the model loading code to ensure that the segment ids are all positive, although this only handles the case when the segment ids are stored statically in the model. A similar validation could be done if the segment ids are generated at runtime between inference steps. If the segment ids are generated as outputs of a tensor during inference steps, then there are no possible workaround and users are advised to upgrade to patched code.", "cve": "CVE-2020-15212", @@ -135743,6 +137748,17 @@ ], "v": ">=2.2.0rc0,<2.2.1,>=2.3.0rc0,<2.3.1" }, + { + "advisory": "Tensorflow-cpu versions 2.2.1 and 2.3.1 include a fix for CVE-2020-15192: In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes a list of strings to 'dlpack.to_dlpack' there is a memory leak following an expected validation failure. The issue occurs because the 'status' argument during validation failures is not properly checked. Since each of the above methods can return an error status, the 'status' value must be checked before continuing.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-8fxw-76px-3rxv", + "cve": "CVE-2020-15192", + "id": "pyup.io-55867", + "more_info_path": "/vulnerabilities/CVE-2020-15192/55867", + "specs": [ + ">=2.2.0rc0,<2.2.1", + ">=2.3.0rc0,<2.3.1" + ], + "v": ">=2.2.0rc0,<2.2.1,>=2.3.0rc0,<2.3.1" + }, { "advisory": "Tensorflow-cpu versions 2.2.1 and 2.3.1 includes a fix for CVE-2020-15213: In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a denial of service by causing an out of memory allocation in the implementation of segment sum. Since code uses the last element of the tensor holding them to determine the dimension of the output tensor, attackers can use a very large value to trigger a large allocation. The issue was patched in commit 204945b19e44b57906c9344c0d00120eeeae178a. A potential workaround is to add a custom \"Verifier\" to limit the maximum value in the segment ids tensor. This only handles the case when the segment ids are stored statically in the model, but a similar validation could be done if the segment ids are generated at runtime, between inference steps. However, if the segment ids are generated as outputs of a tensor during inference steps, then there are no possible workaround and users are advised to upgrade to patched code.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-hjmq-236j-8m87", "cve": "CVE-2020-15213", @@ -135796,6 +137812,16 @@ ], "v": ">=2.3.0rc0,<2.3.1" }, + { + "advisory": "Tensorflow-cpu 2.3.1 includes a fix for CVE-2020-15200: In Tensorflow before version 2.3.1, the \"RaggedCountSparseOutput\" implementation does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the values in the \"splits\" tensor generate a valid partitioning of the \"values\" tensor. Thus, the code sets up conditions to cause a heap buffer overflow. A \"BatchedMap\" is equivalent to a vector where each element is a hashmap. However, if the first element of \"splits_values\" is not 0, \"batch_idx\" will never be 1, hence there will be no hashmap at index 0 in \"per_batch_counts\". Trying to access that in the user code results in a segmentation fault. The issue was patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-x7rp-74x2-mjf3", + "cve": "CVE-2020-15200", + "id": "pyup.io-55860", + "more_info_path": "/vulnerabilities/CVE-2020-15200/55860", + "specs": [ + ">=2.3.0rc0,<2.3.1" + ], + "v": ">=2.3.0rc0,<2.3.1" + }, { "advisory": "Tensorflow-cpu version 2.3.1 includes a fix for CVE-2020-15197: In Tensorflow before version 2.3.1, the \"SparseCountSparseOutput\" implementation does not validate that the input arguments form a valid sparse tensor. In particular, there is no validation that the \"indices\" tensor has rank 2. This tensor must be a matrix because code assumes its elements are accessed as elements of a matrix. However, malicious users can pass in tensors of different rank, resulting in a \"CHECK\" assertion failure and a crash. This can be used to cause denial of service in serving installations, if users are allowed to control the components of the input sparse tensor. The issue was patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02.", "cve": "CVE-2020-15197", @@ -135826,16 +137852,6 @@ ], "v": ">=2.3.0rc0,<2.3.1" }, - { - "advisory": "Tensorflow-cpu 2.3.1 includes a fix for CVE-2020-15200: In Tensorflow before version 2.3.1, the \"RaggedCountSparseOutput\" implementation does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the values in the \"splits\" tensor generate a valid partitioning of the \"values\" tensor. Thus, the code sets up conditions to cause a heap buffer overflow. A \"BatchedMap\" is equivalent to a vector where each element is a hashmap. However, if the first element of \"splits_values\" is not 0, \"batch_idx\" will never be 1, hence there will be no hashmap at index 0 in \"per_batch_counts\". Trying to access that in the user code results in a segmentation fault. The issue was patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-x7rp-74x2-mjf3", - "cve": "CVE-2020-15200", - "id": "pyup.io-55860", - "more_info_path": "/vulnerabilities/CVE-2020-15200/55860", - "specs": [ - ">=2.3.0rc0,<2.3.1" - ], - "v": ">=2.3.0rc0,<2.3.1" - }, { "advisory": "Tensorflow-cpu 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37689: In affected versions an attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a crash and denial of service. This is caused by the MLIR optimization of 'L2NormalizeReduceAxis' operator. The implementation (https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/compiler/mlir/lite/transforms/optimize.cc#L67-L70) unconditionally dereferences a pointer to an iterator to a vector without checking that the vector has elements. The Tensorflow team has patched the issue in GitHub commit d6b57f461b39fd1aa8c1b870f1b974aac3554955.", "cve": "CVE-2021-37689", @@ -135863,10 +137879,10 @@ "v": ">=2.3.0rc0,<2.3.4,>=2.4.0rc0,<2.4.3,>=2.5.0rc0,<2.5.1,>=2.6.0rc0,<2.6.0" }, { - "advisory": "Tensorflow-cpu 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37683: In affected versions the implementation of division in TFLite is vulnerable to a division by 0 error (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/lite/kernels/div.cc). There is no check that the divisor tensor does not contain zero elements. The Tensorflow team has patched the issue in GitHub commit 1e206baedf8bef0334cca3eb92bab134ef525a28.", - "cve": "CVE-2021-37683", - "id": "pyup.io-55816", - "more_info_path": "/vulnerabilities/CVE-2021-37683/55816", + "advisory": "Tensorflow-cpu 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37667: In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in 'tf.raw_ops.UnicodeEncode'. The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/unicode_ops.cc#L533-L539) reads the first dimension of the 'input_splits' tensor before validating that this tensor is not empty. The Tensorflow team has patched the issue in GitHub commit 2e0ee46f1a47675152d3d865797a18358881d7a6.", + "cve": "CVE-2021-37667", + "id": "pyup.io-55815", + "more_info_path": "/vulnerabilities/CVE-2021-37667/55815", "specs": [ ">=2.3.0rc0,<2.3.4", ">=2.4.0rc0,<2.4.3", @@ -135876,10 +137892,10 @@ "v": ">=2.3.0rc0,<2.3.4,>=2.4.0rc0,<2.4.3,>=2.5.0rc0,<2.5.1,>=2.6.0rc0,<2.6.0" }, { - "advisory": "Tensorflow-cpu 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37680: In affected versions the implementation of fully connected layers in TFLite is vulnerable to a division by zero error (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/lite/kernels/fully_connected.cc#L226). The Tensorflow team has patched the issue in GitHub commit 718721986aa137691ee23f03638867151f74935f.", - "cve": "CVE-2021-37680", - "id": "pyup.io-55818", - "more_info_path": "/vulnerabilities/CVE-2021-37680/55818", + "advisory": "Tensorflow-cpu 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37635: In affected versions the implementation of sparse reduction operations in TensorFlow can trigger accesses outside of bounds of heap allocated data. The [implementation](https://github.com/tensorflow/tensorflow/blob/a1bc56203f21a5a4995311825ffaba7a670d7747/tensorflow/core/kernels/sparse_reduce_op.cc#L217-L228) fails to validate that each reduction group does not overflow and that each corresponding index does not point to outside the bounds of the input tensor. The Tensorflow team has patched the issue in GitHub commit 87158f43f05f2720a374f3e6d22a7aaa3a33f750.", + "cve": "CVE-2021-37635", + "id": "pyup.io-55814", + "more_info_path": "/vulnerabilities/CVE-2021-37635/55814", "specs": [ ">=2.3.0rc0,<2.3.4", ">=2.4.0rc0,<2.4.3", @@ -135889,10 +137905,10 @@ "v": ">=2.3.0rc0,<2.3.4,>=2.4.0rc0,<2.4.3,>=2.5.0rc0,<2.5.1,>=2.6.0rc0,<2.6.0" }, { - "advisory": "Tensorflow-cpu 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37667: In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in 'tf.raw_ops.UnicodeEncode'. The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/unicode_ops.cc#L533-L539) reads the first dimension of the 'input_splits' tensor before validating that this tensor is not empty. The Tensorflow team has patched the issue in GitHub commit 2e0ee46f1a47675152d3d865797a18358881d7a6.", - "cve": "CVE-2021-37667", - "id": "pyup.io-55815", - "more_info_path": "/vulnerabilities/CVE-2021-37667/55815", + "advisory": "Tensorflow-cpu 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37642: In affected versions the implementation of 'tf.raw_ops.ResourceScatterDiv' is vulnerable to a division by 0 error. The implementation (https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/resource_variable_ops.cc#L865) uses a common class for all binary operations but fails to treat the division by 0 case separately. The Tensorflow team has patched the issue in GitHub commit 4aacb30888638da75023e6601149415b39763d76.", + "cve": "CVE-2021-37642", + "id": "pyup.io-55820", + "more_info_path": "/vulnerabilities/CVE-2021-37642/55820", "specs": [ ">=2.3.0rc0,<2.3.4", ">=2.4.0rc0,<2.4.3", @@ -135902,10 +137918,10 @@ "v": ">=2.3.0rc0,<2.3.4,>=2.4.0rc0,<2.4.3,>=2.5.0rc0,<2.5.1,>=2.6.0rc0,<2.6.0" }, { - "advisory": "Tensorflow-cpu 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37635: In affected versions the implementation of sparse reduction operations in TensorFlow can trigger accesses outside of bounds of heap allocated data. The [implementation](https://github.com/tensorflow/tensorflow/blob/a1bc56203f21a5a4995311825ffaba7a670d7747/tensorflow/core/kernels/sparse_reduce_op.cc#L217-L228) fails to validate that each reduction group does not overflow and that each corresponding index does not point to outside the bounds of the input tensor. The Tensorflow team has patched the issue in GitHub commit 87158f43f05f2720a374f3e6d22a7aaa3a33f750.", - "cve": "CVE-2021-37635", - "id": "pyup.io-55814", - "more_info_path": "/vulnerabilities/CVE-2021-37635/55814", + "advisory": "Tensorflow-cpu 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37648: In affected versions the code for 'tf.raw_ops.SaveV2' does not properly validate the inputs and an attacker can trigger a null pointer dereference. The implementation (https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/save_restore_v2_ops.cc) uses 'ValidateInputs' to check that the input arguments are valid. This validation would have caught the illegal state represented by the reproducer above. However, the validation uses 'OP_REQUIRES' which translates to setting the 'Status' object of the current 'OpKernelContext' to an error status, followed by an empty 'return' statement which just terminates the execution of the function it is present in. However, this does not mean that the kernel execution is finalized: instead, execution continues from the nQext line in 'Compute' that follows the call to 'ValidateInputs'. This is equivalent to lacking the validation. The Tensorflow team has patched the issue in GitHub commit 9728c60e136912a12d99ca56e106b7cce7af5986.", + "cve": "CVE-2021-37648", + "id": "pyup.io-55813", + "more_info_path": "/vulnerabilities/CVE-2021-37648/55813", "specs": [ ">=2.3.0rc0,<2.3.4", ">=2.4.0rc0,<2.4.3", @@ -135915,10 +137931,10 @@ "v": ">=2.3.0rc0,<2.3.4,>=2.4.0rc0,<2.4.3,>=2.5.0rc0,<2.5.1,>=2.6.0rc0,<2.6.0" }, { - "advisory": "Tensorflow-cpu 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37642: In affected versions the implementation of 'tf.raw_ops.ResourceScatterDiv' is vulnerable to a division by 0 error. The implementation (https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/resource_variable_ops.cc#L865) uses a common class for all binary operations but fails to treat the division by 0 case separately. The Tensorflow team has patched the issue in GitHub commit 4aacb30888638da75023e6601149415b39763d76.", - "cve": "CVE-2021-37642", - "id": "pyup.io-55820", - "more_info_path": "/vulnerabilities/CVE-2021-37642/55820", + "advisory": "Tensorflow-cpu 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37683: In affected versions the implementation of division in TFLite is vulnerable to a division by 0 error (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/lite/kernels/div.cc). There is no check that the divisor tensor does not contain zero elements. The Tensorflow team has patched the issue in GitHub commit 1e206baedf8bef0334cca3eb92bab134ef525a28.", + "cve": "CVE-2021-37683", + "id": "pyup.io-55816", + "more_info_path": "/vulnerabilities/CVE-2021-37683/55816", "specs": [ ">=2.3.0rc0,<2.3.4", ">=2.4.0rc0,<2.4.3", @@ -135928,10 +137944,10 @@ "v": ">=2.3.0rc0,<2.3.4,>=2.4.0rc0,<2.4.3,>=2.5.0rc0,<2.5.1,>=2.6.0rc0,<2.6.0" }, { - "advisory": "Tensorflow-cpu 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37636: In affected versions the implementation of 'tf.raw_ops.SparseDenseCwiseDiv' is vulnerable to a division by 0 error. The implementation (https://github.com/tensorflow/tensorflow/blob/a1bc56203f21a5a4995311825ffaba7a670d7747/tensorflow/core/kernels/sparse_dense_binary_op_shared.cc#L56) uses a common class for all binary operations but fails to treat the division by 0 case separately. The Tensorflow team has patched the issue in GitHub commit d9204be9f49520cdaaeb2541d1dc5187b23f31d9.", - "cve": "CVE-2021-37636", - "id": "pyup.io-55819", - "more_info_path": "/vulnerabilities/CVE-2021-37636/55819", + "advisory": "Tensorflow-cpu 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37680: In affected versions the implementation of fully connected layers in TFLite is vulnerable to a division by zero error (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/lite/kernels/fully_connected.cc#L226). The Tensorflow team has patched the issue in GitHub commit 718721986aa137691ee23f03638867151f74935f.", + "cve": "CVE-2021-37680", + "id": "pyup.io-55818", + "more_info_path": "/vulnerabilities/CVE-2021-37680/55818", "specs": [ ">=2.3.0rc0,<2.3.4", ">=2.4.0rc0,<2.4.3", @@ -135941,10 +137957,10 @@ "v": ">=2.3.0rc0,<2.3.4,>=2.4.0rc0,<2.4.3,>=2.5.0rc0,<2.5.1,>=2.6.0rc0,<2.6.0" }, { - "advisory": "Tensorflow-cpu 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37648: In affected versions the code for 'tf.raw_ops.SaveV2' does not properly validate the inputs and an attacker can trigger a null pointer dereference. The implementation (https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/save_restore_v2_ops.cc) uses 'ValidateInputs' to check that the input arguments are valid. This validation would have caught the illegal state represented by the reproducer above. However, the validation uses 'OP_REQUIRES' which translates to setting the 'Status' object of the current 'OpKernelContext' to an error status, followed by an empty 'return' statement which just terminates the execution of the function it is present in. However, this does not mean that the kernel execution is finalized: instead, execution continues from the nQext line in 'Compute' that follows the call to 'ValidateInputs'. This is equivalent to lacking the validation. The Tensorflow team has patched the issue in GitHub commit 9728c60e136912a12d99ca56e106b7cce7af5986.", - "cve": "CVE-2021-37648", - "id": "pyup.io-55813", - "more_info_path": "/vulnerabilities/CVE-2021-37648/55813", + "advisory": "Tensorflow-cpu 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37636: In affected versions the implementation of 'tf.raw_ops.SparseDenseCwiseDiv' is vulnerable to a division by 0 error. The implementation (https://github.com/tensorflow/tensorflow/blob/a1bc56203f21a5a4995311825ffaba7a670d7747/tensorflow/core/kernels/sparse_dense_binary_op_shared.cc#L56) uses a common class for all binary operations but fails to treat the division by 0 case separately. The Tensorflow team has patched the issue in GitHub commit d9204be9f49520cdaaeb2541d1dc5187b23f31d9.", + "cve": "CVE-2021-37636", + "id": "pyup.io-55819", + "more_info_path": "/vulnerabilities/CVE-2021-37636/55819", "specs": [ ">=2.3.0rc0,<2.3.4", ">=2.4.0rc0,<2.4.3", @@ -135967,10 +137983,10 @@ "v": ">=2.3.0rc0,<2.3.4,>=2.4.0rc0,<2.4.3,>=2.5.0rc0,<2.5.1,>=2.6.0rc0,<2.6.0" }, { - "advisory": "Tensorflow-cpu 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37638: Sending invalid argument for 'row_partition_types' of 'tf.raw_ops.RaggedTensorToTensor' API results in a null pointer dereference and undefined behavior. The implementation (https://github.com/tensorflow/tensorflow/blob/47a06f40411a69c99f381495f490536972152ac0/tensorflow/core/kernels/ragged_tensor_to_tensor_op.cc#L328) accesses the first element of a user supplied list of values without validating that the provided list is not empty. The Tensorflow team has patched the issue in GitHub commit 301ae88b331d37a2a16159b65b255f4f9eb39314.", - "cve": "CVE-2021-37638", - "id": "pyup.io-55801", - "more_info_path": "/vulnerabilities/CVE-2021-37638/55801", + "advisory": "Tensorflow-cpu 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37656: In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in 'tf.raw_ops.RaggedTensorToSparse'. The implementation (https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/ragged_tensor_to_sparse_kernel.cc#L30) has an incomplete validation of the splits values: it does not check that they are in increasing order. The Tensorflow team has patched the issue in GitHub commit 1071f554dbd09f7e101324d366eec5f4fe5a3ece.", + "cve": "CVE-2021-37656", + "id": "pyup.io-55804", + "more_info_path": "/vulnerabilities/CVE-2021-37656/55804", "specs": [ ">=2.3.0rc0,<2.3.4", ">=2.5.0rc0,<2.5.1", @@ -135980,10 +137996,10 @@ "v": ">=2.3.0rc0,<2.3.4,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.6.0rc0,<2.6.0" }, { - "advisory": "Tensorflow-cpu 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37656: In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in 'tf.raw_ops.RaggedTensorToSparse'. The implementation (https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/ragged_tensor_to_sparse_kernel.cc#L30) has an incomplete validation of the splits values: it does not check that they are in increasing order. The Tensorflow team has patched the issue in GitHub commit 1071f554dbd09f7e101324d366eec5f4fe5a3ece.", - "cve": "CVE-2021-37656", - "id": "pyup.io-55804", - "more_info_path": "/vulnerabilities/CVE-2021-37656/55804", + "advisory": "Tensorflow-cpu 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37638: Sending invalid argument for 'row_partition_types' of 'tf.raw_ops.RaggedTensorToTensor' API results in a null pointer dereference and undefined behavior. The implementation (https://github.com/tensorflow/tensorflow/blob/47a06f40411a69c99f381495f490536972152ac0/tensorflow/core/kernels/ragged_tensor_to_tensor_op.cc#L328) accesses the first element of a user supplied list of values without validating that the provided list is not empty. The Tensorflow team has patched the issue in GitHub commit 301ae88b331d37a2a16159b65b255f4f9eb39314.", + "cve": "CVE-2021-37638", + "id": "pyup.io-55801", + "more_info_path": "/vulnerabilities/CVE-2021-37638/55801", "specs": [ ">=2.3.0rc0,<2.3.4", ">=2.5.0rc0,<2.5.1", @@ -136032,10 +138048,10 @@ "v": ">=2.3.0rc0,<2.3.4,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.6.0rc0,<2.6.0" }, { - "advisory": "Tensorflow-cpu 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37658: In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type 'tf.raw_ops.MatrixSetDiagV*'. The implementation (https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/linalg/matrix_diag_op.cc) has incomplete validation that the value of 'k' is a valid tensor. We have check that this value is either a scalar or a vector, but there is no check for the number of elements. If this is an empty tensor, then code that accesses the first element of the tensor is wrong. The Tensorflow team has patched the issue in GitHub commit ff8894044dfae5568ecbf2ed514c1a37dc394f1b.", - "cve": "CVE-2021-37658", - "id": "pyup.io-55806", - "more_info_path": "/vulnerabilities/CVE-2021-37658/55806", + "advisory": "Tensorflow-cpu 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37647: When a user does not supply arguments that determine a valid sparse tensor, 'tf.raw_ops.SparseTensorSliceDataset' implementation can be made to dereference a null pointer. The implementation (https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/data/sparse_tensor_slice_dataset_op.cc#L240-L251) has some argument validation but fails to consider the case when either 'indices' or 'values' are provided for an empty sparse tensor when the other is not. If 'indices' is empty, then code that performs validation (https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/data/sparse_tensor_slice_dataset_op.cc#L260-L261) (i.e., checking that the indices are monotonically increasing) results in a null pointer dereference. If 'indices' as provided by the user is empty, then 'indices' in the C++ code above is backed by an empty 'std::vector', hence calling 'indices->dim_size(0)' results in null pointer dereferencing (same as calling 'std::vector::at()' on an empty vector). The Tensorflow team has patched the issue in GitHub commit 02cc160e29d20631de3859c6653184e3f876b9d7.", + "cve": "CVE-2021-37647", + "id": "pyup.io-55810", + "more_info_path": "/vulnerabilities/CVE-2021-37647/55810", "specs": [ ">=2.3.0rc0,<2.3.4", ">=2.5.0rc0,<2.5.1", @@ -136045,10 +138061,10 @@ "v": ">=2.3.0rc0,<2.3.4,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.6.0rc0,<2.6.0" }, { - "advisory": "Tensorflow-cpu 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37647: When a user does not supply arguments that determine a valid sparse tensor, 'tf.raw_ops.SparseTensorSliceDataset' implementation can be made to dereference a null pointer. The implementation (https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/data/sparse_tensor_slice_dataset_op.cc#L240-L251) has some argument validation but fails to consider the case when either 'indices' or 'values' are provided for an empty sparse tensor when the other is not. If 'indices' is empty, then code that performs validation (https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/data/sparse_tensor_slice_dataset_op.cc#L260-L261) (i.e., checking that the indices are monotonically increasing) results in a null pointer dereference. If 'indices' as provided by the user is empty, then 'indices' in the C++ code above is backed by an empty 'std::vector', hence calling 'indices->dim_size(0)' results in null pointer dereferencing (same as calling 'std::vector::at()' on an empty vector). The Tensorflow team has patched the issue in GitHub commit 02cc160e29d20631de3859c6653184e3f876b9d7.", - "cve": "CVE-2021-37647", - "id": "pyup.io-55810", - "more_info_path": "/vulnerabilities/CVE-2021-37647/55810", + "advisory": "Tensorflow-cpu 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37652: In affected versions the implementation for 'tf.raw_ops.BoostedTreesCreateEnsemble' can result in a use after free error if an attacker supplies specially crafted arguments. The implementation (https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/boosted_trees/resource_ops.cc#L55) uses a reference counted resource and decrements the refcount if the initialization fails, as it should. However, when the code was written, the resource was represented as a naked pointer but later refactoring has changed it to be a smart pointer. Thus, when the pointer leaves the scope, a subsequent 'free'-ing of the resource occurs, but this fails to take into account that the refcount has already reached 0, thus the resource has been already freed. During this double-free process, members of the resource object are accessed for cleanup but they are invalid as the entire resource has been freed. The Tensorflow team has patched the issue in GitHub commit 5ecec9c6fbdbc6be03295685190a45e7eee726ab.", + "cve": "CVE-2021-37652", + "id": "pyup.io-55800", + "more_info_path": "/vulnerabilities/CVE-2021-37652/55800", "specs": [ ">=2.3.0rc0,<2.3.4", ">=2.5.0rc0,<2.5.1", @@ -136058,10 +138074,10 @@ "v": ">=2.3.0rc0,<2.3.4,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.6.0rc0,<2.6.0" }, { - "advisory": "Tensorflow-cpu 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37652: In affected versions the implementation for 'tf.raw_ops.BoostedTreesCreateEnsemble' can result in a use after free error if an attacker supplies specially crafted arguments. The implementation (https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/boosted_trees/resource_ops.cc#L55) uses a reference counted resource and decrements the refcount if the initialization fails, as it should. However, when the code was written, the resource was represented as a naked pointer but later refactoring has changed it to be a smart pointer. Thus, when the pointer leaves the scope, a subsequent 'free'-ing of the resource occurs, but this fails to take into account that the refcount has already reached 0, thus the resource has been already freed. During this double-free process, members of the resource object are accessed for cleanup but they are invalid as the entire resource has been freed. The Tensorflow team has patched the issue in GitHub commit 5ecec9c6fbdbc6be03295685190a45e7eee726ab.", - "cve": "CVE-2021-37652", - "id": "pyup.io-55800", - "more_info_path": "/vulnerabilities/CVE-2021-37652/55800", + "advisory": "Tensorflow-cpu 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37658: In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type 'tf.raw_ops.MatrixSetDiagV*'. The implementation (https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/linalg/matrix_diag_op.cc) has incomplete validation that the value of 'k' is a valid tensor. We have check that this value is either a scalar or a vector, but there is no check for the number of elements. If this is an empty tensor, then code that accesses the first element of the tensor is wrong. The Tensorflow team has patched the issue in GitHub commit ff8894044dfae5568ecbf2ed514c1a37dc394f1b.", + "cve": "CVE-2021-37658", + "id": "pyup.io-55806", + "more_info_path": "/vulnerabilities/CVE-2021-37658/55806", "specs": [ ">=2.3.0rc0,<2.3.4", ">=2.5.0rc0,<2.5.1", @@ -136146,20 +138162,6 @@ ], "v": ">=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4,>=2.5.0rc0,<2.5.0" }, - { - "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29537: An attacker can cause a heap buffer overflow in `QuantizedResizeBilinear` by passing in invalid thresholds for the quantization. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/50711818d2e61ccce012591eeb4fdf93a8496726/tensorflow/core/kernels/quantized_resize_bilinear_op.cc#L705-L706) assumes that the 2 arguments are always valid scalars and tries to access the numeric value directly.", - "cve": "CVE-2021-29537", - "id": "pyup.io-55795", - "more_info_path": "/vulnerabilities/CVE-2021-29537/55795", - "specs": [ - ">=2.5.0rc0,<2.5.0", - ">=2.1.0rc0,<2.1.4", - ">=2.2.0rc0,<2.2.3", - ">=2.3.0rc0,<2.3.3", - ">=2.4.0rc0,<2.4.2" - ], - "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" - }, { "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2 and 2.5.0 fix a 'CHECK'-fail in 'SparseCross' caused by type confusion. See CVE-2021-29519.", "cve": "CVE-2021-29519", @@ -136174,20 +138176,6 @@ ], "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" }, - { - "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29552: An attacker can cause a denial of service by controlling the values of `num_segments` tensor argument for `UnsortedSegmentJoin`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/a2a607db15c7cd01d754d37e5448d72a13491bdb/tensorflow/core/kernels/unsorted_segment_join_op.cc#L92-L93) assumes that the `num_segments` tensor is a valid scalar. Since the tensor is empty the `CHECK` involved in `.scalar()()` that checks that the number of elements is exactly 1 will be invalidated and this would result in process termination.", - "cve": "CVE-2021-29552", - "id": "pyup.io-55785", - "more_info_path": "/vulnerabilities/CVE-2021-29552/55785", - "specs": [ - ">=2.5.0rc0,<2.5.0", - ">=2.1.0rc0,<2.1.4", - ">=2.2.0rc0,<2.2.3", - ">=2.3.0rc0,<2.3.3", - ">=2.4.0rc0,<2.4.2" - ], - "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" - }, { "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2 and 2.5.0 fix a division by 0 in 'Conv2DBackpropInput'. See CVE-2021-29525.", "cve": "CVE-2021-29525", @@ -136244,6 +138232,34 @@ ], "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" }, + { + "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29537: An attacker can cause a heap buffer overflow in `QuantizedResizeBilinear` by passing in invalid thresholds for the quantization. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/50711818d2e61ccce012591eeb4fdf93a8496726/tensorflow/core/kernels/quantized_resize_bilinear_op.cc#L705-L706) assumes that the 2 arguments are always valid scalars and tries to access the numeric value directly.", + "cve": "CVE-2021-29537", + "id": "pyup.io-55795", + "more_info_path": "/vulnerabilities/CVE-2021-29537/55795", + "specs": [ + ">=2.5.0rc0,<2.5.0", + ">=2.1.0rc0,<2.1.4", + ">=2.2.0rc0,<2.2.3", + ">=2.3.0rc0,<2.3.3", + ">=2.4.0rc0,<2.4.2" + ], + "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" + }, + { + "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29552: An attacker can cause a denial of service by controlling the values of `num_segments` tensor argument for `UnsortedSegmentJoin`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/a2a607db15c7cd01d754d37e5448d72a13491bdb/tensorflow/core/kernels/unsorted_segment_join_op.cc#L92-L93) assumes that the `num_segments` tensor is a valid scalar. Since the tensor is empty the `CHECK` involved in `.scalar()()` that checks that the number of elements is exactly 1 will be invalidated and this would result in process termination.", + "cve": "CVE-2021-29552", + "id": "pyup.io-55785", + "more_info_path": "/vulnerabilities/CVE-2021-29552/55785", + "specs": [ + ">=2.5.0rc0,<2.5.0", + ">=2.1.0rc0,<2.1.4", + ">=2.2.0rc0,<2.2.3", + ">=2.3.0rc0,<2.3.3", + ">=2.4.0rc0,<2.4.2" + ], + "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" + }, { "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a 'CHECK'-fail in 'tf.raw_ops.EncodePng'. See CVE-2021-29531.", "cve": "CVE-2021-29531", @@ -136259,10 +138275,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" }, { - "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix fixes a heap buffer overflow caused by rounding. See CVE-2021-29529.", - "cve": "CVE-2021-29529", - "id": "pyup.io-55784", - "more_info_path": "/vulnerabilities/CVE-2021-29529/55784", + "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29534: An attacker can trigger a denial of service via a 'CHECK'-fail in 'tf.raw_ops.SparseConcat'. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/b432a38fe0e1b4b904a6c222cbce794c39703e87/tensorflow/core/kernels/sparse_concat_op.cc#L76) takes the values specified in 'shapes[0]' as dimensions for the output shape. The 'TensorShape' constructor (https://github.com/tensorflow/tensorflow/blob/6f9896890c4c703ae0a0845394086e2e1e523299/tensorflow/core/framework/tensor_shape.cc#L183-L188) uses a 'CHECK' operation which triggers when 'InitDims' (https://github.com/tensorflow/tensorflow/blob/6f9896890c4c703ae0a0845394086e2e1e523299/tensorflow/core/framework/tensor_shape.cc#L212-L296) returns a non-OK status. This is a legacy implementation of the constructor and operations should use 'BuildTensorShapeBase' or 'AddDimWithStatus' to prevent 'CHECK'-failures in the presence of overflows.", + "cve": "CVE-2021-29534", + "id": "pyup.io-55789", + "more_info_path": "/vulnerabilities/CVE-2021-29534/55789", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.1.0rc0,<2.1.4", @@ -136273,10 +138289,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" }, { - "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2 and 2.5.0 fix a segfault in 'SparseCountSparseOutput'. See CVE-2021-29521.", - "cve": "CVE-2021-29521", - "id": "pyup.io-55792", - "more_info_path": "/vulnerabilities/CVE-2021-29521/55792", + "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 includes a fix for CVE-2021-29533: An attacker can trigger a denial of service via a 'CHECK' failure by passing an empty image to 'tf.raw_ops.DrawBoundingBoxes'. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/ea34a18dc3f5c8d80a40ccca1404f343b5d55f91/tensorflow/core/kernels/image/draw_bounding_box_op.cc#L148-L165) uses 'CHECK_*' assertions instead of 'OP_REQUIRES' to validate user controlled inputs. Whereas 'OP_REQUIRES' allows returning an error condition back to the user, the 'CHECK_*' macros result in a crash if the condition is false, similar to 'assert'. In this case, 'height' is 0 from the 'images' input. This results in 'max_box_row_clamp' being negative and the assertion being falsified, followed by aborting program execution.", + "cve": "CVE-2021-29533", + "id": "pyup.io-55787", + "more_info_path": "/vulnerabilities/CVE-2021-29533/55787", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.1.0rc0,<2.1.4", @@ -136287,10 +138303,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" }, { - "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29538: An attacker can cause a division by zero to occur in 'Conv2DBackpropFilter'. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/1b0296c3b8dd9bd948f924aa8cd62f87dbb7c3da/tensorflow/core/kernels/conv_grad_filter_ops.cc#L513-L522) computes a divisor based on user provided data (i.e., the shape of the tensors given as arguments). If all shapes are empty then 'work_unit_size' is 0. Since there is no check for this case before division, this results in a runtime exception, with potential to be abused for a denial of service.", - "cve": "CVE-2021-29538", - "id": "pyup.io-55793", - "more_info_path": "/vulnerabilities/CVE-2021-29538/55793", + "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29532: An attacker can force accesses outside the bounds of heap allocated arrays by passing in invalid tensor values to `tf.raw_ops.RaggedCross`. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/efea03b38fb8d3b81762237dc85e579cc5fc6e87/tensorflow/core/kernels/ragged_cross_op.cc#L456-L487) lacks validation for the user supplied arguments. Each of the above branches call a helper function after accessing array elements via a `*_list[next_*]` pattern, followed by incrementing the `next_*` index. However, as there is no validation that the `next_*` values are in the valid range for the corresponding `*_list` arrays, this results in heap OOB reads.", + "cve": "CVE-2021-29532", + "id": "pyup.io-55780", + "more_info_path": "/vulnerabilities/CVE-2021-29532/55780", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.1.0rc0,<2.1.4", @@ -136301,10 +138317,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" }, { - "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29534: An attacker can trigger a denial of service via a 'CHECK'-fail in 'tf.raw_ops.SparseConcat'. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/b432a38fe0e1b4b904a6c222cbce794c39703e87/tensorflow/core/kernels/sparse_concat_op.cc#L76) takes the values specified in 'shapes[0]' as dimensions for the output shape. The 'TensorShape' constructor (https://github.com/tensorflow/tensorflow/blob/6f9896890c4c703ae0a0845394086e2e1e523299/tensorflow/core/framework/tensor_shape.cc#L183-L188) uses a 'CHECK' operation which triggers when 'InitDims' (https://github.com/tensorflow/tensorflow/blob/6f9896890c4c703ae0a0845394086e2e1e523299/tensorflow/core/framework/tensor_shape.cc#L212-L296) returns a non-OK status. This is a legacy implementation of the constructor and operations should use 'BuildTensorShapeBase' or 'AddDimWithStatus' to prevent 'CHECK'-failures in the presence of overflows.", - "cve": "CVE-2021-29534", - "id": "pyup.io-55789", - "more_info_path": "/vulnerabilities/CVE-2021-29534/55789", + "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix fixes a heap buffer overflow caused by rounding. See CVE-2021-29529.", + "cve": "CVE-2021-29529", + "id": "pyup.io-55784", + "more_info_path": "/vulnerabilities/CVE-2021-29529/55784", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.1.0rc0,<2.1.4", @@ -136315,10 +138331,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" }, { - "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a stack overflow in 'ParseAttrValue' with nested tensors. See CVE-2021-29615.", - "cve": "CVE-2021-29615", - "id": "pyup.io-55796", - "more_info_path": "/vulnerabilities/CVE-2021-29615/55796", + "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2 and 2.5.0 fix a segfault in 'SparseCountSparseOutput'. See CVE-2021-29521.", + "cve": "CVE-2021-29521", + "id": "pyup.io-55792", + "more_info_path": "/vulnerabilities/CVE-2021-29521/55792", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.1.0rc0,<2.1.4", @@ -136329,10 +138345,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" }, { - "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2 and 2.5.0 fix a division by 0 in 'Conv2DBackpropFilter'. See CVE-2021-29524.", - "cve": "CVE-2021-29524", - "id": "pyup.io-55781", - "more_info_path": "/vulnerabilities/CVE-2021-29524/55781", + "advisory": "Tensorflow-cpu 2.5.0, 2.4.2, 2.3.3, 2.2.3 and 2.1.4 include a fix for CVE-2021-29548: An attacker can cause a runtime division by zero error and denial of service in `tf.raw_ops.QuantizedBatchNormWithGlobalNormalization`. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/55a97caa9e99c7f37a0bbbeb414dc55553d3ae7f/tensorflow/core/kernels/quantized_batch_norm_op.cc) does not validate all constraints specified in the op's contract (https://www.tensorflow.org/api_docs/python/tf/raw_ops/QuantizedBatchNormWithGlobalNormalization).", + "cve": "CVE-2021-29548", + "id": "pyup.io-55786", + "more_info_path": "/vulnerabilities/CVE-2021-29548/55786", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.1.0rc0,<2.1.4", @@ -136343,10 +138359,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" }, { - "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 includes a fix for CVE-2021-29533: An attacker can trigger a denial of service via a 'CHECK' failure by passing an empty image to 'tf.raw_ops.DrawBoundingBoxes'. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/ea34a18dc3f5c8d80a40ccca1404f343b5d55f91/tensorflow/core/kernels/image/draw_bounding_box_op.cc#L148-L165) uses 'CHECK_*' assertions instead of 'OP_REQUIRES' to validate user controlled inputs. Whereas 'OP_REQUIRES' allows returning an error condition back to the user, the 'CHECK_*' macros result in a crash if the condition is false, similar to 'assert'. In this case, 'height' is 0 from the 'images' input. This results in 'max_box_row_clamp' being negative and the assertion being falsified, followed by aborting program execution.", - "cve": "CVE-2021-29533", - "id": "pyup.io-55787", - "more_info_path": "/vulnerabilities/CVE-2021-29533/55787", + "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29538: An attacker can cause a division by zero to occur in 'Conv2DBackpropFilter'. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/1b0296c3b8dd9bd948f924aa8cd62f87dbb7c3da/tensorflow/core/kernels/conv_grad_filter_ops.cc#L513-L522) computes a divisor based on user provided data (i.e., the shape of the tensors given as arguments). If all shapes are empty then 'work_unit_size' is 0. Since there is no check for this case before division, this results in a runtime exception, with potential to be abused for a denial of service.", + "cve": "CVE-2021-29538", + "id": "pyup.io-55793", + "more_info_path": "/vulnerabilities/CVE-2021-29538/55793", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.1.0rc0,<2.1.4", @@ -136357,10 +138373,24 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" }, { - "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29532: An attacker can force accesses outside the bounds of heap allocated arrays by passing in invalid tensor values to `tf.raw_ops.RaggedCross`. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/efea03b38fb8d3b81762237dc85e579cc5fc6e87/tensorflow/core/kernels/ragged_cross_op.cc#L456-L487) lacks validation for the user supplied arguments. Each of the above branches call a helper function after accessing array elements via a `*_list[next_*]` pattern, followed by incrementing the `next_*` index. However, as there is no validation that the `next_*` values are in the valid range for the corresponding `*_list` arrays, this results in heap OOB reads.", - "cve": "CVE-2021-29532", - "id": "pyup.io-55780", - "more_info_path": "/vulnerabilities/CVE-2021-29532/55780", + "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a stack overflow in 'ParseAttrValue' with nested tensors. See CVE-2021-29615.", + "cve": "CVE-2021-29615", + "id": "pyup.io-55796", + "more_info_path": "/vulnerabilities/CVE-2021-29615/55796", + "specs": [ + ">=2.5.0rc0,<2.5.0", + ">=2.1.0rc0,<2.1.4", + ">=2.2.0rc0,<2.2.3", + ">=2.3.0rc0,<2.3.3", + ">=2.4.0rc0,<2.4.2" + ], + "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" + }, + { + "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2 and 2.5.0 fix a division by 0 in 'Conv2DBackpropFilter'. See CVE-2021-29524.", + "cve": "CVE-2021-29524", + "id": "pyup.io-55781", + "more_info_path": "/vulnerabilities/CVE-2021-29524/55781", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.1.0rc0,<2.1.4", @@ -136426,20 +138456,6 @@ ], "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" }, - { - "advisory": "Tensorflow-cpu 2.5.0, 2.4.2, 2.3.3, 2.2.3 and 2.1.4 include a fix for CVE-2021-29548: An attacker can cause a runtime division by zero error and denial of service in `tf.raw_ops.QuantizedBatchNormWithGlobalNormalization`. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/55a97caa9e99c7f37a0bbbeb414dc55553d3ae7f/tensorflow/core/kernels/quantized_batch_norm_op.cc) does not validate all constraints specified in the op's contract (https://www.tensorflow.org/api_docs/python/tf/raw_ops/QuantizedBatchNormWithGlobalNormalization).", - "cve": "CVE-2021-29548", - "id": "pyup.io-55786", - "more_info_path": "/vulnerabilities/CVE-2021-29548/55786", - "specs": [ - ">=2.5.0rc0,<2.5.0", - ">=2.1.0rc0,<2.1.4", - ">=2.2.0rc0,<2.2.3", - ">=2.3.0rc0,<2.3.3", - ">=2.4.0rc0,<2.4.2" - ], - "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" - }, { "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix vulnerabilities caused by invalid validation in 'SparseMatrixSparseCholesky'. See CVE-2021-29530.", "cve": "CVE-2021-29530", @@ -136581,10 +138597,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2 and 2.5.0 fix a reference binding to null pointer in 'MatrixDiag*' ops. See CVE-2021-29515.", - "cve": "CVE-2021-29515", - "id": "pyup.io-55765", - "more_info_path": "/vulnerabilities/CVE-2021-29515/55765", + "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2 and 2.5.0 fix fixes a null pointer dereference via invalid Ragged Tensors. See CVE-2021-29516.", + "cve": "CVE-2021-29516", + "id": "pyup.io-55766", + "more_info_path": "/vulnerabilities/CVE-2021-29516/55766", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.2.0rc0,<2.2.3", @@ -136595,10 +138611,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2 and 2.5.0 fix fixes a null pointer dereference via invalid Ragged Tensors. See CVE-2021-29516.", - "cve": "CVE-2021-29516", - "id": "pyup.io-55766", - "more_info_path": "/vulnerabilities/CVE-2021-29516/55766", + "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2 and 2.5.0 fix a reference binding to null pointer in 'MatrixDiag*' ops. See CVE-2021-29515.", + "cve": "CVE-2021-29515", + "id": "pyup.io-55765", + "more_info_path": "/vulnerabilities/CVE-2021-29515/55765", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.2.0rc0,<2.2.3", @@ -136861,10 +138877,24 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3" }, { - "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by zero in TFLite's implementation of 'TransposeConv'. See CVE-2021-29588.", - "cve": "CVE-2021-29588", - "id": "pyup.io-55740", - "more_info_path": "/vulnerabilities/CVE-2021-29588/55740", + "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap out of bounds read in 'MaxPoolGradWithArgmax'. See CVE-2021-29570.", + "cve": "CVE-2021-29570", + "id": "pyup.io-55743", + "more_info_path": "/vulnerabilities/CVE-2021-29570/55743", + "specs": [ + ">=2.5.0rc0,<2.5.0", + ">=2.4.0rc0,<2.4.2", + ">=2.3.0rc0,<2.3.3", + ">=2.1.0rc0,<2.1.4", + ">=2.2.0rc0,<2.2.3" + ], + "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3" + }, + { + "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29514: If the 'splits' argument of 'RaggedBincount' does not specify a valid 'SparseTensor' (https://www.tensorflow.org/api_docs/python/tf/sparse/SparseTensor), then an attacker can trigger a heap buffer overflow. This will cause a read from outside the bounds of the 'splits' tensor buffer in the implementation of the 'RaggedBincount' op (https://github.com/tensorflow/tensorflow/blob/8b677d79167799f71c42fd3fa074476e0295413a/tensorflow/core/kernels/bincount_op.cc#L430-L446). Before the 'for' loop, 'batch_idx' is set to 0. The attacker sets 'splits(0)' to be 7, hence the 'while' loop does not execute and 'batch_idx' remains 0. This then results in writing to 'out(-1, bin)', which is before the heap allocated buffer for the output tensor.", + "cve": "CVE-2021-29514", + "id": "pyup.io-55747", + "more_info_path": "/vulnerabilities/CVE-2021-29514/55747", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -136889,10 +138919,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3" }, { - "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap out of bounds read in 'MaxPoolGradWithArgmax'. See CVE-2021-29570.", - "cve": "CVE-2021-29570", - "id": "pyup.io-55743", - "more_info_path": "/vulnerabilities/CVE-2021-29570/55743", + "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by zero in TFLite's implementation of 'TransposeConv'. See CVE-2021-29588.", + "cve": "CVE-2021-29588", + "id": "pyup.io-55740", + "more_info_path": "/vulnerabilities/CVE-2021-29588/55740", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -136930,20 +138960,6 @@ ], "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3" }, - { - "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29514: If the 'splits' argument of 'RaggedBincount' does not specify a valid 'SparseTensor' (https://www.tensorflow.org/api_docs/python/tf/sparse/SparseTensor), then an attacker can trigger a heap buffer overflow. This will cause a read from outside the bounds of the 'splits' tensor buffer in the implementation of the 'RaggedBincount' op (https://github.com/tensorflow/tensorflow/blob/8b677d79167799f71c42fd3fa074476e0295413a/tensorflow/core/kernels/bincount_op.cc#L430-L446). Before the 'for' loop, 'batch_idx' is set to 0. The attacker sets 'splits(0)' to be 7, hence the 'while' loop does not execute and 'batch_idx' remains 0. This then results in writing to 'out(-1, bin)', which is before the heap allocated buffer for the output tensor.", - "cve": "CVE-2021-29514", - "id": "pyup.io-55747", - "more_info_path": "/vulnerabilities/CVE-2021-29514/55747", - "specs": [ - ">=2.5.0rc0,<2.5.0", - ">=2.4.0rc0,<2.4.2", - ">=2.3.0rc0,<2.3.3", - ">=2.1.0rc0,<2.1.4", - ">=2.2.0rc0,<2.2.3" - ], - "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3" - }, { "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29589: The reference implementation of the `GatherNd` TFLite operator is vulnerable to a division by zero error (https://github.com/tensorflow/tensorflow/blob/0d45ea1ca641b21b73bcf9c00e0179cda284e7e7/tensorflow/lite/kernels/internal/reference/reference_ops.h#L966). An attacker can craft a model such that `params` input would be an empty tensor. In turn, `params_shape.Dims(.)` would be zero, in at least one dimension.", "cve": "CVE-2021-29589", @@ -136959,24 +138975,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3" }, { - "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29571: The implementation of 'tf.raw_ops.MaxPoolGradWithArgmax' can cause reads outside of bounds of heap allocated data if attacker supplies specially crafted inputs. The implementation (https://github.com/tensorflow/tensorflow/blob/31bd5026304677faa8a0b77602c6154171b9aec1/tensorflow/core/kernels/image/draw_bounding_box_op.cc#L116-L130) assumes that the last element of 'boxes' input is 4, as required by the op (https://www.tensorflow.org/api_docs/python/tf/raw_ops/DrawBoundingBoxesV2). Since this is not checked attackers passing values less than 4 can write outside of bounds of heap allocated objects and cause memory corruption. If the last dimension in 'boxes' is less than 4, accesses similar to 'tboxes(b, bb, 3)' will access data outside of bounds. Further during code execution there are also writes to these indices.", - "cve": "CVE-2021-29571", - "id": "pyup.io-55721", - "more_info_path": "/vulnerabilities/CVE-2021-29571/55721", - "specs": [ - ">=2.5.0rc0,<2.5.0", - ">=2.4.0rc0,<2.4.2", - ">=2.3.0rc0,<2.3.3", - ">=2.2.0rc0,<2.2.3", - ">=2.1.0rc0,<2.1.4" - ], - "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" - }, - { - "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29566: An attacker can write outside the bounds of heap allocated arrays by passing invalid arguments to 'tf.raw_ops.Dilation2DBackpropInput'. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/afd954e65f15aea4d438d0a219136fc4a63a573d/tensorflow/core/kernels/dilation_ops.cc#L321-L322) does not validate before writing to the output array. The values for 'h_out' and 'w_out' are guaranteed to be in range for 'out_backprop' (as they are loop indices bounded by the size of the array). However, there are no similar guarantees relating 'h_in_max'/'w_in_max' and 'in_backprop'.", - "cve": "CVE-2021-29566", - "id": "pyup.io-55718", - "more_info_path": "/vulnerabilities/CVE-2021-29566/55718", + "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix an overflow and a denial of service in 'tf.raw_ops.ReverseSequence'. See CVE-2021-29575.", + "cve": "CVE-2021-29575", + "id": "pyup.io-55688", + "more_info_path": "/vulnerabilities/CVE-2021-29575/55688", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -137014,20 +139016,6 @@ ], "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, - { - "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix an overflow and a denial of service in 'tf.raw_ops.ReverseSequence'. See CVE-2021-29575.", - "cve": "CVE-2021-29575", - "id": "pyup.io-55688", - "more_info_path": "/vulnerabilities/CVE-2021-29575/55688", - "specs": [ - ">=2.5.0rc0,<2.5.0", - ">=2.4.0rc0,<2.4.2", - ">=2.3.0rc0,<2.3.3", - ">=2.2.0rc0,<2.2.3", - ">=2.1.0rc0,<2.1.4" - ], - "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" - }, { "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix fixes a heap OOB read in TFLite. See CVE-2021-29606.", "cve": "CVE-2021-29606", @@ -137085,10 +139073,24 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 update 'curl' to '7.76.0' to handle CVE-2020-8177.", - "cve": "CVE-2020-8177", - "id": "pyup.io-55704", - "more_info_path": "/vulnerabilities/CVE-2020-8177/55704", + "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap buffer overflow in 'MaxPoolGrad'. See CVE-2021-29579.", + "cve": "CVE-2021-29579", + "id": "pyup.io-55710", + "more_info_path": "/vulnerabilities/CVE-2021-29579/55710", + "specs": [ + ">=2.5.0rc0,<2.5.0", + ">=2.4.0rc0,<2.4.2", + ">=2.3.0rc0,<2.3.3", + ">=2.2.0rc0,<2.2.3", + ">=2.1.0rc0,<2.1.4" + ], + "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" + }, + { + "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a integer overflow in TFLite memory allocation. See CVE-2021-29605.", + "cve": "CVE-2021-29605", + "id": "pyup.io-55711", + "more_info_path": "/vulnerabilities/CVE-2021-29605/55711", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -137113,10 +139115,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap buffer overflow in 'MaxPoolGrad'. See CVE-2021-29579.", - "cve": "CVE-2021-29579", - "id": "pyup.io-55710", - "more_info_path": "/vulnerabilities/CVE-2021-29579/55710", + "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by zero in TFLite's implementation of hashtable lookup. See CVE-2021-29604.", + "cve": "CVE-2021-29604", + "id": "pyup.io-55717", + "more_info_path": "/vulnerabilities/CVE-2021-29604/55717", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -137127,10 +139129,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a integer overflow in TFLite memory allocation. See CVE-2021-29605.", - "cve": "CVE-2021-29605", - "id": "pyup.io-55711", - "more_info_path": "/vulnerabilities/CVE-2021-29605/55711", + "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a null pointer dereference in 'EditDistance'. See CVE-2021-29564.", + "cve": "CVE-2021-29564", + "id": "pyup.io-55714", + "more_info_path": "/vulnerabilities/CVE-2021-29564/55714", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -137141,10 +139143,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by zero in TFLite's implementation of hashtable lookup. See CVE-2021-29604.", - "cve": "CVE-2021-29604", - "id": "pyup.io-55717", - "more_info_path": "/vulnerabilities/CVE-2021-29604/55717", + "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by 0 in 'QuantizedMul'. See CVE-2021-29528.", + "cve": "CVE-2021-29528", + "id": "pyup.io-55731", + "more_info_path": "/vulnerabilities/CVE-2021-29528/55731", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -137155,10 +139157,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a null pointer dereference in 'EditDistance'. See CVE-2021-29564.", - "cve": "CVE-2021-29564", - "id": "pyup.io-55714", - "more_info_path": "/vulnerabilities/CVE-2021-29564/55714", + "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by zero in TFLite's implementation of 'OneHot'. See CVE-2021-29600.", + "cve": "CVE-2021-29600", + "id": "pyup.io-55713", + "more_info_path": "/vulnerabilities/CVE-2021-29600/55713", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -137169,10 +139171,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by 0 in 'QuantizedMul'. See CVE-2021-29528.", - "cve": "CVE-2021-29528", - "id": "pyup.io-55731", - "more_info_path": "/vulnerabilities/CVE-2021-29528/55731", + "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a 'CHECK'-fail due to integer overflow. See CVE-2021-29584.", + "cve": "CVE-2021-29584", + "id": "pyup.io-55686", + "more_info_path": "/vulnerabilities/CVE-2021-29584/55686", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -137183,10 +139185,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix an undefined behavior and a 'CHECK'-fail in 'FractionalMaxPoolGrad'. See CVE-2021-29580.", - "cve": "CVE-2021-29580", - "id": "pyup.io-55734", - "more_info_path": "/vulnerabilities/CVE-2021-29580/55734", + "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix vulnerabilities caused by incomplete validation in 'SparseAdd'. See CVE-2021-29609.", + "cve": "CVE-2021-29609", + "id": "pyup.io-55699", + "more_info_path": "/vulnerabilities/CVE-2021-29609/55699", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -137197,10 +139199,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29560: An attacker can cause a heap buffer overflow in `tf.raw_ops.RaggedTensorToTensor`. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/d94227d43aa125ad8b54115c03cece54f6a1977b/tensorflow/core/kernels/ragged_tensor_to_tensor_op.cc#L219-L222) uses the same index to access two arrays in parallel. Since the user controls the shape of the input arguments, an attacker could trigger a heap OOB access when 'parent_output_index' is shorter than 'row_split'.", - "cve": "CVE-2021-29560", - "id": "pyup.io-55738", - "more_info_path": "/vulnerabilities/CVE-2021-29560/55738", + "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29616: The implementation of TrySimplify (https://github.com/tensorflow/tensorflow/blob/c22d88d6ff33031aa113e48aa3fc9aa74ed79595/tensorflow/core/grappler/optimizers/arithmetic_optimizer.cc#L390-L401) has undefined behavior due to dereferencing a null pointer in corner cases that result in optimizing a node with no inputs.", + "cve": "CVE-2021-29616", + "id": "pyup.io-55696", + "more_info_path": "/vulnerabilities/CVE-2021-29616/55696", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -137211,10 +139213,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a 'CHECK'-fail due to integer overflow. See CVE-2021-29584.", - "cve": "CVE-2021-29584", - "id": "pyup.io-55686", - "more_info_path": "/vulnerabilities/CVE-2021-29584/55686", + "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29571: The implementation of 'tf.raw_ops.MaxPoolGradWithArgmax' can cause reads outside of bounds of heap allocated data if attacker supplies specially crafted inputs. The implementation (https://github.com/tensorflow/tensorflow/blob/31bd5026304677faa8a0b77602c6154171b9aec1/tensorflow/core/kernels/image/draw_bounding_box_op.cc#L116-L130) assumes that the last element of 'boxes' input is 4, as required by the op (https://www.tensorflow.org/api_docs/python/tf/raw_ops/DrawBoundingBoxesV2). Since this is not checked attackers passing values less than 4 can write outside of bounds of heap allocated objects and cause memory corruption. If the last dimension in 'boxes' is less than 4, accesses similar to 'tboxes(b, bb, 3)' will access data outside of bounds. Further during code execution there are also writes to these indices.", + "cve": "CVE-2021-29571", + "id": "pyup.io-55721", + "more_info_path": "/vulnerabilities/CVE-2021-29571/55721", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -137225,10 +139227,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix vulnerabilities caused by incomplete validation in 'SparseAdd'. See CVE-2021-29609.", - "cve": "CVE-2021-29609", - "id": "pyup.io-55699", - "more_info_path": "/vulnerabilities/CVE-2021-29609/55699", + "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29566: An attacker can write outside the bounds of heap allocated arrays by passing invalid arguments to 'tf.raw_ops.Dilation2DBackpropInput'. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/afd954e65f15aea4d438d0a219136fc4a63a573d/tensorflow/core/kernels/dilation_ops.cc#L321-L322) does not validate before writing to the output array. The values for 'h_out' and 'w_out' are guaranteed to be in range for 'out_backprop' (as they are loop indices bounded by the size of the array). However, there are no similar guarantees relating 'h_in_max'/'w_in_max' and 'in_backprop'.", + "cve": "CVE-2021-29566", + "id": "pyup.io-55718", + "more_info_path": "/vulnerabilities/CVE-2021-29566/55718", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -137239,10 +139241,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by zero in TFLite's implementation of 'OneHot'. See CVE-2021-29600.", - "cve": "CVE-2021-29600", - "id": "pyup.io-55713", - "more_info_path": "/vulnerabilities/CVE-2021-29600/55713", + "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 update 'curl' to '7.76.0' to handle CVE-2020-8177.", + "cve": "CVE-2020-8177", + "id": "pyup.io-55704", + "more_info_path": "/vulnerabilities/CVE-2020-8177/55704", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -137253,10 +139255,24 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29616: The implementation of TrySimplify (https://github.com/tensorflow/tensorflow/blob/c22d88d6ff33031aa113e48aa3fc9aa74ed79595/tensorflow/core/grappler/optimizers/arithmetic_optimizer.cc#L390-L401) has undefined behavior due to dereferencing a null pointer in corner cases that result in optimizing a node with no inputs.", - "cve": "CVE-2021-29616", - "id": "pyup.io-55696", - "more_info_path": "/vulnerabilities/CVE-2021-29616/55696", + "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix an undefined behavior and a 'CHECK'-fail in 'FractionalMaxPoolGrad'. See CVE-2021-29580.", + "cve": "CVE-2021-29580", + "id": "pyup.io-55734", + "more_info_path": "/vulnerabilities/CVE-2021-29580/55734", + "specs": [ + ">=2.5.0rc0,<2.5.0", + ">=2.4.0rc0,<2.4.2", + ">=2.3.0rc0,<2.3.3", + ">=2.2.0rc0,<2.2.3", + ">=2.1.0rc0,<2.1.4" + ], + "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" + }, + { + "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29560: An attacker can cause a heap buffer overflow in `tf.raw_ops.RaggedTensorToTensor`. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/d94227d43aa125ad8b54115c03cece54f6a1977b/tensorflow/core/kernels/ragged_tensor_to_tensor_op.cc#L219-L222) uses the same index to access two arrays in parallel. Since the user controls the shape of the input arguments, an attacker could trigger a heap OOB access when 'parent_output_index' is shorter than 'row_split'.", + "cve": "CVE-2021-29560", + "id": "pyup.io-55738", + "more_info_path": "/vulnerabilities/CVE-2021-29560/55738", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -137294,6 +139310,48 @@ ], "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, + { + "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29546: TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger an integer division by zero undefined behavior in `tf.raw_ops.QuantizedBiasAdd`. This is because the implementation of the Eigen kernel (https://github.com/tensorflow/tensorflow/blob/61bca8bd5ba8a68b2d97435ddfafcdf2b85672cd/tensorflow/core/kernels/quantization_utils.h#L812-L849) does a division by the number of elements of the smaller input (based on shape) without checking that this is not zero.", + "cve": "CVE-2021-29546", + "id": "pyup.io-55736", + "more_info_path": "/vulnerabilities/CVE-2021-29546/55736", + "specs": [ + ">=2.5.0rc0,<2.5.0", + ">=2.4.0rc0,<2.4.2", + ">=2.3.0rc0,<2.3.3", + ">=2.2.0rc0,<2.2.3", + ">=2.1.0rc0,<2.1.4" + ], + "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" + }, + { + "advisory": "Tensorflow-cpu 2.5.0, 2.4.2, 2.3.3, 2.2.3, and 2.1.4 include a fix for CVE-2021-29572: The implementation of `tf.raw_ops.SdcaOptimizer` triggers undefined behavior due to dereferencing a null pointer. The implementation (https://github.com/tensorflow/tensorflow/blob/60a45c8b6192a4699f2e2709a2645a751d435cc3/tensorflow/core/kernels/sdca_internal.cc) does not validate that the user supplied arguments satisfy all constraints expected by the op(https://www.tensorflow.org/api_docs/python/tf/raw_ops/SdcaOptimizer).", + "cve": "CVE-2021-29572", + "id": "pyup.io-55723", + "more_info_path": "/vulnerabilities/CVE-2021-29572/55723", + "specs": [ + ">=2.5.0rc0,<2.5.0", + ">=2.4.0rc0,<2.4.2", + ">=2.3.0rc0,<2.3.3", + ">=2.2.0rc0,<2.2.3", + ">=2.1.0rc0,<2.1.4" + ], + "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" + }, + { + "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29547: An attacker can cause a segfault and denial of service via accessing data outside of bounds in 'tf.raw_ops.QuantizedBatchNormWithGlobalNormalization'. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/55a97caa9e99c7f37a0bbbeb414dc55553d3ae7f/tensorflow/core/kernels/quantized_batch_norm_op.cc#L176-L189) assumes the inputs are not empty. If any of these inputs is empty, '.flat()' is an empty buffer, so accessing the element at index 0 is accessing data outside of bounds.", + "cve": "CVE-2021-29547", + "id": "pyup.io-55715", + "more_info_path": "/vulnerabilities/CVE-2021-29547/55715", + "specs": [ + ">=2.5.0rc0,<2.5.0", + ">=2.4.0rc0,<2.4.2", + ">=2.3.0rc0,<2.3.3", + ">=2.2.0rc0,<2.2.3", + ">=2.1.0rc0,<2.1.4" + ], + "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" + }, { "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap out of bounds read in 'RequantizationRange'. See CVE-2021-29569.", "cve": "CVE-2021-29569", @@ -137308,6 +139366,20 @@ ], "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, + { + "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29550: An attacker can cause a runtime division by zero error and denial of service in `tf.raw_ops.FractionalAvgPool`. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/acc8ee69f5f46f92a3f1f11230f49c6ac266f10c/tensorflow/core/kernels/fractional_avg_pool_op.cc#L85-L89) computes a divisor quantity by dividing two user controlled values. The user controls the values of `input_size[i]` and `pooling_ratio_[i]` (via the `value.shape()` and `pooling_ratio` arguments). If the value in `input_size[i]` is smaller than the `pooling_ratio_[i]`, then the floor operation results in `output_size[i]` being 0. The `DCHECK_GT` line is a no-op outside of debug mode, so in released versions of TF this does not trigger. Later, these computed values are used as arguments (https://github.com/tensorflow/tensorflow/blob/acc8ee69f5f46f92a3f1f11230f49c6ac266f10c/tensorflow/core/kernels/fractional_avg_pool_op.cc#L96-L99) to `GeneratePoolingSequence`(https://github.com/tensorflow/tensorflow/blob/acc8ee69f5f46f92a3f1f11230f49c6ac266f10c/tensorflow/core/kernels/fractional_pool_common.cc#L100-L108). There, the first computation is a division in a modulo operation. Since `output_length` can be 0, this results in runtime crashing.", + "cve": "CVE-2021-29550", + "id": "pyup.io-55735", + "more_info_path": "/vulnerabilities/CVE-2021-29550/55735", + "specs": [ + ">=2.5.0rc0,<2.5.0", + ">=2.4.0rc0,<2.4.2", + ">=2.3.0rc0,<2.3.3", + ">=2.2.0rc0,<2.2.3", + ">=2.1.0rc0,<2.1.4" + ], + "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" + }, { "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29618: Passing a complex argument to `tf.transpose` at the same time as passing 'conjugate=True' argument results in a crash.", "cve": "CVE-2021-29618", @@ -137322,6 +139394,20 @@ ], "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, + { + "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29587: TensorFlow is an end-to-end open source platform for machine learning. The `Prepare` step of the `SpaceToDepth` TFLite operator does not check for 0 before division (https://github.com/tensorflow/tensorflow/blob/5f7975d09eac0f10ed8a17dbb6f5964977725adc/tensorflow/lite/kernels/space_to_depth.cc#L63-L67). An attacker can craft a model such that `params->block_size` would be zero.", + "cve": "CVE-2021-29587", + "id": "pyup.io-55719", + "more_info_path": "/vulnerabilities/CVE-2021-29587/55719", + "specs": [ + ">=2.5.0rc0,<2.5.0", + ">=2.4.0rc0,<2.4.2", + ">=2.3.0rc0,<2.3.3", + ">=2.2.0rc0,<2.2.3", + ">=2.1.0rc0,<2.1.4" + ], + "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" + }, { "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 update its dependency \"curl\" to v7.76.0 to include security fixes.", "cve": "CVE-2020-8231", @@ -137364,6 +139450,34 @@ ], "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, + { + "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by zero in TFLite's implementation of 'SVDF'. See CVE-2021-29598.", + "cve": "CVE-2021-29598", + "id": "pyup.io-55729", + "more_info_path": "/vulnerabilities/CVE-2021-29598/55729", + "specs": [ + ">=2.5.0rc0,<2.5.0", + ">=2.4.0rc0,<2.4.2", + ">=2.3.0rc0,<2.3.3", + ">=2.2.0rc0,<2.2.3", + ">=2.1.0rc0,<2.1.4" + ], + "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" + }, + { + "advisory": "Tensorflow-cpu versions 2.5.0, 2.4.2, 2.3.3, 2.2.3 and 2.1.4 updates its dependency \"curl\" to a secure version (7.76.0).", + "cve": "CVE-2020-8285", + "id": "pyup.io-55724", + "more_info_path": "/vulnerabilities/CVE-2020-8285/55724", + "specs": [ + ">=2.5.0rc0,<2.5.0", + ">=2.4.0rc0,<2.4.2", + ">=2.3.0rc0,<2.3.3", + ">=2.2.0rc0,<2.2.3", + ">=2.1.0rc0,<2.1.4" + ], + "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" + }, { "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by zero in optimized pooling implementations in TFLite. See CVE-2021-29586.", "cve": "CVE-2021-29586", @@ -137392,48 +139506,6 @@ ], "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, - { - "advisory": "Tensorflow-cpu versions 2.5.0, 2.4.2, 2.3.3, 2.2.3 and 2.1.4 updates its dependency \"curl\" to a secure version (7.76.0).", - "cve": "CVE-2020-8285", - "id": "pyup.io-55724", - "more_info_path": "/vulnerabilities/CVE-2020-8285/55724", - "specs": [ - ">=2.5.0rc0,<2.5.0", - ">=2.4.0rc0,<2.4.2", - ">=2.3.0rc0,<2.3.3", - ">=2.2.0rc0,<2.2.3", - ">=2.1.0rc0,<2.1.4" - ], - "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" - }, - { - "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by zero in TFLite's implementation of 'SVDF'. See CVE-2021-29598.", - "cve": "CVE-2021-29598", - "id": "pyup.io-55729", - "more_info_path": "/vulnerabilities/CVE-2021-29598/55729", - "specs": [ - ">=2.5.0rc0,<2.5.0", - ">=2.4.0rc0,<2.4.2", - ">=2.3.0rc0,<2.3.3", - ">=2.2.0rc0,<2.2.3", - ">=2.1.0rc0,<2.1.4" - ], - "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" - }, - { - "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29546: TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger an integer division by zero undefined behavior in `tf.raw_ops.QuantizedBiasAdd`. This is because the implementation of the Eigen kernel (https://github.com/tensorflow/tensorflow/blob/61bca8bd5ba8a68b2d97435ddfafcdf2b85672cd/tensorflow/core/kernels/quantization_utils.h#L812-L849) does a division by the number of elements of the smaller input (based on shape) without checking that this is not zero.", - "cve": "CVE-2021-29546", - "id": "pyup.io-55736", - "more_info_path": "/vulnerabilities/CVE-2021-29546/55736", - "specs": [ - ">=2.5.0rc0,<2.5.0", - ">=2.4.0rc0,<2.4.2", - ">=2.3.0rc0,<2.3.3", - ">=2.2.0rc0,<2.2.3", - ">=2.1.0rc0,<2.1.4" - ], - "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" - }, { "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29610: The validation in 'tf.raw_ops.QuantizeAndDequantizeV2' allows invalid values for 'axis' argument:. The validation (https://github.com/tensorflow/tensorflow/blob/eccb7ec454e6617738554a255d77f08e60ee0808/tensorflow/core/kernels/quantize_and_dequantize_op.cc#L74-L77) uses '||' to mix two different conditions. If 'axis_ < -1' the condition in 'OP_REQUIRES' will still be true, but this value of 'axis_' results in heap underflow. This allows attackers to read/write to other data on the heap.", "cve": "CVE-2021-29610", @@ -137448,20 +139520,6 @@ ], "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, - { - "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap OOB read in 'tf.raw_ops.Dequantize'. See CVE-2021-29582.", - "cve": "CVE-2021-29582", - "id": "pyup.io-55689", - "more_info_path": "/vulnerabilities/CVE-2021-29582/55689", - "specs": [ - ">=2.5.0rc0,<2.5.0", - ">=2.4.0rc0,<2.4.2", - ">=2.3.0rc0,<2.3.3", - ">=2.2.0rc0,<2.2.3", - ">=2.1.0rc0,<2.1.4" - ], - "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" - }, { "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a 'CHECK'-fail in 'tf.raw_ops.IRFFT'. See CVE-2021-29562.", "cve": "CVE-2021-29562", @@ -137505,10 +139563,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap buffer overflow in 'AvgPool3DGrad'. See CVE-2021-29577.", - "cve": "CVE-2021-29577", - "id": "pyup.io-55708", - "more_info_path": "/vulnerabilities/CVE-2021-29577/55708", + "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap OOB read in 'tf.raw_ops.Dequantize'. See CVE-2021-29582.", + "cve": "CVE-2021-29582", + "id": "pyup.io-55689", + "more_info_path": "/vulnerabilities/CVE-2021-29582/55689", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -137533,10 +139591,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix vulnerabilities caused by incomplete validation in 'SparseReshape'. See CVE-2021-29611.", - "cve": "CVE-2021-29611", - "id": "pyup.io-55733", - "more_info_path": "/vulnerabilities/CVE-2021-29611/55733", + "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap buffer overflow in 'AvgPool3DGrad'. See CVE-2021-29577.", + "cve": "CVE-2021-29577", + "id": "pyup.io-55708", + "more_info_path": "/vulnerabilities/CVE-2021-29577/55708", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -137547,10 +139605,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow-cpu 2.5.0, 2.4.2, 2.3.3, 2.2.3, and 2.1.4 include a fix for CVE-2021-29572: The implementation of `tf.raw_ops.SdcaOptimizer` triggers undefined behavior due to dereferencing a null pointer. The implementation (https://github.com/tensorflow/tensorflow/blob/60a45c8b6192a4699f2e2709a2645a751d435cc3/tensorflow/core/kernels/sdca_internal.cc) does not validate that the user supplied arguments satisfy all constraints expected by the op(https://www.tensorflow.org/api_docs/python/tf/raw_ops/SdcaOptimizer).", - "cve": "CVE-2021-29572", - "id": "pyup.io-55723", - "more_info_path": "/vulnerabilities/CVE-2021-29572/55723", + "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix vulnerabilities caused by incomplete validation in 'SparseReshape'. See CVE-2021-29611.", + "cve": "CVE-2021-29611", + "id": "pyup.io-55733", + "more_info_path": "/vulnerabilities/CVE-2021-29611/55733", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -137602,20 +139660,6 @@ ], "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, - { - "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29547: An attacker can cause a segfault and denial of service via accessing data outside of bounds in 'tf.raw_ops.QuantizedBatchNormWithGlobalNormalization'. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/55a97caa9e99c7f37a0bbbeb414dc55553d3ae7f/tensorflow/core/kernels/quantized_batch_norm_op.cc#L176-L189) assumes the inputs are not empty. If any of these inputs is empty, '.flat()' is an empty buffer, so accessing the element at index 0 is accessing data outside of bounds.", - "cve": "CVE-2021-29547", - "id": "pyup.io-55715", - "more_info_path": "/vulnerabilities/CVE-2021-29547/55715", - "specs": [ - ">=2.5.0rc0,<2.5.0", - ">=2.4.0rc0,<2.4.2", - ">=2.3.0rc0,<2.3.3", - ">=2.2.0rc0,<2.2.3", - ">=2.1.0rc0,<2.1.4" - ], - "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" - }, { "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap OOB in 'QuantizeAndDequantizeV3'. See CVE-2021-29553.", "cve": "CVE-2021-29553", @@ -137630,20 +139674,6 @@ ], "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, - { - "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29550: An attacker can cause a runtime division by zero error and denial of service in `tf.raw_ops.FractionalAvgPool`. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/acc8ee69f5f46f92a3f1f11230f49c6ac266f10c/tensorflow/core/kernels/fractional_avg_pool_op.cc#L85-L89) computes a divisor quantity by dividing two user controlled values. The user controls the values of `input_size[i]` and `pooling_ratio_[i]` (via the `value.shape()` and `pooling_ratio` arguments). If the value in `input_size[i]` is smaller than the `pooling_ratio_[i]`, then the floor operation results in `output_size[i]` being 0. The `DCHECK_GT` line is a no-op outside of debug mode, so in released versions of TF this does not trigger. Later, these computed values are used as arguments (https://github.com/tensorflow/tensorflow/blob/acc8ee69f5f46f92a3f1f11230f49c6ac266f10c/tensorflow/core/kernels/fractional_avg_pool_op.cc#L96-L99) to `GeneratePoolingSequence`(https://github.com/tensorflow/tensorflow/blob/acc8ee69f5f46f92a3f1f11230f49c6ac266f10c/tensorflow/core/kernels/fractional_pool_common.cc#L100-L108). There, the first computation is a division in a modulo operation. Since `output_length` can be 0, this results in runtime crashing.", - "cve": "CVE-2021-29550", - "id": "pyup.io-55735", - "more_info_path": "/vulnerabilities/CVE-2021-29550/55735", - "specs": [ - ">=2.5.0rc0,<2.5.0", - ">=2.4.0rc0,<2.4.2", - ">=2.3.0rc0,<2.3.3", - ">=2.2.0rc0,<2.2.3", - ">=2.1.0rc0,<2.1.4" - ], - "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" - }, { "advisory": "Tensorflow-cpu versions 2.1.4, 2.2.3, 2.3.3, 2.4.2 and 2.5.0 update its dependency \"curl\" to handle CVE-2020-8284.", "cve": "CVE-2020-8284", @@ -137700,20 +139730,6 @@ ], "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, - { - "advisory": "Tensorflow-cpu 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29587: TensorFlow is an end-to-end open source platform for machine learning. The `Prepare` step of the `SpaceToDepth` TFLite operator does not check for 0 before division (https://github.com/tensorflow/tensorflow/blob/5f7975d09eac0f10ed8a17dbb6f5964977725adc/tensorflow/lite/kernels/space_to_depth.cc#L63-L67). An attacker can craft a model such that `params->block_size` would be zero.", - "cve": "CVE-2021-29587", - "id": "pyup.io-55719", - "more_info_path": "/vulnerabilities/CVE-2021-29587/55719", - "specs": [ - ">=2.5.0rc0,<2.5.0", - ">=2.4.0rc0,<2.4.2", - ">=2.3.0rc0,<2.3.3", - ">=2.2.0rc0,<2.2.3", - ">=2.1.0rc0,<2.1.4" - ], - "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" - }, { "advisory": "Tensorflow-cpu 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37691: In affected versions an attacker can craft a TFLite model that would trigger a division by zero error in LSH [implementation](https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels/lsh_projection.cc#L118). The Tensorflow team has patched the issue in GitHub commit 0575b640091680cfb70f4dd93e70658de43b94f9.", "cve": "CVE-2021-37691", @@ -137754,10 +139770,10 @@ "v": ">=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.3.0rc0,<2.3.4,>=2.6.0rc0,<2.6.0" }, { - "advisory": "Tensorflow-cpu versions 2.5.1 and 2.6.0 include a fix for CVE-2021-37692:\nIn affected versions under certain conditions, Go code can trigger a segfault in string deallocation. For string tensors, \"C.TF_TString_Dealloc\" is called during garbage collection within a finalizer function. However, tensor structure isn't checked until encoding to avoid a performance penalty. The current method for dealloc assumes that encoding succeeded, but segfaults when a string tensor is garbage collected whose encoding failed (e.g., due to mismatched dimensions). To fix this, the call to set the finalizer function is deferred until \"NewTensor\" returns and, if encoding failed for a string tensor, deallocs are determined based on bytes written. The Tensorflow team has patched the issue in GitHub commit:\nhttps://github.com/tensorflow/tensorflow/commit/8721ba96e5760c229217b594f6d2ba332beedf22\nhttps://github.com/tensorflow/tensorflow/pull/50508\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-cmgw-8vpc-rc59", - "cve": "CVE-2021-37692", - "id": "pyup.io-55681", - "more_info_path": "/vulnerabilities/CVE-2021-37692/55681", + "advisory": "Tensorflow-cpu 2.5.1 and 2.6.0 include a fix for CVE-2021-37640: In affected versions the implementation of 'tf.raw_ops.SparseReshape' can be made to trigger an integral division by 0 exception. The implementation (https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/reshape_util.cc#L176-L181) calls the reshaping functor whenever there is at least an index in the input but does not check that shape of the input or the target shape have both a non-zero number of elements. The reshape functor (https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/reshape_util.cc#L40-L78) blindly divides by the dimensions of the target shape. Hence, if this is not checked, code will result in a division by 0. The Tensorflow team has patched the issue in GitHub commit 4923de56ec94fff7770df259ab7f2288a74feb41.", + "cve": "CVE-2021-37640", + "id": "pyup.io-55682", + "more_info_path": "/vulnerabilities/CVE-2021-37640/55682", "specs": [ ">=2.5.0rc0,<2.5.1", ">=2.6.0rc0,<2.6.0" @@ -137765,10 +139781,10 @@ "v": ">=2.5.0rc0,<2.5.1,>=2.6.0rc0,<2.6.0" }, { - "advisory": "Tensorflow-cpu 2.5.1 and 2.6.0 include a fix for CVE-2021-37640: In affected versions the implementation of 'tf.raw_ops.SparseReshape' can be made to trigger an integral division by 0 exception. The implementation (https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/reshape_util.cc#L176-L181) calls the reshaping functor whenever there is at least an index in the input but does not check that shape of the input or the target shape have both a non-zero number of elements. The reshape functor (https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/reshape_util.cc#L40-L78) blindly divides by the dimensions of the target shape. Hence, if this is not checked, code will result in a division by 0. The Tensorflow team has patched the issue in GitHub commit 4923de56ec94fff7770df259ab7f2288a74feb41.", - "cve": "CVE-2021-37640", - "id": "pyup.io-55682", - "more_info_path": "/vulnerabilities/CVE-2021-37640/55682", + "advisory": "Tensorflow-cpu versions 2.5.1 and 2.6.0 include a fix for CVE-2021-37692:\nIn affected versions under certain conditions, Go code can trigger a segfault in string deallocation. For string tensors, \"C.TF_TString_Dealloc\" is called during garbage collection within a finalizer function. However, tensor structure isn't checked until encoding to avoid a performance penalty. The current method for dealloc assumes that encoding succeeded, but segfaults when a string tensor is garbage collected whose encoding failed (e.g., due to mismatched dimensions). To fix this, the call to set the finalizer function is deferred until \"NewTensor\" returns and, if encoding failed for a string tensor, deallocs are determined based on bytes written. The Tensorflow team has patched the issue in GitHub commit:\nhttps://github.com/tensorflow/tensorflow/commit/8721ba96e5760c229217b594f6d2ba332beedf22\nhttps://github.com/tensorflow/tensorflow/pull/50508\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-cmgw-8vpc-rc59", + "cve": "CVE-2021-37692", + "id": "pyup.io-55681", + "more_info_path": "/vulnerabilities/CVE-2021-37692/55681", "specs": [ ">=2.5.0rc0,<2.5.1", ">=2.6.0rc0,<2.6.0" @@ -137815,10 +139831,10 @@ "v": ">=2.6.0rc0,<2.6.0,>=2.3.0rc0,<2.3.4,>=2.4.0rc0,<2.4.3,>=2.5.0rc0,<2.5.1" }, { - "advisory": "Tensorflow-cpu 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37657: In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type 'tf.raw_ops.MatrixDiagV*'. The implementation (https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/linalg/matrix_diag_op.cc) has incomplete validation that the value of 'k' is a valid tensor. The Tensorflow team has checked that this value is either a scalar or a vector, but there is no check for the number of elements. If this is an empty tensor, then code that accesses the first element of the tensor is wrong. The Tensorflow team has patched the issue in GitHub commit f2a673bd34f0d64b8e40a551ac78989d16daad09.", - "cve": "CVE-2021-37657", - "id": "pyup.io-55669", - "more_info_path": "/vulnerabilities/CVE-2021-37657/55669", + "advisory": "Tensorflow-cpu 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37676: In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in 'tf.raw_ops.SparseFillEmptyRows'. The shape inference implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/ops/sparse_ops.cc#L608-L634) does not validate that the input arguments are not empty tensors. The Tensorflow team has patched the issue in GitHub commit 578e634b4f1c1c684d4b4294f9e5281b2133b3ed.", + "cve": "CVE-2021-37676", + "id": "pyup.io-55677", + "more_info_path": "/vulnerabilities/CVE-2021-37676/55677", "specs": [ ">=2.6.0rc0,<2.6.0", ">=2.3.0rc0,<2.3.4", @@ -137828,10 +139844,10 @@ "v": ">=2.6.0rc0,<2.6.0,>=2.3.0rc0,<2.3.4,>=2.4.0rc0,<2.4.3,>=2.5.0rc0,<2.5.1" }, { - "advisory": "Tensorflow-cpu 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37675: In affected versions most implementations of convolution operators in TensorFlow are affected by a division by 0 vulnerability where an attacker can trigger a denial of service via a crash. The shape inference implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/framework/common_shape_fns.cc#L577) is missing several validations before doing divisions and modulo operations. The Tensorflow team has patched the issue in GitHub commit 8a793b5d7f59e37ac7f3cd0954a750a2fe76bad4.", - "cve": "CVE-2021-37675", - "id": "pyup.io-55675", - "more_info_path": "/vulnerabilities/CVE-2021-37675/55675", + "advisory": "Tensorflow-cpu 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37685: In affected versions TFLite's 'expand_dims.cc' (https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels/expand_dims.cc#L36-L50) contains a vulnerability which allows reading one element outside of bounds of heap allocated data. If 'axis' is a large negative value (e.g., '-100000'), then after the first 'if' it would still be negative. The check following the 'if' statement will pass and the 'for' loop would read one element before the start of 'input_dims.data' (when 'i = 0'). The Tensorflow team has patched the issue in GitHub commit d94ffe08a65400f898241c0374e9edc6fa8ed257.", + "cve": "CVE-2021-37685", + "id": "pyup.io-55672", + "more_info_path": "/vulnerabilities/CVE-2021-37685/55672", "specs": [ ">=2.6.0rc0,<2.6.0", ">=2.3.0rc0,<2.3.4", @@ -137841,10 +139857,10 @@ "v": ">=2.6.0rc0,<2.6.0,>=2.3.0rc0,<2.3.4,>=2.4.0rc0,<2.4.3,>=2.5.0rc0,<2.5.1" }, { - "advisory": "Tensorflow-cpu 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37676: In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in 'tf.raw_ops.SparseFillEmptyRows'. The shape inference implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/ops/sparse_ops.cc#L608-L634) does not validate that the input arguments are not empty tensors. The Tensorflow team has patched the issue in GitHub commit 578e634b4f1c1c684d4b4294f9e5281b2133b3ed.", - "cve": "CVE-2021-37676", - "id": "pyup.io-55677", - "more_info_path": "/vulnerabilities/CVE-2021-37676/55677", + "advisory": "Tensorflow-cpu version 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37663:\nIn affected versions, due to incomplete validation in \"tf.raw_ops.QuantizeV2\", an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap allocated arrays. The implementation (https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/quantize_op.cc#L59) has some validation but does not check that \"min_range\" and \"max_range\" both have the same non-zero number of elements. If \"axis\" is provided (i.e., not \"-1\"), then validation should check that it is a value in range for the rank of \"input\" tensor and then the lengths of \"min_range\" and \"max_range\" inputs match the \"axis\" dimension of the \"input\" tensor. The Tensorflow team has patched the issue in GitHub commit 6da6620efad397c85493b8f8667b821403516708. \nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-g25h-jr74-qp5j\nhttps://github.com/tensorflow/tensorflow/commit/6da6620efad397c85493b8f8667b821403516708", + "cve": "CVE-2021-37663", + "id": "pyup.io-55671", + "more_info_path": "/vulnerabilities/CVE-2021-37663/55671", "specs": [ ">=2.6.0rc0,<2.6.0", ">=2.3.0rc0,<2.3.4", @@ -137854,10 +139870,10 @@ "v": ">=2.6.0rc0,<2.6.0,>=2.3.0rc0,<2.3.4,>=2.4.0rc0,<2.4.3,>=2.5.0rc0,<2.5.1" }, { - "advisory": "Tensorflow-cpu 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37685: In affected versions TFLite's 'expand_dims.cc' (https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels/expand_dims.cc#L36-L50) contains a vulnerability which allows reading one element outside of bounds of heap allocated data. If 'axis' is a large negative value (e.g., '-100000'), then after the first 'if' it would still be negative. The check following the 'if' statement will pass and the 'for' loop would read one element before the start of 'input_dims.data' (when 'i = 0'). The Tensorflow team has patched the issue in GitHub commit d94ffe08a65400f898241c0374e9edc6fa8ed257.", - "cve": "CVE-2021-37685", - "id": "pyup.io-55672", - "more_info_path": "/vulnerabilities/CVE-2021-37685/55672", + "advisory": "Tensorflow-cpu version 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37665:\nIn affected versions, due to incomplete validation in MKL implementation of requantization, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap allocated arrays. The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/mkl/mkl_requantization_range_per_channel_op.cc) does not validate the dimensions of the \"input\" tensor. A similar issue occurs in \"MklRequantizePerChannelOp\". The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/mkl/mkl_requantize_per_channel_op.cc) does not perform full validation for all the input arguments. The Tensorflow team has patched the issue in GitHub commit 9e62869465573cb2d9b5053f1fa02a81fce21d69 and in the Github commit 203214568f5bc237603dbab6e1fd389f1572f5c9.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-v82p-hv3v-p6qp\nhttps://github.com/tensorflow/tensorflow/commit/203214568f5bc237603dbab6e1fd389f1572f5c9\nhttps://github.com/tensorflow/tensorflow/commit/9e62869465573cb2d9b5053f1fa02a81fce21d69", + "cve": "CVE-2021-37665", + "id": "pyup.io-55674", + "more_info_path": "/vulnerabilities/CVE-2021-37665/55674", "specs": [ ">=2.6.0rc0,<2.6.0", ">=2.3.0rc0,<2.3.4", @@ -137867,10 +139883,10 @@ "v": ">=2.6.0rc0,<2.6.0,>=2.3.0rc0,<2.3.4,>=2.4.0rc0,<2.4.3,>=2.5.0rc0,<2.5.1" }, { - "advisory": "Tensorflow-cpu version 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37668:\nIn affected versions, an attacker can cause denial of service in applications serving models using \"tf.raw_ops.UnravelIndex\" by triggering a division by 0. The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/unravel_index_op.cc#L36) does not check that the tensor subsumed by \"dims\" is not empty. Hence, if one element of \"dims\" is 0, the implementation does a division by 0. The Tensorflow team has patched the issue in GitHub commit a776040a5e7ebf76eeb7eb923bf1ae417dd4d233.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-2wmv-37vq-52g5\nhttps://github.com/tensorflow/tensorflow/commit/a776040a5e7ebf76eeb7eb923bf1ae417dd4d233", - "cve": "CVE-2021-37668", - "id": "pyup.io-55670", - "more_info_path": "/vulnerabilities/CVE-2021-37668/55670", + "advisory": "Tensorflow-cpu 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37657: In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type 'tf.raw_ops.MatrixDiagV*'. The implementation (https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/linalg/matrix_diag_op.cc) has incomplete validation that the value of 'k' is a valid tensor. The Tensorflow team has checked that this value is either a scalar or a vector, but there is no check for the number of elements. If this is an empty tensor, then code that accesses the first element of the tensor is wrong. The Tensorflow team has patched the issue in GitHub commit f2a673bd34f0d64b8e40a551ac78989d16daad09.", + "cve": "CVE-2021-37657", + "id": "pyup.io-55669", + "more_info_path": "/vulnerabilities/CVE-2021-37657/55669", "specs": [ ">=2.6.0rc0,<2.6.0", ">=2.3.0rc0,<2.3.4", @@ -137880,10 +139896,10 @@ "v": ">=2.6.0rc0,<2.6.0,>=2.3.0rc0,<2.3.4,>=2.4.0rc0,<2.4.3,>=2.5.0rc0,<2.5.1" }, { - "advisory": "Tensorflow-cpu 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37660: In affected versions an attacker can cause a floating point exception by calling inplace operations with crafted arguments that would result in a division by 0. The implementation (https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/inplace_ops.cc#L283) has a logic error: it should skip processing if 'x' and 'v' are empty but the code uses '||' instead of '&&'. The Tensorflow team has patched the issue in GitHub commit e86605c0a336c088b638da02135ea6f9f6753618.", - "cve": "CVE-2021-37660", - "id": "pyup.io-55679", - "more_info_path": "/vulnerabilities/CVE-2021-37660/55679", + "advisory": "Tensorflow-cpu 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37675: In affected versions most implementations of convolution operators in TensorFlow are affected by a division by 0 vulnerability where an attacker can trigger a denial of service via a crash. The shape inference implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/framework/common_shape_fns.cc#L577) is missing several validations before doing divisions and modulo operations. The Tensorflow team has patched the issue in GitHub commit 8a793b5d7f59e37ac7f3cd0954a750a2fe76bad4.", + "cve": "CVE-2021-37675", + "id": "pyup.io-55675", + "more_info_path": "/vulnerabilities/CVE-2021-37675/55675", "specs": [ ">=2.6.0rc0,<2.6.0", ">=2.3.0rc0,<2.3.4", @@ -137893,10 +139909,10 @@ "v": ">=2.6.0rc0,<2.6.0,>=2.3.0rc0,<2.3.4,>=2.4.0rc0,<2.4.3,>=2.5.0rc0,<2.5.1" }, { - "advisory": "Tensorflow-cpu version 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37663:\nIn affected versions, due to incomplete validation in \"tf.raw_ops.QuantizeV2\", an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap allocated arrays. The implementation (https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/quantize_op.cc#L59) has some validation but does not check that \"min_range\" and \"max_range\" both have the same non-zero number of elements. If \"axis\" is provided (i.e., not \"-1\"), then validation should check that it is a value in range for the rank of \"input\" tensor and then the lengths of \"min_range\" and \"max_range\" inputs match the \"axis\" dimension of the \"input\" tensor. The Tensorflow team has patched the issue in GitHub commit 6da6620efad397c85493b8f8667b821403516708. \nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-g25h-jr74-qp5j\nhttps://github.com/tensorflow/tensorflow/commit/6da6620efad397c85493b8f8667b821403516708", - "cve": "CVE-2021-37663", - "id": "pyup.io-55671", - "more_info_path": "/vulnerabilities/CVE-2021-37663/55671", + "advisory": "Tensorflow-cpu version 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37668:\nIn affected versions, an attacker can cause denial of service in applications serving models using \"tf.raw_ops.UnravelIndex\" by triggering a division by 0. The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/unravel_index_op.cc#L36) does not check that the tensor subsumed by \"dims\" is not empty. Hence, if one element of \"dims\" is 0, the implementation does a division by 0. The Tensorflow team has patched the issue in GitHub commit a776040a5e7ebf76eeb7eb923bf1ae417dd4d233.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-2wmv-37vq-52g5\nhttps://github.com/tensorflow/tensorflow/commit/a776040a5e7ebf76eeb7eb923bf1ae417dd4d233", + "cve": "CVE-2021-37668", + "id": "pyup.io-55670", + "more_info_path": "/vulnerabilities/CVE-2021-37668/55670", "specs": [ ">=2.6.0rc0,<2.6.0", ">=2.3.0rc0,<2.3.4", @@ -137906,10 +139922,10 @@ "v": ">=2.6.0rc0,<2.6.0,>=2.3.0rc0,<2.3.4,>=2.4.0rc0,<2.4.3,>=2.5.0rc0,<2.5.1" }, { - "advisory": "Tensorflow-cpu 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37687: In affected versions TFLite's 'GatherNd' implementation (https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels/gather_nd.cc#L124) does not support negative indices but there are no checks for this situation. Hence, an attacker can read arbitrary data from the heap by carefully crafting a model with negative values in 'indices'. Similar issue exists in 'Gather' implementation (https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels/gather.cc). The Tensorflow team has patched the issue in GitHub commits bb6a0383ed553c286f87ca88c207f6774d5c4a8f and eb921122119a6b6e470ee98b89e65d721663179d.", - "cve": "CVE-2021-37687", - "id": "pyup.io-55676", - "more_info_path": "/vulnerabilities/CVE-2021-37687/55676", + "advisory": "Tensorflow-cpu 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37660: In affected versions an attacker can cause a floating point exception by calling inplace operations with crafted arguments that would result in a division by 0. The implementation (https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/inplace_ops.cc#L283) has a logic error: it should skip processing if 'x' and 'v' are empty but the code uses '||' instead of '&&'. The Tensorflow team has patched the issue in GitHub commit e86605c0a336c088b638da02135ea6f9f6753618.", + "cve": "CVE-2021-37660", + "id": "pyup.io-55679", + "more_info_path": "/vulnerabilities/CVE-2021-37660/55679", "specs": [ ">=2.6.0rc0,<2.6.0", ">=2.3.0rc0,<2.3.4", @@ -137919,10 +139935,10 @@ "v": ">=2.6.0rc0,<2.6.0,>=2.3.0rc0,<2.3.4,>=2.4.0rc0,<2.4.3,>=2.5.0rc0,<2.5.1" }, { - "advisory": "Tensorflow-cpu version 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37665:\nIn affected versions, due to incomplete validation in MKL implementation of requantization, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap allocated arrays. The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/mkl/mkl_requantization_range_per_channel_op.cc) does not validate the dimensions of the \"input\" tensor. A similar issue occurs in \"MklRequantizePerChannelOp\". The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/mkl/mkl_requantize_per_channel_op.cc) does not perform full validation for all the input arguments. The Tensorflow team has patched the issue in GitHub commit 9e62869465573cb2d9b5053f1fa02a81fce21d69 and in the Github commit 203214568f5bc237603dbab6e1fd389f1572f5c9.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-v82p-hv3v-p6qp\nhttps://github.com/tensorflow/tensorflow/commit/203214568f5bc237603dbab6e1fd389f1572f5c9\nhttps://github.com/tensorflow/tensorflow/commit/9e62869465573cb2d9b5053f1fa02a81fce21d69", - "cve": "CVE-2021-37665", - "id": "pyup.io-55674", - "more_info_path": "/vulnerabilities/CVE-2021-37665/55674", + "advisory": "Tensorflow-cpu 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37687: In affected versions TFLite's 'GatherNd' implementation (https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels/gather_nd.cc#L124) does not support negative indices but there are no checks for this situation. Hence, an attacker can read arbitrary data from the heap by carefully crafting a model with negative values in 'indices'. Similar issue exists in 'Gather' implementation (https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels/gather.cc). The Tensorflow team has patched the issue in GitHub commits bb6a0383ed553c286f87ca88c207f6774d5c4a8f and eb921122119a6b6e470ee98b89e65d721663179d.", + "cve": "CVE-2021-37687", + "id": "pyup.io-55676", + "more_info_path": "/vulnerabilities/CVE-2021-37687/55676", "specs": [ ">=2.6.0rc0,<2.6.0", ">=2.3.0rc0,<2.3.4", @@ -137931,19 +139947,6 @@ ], "v": ">=2.6.0rc0,<2.6.0,>=2.3.0rc0,<2.3.4,>=2.4.0rc0,<2.4.3,>=2.5.0rc0,<2.5.1" }, - { - "advisory": "Tensorflow-cpu 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37666: In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in 'tf.raw_ops.RaggedTensorToVariant'. The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/ragged_tensor_to_variant_op.cc#L129) has an incomplete validation of the splits values, missing the case when the argument would be empty. The Tensorflow team has patched the issue in GitHub commit be7a4de6adfbd303ce08be4332554dff70362612.", - "cve": "CVE-2021-37666", - "id": "pyup.io-55668", - "more_info_path": "/vulnerabilities/CVE-2021-37666/55668", - "specs": [ - ">=2.6.0rc0,<2.6.0", - ">=2.3.0rc0,<2.3.4", - ">=2.5.0rc0,<2.5.1", - ">=2.4.0rc0,<2.4.3" - ], - "v": ">=2.6.0rc0,<2.6.0,>=2.3.0rc0,<2.3.4,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3" - }, { "advisory": "Tensorflow-cpu 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37684: In affected versions the implementations of pooling in TFLite are vulnerable to division by 0 errors as there are no checks for divisors not being 0. The Tensorflow team has patched the issue in GitHub commit dfa22b348b70bb89d6d6ec0ff53973bacb4f4695 (https://github.com/tensorflow/tensorflow/commit/dfa22b348b70bb89d6d6ec0ff53973bacb4f4695).", "cve": "CVE-2021-37684", @@ -137984,10 +139987,10 @@ "v": ">=2.6.0rc0,<2.6.0,>=2.3.0rc0,<2.3.4,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3" }, { - "advisory": "Tensorflow-cpu 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37644: In affected versions providing a negative element to 'num_elements' list argument of 'tf.raw_ops.TensorListReserve' causes the runtime to abort the process due to reallocating a 'std::vector' to have a negative number of elements. The implementation (https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/list_kernels.cc#L312) calls 'std::vector.resize()' with the new size controlled by input given by the user, without checking that this input is valid. The Tensorflow team has patched the issue in GitHub commit 8a6e874437670045e6c7dc6154c7412b4a2135e2.", - "cve": "CVE-2021-37644", - "id": "pyup.io-55666", - "more_info_path": "/vulnerabilities/CVE-2021-37644/55666", + "advisory": "Tensorflow-cpu 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37666: In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in 'tf.raw_ops.RaggedTensorToVariant'. The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/ragged_tensor_to_variant_op.cc#L129) has an incomplete validation of the splits values, missing the case when the argument would be empty. The Tensorflow team has patched the issue in GitHub commit be7a4de6adfbd303ce08be4332554dff70362612.", + "cve": "CVE-2021-37666", + "id": "pyup.io-55668", + "more_info_path": "/vulnerabilities/CVE-2021-37666/55668", "specs": [ ">=2.6.0rc0,<2.6.0", ">=2.3.0rc0,<2.3.4", @@ -138009,6 +140012,19 @@ ], "v": ">=2.6.0rc0,<2.6.0,>=2.3.0rc0,<2.3.4,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3" }, + { + "advisory": "Tensorflow-cpu 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37644: In affected versions providing a negative element to 'num_elements' list argument of 'tf.raw_ops.TensorListReserve' causes the runtime to abort the process due to reallocating a 'std::vector' to have a negative number of elements. The implementation (https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/list_kernels.cc#L312) calls 'std::vector.resize()' with the new size controlled by input given by the user, without checking that this input is valid. The Tensorflow team has patched the issue in GitHub commit 8a6e874437670045e6c7dc6154c7412b4a2135e2.", + "cve": "CVE-2021-37644", + "id": "pyup.io-55666", + "more_info_path": "/vulnerabilities/CVE-2021-37644/55666", + "specs": [ + ">=2.6.0rc0,<2.6.0", + ">=2.3.0rc0,<2.3.4", + ">=2.5.0rc0,<2.5.1", + ">=2.4.0rc0,<2.4.3" + ], + "v": ">=2.6.0rc0,<2.6.0,>=2.3.0rc0,<2.3.4,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3" + }, { "advisory": "Tensorflow-cpu 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37643: If a user does not provide a valid padding value to 'tf.raw_ops.MatrixDiagPartOp', then the code triggers a null pointer dereference (if input is empty) or produces invalid behavior, ignoring all values after the first. The implementation (https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/linalg/matrix_diag_op.cc#L89) reads the first value from a tensor buffer without first checking that the tensor has values to read from. The Tensorflow team has patched the issue in GitHub commit 482da92095c4d48f8784b1f00dda4f81c28d2988.", "cve": "CVE-2021-37643", @@ -138062,10 +140078,10 @@ "v": ">=2.6.0rc0,<2.6.0,>=2.4.0rc0,<2.4.3,>=2.3.0rc0,<2.3.4,>=2.5.0rc0,<2.5.1" }, { - "advisory": "Tensorflow-cpu version 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37670:\nIn affected versions, an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to \"tf.raw_ops.UpperBound\". The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/searchsorted_op.cc#L85-L104) does not validate the rank of \"sorted_input\" argument. A similar issue occurs in \"tf.raw_ops.LowerBound\". The Tensorflow team has patched the issue in GitHub commit 42459e4273c2e47a3232cc16c4f4fff3b3a35c38.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9697-98pf-4rw7\nhttps://github.com/tensorflow/tensorflow/commit/42459e4273c2e47a3232cc16c4f4fff3b3a35c38", - "cve": "CVE-2021-37670", - "id": "pyup.io-55648", - "more_info_path": "/vulnerabilities/CVE-2021-37670/55648", + "advisory": "Tensorflow-cpu 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37655: TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a read from outside of bounds of heap allocated data by sending invalid arguments to 'tf.raw_ops.ResourceScatterUpdate'. The implementation (https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/resource_variable_ops.cc#L919-L923) has an incomplete validation of the relationship between the shapes of 'indices' and 'updates': instead of checking that the shape of 'indices' is a prefix of the shape of 'updates' (so that broadcasting can happen), code only checks that the number of elements in these two tensors are in a divisibility relationship. The Tensorflow team has patched the issue in GitHub commit 01cff3f986259d661103412a20745928c727326f.", + "cve": "CVE-2021-37655", + "id": "pyup.io-55646", + "more_info_path": "/vulnerabilities/CVE-2021-37655/55646", "specs": [ ">=2.6.0rc0,<2.6.0", ">=2.5.0rc0,<2.5.1", @@ -138075,10 +140091,10 @@ "v": ">=2.6.0rc0,<2.6.0,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.3.0rc0,<2.3.4" }, { - "advisory": "Tensorflow-cpu 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37655: TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a read from outside of bounds of heap allocated data by sending invalid arguments to 'tf.raw_ops.ResourceScatterUpdate'. The implementation (https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/resource_variable_ops.cc#L919-L923) has an incomplete validation of the relationship between the shapes of 'indices' and 'updates': instead of checking that the shape of 'indices' is a prefix of the shape of 'updates' (so that broadcasting can happen), code only checks that the number of elements in these two tensors are in a divisibility relationship. The Tensorflow team has patched the issue in GitHub commit 01cff3f986259d661103412a20745928c727326f.", - "cve": "CVE-2021-37655", - "id": "pyup.io-55646", - "more_info_path": "/vulnerabilities/CVE-2021-37655/55646", + "advisory": "Tensorflow-cpu version 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37670:\nIn affected versions, an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to \"tf.raw_ops.UpperBound\". The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/searchsorted_op.cc#L85-L104) does not validate the rank of \"sorted_input\" argument. A similar issue occurs in \"tf.raw_ops.LowerBound\". The Tensorflow team has patched the issue in GitHub commit 42459e4273c2e47a3232cc16c4f4fff3b3a35c38.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9697-98pf-4rw7\nhttps://github.com/tensorflow/tensorflow/commit/42459e4273c2e47a3232cc16c4f4fff3b3a35c38", + "cve": "CVE-2021-37670", + "id": "pyup.io-55648", + "more_info_path": "/vulnerabilities/CVE-2021-37670/55648", "specs": [ ">=2.6.0rc0,<2.6.0", ">=2.5.0rc0,<2.5.1", @@ -138101,10 +140117,10 @@ "v": ">=2.6.0rc0,<2.6.0,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.3.0rc0,<2.3.4" }, { - "advisory": "Tensorflow-cpu 2.3.4, 2.4.3, 2.5.1, and 2.6.0 updates its dependency 'curl' to v7.77.0 to include security fixes.", - "cve": "CVE-2021-22897", - "id": "pyup.io-55651", - "more_info_path": "/vulnerabilities/CVE-2021-22897/55651", + "advisory": "Tensorflow-cpu version 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37673:\nIn affected versions, an attacker can trigger a denial of service via a \"CHECK\"-fail in \"tf.raw_ops.MapStage\". The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/map_stage_op.cc#L513) does not check that the \"key\" input is a valid non-empty tensor. The Tensorflow team has patched the issue in GitHub commit d7de67733925de196ec8863a33445b73f9562d1d.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-278g-rq84-9hmg\nhttps://github.com/tensorflow/tensorflow/commit/d7de67733925de196ec8863a33445b73f9562d1d", + "cve": "CVE-2021-37673", + "id": "pyup.io-55653", + "more_info_path": "/vulnerabilities/CVE-2021-37673/55653", "specs": [ ">=2.6.0rc0,<2.6.0", ">=2.5.0rc0,<2.5.1", @@ -138114,10 +140130,10 @@ "v": ">=2.6.0rc0,<2.6.0,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.3.0rc0,<2.3.4" }, { - "advisory": "Tensorflow-cpu 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37650: In affected versions the implementation for `tf.raw_ops.ExperimentalDatasetToTFRecord` and `tf.raw_ops.DatasetToTFRecord` can trigger heap buffer overflow and segmentation fault. The [implementation](https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/data/experimental/to_tf_record_op.cc#L93-L102) assumes that all records in the dataset are of string type. However, there is no check for that, and the example given above uses numeric types. The Tensorflow team has patched the issue in GitHub commit e0b6e58c328059829c3eb968136f17aa72b6c876.", - "cve": "CVE-2021-37650", - "id": "pyup.io-55654", - "more_info_path": "/vulnerabilities/CVE-2021-37650/55654", + "advisory": "Tensorflow-cpu version 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37672:\nIn affected versions, an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to \"tf.raw_ops.SdcaOptimizerV2\". The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/sdca_internal.cc#L320-L353) does not check that the length of \"example_labels\" is the same as the number of examples. The Tensorflow team has patched the issue in GitHub commit a4e138660270e7599793fa438cd7b2fc2ce215a6.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-5hj3-vjjf-f5m7\nhttps://github.com/tensorflow/tensorflow/commit/a4e138660270e7599793fa438cd7b2fc2ce215a6", + "cve": "CVE-2021-37672", + "id": "pyup.io-55647", + "more_info_path": "/vulnerabilities/CVE-2021-37672/55647", "specs": [ ">=2.6.0rc0,<2.6.0", ">=2.5.0rc0,<2.5.1", @@ -138127,10 +140143,10 @@ "v": ">=2.6.0rc0,<2.6.0,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.3.0rc0,<2.3.4" }, { - "advisory": "Tensorflow-cpu version 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37673:\nIn affected versions, an attacker can trigger a denial of service via a \"CHECK\"-fail in \"tf.raw_ops.MapStage\". The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/map_stage_op.cc#L513) does not check that the \"key\" input is a valid non-empty tensor. The Tensorflow team has patched the issue in GitHub commit d7de67733925de196ec8863a33445b73f9562d1d.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-278g-rq84-9hmg\nhttps://github.com/tensorflow/tensorflow/commit/d7de67733925de196ec8863a33445b73f9562d1d", - "cve": "CVE-2021-37673", - "id": "pyup.io-55653", - "more_info_path": "/vulnerabilities/CVE-2021-37673/55653", + "advisory": "Tensorflow-cpu version 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37669:\nIn affected versions, an attacker can cause denial of service in applications serving models using \"tf.raw_ops.NonMaxSuppressionV5\" by triggering a division by 0. The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/image/non_max_suppression_op.cc#L170-L271) uses a user controlled argument to resize a \"std::vector\". However, as \"std::vector::resize\" takes the size argument as a \"size_t\" and \"output_size\" is an \"int\", there is an implicit conversion to unsigned. If the attacker supplies a negative value, this conversion results in a crash. A similar issue occurs in \"CombinedNonMaxSuppression\". The Tensorflow team has patched the issue in GitHub commit 3a7362750d5c372420aa8f0caf7bf5b5c3d0f52d and commit b5cdbf12ffcaaffecf98f22a6be5a64bb96e4f58.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-vmjw-c2vp-p33c\nhttps://github.com/tensorflow/tensorflow/commit/3a7362750d5c372420aa8f0caf7bf5b5c3d0f52d\nhttps://github.com/tensorflow/tensorflow/commit/b5cdbf12ffcaaffecf98f22a6be5a64bb96e4f58", + "cve": "CVE-2021-37669", + "id": "pyup.io-55656", + "more_info_path": "/vulnerabilities/CVE-2021-37669/55656", "specs": [ ">=2.6.0rc0,<2.6.0", ">=2.5.0rc0,<2.5.1", @@ -138140,10 +140156,10 @@ "v": ">=2.6.0rc0,<2.6.0,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.3.0rc0,<2.3.4" }, { - "advisory": "Tensorflow-cpu version 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37672:\nIn affected versions, an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to \"tf.raw_ops.SdcaOptimizerV2\". The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/sdca_internal.cc#L320-L353) does not check that the length of \"example_labels\" is the same as the number of examples. The Tensorflow team has patched the issue in GitHub commit a4e138660270e7599793fa438cd7b2fc2ce215a6.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-5hj3-vjjf-f5m7\nhttps://github.com/tensorflow/tensorflow/commit/a4e138660270e7599793fa438cd7b2fc2ce215a6", - "cve": "CVE-2021-37672", - "id": "pyup.io-55647", - "more_info_path": "/vulnerabilities/CVE-2021-37672/55647", + "advisory": "TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a denial of service via a segmentation fault in 'tf.raw_ops.MaxPoolGrad' caused by missing validation. The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/maxpooling_op.cc) misses some validation for the 'orig_input' and 'orig_output' tensors. The fixes for CVE-2021-29579 were incomplete. We have patched the issue in GitHub commit 136b51f10903e044308cf77117c0ed9871350475. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.", + "cve": "CVE-2021-37674", + "id": "pyup.io-55655", + "more_info_path": "/vulnerabilities/CVE-2021-37674/55655", "specs": [ ">=2.6.0rc0,<2.6.0", ">=2.5.0rc0,<2.5.1", @@ -138153,10 +140169,10 @@ "v": ">=2.6.0rc0,<2.6.0,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.3.0rc0,<2.3.4" }, { - "advisory": "TensorFlow is an end-to-end open source platform for machine learning. In affected versions the shape inference code for 'tf.raw_ops.Dequantize' has a vulnerability that could trigger a denial of service via a segfault if an attacker provides invalid arguments. The shape inference [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/ops/array_ops.cc#L2999-L3014) uses 'axis' to select between two different values for 'minmax_rank' which is then used to retrieve tensor dimensions. However, code assumes that 'axis' can be either '-1' or a value greater than '-1', with no validation for the other values. We have patched the issue in GitHub commit da857cfa0fde8f79ad0afdbc94e88b5d4bbec764. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.", - "cve": "CVE-2021-37677", - "id": "pyup.io-55657", - "more_info_path": "/vulnerabilities/CVE-2021-37677/55657", + "advisory": "Tensorflow-cpu 2.3.4, 2.4.3, 2.5.1, and 2.6.0 updates its dependency 'curl' to v7.77.0 to include security fixes.", + "cve": "CVE-2021-22897", + "id": "pyup.io-55651", + "more_info_path": "/vulnerabilities/CVE-2021-22897/55651", "specs": [ ">=2.6.0rc0,<2.6.0", ">=2.5.0rc0,<2.5.1", @@ -138166,10 +140182,10 @@ "v": ">=2.6.0rc0,<2.6.0,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.3.0rc0,<2.3.4" }, { - "advisory": "Tensorflow-cpu 2.3.4, 2.4.3, 2.5.1, and 2.6.0 updates its dependency 'curl' to v7.77.0 to include security fixes.", - "cve": "CVE-2021-22876", - "id": "pyup.io-55652", - "more_info_path": "/vulnerabilities/CVE-2021-22876/55652", + "advisory": "Tensorflow-cpu 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37650: In affected versions the implementation for `tf.raw_ops.ExperimentalDatasetToTFRecord` and `tf.raw_ops.DatasetToTFRecord` can trigger heap buffer overflow and segmentation fault. The [implementation](https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/data/experimental/to_tf_record_op.cc#L93-L102) assumes that all records in the dataset are of string type. However, there is no check for that, and the example given above uses numeric types. The Tensorflow team has patched the issue in GitHub commit e0b6e58c328059829c3eb968136f17aa72b6c876.", + "cve": "CVE-2021-37650", + "id": "pyup.io-55654", + "more_info_path": "/vulnerabilities/CVE-2021-37650/55654", "specs": [ ">=2.6.0rc0,<2.6.0", ">=2.5.0rc0,<2.5.1", @@ -138179,10 +140195,10 @@ "v": ">=2.6.0rc0,<2.6.0,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.3.0rc0,<2.3.4" }, { - "advisory": "Tensorflow-cpu version 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37669:\nIn affected versions, an attacker can cause denial of service in applications serving models using \"tf.raw_ops.NonMaxSuppressionV5\" by triggering a division by 0. The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/image/non_max_suppression_op.cc#L170-L271) uses a user controlled argument to resize a \"std::vector\". However, as \"std::vector::resize\" takes the size argument as a \"size_t\" and \"output_size\" is an \"int\", there is an implicit conversion to unsigned. If the attacker supplies a negative value, this conversion results in a crash. A similar issue occurs in \"CombinedNonMaxSuppression\". The Tensorflow team has patched the issue in GitHub commit 3a7362750d5c372420aa8f0caf7bf5b5c3d0f52d and commit b5cdbf12ffcaaffecf98f22a6be5a64bb96e4f58.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-vmjw-c2vp-p33c\nhttps://github.com/tensorflow/tensorflow/commit/3a7362750d5c372420aa8f0caf7bf5b5c3d0f52d\nhttps://github.com/tensorflow/tensorflow/commit/b5cdbf12ffcaaffecf98f22a6be5a64bb96e4f58", - "cve": "CVE-2021-37669", - "id": "pyup.io-55656", - "more_info_path": "/vulnerabilities/CVE-2021-37669/55656", + "advisory": "TensorFlow is an end-to-end open source platform for machine learning. In affected versions the shape inference code for 'tf.raw_ops.Dequantize' has a vulnerability that could trigger a denial of service via a segfault if an attacker provides invalid arguments. The shape inference [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/ops/array_ops.cc#L2999-L3014) uses 'axis' to select between two different values for 'minmax_rank' which is then used to retrieve tensor dimensions. However, code assumes that 'axis' can be either '-1' or a value greater than '-1', with no validation for the other values. We have patched the issue in GitHub commit da857cfa0fde8f79ad0afdbc94e88b5d4bbec764. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.", + "cve": "CVE-2021-37677", + "id": "pyup.io-55657", + "more_info_path": "/vulnerabilities/CVE-2021-37677/55657", "specs": [ ">=2.6.0rc0,<2.6.0", ">=2.5.0rc0,<2.5.1", @@ -138192,10 +140208,10 @@ "v": ">=2.6.0rc0,<2.6.0,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.3.0rc0,<2.3.4" }, { - "advisory": "TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a denial of service via a segmentation fault in 'tf.raw_ops.MaxPoolGrad' caused by missing validation. The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/maxpooling_op.cc) misses some validation for the 'orig_input' and 'orig_output' tensors. The fixes for CVE-2021-29579 were incomplete. We have patched the issue in GitHub commit 136b51f10903e044308cf77117c0ed9871350475. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.", - "cve": "CVE-2021-37674", - "id": "pyup.io-55655", - "more_info_path": "/vulnerabilities/CVE-2021-37674/55655", + "advisory": "Tensorflow-cpu 2.3.4, 2.4.3, 2.5.1, and 2.6.0 updates its dependency 'curl' to v7.77.0 to include security fixes.", + "cve": "CVE-2021-22876", + "id": "pyup.io-55652", + "more_info_path": "/vulnerabilities/CVE-2021-22876/55652", "specs": [ ">=2.6.0rc0,<2.6.0", ">=2.5.0rc0,<2.5.1", @@ -138306,6 +140322,39 @@ } ], "tensorflow-cpu-aws": [ + { + "advisory": "Tensorflow-cpu-aws 2.11.1 and 2.12.0 include a fix for CVE-2023-25661: In versions prior to 2.11.1 a malicious invalid input crashes a tensorflow model (Check Failed) and can be used to trigger a denial of service attack. A proof of concept can be constructed with the 'Convolution3DTranspose' function. This Convolution3DTranspose layer is a very common API in modern neural networks. The ML models containing such vulnerable components could be deployed in ML applications or as cloud services. This failure could be potentially used to trigger a denial of service attack on ML cloud services. An attacker must have privilege to provide input to a 'Convolution3DTranspose' call.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-fxgc-95xx-grvq", + "cve": "CVE-2023-25661", + "id": "pyup.io-58523", + "more_info_path": "/vulnerabilities/CVE-2023-25661/58523", + "specs": [ + "<2.11.1", + ">=2.12.0rc0,<2.12.0" + ], + "v": "<2.11.1,>=2.12.0rc0,<2.12.0" + }, + { + "advisory": "Tensorflow-cpu-aws 2.11.1 and 2.12.0 include a fix for CVE-2023-25663: Prior to versions 2.12.0 and 2.11.1, when 'ctx->step_containter()' is a null ptr, the Lookup function will be executed with a null pointer.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-64jg-wjww-7c5w", + "cve": "CVE-2023-25663", + "id": "pyup.io-58533", + "more_info_path": "/vulnerabilities/CVE-2023-25663/58533", + "specs": [ + "<2.11.1", + ">=2.12.0rc0,<2.12.0" + ], + "v": "<2.11.1,>=2.12.0rc0,<2.12.0" + }, + { + "advisory": "Tensorflow-cpu-aws 2.11.1 and 2.12.0 include a fix for CVE-2023-25662: Versions prior to 2.12.0 and 2.11.1 are vulnerable to integer overflow in EditDistance.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-7jvm-xxmr-v5cw", + "cve": "CVE-2023-25662", + "id": "pyup.io-58534", + "more_info_path": "/vulnerabilities/CVE-2023-25662/58534", + "specs": [ + "<2.11.1", + ">=2.12.0rc0,<2.12.0" + ], + "v": "<2.11.1,>=2.12.0rc0,<2.12.0" + }, { "advisory": "Tensorflow-cpu-aws 2.11.1 and 2.12.0 include a fix for CVE-2023-25671: There is out-of-bounds access due to mismatched integer type sizes.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-j5w9-hmfh-4cr6", "cve": "CVE-2023-25671", @@ -138328,17 +140377,6 @@ ], "v": "<2.11.1,>=2.12.0rc0,<2.12.0" }, - { - "advisory": "Tensorflow-cpu-aws 2.11.1 and 2.12.0 include a fix for CVE-2023-25661: In versions prior to 2.11.1 a malicious invalid input crashes a tensorflow model (Check Failed) and can be used to trigger a denial of service attack. A proof of concept can be constructed with the 'Convolution3DTranspose' function. This Convolution3DTranspose layer is a very common API in modern neural networks. The ML models containing such vulnerable components could be deployed in ML applications or as cloud services. This failure could be potentially used to trigger a denial of service attack on ML cloud services. An attacker must have privilege to provide input to a 'Convolution3DTranspose' call.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-fxgc-95xx-grvq", - "cve": "CVE-2023-25661", - "id": "pyup.io-58523", - "more_info_path": "/vulnerabilities/CVE-2023-25661/58523", - "specs": [ - "<2.11.1", - ">=2.12.0rc0,<2.12.0" - ], - "v": "<2.11.1,>=2.12.0rc0,<2.12.0" - }, { "advisory": "Tensorflow-cpu-aws 2.11.1 and 2.12.0 include a fix for CVE-2023-25676: When running versions prior to 2.12.0 and 2.11.1 with XLA, 'tf.raw_ops.ParallelConcat' segfaults with a nullptr dereference when given a parameter 'shape' with rank that is not greater than zero.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-6wfh-89q8-44jq", "cve": "CVE-2023-25676", @@ -138362,10 +140400,10 @@ "v": "<2.11.1,>=2.12.0rc0,<2.12.0" }, { - "advisory": "Tensorflow-cpu-aws 2.11.1 and 2.12.0 include a fix for CVE-2023-25663: Prior to versions 2.12.0 and 2.11.1, when 'ctx->step_containter()' is a null ptr, the Lookup function will be executed with a null pointer.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-64jg-wjww-7c5w", - "cve": "CVE-2023-25663", - "id": "pyup.io-58533", - "more_info_path": "/vulnerabilities/CVE-2023-25663/58533", + "advisory": "Tensorflow-cpu-aws 2.11.1 and 2.12.0 include a fix for CVE-2023-25667: Prior to versions 2.12.0 and 2.11.1, integer overflow occurs when '2^31 <= num_frames * height * width * channels < 2^32', for example Full HD screencast of at least 346 frames.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-fqm2-gh8w-gr68", + "cve": "CVE-2023-25667", + "id": "pyup.io-58521", + "more_info_path": "/vulnerabilities/CVE-2023-25667/58521", "specs": [ "<2.11.1", ">=2.12.0rc0,<2.12.0" @@ -138373,10 +140411,10 @@ "v": "<2.11.1,>=2.12.0rc0,<2.12.0" }, { - "advisory": "Tensorflow-cpu-aws 2.11.1 and 2.12.0 include a fix for CVE-2023-25662: Versions prior to 2.12.0 and 2.11.1 are vulnerable to integer overflow in EditDistance.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-7jvm-xxmr-v5cw", - "cve": "CVE-2023-25662", - "id": "pyup.io-58534", - "more_info_path": "/vulnerabilities/CVE-2023-25662/58534", + "advisory": "Tensorflow-cpu-aws 2.11.1 and 2.12.0 include a fix for CVE-2023-25660: Prior to versions 2.12.0 and 2.11.1, when the parameter 'summarize' of 'tf.raw_ops.Print' is zero, the new method 'SummarizeArray' will reference to a nullptr, leading to a seg fault.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-qjqc-vqcf-5qvj", + "cve": "CVE-2023-25660", + "id": "pyup.io-58535", + "more_info_path": "/vulnerabilities/CVE-2023-25660/58535", "specs": [ "<2.11.1", ">=2.12.0rc0,<2.12.0" @@ -138384,10 +140422,10 @@ "v": "<2.11.1,>=2.12.0rc0,<2.12.0" }, { - "advisory": "Tensorflow-cpu-aws 2.11.1 and 2.12.0 include a fix for CVE-2023-25667: Prior to versions 2.12.0 and 2.11.1, integer overflow occurs when '2^31 <= num_frames * height * width * channels < 2^32', for example Full HD screencast of at least 346 frames.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-fqm2-gh8w-gr68", - "cve": "CVE-2023-25667", - "id": "pyup.io-58521", - "more_info_path": "/vulnerabilities/CVE-2023-25667/58521", + "advisory": "Tensorflow-cpu-aws 2.11.1 and 2.12.0 include a fix for CVE-2023-25801: Prior to versions 2.12.0 and 2.11.1, 'nn_ops.fractional_avg_pool_v2' and 'nn_ops.fractional_max_pool_v2' require the first and fourth elements of their parameter 'pooling_ratio' to be equal to 1.0, as pooling on batch and channel dimensions is not supported.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-f49c-87jh-g47q", + "cve": "CVE-2023-25801", + "id": "pyup.io-58524", + "more_info_path": "/vulnerabilities/CVE-2023-25801/58524", "specs": [ "<2.11.1", ">=2.12.0rc0,<2.12.0" @@ -138395,10 +140433,10 @@ "v": "<2.11.1,>=2.12.0rc0,<2.12.0" }, { - "advisory": "Tensorflow-cpu-aws 2.11.1 and 2.12.0 include a fix for CVE-2023-25660: Prior to versions 2.12.0 and 2.11.1, when the parameter 'summarize' of 'tf.raw_ops.Print' is zero, the new method 'SummarizeArray' will reference to a nullptr, leading to a seg fault.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-qjqc-vqcf-5qvj", - "cve": "CVE-2023-25660", - "id": "pyup.io-58535", - "more_info_path": "/vulnerabilities/CVE-2023-25660/58535", + "advisory": "Tensorflow-cpu-aws 2.11.1 and 2.12.0 include a fix for CVE-2023-25674: Versions prior to 2.12.0 and 2.11.1 have a null pointer error in RandomShuffle with XLA enabled.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-gf97-q72m-7579", + "cve": "CVE-2023-25674", + "id": "pyup.io-58522", + "more_info_path": "/vulnerabilities/CVE-2023-25674/58522", "specs": [ "<2.11.1", ">=2.12.0rc0,<2.12.0" @@ -138449,17 +140487,6 @@ ], "v": "<2.11.1,>=2.12.0rc0,<2.12.0" }, - { - "advisory": "Tensorflow-cpu-aws 2.11.1 and 2.12.0 include a fix for CVE-2023-25801: Prior to versions 2.12.0 and 2.11.1, 'nn_ops.fractional_avg_pool_v2' and 'nn_ops.fractional_max_pool_v2' require the first and fourth elements of their parameter 'pooling_ratio' to be equal to 1.0, as pooling on batch and channel dimensions is not supported.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-f49c-87jh-g47q", - "cve": "CVE-2023-25801", - "id": "pyup.io-58524", - "more_info_path": "/vulnerabilities/CVE-2023-25801/58524", - "specs": [ - "<2.11.1", - ">=2.12.0rc0,<2.12.0" - ], - "v": "<2.11.1,>=2.12.0rc0,<2.12.0" - }, { "advisory": "Tensorflow-cpu-aws 2.11.1 and 2.12.0 include a fix for CVE-2023-25669: Prior to versions 2.12.0 and 2.11.1, if the stride and window size are not positive for 'tf.raw_ops.AvgPoolGrad', it can give a floating point exception.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-rcf8-g8jv-vg6p", "cve": "CVE-2023-25669", @@ -138482,17 +140509,6 @@ ], "v": "<2.11.1,>=2.12.0rc0,<2.12.0" }, - { - "advisory": "Tensorflow-cpu-aws 2.11.1 and 2.12.0 include a fix for CVE-2023-25674: Versions prior to 2.12.0 and 2.11.1 have a null pointer error in RandomShuffle with XLA enabled.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-gf97-q72m-7579", - "cve": "CVE-2023-25674", - "id": "pyup.io-58522", - "more_info_path": "/vulnerabilities/CVE-2023-25674/58522", - "specs": [ - "<2.11.1", - ">=2.12.0rc0,<2.12.0" - ], - "v": "<2.11.1,>=2.12.0rc0,<2.12.0" - }, { "advisory": "Tensorflow-cpu-aws 2.11.1 and 2.12.0 include a fix for CVE-2023-25675: When running versions prior to 2.12.0 and 2.11.1 with XLA, 'tf.raw_ops.Bincount' segfaults when given a parameter 'weights' that is neither the same shape as parameter 'arr' nor a length-0 tensor.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-7x4v-9gxg-9hwj", "cve": "CVE-2023-25675", @@ -138561,18 +140577,6 @@ ], "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, - { - "advisory": "Tensorflow-cpu-aws 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35982: Segfault in 'SparseBincount'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-397c-5g2j-qxpv", - "cve": "CVE-2022-35982", - "id": "pyup.io-58598", - "more_info_path": "/vulnerabilities/CVE-2022-35982/58598", - "specs": [ - "<2.7.4", - ">=2.8.0rc0,<2.8.3", - ">=2.9.0rc0,<2.9.2" - ], - "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" - }, { "advisory": "Tensorflow-cpu-aws 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35968: 'CHECK' fail in 'AvgPoolGrad'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-2475-53vw-vp25", "cve": "CVE-2022-35968", @@ -138621,18 +140625,6 @@ ], "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, - { - "advisory": "Tensorflow-cpu-aws 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36026: 'CHECK' fail in 'QuantizeAndDequantizeV3'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9cr2-8pwr-fhfq", - "cve": "CVE-2022-36026", - "id": "pyup.io-58594", - "more_info_path": "/vulnerabilities/CVE-2022-36026/58594", - "specs": [ - "<2.7.4", - ">=2.8.0rc0,<2.8.3", - ">=2.9.0rc0,<2.9.2" - ], - "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" - }, { "advisory": "Tensorflow-cpu-aws 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36018: 'CHECK' fail in 'RaggedTensorToVariant'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-m6cv-4fmf-66xf", "cve": "CVE-2022-36018", @@ -138693,18 +140685,6 @@ ], "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, - { - "advisory": "Tensorflow-cpu-aws 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35967: Segfault in 'QuantizedAdd'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-v6h3-348g-6h5x", - "cve": "CVE-2022-35967", - "id": "pyup.io-58607", - "more_info_path": "/vulnerabilities/CVE-2022-35967/58607", - "specs": [ - "<2.7.4", - ">=2.8.0rc0,<2.8.3", - ">=2.9.0rc0,<2.9.2" - ], - "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" - }, { "advisory": "Tensorflow-cpu-aws 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35981: 'CHECK' fail in 'FractionalMaxPoolGrad'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-vxv8-r8q2-63xw", "cve": "CVE-2022-35981", @@ -138741,6 +140721,66 @@ ], "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, + { + "advisory": "Tensorflow-cpu-aws 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35959: 'CHECK' failures in 'AvgPool3DGrad'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-wxjj-cgcx-r3vq", + "cve": "CVE-2022-35959", + "id": "pyup.io-58582", + "more_info_path": "/vulnerabilities/CVE-2022-35959/58582", + "specs": [ + "<2.7.4", + ">=2.8.0rc0,<2.8.3", + ">=2.9.0rc0,<2.9.2" + ], + "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" + }, + { + "advisory": "Tensorflow-cpu-aws 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35996: Floating point exception in 'Conv2D'. \nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-q5jv-m6qw-5g37", + "cve": "CVE-2022-35996", + "id": "pyup.io-58580", + "more_info_path": "/vulnerabilities/CVE-2022-35996/58580", + "specs": [ + "<2.7.4", + ">=2.8.0rc0,<2.8.3", + ">=2.9.0rc0,<2.9.2" + ], + "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" + }, + { + "advisory": "Tensorflow-cpu-aws 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35967: Segfault in 'QuantizedAdd'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-v6h3-348g-6h5x", + "cve": "CVE-2022-35967", + "id": "pyup.io-58607", + "more_info_path": "/vulnerabilities/CVE-2022-35967/58607", + "specs": [ + "<2.7.4", + ">=2.8.0rc0,<2.8.3", + ">=2.9.0rc0,<2.9.2" + ], + "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" + }, + { + "advisory": "Tensorflow-cpu-aws 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35982: Segfault in 'SparseBincount'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-397c-5g2j-qxpv", + "cve": "CVE-2022-35982", + "id": "pyup.io-58598", + "more_info_path": "/vulnerabilities/CVE-2022-35982/58598", + "specs": [ + "<2.7.4", + ">=2.8.0rc0,<2.8.3", + ">=2.9.0rc0,<2.9.2" + ], + "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" + }, + { + "advisory": "Tensorflow-cpu-aws 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36026: 'CHECK' fail in 'QuantizeAndDequantizeV3'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9cr2-8pwr-fhfq", + "cve": "CVE-2022-36026", + "id": "pyup.io-58594", + "more_info_path": "/vulnerabilities/CVE-2022-36026/58594", + "specs": [ + "<2.7.4", + ">=2.8.0rc0,<2.8.3", + ">=2.9.0rc0,<2.9.2" + ], + "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" + }, { "advisory": "Tensorflow-cpu-aws 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35986: Segfault in 'RaggedBincount'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-wr9v-g9vf-c74v", "cve": "CVE-2022-35986", @@ -138789,30 +140829,6 @@ ], "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, - { - "advisory": "Tensorflow-cpu-aws 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35959: 'CHECK' failures in 'AvgPool3DGrad'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-wxjj-cgcx-r3vq", - "cve": "CVE-2022-35959", - "id": "pyup.io-58582", - "more_info_path": "/vulnerabilities/CVE-2022-35959/58582", - "specs": [ - "<2.7.4", - ">=2.8.0rc0,<2.8.3", - ">=2.9.0rc0,<2.9.2" - ], - "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" - }, - { - "advisory": "Tensorflow-cpu-aws 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35996: Floating point exception in 'Conv2D'. \nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-q5jv-m6qw-5g37", - "cve": "CVE-2022-35996", - "id": "pyup.io-58580", - "more_info_path": "/vulnerabilities/CVE-2022-35996/58580", - "specs": [ - "<2.7.4", - ">=2.8.0rc0,<2.8.3", - ">=2.9.0rc0,<2.9.2" - ], - "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" - }, { "advisory": "Tensorflow-cpu-aws 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35988: 'CHECK' fail in 'tf.linalg.matrix_rank'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9vqj-64pv-w55c", "cve": "CVE-2022-35988", @@ -138862,10 +140878,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Tensorflow-cpu-aws 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35952: 'CHECK' failures in 'UnbatchGradOp'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-h5vq-gw2c-pq47", - "cve": "CVE-2022-35952", - "id": "pyup.io-58567", - "more_info_path": "/vulnerabilities/CVE-2022-35952/58567", + "advisory": "Tensorflow-cpu-aws 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35937: OOB read in 'Gather_nd' op in TF Lite.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-pxrw-j2fv-hx3h", + "cve": "CVE-2022-35937", + "id": "pyup.io-58565", + "more_info_path": "/vulnerabilities/CVE-2022-35937/58565", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -138874,10 +140890,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Tensorflow-cpu-aws 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35939: OOB write in 'scatter_nd' op in TF Lite.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-ffjm-4qwc-7cmf", - "cve": "CVE-2022-35939", - "id": "pyup.io-58566", - "more_info_path": "/vulnerabilities/CVE-2022-35939/58566", + "advisory": "Tensorflow-cpu-aws 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35952: 'CHECK' failures in 'UnbatchGradOp'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-h5vq-gw2c-pq47", + "cve": "CVE-2022-35952", + "id": "pyup.io-58567", + "more_info_path": "/vulnerabilities/CVE-2022-35952/58567", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -138886,10 +140902,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Tensorflow-cpu-aws 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35937: OOB read in 'Gather_nd' op in TF Lite.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-pxrw-j2fv-hx3h", - "cve": "CVE-2022-35937", - "id": "pyup.io-58565", - "more_info_path": "/vulnerabilities/CVE-2022-35937/58565", + "advisory": "Tensorflow-cpu-aws 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35939: OOB write in 'scatter_nd' op in TF Lite.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-ffjm-4qwc-7cmf", + "cve": "CVE-2022-35939", + "id": "pyup.io-58566", + "more_info_path": "/vulnerabilities/CVE-2022-35939/58566", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -139005,18 +141021,6 @@ ], "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, - { - "advisory": "Tensorflow-cpu-aws 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36019: 'CHECK' fail in 'FakeQuantWithMinMaxVarsPerChannel'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9j4v-pp28-mxv7", - "cve": "CVE-2022-36019", - "id": "pyup.io-58606", - "more_info_path": "/vulnerabilities/CVE-2022-36019/58606", - "specs": [ - "<2.7.4", - ">=2.8.0rc0,<2.8.3", - ">=2.9.0rc0,<2.9.2" - ], - "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" - }, { "advisory": "Tensorflow-cpu-aws 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35999: 'CHECK' fail in 'Conv2DBackpropInput'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-37jf-mjv6-xfqw", "cve": "CVE-2022-35999", @@ -139042,10 +141046,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Tensorflow-cpu-aws 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35966: Segfault in 'QuantizedAvgPool'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-4w68-4x85-mjj9", - "cve": "CVE-2022-35966", - "id": "pyup.io-58595", - "more_info_path": "/vulnerabilities/CVE-2022-35966/58595", + "advisory": "Tensorflow-cpu-aws 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36019: 'CHECK' fail in 'FakeQuantWithMinMaxVarsPerChannel'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9j4v-pp28-mxv7", + "cve": "CVE-2022-36019", + "id": "pyup.io-58606", + "more_info_path": "/vulnerabilities/CVE-2022-36019/58606", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -139066,10 +141070,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Tensorflow-cpu-aws 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36013: Null-dereference in 'mlir::tfg::GraphDefImporter::ConvertNodeDef'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-828c-5j5q-vrjq", - "cve": "CVE-2022-36013", - "id": "pyup.io-58586", - "more_info_path": "/vulnerabilities/CVE-2022-36013/58586", + "advisory": "Tensorflow-cpu-aws 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35966: Segfault in 'QuantizedAvgPool'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-4w68-4x85-mjj9", + "cve": "CVE-2022-35966", + "id": "pyup.io-58595", + "more_info_path": "/vulnerabilities/CVE-2022-35966/58595", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -139113,6 +141117,18 @@ ], "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, + { + "advisory": "Tensorflow-cpu-aws 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36013: Null-dereference in 'mlir::tfg::GraphDefImporter::ConvertNodeDef'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-828c-5j5q-vrjq", + "cve": "CVE-2022-36013", + "id": "pyup.io-58586", + "more_info_path": "/vulnerabilities/CVE-2022-36013/58586", + "specs": [ + "<2.7.4", + ">=2.8.0rc0,<2.8.3", + ">=2.9.0rc0,<2.9.2" + ], + "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" + }, { "advisory": "Tensorflow-cpu-aws 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35985: 'CHECK' fail in 'LRNGrad'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9942-r22v-78cp", "cve": "CVE-2022-35985", @@ -139210,10 +141226,22 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41891: If 'tf.raw_ops.TensorListConcat' is given 'element_shape=[]', it results segmentation fault which can be used to trigger a denial of service attack.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-66vq-54fq-6jvv", - "cve": "CVE-2022-41891", - "id": "pyup.io-58542", - "more_info_path": "/vulnerabilities/CVE-2022-41891/58542", + "advisory": "Tensorflow-cpu-aws 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41907: When 'tf.raw_ops.ResizeNearestNeighborGrad' is given a large 'size' input, it overflows.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-368v-7v32-52fx", + "cve": "CVE-2022-41907", + "id": "pyup.io-58553", + "more_info_path": "/vulnerabilities/CVE-2022-41907/58553", + "specs": [ + "<2.8.4", + ">=2.9.0rc0,<2.9.3", + ">=2.10.0rc0,<2.10.1" + ], + "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" + }, + { + "advisory": "Tensorflow-cpu-aws 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41897: If 'FractionMaxPoolGrad' is given outsize inputs 'row_pooling_sequence' and 'col_pooling_sequence', TensorFlow will crash.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-f2w8-jw48-fr7j", + "cve": "CVE-2022-41897", + "id": "pyup.io-58557", + "more_info_path": "/vulnerabilities/CVE-2022-41897/58557", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -139234,10 +141262,10 @@ "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, { - "advisory": "Tensorflow-cpu-aws 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41907: When 'tf.raw_ops.ResizeNearestNeighborGrad' is given a large 'size' input, it overflows.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-368v-7v32-52fx", - "cve": "CVE-2022-41907", - "id": "pyup.io-58553", - "more_info_path": "/vulnerabilities/CVE-2022-41907/58553", + "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41891: If 'tf.raw_ops.TensorListConcat' is given 'element_shape=[]', it results segmentation fault which can be used to trigger a denial of service attack.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-66vq-54fq-6jvv", + "cve": "CVE-2022-41891", + "id": "pyup.io-58542", + "more_info_path": "/vulnerabilities/CVE-2022-41891/58542", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -139294,10 +141322,10 @@ "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, { - "advisory": "Tensorflow-cpu-aws 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41897: If 'FractionMaxPoolGrad' is given outsize inputs 'row_pooling_sequence' and 'col_pooling_sequence', TensorFlow will crash.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-f2w8-jw48-fr7j", - "cve": "CVE-2022-41897", - "id": "pyup.io-58557", - "more_info_path": "/vulnerabilities/CVE-2022-41897/58557", + "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41899: TensorFlow is an open source platform for machine learning. Inputs 'dense_features' or 'example_state_data' not of rank 2 will trigger a 'CHECK' fail in 'SdcaOptimizer'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-27rc-728f-x5w2", + "cve": "CVE-2022-41899", + "id": "pyup.io-58546", + "more_info_path": "/vulnerabilities/CVE-2022-41899/58546", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -139306,10 +141334,10 @@ "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, { - "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41898: If 'SparseFillEmptyRowsGrad' is given empty inputs, TensorFlow will crash.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-hq7g-wwwp-q46h", - "cve": "CVE-2022-41898", - "id": "pyup.io-58561", - "more_info_path": "/vulnerabilities/CVE-2022-41898/58561", + "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41901: An input 'sparse_matrix' that is not a matrix with a shape with rank 0 will trigger a 'CHECK' fail in 'tf.raw_ops.SparseMatrixNNZ'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-g9fm-r5mm-rf9f", + "cve": "CVE-2022-41901", + "id": "pyup.io-58540", + "more_info_path": "/vulnerabilities/CVE-2022-41901/58540", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -139318,10 +141346,10 @@ "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, { - "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41899: TensorFlow is an open source platform for machine learning. Inputs 'dense_features' or 'example_state_data' not of rank 2 will trigger a 'CHECK' fail in 'SdcaOptimizer'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-27rc-728f-x5w2", - "cve": "CVE-2022-41899", - "id": "pyup.io-58546", - "more_info_path": "/vulnerabilities/CVE-2022-41899/58546", + "advisory": "Tensorflow-cpu-aws 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41910: The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-frqp-wp83-qggv", + "cve": "CVE-2022-41910", + "id": "pyup.io-58559", + "more_info_path": "/vulnerabilities/CVE-2022-41910/58559", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -139330,10 +141358,10 @@ "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, { - "advisory": "Tensorflow-cpu-aws 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41885: When 'tf.raw_ops.FusedResizeAndPadConv2D' is given a large tensor shape, it overflows.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-762h-vpvw-3rcx", - "cve": "CVE-2022-41885", - "id": "pyup.io-58545", - "more_info_path": "/vulnerabilities/CVE-2022-41885/58545", + "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41898: If 'SparseFillEmptyRowsGrad' is given empty inputs, TensorFlow will crash.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-hq7g-wwwp-q46h", + "cve": "CVE-2022-41898", + "id": "pyup.io-58561", + "more_info_path": "/vulnerabilities/CVE-2022-41898/58561", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -139354,10 +141382,10 @@ "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, { - "advisory": "Tensorflow-cpu-aws 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41895: If 'MirrorPadGrad' is given outsize input 'paddings', TensorFlow will give a heap OOB error.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-gq2j-cr96-gvqx", - "cve": "CVE-2022-41895", - "id": "pyup.io-58541", - "more_info_path": "/vulnerabilities/CVE-2022-41895/58541", + "advisory": "Tensorflow-cpu-aws 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41885: When 'tf.raw_ops.FusedResizeAndPadConv2D' is given a large tensor shape, it overflows.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-762h-vpvw-3rcx", + "cve": "CVE-2022-41885", + "id": "pyup.io-58545", + "more_info_path": "/vulnerabilities/CVE-2022-41885/58545", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -139366,10 +141394,10 @@ "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, { - "advisory": "Tensorflow-cpu-aws 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41911: When printing a tensor, we get it's data as a 'const char*' array (since that's the underlying storage) and then we typecast it to the element type. However, conversions from 'char' to 'bool' are undefined if the 'char' is not '0' or '1', so sanitizers/fuzzers will crash.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-pf36-r9c6-h97j", - "cve": "CVE-2022-41911", - "id": "pyup.io-58543", - "more_info_path": "/vulnerabilities/CVE-2022-41911/58543", + "advisory": "Tensorflow-cpu-aws 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41895: If 'MirrorPadGrad' is given outsize input 'paddings', TensorFlow will give a heap OOB error.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-gq2j-cr96-gvqx", + "cve": "CVE-2022-41895", + "id": "pyup.io-58541", + "more_info_path": "/vulnerabilities/CVE-2022-41895/58541", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -139378,10 +141406,10 @@ "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, { - "advisory": "Tensorflow-cpu-aws 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41910: The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-frqp-wp83-qggv", - "cve": "CVE-2022-41910", - "id": "pyup.io-58559", - "more_info_path": "/vulnerabilities/CVE-2022-41910/58559", + "advisory": "Tensorflow-cpu-aws 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41911: When printing a tensor, we get it's data as a 'const char*' array (since that's the underlying storage) and then we typecast it to the element type. However, conversions from 'char' to 'bool' are undefined if the 'char' is not '0' or '1', so sanitizers/fuzzers will crash.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-pf36-r9c6-h97j", + "cve": "CVE-2022-41911", + "id": "pyup.io-58543", + "more_info_path": "/vulnerabilities/CVE-2022-41911/58543", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -139413,18 +141441,6 @@ ], "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, - { - "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41901: An input 'sparse_matrix' that is not a matrix with a shape with rank 0 will trigger a 'CHECK' fail in 'tf.raw_ops.SparseMatrixNNZ'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-g9fm-r5mm-rf9f", - "cve": "CVE-2022-41901", - "id": "pyup.io-58540", - "more_info_path": "/vulnerabilities/CVE-2022-41901/58540", - "specs": [ - "<2.8.4", - ">=2.9.0rc0,<2.9.3", - ">=2.10.0rc0,<2.10.1" - ], - "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" - }, { "advisory": "Tensorflow-cpu-aws 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41884: If a numpy array is created with a shape such that one element is zero and the others sum to a large number, an error will be raised. \nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-jq6x-99hj-q636", "cve": "CVE-2022-41884", @@ -139958,16 +141974,6 @@ ], "v": "<0.25.0" }, - { - "advisory": "Tensorflow-federated 0.25.0 updates its dependency 'TensorFlow' to v2.9.0 to include security fixes.", - "cve": "CVE-2022-29199", - "id": "pyup.io-49280", - "more_info_path": "/vulnerabilities/CVE-2022-29199/49280", - "specs": [ - "<0.25.0" - ], - "v": "<0.25.0" - }, { "advisory": "Tensorflow-federated 0.25.0 updates its dependency 'TensorFlow' to v2.9.0 to include security fixes.", "cve": "CVE-2022-27776", @@ -139998,26 +142004,6 @@ ], "v": "<0.25.0" }, - { - "advisory": "Tensorflow-federated 0.25.0 updates its dependency 'TensorFlow' to v2.9.0 to include security fixes.", - "cve": "CVE-2022-29192", - "id": "pyup.io-49273", - "more_info_path": "/vulnerabilities/CVE-2022-29192/49273", - "specs": [ - "<0.25.0" - ], - "v": "<0.25.0" - }, - { - "advisory": "Tensorflow-federated 0.25.0 updates its dependency 'TensorFlow' to v2.9.0 to include security fixes.", - "cve": "CVE-2022-29206", - "id": "pyup.io-49287", - "more_info_path": "/vulnerabilities/CVE-2022-29206/49287", - "specs": [ - "<0.25.0" - ], - "v": "<0.25.0" - }, { "advisory": "Tensorflow-federated 0.25.0 updates its dependency 'TensorFlow' to v2.9.0 to include security fixes.", "cve": "CVE-2022-29216", @@ -140048,26 +142034,6 @@ ], "v": "<0.25.0" }, - { - "advisory": "Tensorflow-federated 0.25.0 updates its dependency 'TensorFlow' to v2.9.0 to include security fixes.", - "cve": "CVE-2022-29198", - "id": "pyup.io-49279", - "more_info_path": "/vulnerabilities/CVE-2022-29198/49279", - "specs": [ - "<0.25.0" - ], - "v": "<0.25.0" - }, - { - "advisory": "Tensorflow-federated 0.25.0 updates its dependency 'TensorFlow' to v2.9.0 to include security fixes.", - "cve": "CVE-2022-30115", - "id": "pyup.io-49296", - "more_info_path": "/vulnerabilities/CVE-2022-30115/49296", - "specs": [ - "<0.25.0" - ], - "v": "<0.25.0" - }, { "advisory": "Tensorflow-federated 0.25.0 updates its dependency 'TensorFlow' to v2.9.0 to include security fixes.", "cve": "CVE-2022-29195", @@ -140078,16 +142044,6 @@ ], "v": "<0.25.0" }, - { - "advisory": "Tensorflow-federated 0.25.0 updates its dependency 'TensorFlow' to v2.9.0 to include security fixes.", - "cve": "CVE-2022-29209", - "id": "pyup.io-49290", - "more_info_path": "/vulnerabilities/CVE-2022-29209/49290", - "specs": [ - "<0.25.0" - ], - "v": "<0.25.0" - }, { "advisory": "Tensorflow-federated 0.25.0 updates its dependency 'TensorFlow' to v2.9.0 to include security fixes.", "cve": "CVE-2022-29207", @@ -140138,16 +142094,6 @@ ], "v": "<0.25.0" }, - { - "advisory": "Tensorflow-federated 0.25.0 updates its dependency 'TensorFlow' to v2.9.0 to include security fixes.", - "cve": "CVE-2022-29191", - "id": "pyup.io-49272", - "more_info_path": "/vulnerabilities/CVE-2022-29191/49272", - "specs": [ - "<0.25.0" - ], - "v": "<0.25.0" - }, { "advisory": "Tensorflow-federated 0.25.0 updates its dependency 'TensorFlow' to v2.9.0 to include security fixes.", "cve": "CVE-2022-27780", @@ -140178,26 +142124,6 @@ ], "v": "<0.25.0" }, - { - "advisory": "Tensorflow-federated 0.25.0 updates its dependency 'TensorFlow' to v2.9.0 to include security fixes.", - "cve": "CVE-2022-27778", - "id": "pyup.io-49267", - "more_info_path": "/vulnerabilities/CVE-2022-27778/49267", - "specs": [ - "<0.25.0" - ], - "v": "<0.25.0" - }, - { - "advisory": "Tensorflow-federated 0.25.0 updates its dependency 'TensorFlow' to v2.9.0 to include security fixes.", - "cve": "CVE-2022-29204", - "id": "pyup.io-49285", - "more_info_path": "/vulnerabilities/CVE-2022-29204/49285", - "specs": [ - "<0.25.0" - ], - "v": "<0.25.0" - }, { "advisory": "Tensorflow-federated 0.25.0 updates its dependency 'TensorFlow' to v2.9.0 to include security fixes.", "cve": "CVE-2022-29194", @@ -140230,9 +142156,9 @@ }, { "advisory": "Tensorflow-federated 0.25.0 updates its dependency 'TensorFlow' to v2.9.0 to include security fixes.", - "cve": "CVE-2022-29202", - "id": "pyup.io-49283", - "more_info_path": "/vulnerabilities/CVE-2022-29202/49283", + "cve": "CVE-2022-29201", + "id": "pyup.io-49282", + "more_info_path": "/vulnerabilities/CVE-2022-29201/49282", "specs": [ "<0.25.0" ], @@ -140240,9 +142166,9 @@ }, { "advisory": "Tensorflow-federated 0.25.0 updates its dependency 'TensorFlow' to v2.9.0 to include security fixes.", - "cve": "CVE-2022-29201", - "id": "pyup.io-49282", - "more_info_path": "/vulnerabilities/CVE-2022-29201/49282", + "cve": "CVE-2022-29200", + "id": "pyup.io-49281", + "more_info_path": "/vulnerabilities/CVE-2022-29200/49281", "specs": [ "<0.25.0" ], @@ -140250,9 +142176,9 @@ }, { "advisory": "Tensorflow-federated 0.25.0 updates its dependency 'TensorFlow' to v2.9.0 to include security fixes.", - "cve": "CVE-2022-29200", - "id": "pyup.io-49281", - "more_info_path": "/vulnerabilities/CVE-2022-29200/49281", + "cve": "CVE-2022-27779", + "id": "pyup.io-49268", + "more_info_path": "/vulnerabilities/CVE-2022-27779/49268", "specs": [ "<0.25.0" ], @@ -140260,9 +142186,9 @@ }, { "advisory": "Tensorflow-federated 0.25.0 updates its dependency 'TensorFlow' to v2.9.0 to include security fixes.", - "cve": "CVE-2022-29196", - "id": "pyup.io-49277", - "more_info_path": "/vulnerabilities/CVE-2022-29196/49277", + "cve": "CVE-2022-29199", + "id": "pyup.io-49280", + "more_info_path": "/vulnerabilities/CVE-2022-29199/49280", "specs": [ "<0.25.0" ], @@ -140270,9 +142196,99 @@ }, { "advisory": "Tensorflow-federated 0.25.0 updates its dependency 'TensorFlow' to v2.9.0 to include security fixes.", - "cve": "CVE-2022-27779", - "id": "pyup.io-49268", - "more_info_path": "/vulnerabilities/CVE-2022-27779/49268", + "cve": "CVE-2022-29192", + "id": "pyup.io-49273", + "more_info_path": "/vulnerabilities/CVE-2022-29192/49273", + "specs": [ + "<0.25.0" + ], + "v": "<0.25.0" + }, + { + "advisory": "Tensorflow-federated 0.25.0 updates its dependency 'TensorFlow' to v2.9.0 to include security fixes.", + "cve": "CVE-2022-29206", + "id": "pyup.io-49287", + "more_info_path": "/vulnerabilities/CVE-2022-29206/49287", + "specs": [ + "<0.25.0" + ], + "v": "<0.25.0" + }, + { + "advisory": "Tensorflow-federated 0.25.0 updates its dependency 'TensorFlow' to v2.9.0 to include security fixes.", + "cve": "CVE-2022-29198", + "id": "pyup.io-49279", + "more_info_path": "/vulnerabilities/CVE-2022-29198/49279", + "specs": [ + "<0.25.0" + ], + "v": "<0.25.0" + }, + { + "advisory": "Tensorflow-federated 0.25.0 updates its dependency 'TensorFlow' to v2.9.0 to include security fixes.", + "cve": "CVE-2022-30115", + "id": "pyup.io-49296", + "more_info_path": "/vulnerabilities/CVE-2022-30115/49296", + "specs": [ + "<0.25.0" + ], + "v": "<0.25.0" + }, + { + "advisory": "Tensorflow-federated 0.25.0 updates its dependency 'TensorFlow' to v2.9.0 to include security fixes.", + "cve": "CVE-2022-29209", + "id": "pyup.io-49290", + "more_info_path": "/vulnerabilities/CVE-2022-29209/49290", + "specs": [ + "<0.25.0" + ], + "v": "<0.25.0" + }, + { + "advisory": "Tensorflow-federated 0.25.0 updates its dependency 'TensorFlow' to v2.9.0 to include security fixes.", + "cve": "CVE-2022-29191", + "id": "pyup.io-49272", + "more_info_path": "/vulnerabilities/CVE-2022-29191/49272", + "specs": [ + "<0.25.0" + ], + "v": "<0.25.0" + }, + { + "advisory": "Tensorflow-federated 0.25.0 updates its dependency 'TensorFlow' to v2.9.0 to include security fixes.", + "cve": "CVE-2022-27778", + "id": "pyup.io-49267", + "more_info_path": "/vulnerabilities/CVE-2022-27778/49267", + "specs": [ + "<0.25.0" + ], + "v": "<0.25.0" + }, + { + "advisory": "Tensorflow-federated 0.25.0 updates its dependency 'TensorFlow' to v2.9.0 to include security fixes.", + "cve": "CVE-2022-29204", + "id": "pyup.io-49285", + "more_info_path": "/vulnerabilities/CVE-2022-29204/49285", + "specs": [ + "<0.25.0" + ], + "v": "<0.25.0" + }, + { + "advisory": "Tensorflow-federated 0.25.0 updates its dependency 'TensorFlow' to v2.9.0 to include security fixes.", + "cve": "CVE-2022-29202", + "id": "pyup.io-49283", + "more_info_path": "/vulnerabilities/CVE-2022-29202/49283", + "specs": [ + "<0.25.0" + ], + "v": "<0.25.0" + }, + { + "advisory": "Tensorflow-federated 0.25.0 updates its dependency 'TensorFlow' to v2.9.0 to include security fixes.", + "cve": "CVE-2022-29196", + "id": "pyup.io-49277", + "more_info_path": "/vulnerabilities/CVE-2022-29196/49277", "specs": [ "<0.25.0" ], @@ -141594,6 +143610,18 @@ ], "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, + { + "advisory": "The Grappler component within TensorFlow has a vulnerability that may result in a denial of service. The flaw arises from the use of `CHECK`-failure in constant folding. This is linked to the `output_prop` tensor, which takes on a shape influenced by user input, thus potentially activating one of the `CHECK`s in the `PartialTensorShape` constructor.\r\n\r\nThis issue is identified as TFSA-2021-198.\r\n\r\nFor remediation, a modification has been made to solve this problem is in the GitHub commit be7b286d40bc68cb0b56f702186cc4837d508058. This fix will be seen in the TensorFlow 2.8.0 release. Retroactive solutions will also be applied to TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these versions are also vulnerable and continue to be within the supported range. \r\n\r\nFor a comprehensive understanding of our security protocol or to share issues and ask questions, please refer to our security guide.", + "cve": "PVE-2023-99919", + "id": "pyup.io-61992", + "more_info_path": "/vulnerabilities/PVE-2023-99919/61992", + "specs": [ + "<2.5.3", + "==2.7.0", + ">=2.6.0,<2.6.3" + ], + "v": "<2.5.3,==2.7.0,>=2.6.0,<2.6.3" + }, { "advisory": "Tensorflow-gpu versions 2.5.3, 2.6.3 and 2.7.1 update its dependency 'icu' to v69.1 to include a security fix.", "cve": "CVE-2020-10531", @@ -146476,16 +148504,6 @@ ], "v": "<2.10.0" }, - { - "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-35993: 'CHECK' fail in 'SetSize'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-wq6q-6m32-9rv9", - "cve": "CVE-2022-35993", - "id": "pyup.io-56578", - "more_info_path": "/vulnerabilities/CVE-2022-35993/56578", - "specs": [ - "<2.10.0" - ], - "v": "<2.10.0" - }, { "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-35984: 'CHECK' fail in 'ParameterizedTruncatedNormal'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-p2xf-8hgm-hpw5", "cve": "CVE-2022-35984", @@ -146496,46 +148514,6 @@ ], "v": "<2.10.0" }, - { - "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-36014: Null-dereference in 'mlir::tfg::TFOp::nameAttr'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-7j3m-8g3c-9qqq", - "cve": "CVE-2022-36014", - "id": "pyup.io-56579", - "more_info_path": "/vulnerabilities/CVE-2022-36014/56579", - "specs": [ - "<2.10.0" - ], - "v": "<2.10.0" - }, - { - "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-35940: Int overflow in 'RaggedRangeOp'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-x989-q2pq-4q5x", - "cve": "CVE-2022-35940", - "id": "pyup.io-56589", - "more_info_path": "/vulnerabilities/CVE-2022-35940/56589", - "specs": [ - "<2.10.0" - ], - "v": "<2.10.0" - }, - { - "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-35937: OOB read in 'Gather_nd' op in TF Lite.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-pxrw-j2fv-hx3h", - "cve": "CVE-2022-35937", - "id": "pyup.io-56543", - "more_info_path": "/vulnerabilities/CVE-2022-35937/56543", - "specs": [ - "<2.10.0" - ], - "v": "<2.10.0" - }, - { - "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-36015: Integer overflow in math ops. \nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-rh87-q4vg-m45j", - "cve": "CVE-2022-36015", - "id": "pyup.io-56549", - "more_info_path": "/vulnerabilities/CVE-2022-36015/56549", - "specs": [ - "<2.10.0" - ], - "v": "<2.10.0" - }, { "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-35985: 'CHECK' fail in 'LRNGrad'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9942-r22v-78cp", "cve": "CVE-2022-35985", @@ -146566,16 +148544,6 @@ ], "v": "<2.10.0" }, - { - "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-36003: 'CHECK' fail in 'RandomPoissonV2'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-cv2p-32v3-vhwq", - "cve": "CVE-2022-36003", - "id": "pyup.io-56550", - "more_info_path": "/vulnerabilities/CVE-2022-36003/56550", - "specs": [ - "<2.10.0" - ], - "v": "<2.10.0" - }, { "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-35998: 'CHECK' fail in 'EmptyTensorList'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-qhw4-wwr7-gjc5", "cve": "CVE-2022-35998", @@ -146606,16 +148574,6 @@ ], "v": "<2.10.0" }, - { - "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-35974: Segfault in 'QuantizeDownAndShrinkRange'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-vgvh-2pf4-jr2x", - "cve": "CVE-2022-35974", - "id": "pyup.io-56569", - "more_info_path": "/vulnerabilities/CVE-2022-35974/56569", - "specs": [ - "<2.10.0" - ], - "v": "<2.10.0" - }, { "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-35973: Segfault in 'QuantizedMatMul'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-689c-r7h2-fv9v", "cve": "CVE-2022-35973", @@ -146626,26 +148584,6 @@ ], "v": "<2.10.0" }, - { - "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-36026: 'CHECK' fail in 'QuantizeAndDequantizeV3'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9cr2-8pwr-fhfq", - "cve": "CVE-2022-36026", - "id": "pyup.io-56572", - "more_info_path": "/vulnerabilities/CVE-2022-36026/56572", - "specs": [ - "<2.10.0" - ], - "v": "<2.10.0" - }, - { - "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-36027: Segfault TFLite converter on per-channel quantized transposed convolutions.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-79h2-q768-fpxr", - "cve": "CVE-2022-36027", - "id": "pyup.io-56575", - "more_info_path": "/vulnerabilities/CVE-2022-36027/56575", - "specs": [ - "<2.10.0" - ], - "v": "<2.10.0" - }, { "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-35952: 'CHECK' failures in 'UnbatchGradOp'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-h5vq-gw2c-pq47", "cve": "CVE-2022-35952", @@ -146657,20 +148595,20 @@ "v": "<2.10.0" }, { - "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-35981: 'CHECK' fail in 'FractionalMaxPoolGrad'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-vxv8-r8q2-63xw", - "cve": "CVE-2022-35981", - "id": "pyup.io-56565", - "more_info_path": "/vulnerabilities/CVE-2022-35981/56565", + "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-36018: 'CHECK' fail in 'RaggedTensorToVariant'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-m6cv-4fmf-66xf", + "cve": "CVE-2022-36018", + "id": "pyup.io-56596", + "more_info_path": "/vulnerabilities/CVE-2022-36018/56596", "specs": [ "<2.10.0" ], "v": "<2.10.0" }, { - "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-36018: 'CHECK' fail in 'RaggedTensorToVariant'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-m6cv-4fmf-66xf", - "cve": "CVE-2022-36018", - "id": "pyup.io-56596", - "more_info_path": "/vulnerabilities/CVE-2022-36018/56596", + "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-35981: 'CHECK' fail in 'FractionalMaxPoolGrad'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-vxv8-r8q2-63xw", + "cve": "CVE-2022-35981", + "id": "pyup.io-56565", + "more_info_path": "/vulnerabilities/CVE-2022-35981/56565", "specs": [ "<2.10.0" ], @@ -146707,20 +148645,20 @@ "v": "<2.10.0" }, { - "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-35971: 'CHECK' fail in 'FakeQuantWithMinMaxVars'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9fpg-838v-wpv7", - "cve": "CVE-2022-35971", - "id": "pyup.io-56594", - "more_info_path": "/vulnerabilities/CVE-2022-35971/56594", + "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-35995: 'CHECK' fail in 'AudioSummaryV2'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-g9h5-vr8m-x2h4", + "cve": "CVE-2022-35995", + "id": "pyup.io-56593", + "more_info_path": "/vulnerabilities/CVE-2022-35995/56593", "specs": [ "<2.10.0" ], "v": "<2.10.0" }, { - "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-35995: 'CHECK' fail in 'AudioSummaryV2'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-g9h5-vr8m-x2h4", - "cve": "CVE-2022-35995", - "id": "pyup.io-56593", - "more_info_path": "/vulnerabilities/CVE-2022-35995/56593", + "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-35971: 'CHECK' fail in 'FakeQuantWithMinMaxVars'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9fpg-838v-wpv7", + "cve": "CVE-2022-35971", + "id": "pyup.io-56594", + "more_info_path": "/vulnerabilities/CVE-2022-35971/56594", "specs": [ "<2.10.0" ], @@ -146736,6 +148674,16 @@ ], "v": "<2.10.0" }, + { + "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-35964: Segfault in 'BlockLSTMGradV2'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-f7r5-q7cx-h668", + "cve": "CVE-2022-35964", + "id": "pyup.io-56561", + "more_info_path": "/vulnerabilities/CVE-2022-35964/56561", + "specs": [ + "<2.10.0" + ], + "v": "<2.10.0" + }, { "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-35996: Floating point exception in 'Conv2D'. \nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-q5jv-m6qw-5g37", "cve": "CVE-2022-35996", @@ -146756,26 +148704,6 @@ ], "v": "<2.10.0" }, - { - "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-35964: Segfault in 'BlockLSTMGradV2'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-f7r5-q7cx-h668", - "cve": "CVE-2022-35964", - "id": "pyup.io-56561", - "more_info_path": "/vulnerabilities/CVE-2022-35964/56561", - "specs": [ - "<2.10.0" - ], - "v": "<2.10.0" - }, - { - "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-35987: 'CHECK' fail in 'DenseBincount'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-w62h-8xjm-fv49", - "cve": "CVE-2022-35987", - "id": "pyup.io-56571", - "more_info_path": "/vulnerabilities/CVE-2022-35987/56571", - "specs": [ - "<2.10.0" - ], - "v": "<2.10.0" - }, { "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-35982: Segfault in 'SparseBincount'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-397c-5g2j-qxpv", "cve": "CVE-2022-35982", @@ -146817,20 +148745,10 @@ "v": "<2.10.0" }, { - "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-35960: 'CHECK' failure in 'TensorListReserve' via missing validation.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-v5xg-3q2c-c2r4", - "cve": "CVE-2022-35960", - "id": "pyup.io-56546", - "more_info_path": "/vulnerabilities/CVE-2022-35960/56546", - "specs": [ - "<2.10.0" - ], - "v": "<2.10.0" - }, - { - "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-36000: 'CHECK' fail in 'Eig'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-fqxc-pvf8-2w9v", - "cve": "CVE-2022-36000", - "id": "pyup.io-56566", - "more_info_path": "/vulnerabilities/CVE-2022-36000/56566", + "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-35988: 'CHECK' fail in 'tf.linalg.matrix_rank'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9vqj-64pv-w55c", + "cve": "CVE-2022-35988", + "id": "pyup.io-56582", + "more_info_path": "/vulnerabilities/CVE-2022-35988/56582", "specs": [ "<2.10.0" ], @@ -146846,16 +148764,6 @@ ], "v": "<2.10.0" }, - { - "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-35988: 'CHECK' fail in 'tf.linalg.matrix_rank'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9vqj-64pv-w55c", - "cve": "CVE-2022-35988", - "id": "pyup.io-56582", - "more_info_path": "/vulnerabilities/CVE-2022-35988/56582", - "specs": [ - "<2.10.0" - ], - "v": "<2.10.0" - }, { "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-35967: Segfault in 'QuantizedAdd'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-v6h3-348g-6h5x", "cve": "CVE-2022-35967", @@ -146886,6 +148794,126 @@ ], "v": "<2.10.0" }, + { + "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-35993: 'CHECK' fail in 'SetSize'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-wq6q-6m32-9rv9", + "cve": "CVE-2022-35993", + "id": "pyup.io-56578", + "more_info_path": "/vulnerabilities/CVE-2022-35993/56578", + "specs": [ + "<2.10.0" + ], + "v": "<2.10.0" + }, + { + "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-36014: Null-dereference in 'mlir::tfg::TFOp::nameAttr'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-7j3m-8g3c-9qqq", + "cve": "CVE-2022-36014", + "id": "pyup.io-56579", + "more_info_path": "/vulnerabilities/CVE-2022-36014/56579", + "specs": [ + "<2.10.0" + ], + "v": "<2.10.0" + }, + { + "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-35940: Int overflow in 'RaggedRangeOp'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-x989-q2pq-4q5x", + "cve": "CVE-2022-35940", + "id": "pyup.io-56589", + "more_info_path": "/vulnerabilities/CVE-2022-35940/56589", + "specs": [ + "<2.10.0" + ], + "v": "<2.10.0" + }, + { + "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-35937: OOB read in 'Gather_nd' op in TF Lite.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-pxrw-j2fv-hx3h", + "cve": "CVE-2022-35937", + "id": "pyup.io-56543", + "more_info_path": "/vulnerabilities/CVE-2022-35937/56543", + "specs": [ + "<2.10.0" + ], + "v": "<2.10.0" + }, + { + "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-36015: Integer overflow in math ops. \nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-rh87-q4vg-m45j", + "cve": "CVE-2022-36015", + "id": "pyup.io-56549", + "more_info_path": "/vulnerabilities/CVE-2022-36015/56549", + "specs": [ + "<2.10.0" + ], + "v": "<2.10.0" + }, + { + "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-36003: 'CHECK' fail in 'RandomPoissonV2'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-cv2p-32v3-vhwq", + "cve": "CVE-2022-36003", + "id": "pyup.io-56550", + "more_info_path": "/vulnerabilities/CVE-2022-36003/56550", + "specs": [ + "<2.10.0" + ], + "v": "<2.10.0" + }, + { + "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-35974: Segfault in 'QuantizeDownAndShrinkRange'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-vgvh-2pf4-jr2x", + "cve": "CVE-2022-35974", + "id": "pyup.io-56569", + "more_info_path": "/vulnerabilities/CVE-2022-35974/56569", + "specs": [ + "<2.10.0" + ], + "v": "<2.10.0" + }, + { + "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-36026: 'CHECK' fail in 'QuantizeAndDequantizeV3'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9cr2-8pwr-fhfq", + "cve": "CVE-2022-36026", + "id": "pyup.io-56572", + "more_info_path": "/vulnerabilities/CVE-2022-36026/56572", + "specs": [ + "<2.10.0" + ], + "v": "<2.10.0" + }, + { + "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-36027: Segfault TFLite converter on per-channel quantized transposed convolutions.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-79h2-q768-fpxr", + "cve": "CVE-2022-36027", + "id": "pyup.io-56575", + "more_info_path": "/vulnerabilities/CVE-2022-36027/56575", + "specs": [ + "<2.10.0" + ], + "v": "<2.10.0" + }, + { + "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-35987: 'CHECK' fail in 'DenseBincount'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-w62h-8xjm-fv49", + "cve": "CVE-2022-35987", + "id": "pyup.io-56571", + "more_info_path": "/vulnerabilities/CVE-2022-35987/56571", + "specs": [ + "<2.10.0" + ], + "v": "<2.10.0" + }, + { + "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-35960: 'CHECK' failure in 'TensorListReserve' via missing validation.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-v5xg-3q2c-c2r4", + "cve": "CVE-2022-35960", + "id": "pyup.io-56546", + "more_info_path": "/vulnerabilities/CVE-2022-35960/56546", + "specs": [ + "<2.10.0" + ], + "v": "<2.10.0" + }, + { + "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-36000: 'CHECK' fail in 'Eig'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-fqxc-pvf8-2w9v", + "cve": "CVE-2022-36000", + "id": "pyup.io-56566", + "more_info_path": "/vulnerabilities/CVE-2022-36000/56566", + "specs": [ + "<2.10.0" + ], + "v": "<2.10.0" + }, { "advisory": "Tensorflow-intel 2.10.0 includes a fix for CVE-2022-35999: 'CHECK' fail in 'Conv2DBackpropInput'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-37jf-mjv6-xfqw", "cve": "CVE-2022-35999", @@ -147017,10 +149045,10 @@ "v": "<2.10.0" }, { - "advisory": "Tensorflow-intel 2.11.1 and 2.12.0 include a fix for CVE-2023-25668: Attackers using Tensorflow prior to 2.12.0 or 2.11.1 can access heap memory which is not in the control of user, leading to a crash or remote code execution.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-gw97-ff7c-9v96", - "cve": "CVE-2023-25668", - "id": "pyup.io-56509", - "more_info_path": "/vulnerabilities/CVE-2023-25668/56509", + "advisory": "Tensorflow-intel 2.11.1 and 2.12.0 include a fix for CVE-2023-25676: When running versions prior to 2.12.0 and 2.11.1 with XLA, 'tf.raw_ops.ParallelConcat' segfaults with a nullptr dereference when given a parameter 'shape' with rank that is not greater than zero.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-6wfh-89q8-44jq", + "cve": "CVE-2023-25676", + "id": "pyup.io-56497", + "more_info_path": "/vulnerabilities/CVE-2023-25676/56497", "specs": [ "<2.11.1", ">=2.12.0rc0,<2.12.0" @@ -147028,10 +149056,10 @@ "v": "<2.11.1,>=2.12.0rc0,<2.12.0" }, { - "advisory": "Tensorflow-intel 2.11.1 and 2.12.0 include a fix for CVE-2023-25676: When running versions prior to 2.12.0 and 2.11.1 with XLA, 'tf.raw_ops.ParallelConcat' segfaults with a nullptr dereference when given a parameter 'shape' with rank that is not greater than zero.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-6wfh-89q8-44jq", - "cve": "CVE-2023-25676", - "id": "pyup.io-56497", - "more_info_path": "/vulnerabilities/CVE-2023-25676/56497", + "advisory": "Tensorflow-intel 2.11.1 and 2.12.0 include a fix for CVE-2023-25659: Prior to versions 2.12.0 and 2.11.1, if the parameter 'indices' for 'DynamicStitch' does not match the shape of the parameter 'data', it can trigger an stack OOB read.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-93vr-9q9m-pj8p", + "cve": "CVE-2023-25659", + "id": "pyup.io-56514", + "more_info_path": "/vulnerabilities/CVE-2023-25659/56514", "specs": [ "<2.11.1", ">=2.12.0rc0,<2.12.0" @@ -147039,10 +149067,10 @@ "v": "<2.11.1,>=2.12.0rc0,<2.12.0" }, { - "advisory": "Tensorflow-intel 2.11.1 and 2.12.0 include a fix for CVE-2023-27579: Constructing a tflite model with a paramater 'filter_input_channel' of less than 1 gives a FPE.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-5w96-866f-6rm8", - "cve": "CVE-2023-27579", - "id": "pyup.io-56505", - "more_info_path": "/vulnerabilities/CVE-2023-27579/56505", + "advisory": "Tensorflow-intel 2.11.1 and 2.12.0 include a fix for CVE-2023-25668: Attackers using Tensorflow prior to 2.12.0 or 2.11.1 can access heap memory which is not in the control of user, leading to a crash or remote code execution.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-gw97-ff7c-9v96", + "cve": "CVE-2023-25668", + "id": "pyup.io-56509", + "more_info_path": "/vulnerabilities/CVE-2023-25668/56509", "specs": [ "<2.11.1", ">=2.12.0rc0,<2.12.0" @@ -147050,10 +149078,10 @@ "v": "<2.11.1,>=2.12.0rc0,<2.12.0" }, { - "advisory": "Tensorflow-intel 2.11.1 and 2.12.0 include a fix for CVE-2023-25659: Prior to versions 2.12.0 and 2.11.1, if the parameter 'indices' for 'DynamicStitch' does not match the shape of the parameter 'data', it can trigger an stack OOB read.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-93vr-9q9m-pj8p", - "cve": "CVE-2023-25659", - "id": "pyup.io-56514", - "more_info_path": "/vulnerabilities/CVE-2023-25659/56514", + "advisory": "Tensorflow-intel 2.11.1 and 2.12.0 include a fix for CVE-2023-27579: Constructing a tflite model with a paramater 'filter_input_channel' of less than 1 gives a FPE.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-5w96-866f-6rm8", + "cve": "CVE-2023-27579", + "id": "pyup.io-56505", + "more_info_path": "/vulnerabilities/CVE-2023-27579/56505", "specs": [ "<2.11.1", ">=2.12.0rc0,<2.12.0" @@ -147258,10 +149286,10 @@ "v": "<2.12" }, { - "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41899: TensorFlow is an open source platform for machine learning. Inputs 'dense_features' or 'example_state_data' not of rank 2 will trigger a 'CHECK' fail in 'SdcaOptimizer'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-27rc-728f-x5w2", - "cve": "CVE-2022-41899", - "id": "pyup.io-56524", - "more_info_path": "/vulnerabilities/CVE-2022-41899/56524", + "advisory": "Tensorflow-intel 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41884: If a numpy array is created with a shape such that one element is zero and the others sum to a large number, an error will be raised. \nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-jq6x-99hj-q636", + "cve": "CVE-2022-41884", + "id": "pyup.io-56534", + "more_info_path": "/vulnerabilities/CVE-2022-41884/56534", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -147270,10 +149298,10 @@ "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, { - "advisory": "Tensorflow-intel 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41884: If a numpy array is created with a shape such that one element is zero and the others sum to a large number, an error will be raised. \nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-jq6x-99hj-q636", - "cve": "CVE-2022-41884", - "id": "pyup.io-56534", - "more_info_path": "/vulnerabilities/CVE-2022-41884/56534", + "advisory": "Tensorflow-intel 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41890: If 'BCast::ToShape' is given input larger than an 'int32', it will crash, despite being supposed to handle up to an 'int64'. An example can be seen in 'tf.experimental.numpy.outer' by passing in large input to the input 'b'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-h246-cgh4-7475", + "cve": "CVE-2022-41890", + "id": "pyup.io-56529", + "more_info_path": "/vulnerabilities/CVE-2022-41890/56529", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -147282,10 +149310,10 @@ "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, { - "advisory": "Tensorflow-intel 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41897: If 'FractionMaxPoolGrad' is given outsize inputs 'row_pooling_sequence' and 'col_pooling_sequence', TensorFlow will crash.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-f2w8-jw48-fr7j", - "cve": "CVE-2022-41897", - "id": "pyup.io-56535", - "more_info_path": "/vulnerabilities/CVE-2022-41897/56535", + "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41896: If 'ThreadUnsafeUnigramCandidateSampler' is given input 'filterbank_channel_count' greater than the allowed max size, TensorFlow will crash.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-rmg2-f698-wq35", + "cve": "CVE-2022-41896", + "id": "pyup.io-56533", + "more_info_path": "/vulnerabilities/CVE-2022-41896/56533", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -147294,10 +149322,10 @@ "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, { - "advisory": "Tensorflow-intel 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41911: When printing a tensor, we get it's data as a 'const char*' array (since that's the underlying storage) and then we typecast it to the element type. However, conversions from 'char' to 'bool' are undefined if the 'char' is not '0' or '1', so sanitizers/fuzzers will crash.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-pf36-r9c6-h97j", - "cve": "CVE-2022-41911", - "id": "pyup.io-56521", - "more_info_path": "/vulnerabilities/CVE-2022-41911/56521", + "advisory": "Tensorflow-intel 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41885: When 'tf.raw_ops.FusedResizeAndPadConv2D' is given a large tensor shape, it overflows.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-762h-vpvw-3rcx", + "cve": "CVE-2022-41885", + "id": "pyup.io-56523", + "more_info_path": "/vulnerabilities/CVE-2022-41885/56523", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -147306,10 +149334,10 @@ "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, { - "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41909: An input 'encoded' that is not a valid 'CompositeTensorVariant' tensor will trigger a segfault in 'tf.raw_ops.CompositeTensorVariantToComponents'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-rjx6-v474-2ch9", - "cve": "CVE-2022-41909", - "id": "pyup.io-56526", - "more_info_path": "/vulnerabilities/CVE-2022-41909/56526", + "advisory": "Tensorflow-intel 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41889: If a list of quantized tensors is assigned to an attribute, the pywrap code fails to parse the tensor and returns a 'nullptr', which is not caught. An example can be seen in 'tf.compat.v1.extract_volume_patches' by passing in quantized tensors as input 'ksizes'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-xxcj-rhqg-m46g", + "cve": "CVE-2022-41889", + "id": "pyup.io-56522", + "more_info_path": "/vulnerabilities/CVE-2022-41889/56522", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -147318,10 +149346,10 @@ "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, { - "advisory": "Tensorflow-intel 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41890: If 'BCast::ToShape' is given input larger than an 'int32', it will crash, despite being supposed to handle up to an 'int64'. An example can be seen in 'tf.experimental.numpy.outer' by passing in large input to the input 'b'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-h246-cgh4-7475", - "cve": "CVE-2022-41890", - "id": "pyup.io-56529", - "more_info_path": "/vulnerabilities/CVE-2022-41890/56529", + "advisory": "Tensorflow-intel 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41888: When running on GPU, 'tf.image.generate_bounding_box_proposals' receives a 'scores' input that must be of rank 4 but is not checked.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-6x99-gv2v-q76v", + "cve": "CVE-2022-41888", + "id": "pyup.io-56538", + "more_info_path": "/vulnerabilities/CVE-2022-41888/56538", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -147330,10 +149358,10 @@ "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, { - "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41896: If 'ThreadUnsafeUnigramCandidateSampler' is given input 'filterbank_channel_count' greater than the allowed max size, TensorFlow will crash.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-rmg2-f698-wq35", - "cve": "CVE-2022-41896", - "id": "pyup.io-56533", - "more_info_path": "/vulnerabilities/CVE-2022-41896/56533", + "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41901: An input 'sparse_matrix' that is not a matrix with a shape with rank 0 will trigger a 'CHECK' fail in 'tf.raw_ops.SparseMatrixNNZ'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-g9fm-r5mm-rf9f", + "cve": "CVE-2022-41901", + "id": "pyup.io-56518", + "more_info_path": "/vulnerabilities/CVE-2022-41901/56518", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -147342,10 +149370,46 @@ "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, { - "advisory": "Tensorflow-intel 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41885: When 'tf.raw_ops.FusedResizeAndPadConv2D' is given a large tensor shape, it overflows.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-762h-vpvw-3rcx", - "cve": "CVE-2022-41885", - "id": "pyup.io-56523", - "more_info_path": "/vulnerabilities/CVE-2022-41885/56523", + "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41899: TensorFlow is an open source platform for machine learning. Inputs 'dense_features' or 'example_state_data' not of rank 2 will trigger a 'CHECK' fail in 'SdcaOptimizer'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-27rc-728f-x5w2", + "cve": "CVE-2022-41899", + "id": "pyup.io-56524", + "more_info_path": "/vulnerabilities/CVE-2022-41899/56524", + "specs": [ + "<2.8.4", + ">=2.9.0rc0,<2.9.3", + ">=2.10.0rc0,<2.10.1" + ], + "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" + }, + { + "advisory": "Tensorflow-intel 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41897: If 'FractionMaxPoolGrad' is given outsize inputs 'row_pooling_sequence' and 'col_pooling_sequence', TensorFlow will crash.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-f2w8-jw48-fr7j", + "cve": "CVE-2022-41897", + "id": "pyup.io-56535", + "more_info_path": "/vulnerabilities/CVE-2022-41897/56535", + "specs": [ + "<2.8.4", + ">=2.9.0rc0,<2.9.3", + ">=2.10.0rc0,<2.10.1" + ], + "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" + }, + { + "advisory": "Tensorflow-intel 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41911: When printing a tensor, we get it's data as a 'const char*' array (since that's the underlying storage) and then we typecast it to the element type. However, conversions from 'char' to 'bool' are undefined if the 'char' is not '0' or '1', so sanitizers/fuzzers will crash.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-pf36-r9c6-h97j", + "cve": "CVE-2022-41911", + "id": "pyup.io-56521", + "more_info_path": "/vulnerabilities/CVE-2022-41911/56521", + "specs": [ + "<2.8.4", + ">=2.9.0rc0,<2.9.3", + ">=2.10.0rc0,<2.10.1" + ], + "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" + }, + { + "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41909: An input 'encoded' that is not a valid 'CompositeTensorVariant' tensor will trigger a segfault in 'tf.raw_ops.CompositeTensorVariantToComponents'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-rjx6-v474-2ch9", + "cve": "CVE-2022-41909", + "id": "pyup.io-56526", + "more_info_path": "/vulnerabilities/CVE-2022-41909/56526", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -147377,30 +149441,6 @@ ], "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, - { - "advisory": "Tensorflow-intel 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41889: If a list of quantized tensors is assigned to an attribute, the pywrap code fails to parse the tensor and returns a 'nullptr', which is not caught. An example can be seen in 'tf.compat.v1.extract_volume_patches' by passing in quantized tensors as input 'ksizes'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-xxcj-rhqg-m46g", - "cve": "CVE-2022-41889", - "id": "pyup.io-56522", - "more_info_path": "/vulnerabilities/CVE-2022-41889/56522", - "specs": [ - "<2.8.4", - ">=2.9.0rc0,<2.9.3", - ">=2.10.0rc0,<2.10.1" - ], - "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" - }, - { - "advisory": "Tensorflow-intel 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41888: When running on GPU, 'tf.image.generate_bounding_box_proposals' receives a 'scores' input that must be of rank 4 but is not checked.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-6x99-gv2v-q76v", - "cve": "CVE-2022-41888", - "id": "pyup.io-56538", - "more_info_path": "/vulnerabilities/CVE-2022-41888/56538", - "specs": [ - "<2.8.4", - ">=2.9.0rc0,<2.9.3", - ">=2.10.0rc0,<2.10.1" - ], - "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" - }, { "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41891: If 'tf.raw_ops.TensorListConcat' is given 'element_shape=[]', it results segmentation fault which can be used to trigger a denial of service attack.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-66vq-54fq-6jvv", "cve": "CVE-2022-41891", @@ -147414,10 +149454,10 @@ "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, { - "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41901: An input 'sparse_matrix' that is not a matrix with a shape with rank 0 will trigger a 'CHECK' fail in 'tf.raw_ops.SparseMatrixNNZ'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-g9fm-r5mm-rf9f", - "cve": "CVE-2022-41901", - "id": "pyup.io-56518", - "more_info_path": "/vulnerabilities/CVE-2022-41901/56518", + "advisory": "Tensorflow-intel 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41907: When 'tf.raw_ops.ResizeNearestNeighborGrad' is given a large 'size' input, it overflows.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-368v-7v32-52fx", + "cve": "CVE-2022-41907", + "id": "pyup.io-56531", + "more_info_path": "/vulnerabilities/CVE-2022-41907/56531", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -147426,10 +149466,10 @@ "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, { - "advisory": "Tensorflow-intel 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41907: When 'tf.raw_ops.ResizeNearestNeighborGrad' is given a large 'size' input, it overflows.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-368v-7v32-52fx", - "cve": "CVE-2022-41907", - "id": "pyup.io-56531", - "more_info_path": "/vulnerabilities/CVE-2022-41907/56531", + "advisory": "Tensorflow-intel 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41894: The reference kernel of the 'CONV_3D_TRANSPOSE' TensorFlow Lite operator wrongly increments the data_ptr when adding the bias to the result. Instead of 'data_ptr += num_channels;' it should be 'data_ptr += output_num_channels;' as if the number of input channels is different than the number of output channels, the wrong result will be returned and a buffer overflow will occur if num_channels > output_num_channels. An attacker can craft a model with a specific number of input channels. It is then possible to write specific values through the bias of the layer outside the bounds of the buffer. This attack only works if the reference kernel resolver is used in the interpreter.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-h6q3-vv32-2cq5", + "cve": "CVE-2022-41894", + "id": "pyup.io-56540", + "more_info_path": "/vulnerabilities/CVE-2022-41894/56540", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -147509,18 +149549,6 @@ ], "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, - { - "advisory": "Tensorflow-intel 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41894: The reference kernel of the 'CONV_3D_TRANSPOSE' TensorFlow Lite operator wrongly increments the data_ptr when adding the bias to the result. Instead of 'data_ptr += num_channels;' it should be 'data_ptr += output_num_channels;' as if the number of input channels is different than the number of output channels, the wrong result will be returned and a buffer overflow will occur if num_channels > output_num_channels. An attacker can craft a model with a specific number of input channels. It is then possible to write specific values through the bias of the layer outside the bounds of the buffer. This attack only works if the reference kernel resolver is used in the interpreter.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-h6q3-vv32-2cq5", - "cve": "CVE-2022-41894", - "id": "pyup.io-56540", - "more_info_path": "/vulnerabilities/CVE-2022-41894/56540", - "specs": [ - "<2.8.4", - ">=2.9.0rc0,<2.9.3", - ">=2.10.0rc0,<2.10.1" - ], - "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" - }, { "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41898: If 'SparseFillEmptyRowsGrad' is given empty inputs, TensorFlow will crash.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-hq7g-wwwp-q46h", "cve": "CVE-2022-41898", @@ -150987,18 +153015,6 @@ } ], "tensorflow-rocm": [ - { - "advisory": "Tensorflow-rocm versions 1.15.3, 2.0.2 and 2.1.1 updates its dependency \"SQLite3\" to handle CVE-2019-19244.", - "cve": "CVE-2019-19244", - "id": "pyup.io-58004", - "more_info_path": "/vulnerabilities/CVE-2019-19244/58004", - "specs": [ - "<1.15.3", - ">=2.0.0a0,<2.0.2", - ">=2.1.0rc0,<2.1.1" - ], - "v": "<1.15.3,>=2.0.0a0,<2.0.2,>=2.1.0rc0,<2.1.1" - }, { "advisory": "Tensorflow-rocm versions 1.15.3, 2.0.2 and 2.1.1 updates its dependency \"SQLite\" to handle CVE-2019-19645.", "cve": "CVE-2019-19645", @@ -151023,18 +153039,6 @@ ], "v": "<1.15.3,>=2.0.0a0,<2.0.2,>=2.1.0rc0,<2.1.1" }, - { - "advisory": "Tensorflow-rocm versions 1.15.3, 2.0.2 and 2.1.1 updates its dependency \"Apache Spark\" to handle CVE-2019-10099.", - "cve": "CVE-2019-10099", - "id": "pyup.io-58011", - "more_info_path": "/vulnerabilities/CVE-2019-10099/58011", - "specs": [ - "<1.15.3", - ">=2.0.0a0,<2.0.2", - ">=2.1.0rc0,<2.1.1" - ], - "v": "<1.15.3,>=2.0.0a0,<2.0.2,>=2.1.0rc0,<2.1.1" - }, { "advisory": "Tensorflow-rocm versions 1.15.3, 2.0.2 and 2.1.1 updates its dependency \"libjpeg-turbo\" to handle CVE-2018-20330.", "cve": "CVE-2018-20330", @@ -151059,6 +153063,30 @@ ], "v": "<1.15.3,>=2.0.0a0,<2.0.2,>=2.1.0rc0,<2.1.1" }, + { + "advisory": "Tensorflow-rocm versions 1.15.3, 2.0.2 and 2.1.1 updates its dependency \"SQLite3\" to handle CVE-2019-19244.", + "cve": "CVE-2019-19244", + "id": "pyup.io-58004", + "more_info_path": "/vulnerabilities/CVE-2019-19244/58004", + "specs": [ + "<1.15.3", + ">=2.0.0a0,<2.0.2", + ">=2.1.0rc0,<2.1.1" + ], + "v": "<1.15.3,>=2.0.0a0,<2.0.2,>=2.1.0rc0,<2.1.1" + }, + { + "advisory": "Tensorflow-rocm versions 1.15.3, 2.0.2 and 2.1.1 updates its dependency \"Apache Spark\" to handle CVE-2019-10099.", + "cve": "CVE-2019-10099", + "id": "pyup.io-58011", + "more_info_path": "/vulnerabilities/CVE-2019-10099/58011", + "specs": [ + "<1.15.3", + ">=2.0.0a0,<2.0.2", + ">=2.1.0rc0,<2.1.1" + ], + "v": "<1.15.3,>=2.0.0a0,<2.0.2,>=2.1.0rc0,<2.1.1" + }, { "advisory": "Tensorflow-rocm versions 1.15.3, 2.0.2 and 2.1.1 updates its dependency \"libjpeg-turbo\" to handle CVE-2018-19664.", "cve": "CVE-2018-19664", @@ -151096,10 +153124,10 @@ "v": "<1.15.3,>=2.0.0a0,<2.0.2,>=2.1.0rc0,<2.1.1" }, { - "advisory": "Tensorflow-rocm versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, and 2.3.1 include a fix for CVE-2020-15204: In eager mode, TensorFlow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 does not set the session state. Hence, calling \"tf.raw_ops.GetSessionHandle\" or \"tf.raw_ops.GetSessionHandleV2\" results in a null pointer dereference In linked snippet, in eager mode, \"ctx->session_state()\" returns \"nullptr\". Since code immediately dereferences this, we get a segmentation fault. The issue was patched in commit 9a133d73ae4b4664d22bd1aa6d654fec13c52ee1", - "cve": "CVE-2020-15204", - "id": "pyup.io-57978", - "more_info_path": "/vulnerabilities/CVE-2020-15204/57978", + "advisory": "Tensorflow-rocm versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 include a fix for CVE-2020-15205: In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the 'data_splits' argument of 'tf.raw_ops.StringNGrams' lacks validation. This allows a user to pass values that can cause heap overflow errors and even leak contents of memory In the linked code snippet, all the binary strings after 'ee ff' are contents from the memory stack. Since these can contain return addresses, this data leak can be used to defeat ASLR.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-g7p5-5759-qv46", + "cve": "CVE-2020-15205", + "id": "pyup.io-57986", + "more_info_path": "/vulnerabilities/CVE-2020-15205/57986", "specs": [ "<1.15.4", ">=2.0.0a0,<2.0.3", @@ -151110,10 +153138,10 @@ "v": "<1.15.4,>=2.0.0a0,<2.0.3,>=2.1.0a0,<2.1.2,>=2.2.0a0,<2.2.1,>=2.3.0a0,<2.3.1" }, { - "advisory": "Tensorflow-rocm versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 include a fix for CVE-2020-15205: In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the 'data_splits' argument of 'tf.raw_ops.StringNGrams' lacks validation. This allows a user to pass values that can cause heap overflow errors and even leak contents of memory In the linked code snippet, all the binary strings after 'ee ff' are contents from the memory stack. Since these can contain return addresses, this data leak can be used to defeat ASLR.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-g7p5-5759-qv46", - "cve": "CVE-2020-15205", - "id": "pyup.io-57986", - "more_info_path": "/vulnerabilities/CVE-2020-15205/57986", + "advisory": "Tensorflow-rocm versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 include a fix for CVE-2020-15202: In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the 'Shard' API in TensorFlow expects the last argument to be a function taking two 'int64' (i.e., 'long long') arguments. However, there are several places in TensorFlow where a lambda taking 'int' or 'int32' arguments is being used. In these cases, if the amount of work to be parallelized is large enough, integer truncation occurs. Depending on how the two arguments of the lambda are used, this can result in segfaults, read/write outside of heap allocated arrays, stack overflows, or data corruption.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-h6fg-mjxg-hqq4", + "cve": "CVE-2020-15202", + "id": "pyup.io-57984", + "more_info_path": "/vulnerabilities/CVE-2020-15202/57984", "specs": [ "<1.15.4", ">=2.0.0a0,<2.0.3", @@ -151124,10 +153152,10 @@ "v": "<1.15.4,>=2.0.0a0,<2.0.3,>=2.1.0a0,<2.1.2,>=2.2.0a0,<2.2.1,>=2.3.0a0,<2.3.1" }, { - "advisory": "Tensorflow-rocm versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 include a fix for CVE-2020-15203: In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the 'fill' argument of tf.strings.as_string, a malicious attacker is able to trigger a format string vulnerability due to the way the internal format use in a 'printf' call is constructed. This may result in segmentation fault.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-xmq7-7fxm-rr79", - "cve": "CVE-2020-15203", - "id": "pyup.io-57987", - "more_info_path": "/vulnerabilities/CVE-2020-15203/57987", + "advisory": "Tensorflow-rocm versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, and 2.3.1 include a fix for CVE-2020-15204: In eager mode, TensorFlow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 does not set the session state. Hence, calling \"tf.raw_ops.GetSessionHandle\" or \"tf.raw_ops.GetSessionHandleV2\" results in a null pointer dereference In linked snippet, in eager mode, \"ctx->session_state()\" returns \"nullptr\". Since code immediately dereferences this, we get a segmentation fault. The issue was patched in commit 9a133d73ae4b4664d22bd1aa6d654fec13c52ee1", + "cve": "CVE-2020-15204", + "id": "pyup.io-57978", + "more_info_path": "/vulnerabilities/CVE-2020-15204/57978", "specs": [ "<1.15.4", ">=2.0.0a0,<2.0.3", @@ -151138,10 +153166,10 @@ "v": "<1.15.4,>=2.0.0a0,<2.0.3,>=2.1.0a0,<2.1.2,>=2.2.0a0,<2.2.1,>=2.3.0a0,<2.3.1" }, { - "advisory": "Tensorflow-rocm versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 include a fix for CVE-2020-15195: In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the implementation of 'SparseFillEmptyRowsGrad' uses a double indexing pattern. It is possible for 'reverse_index_map(i)' to be an index outside of bounds of 'grad_values', thus resulting in a heap buffer overflow.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-63xm-rx5p-xvqr", - "cve": "CVE-2020-15195", - "id": "pyup.io-57979", - "more_info_path": "/vulnerabilities/CVE-2020-15195/57979", + "advisory": "Tensorflow-rocm versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 include a fix for CVE-2020-15203: In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the 'fill' argument of tf.strings.as_string, a malicious attacker is able to trigger a format string vulnerability due to the way the internal format use in a 'printf' call is constructed. This may result in segmentation fault.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-xmq7-7fxm-rr79", + "cve": "CVE-2020-15203", + "id": "pyup.io-57987", + "more_info_path": "/vulnerabilities/CVE-2020-15203/57987", "specs": [ "<1.15.4", ">=2.0.0a0,<2.0.3", @@ -151152,10 +153180,10 @@ "v": "<1.15.4,>=2.0.0a0,<2.0.3,>=2.1.0a0,<2.1.2,>=2.2.0a0,<2.2.1,>=2.3.0a0,<2.3.1" }, { - "advisory": "Tensorflow-rocm versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 include a fix for CVE-2020-15202: In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the 'Shard' API in TensorFlow expects the last argument to be a function taking two 'int64' (i.e., 'long long') arguments. However, there are several places in TensorFlow where a lambda taking 'int' or 'int32' arguments is being used. In these cases, if the amount of work to be parallelized is large enough, integer truncation occurs. Depending on how the two arguments of the lambda are used, this can result in segfaults, read/write outside of heap allocated arrays, stack overflows, or data corruption.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-h6fg-mjxg-hqq4", - "cve": "CVE-2020-15202", - "id": "pyup.io-57984", - "more_info_path": "/vulnerabilities/CVE-2020-15202/57984", + "advisory": "Tensorflow-rocm versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 include a fix for CVE-2020-15195: In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the implementation of 'SparseFillEmptyRowsGrad' uses a double indexing pattern. It is possible for 'reverse_index_map(i)' to be an index outside of bounds of 'grad_values', thus resulting in a heap buffer overflow.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-63xm-rx5p-xvqr", + "cve": "CVE-2020-15195", + "id": "pyup.io-57979", + "more_info_path": "/vulnerabilities/CVE-2020-15195/57979", "specs": [ "<1.15.4", ">=2.0.0a0,<2.0.3", @@ -151315,10 +153343,10 @@ "v": "<1.15.4,>=2.0.0a0,<2.0.3,>=2.1.0rc0,<2.1.2,>=2.2.0rc0,<2.2.1" }, { - "advisory": "Tensorflow-rocm versions 1.15.4, 2.0.3, 2.1.2 and 2.2.1 update its dependency \"SQLite\" to handle CVE-2020-9327.", - "cve": "CVE-2020-9327", - "id": "pyup.io-57971", - "more_info_path": "/vulnerabilities/CVE-2020-9327/57971", + "advisory": "Tensorflow-rocm versions 1.15.4, 2.0.3, 2.1.2 and 2.2.1 updates its dependency \"SQLite\" to handle CVE-2020-13871.", + "cve": "CVE-2020-13871", + "id": "pyup.io-57968", + "more_info_path": "/vulnerabilities/CVE-2020-13871/57968", "specs": [ "<1.15.4", ">=2.0.0a0,<2.0.3", @@ -151328,10 +153356,10 @@ "v": "<1.15.4,>=2.0.0a0,<2.0.3,>=2.1.0rc0,<2.1.2,>=2.2.0rc0,<2.2.1" }, { - "advisory": "Tensorflow-rocm versions 1.15.4, 2.0.3, 2.1.2 and 2.2.1 updates its dependency \"SQLite\" to handle CVE-2020-13434.", - "cve": "CVE-2020-13434", - "id": "pyup.io-57970", - "more_info_path": "/vulnerabilities/CVE-2020-13434/57970", + "advisory": "Tensorflow-rocm versions 1.15.4, 2.0.3, 2.1.2 and 2.2.1 update its dependency \"SQLite\" to handle CVE-2020-9327.", + "cve": "CVE-2020-9327", + "id": "pyup.io-57971", + "more_info_path": "/vulnerabilities/CVE-2020-9327/57971", "specs": [ "<1.15.4", ">=2.0.0a0,<2.0.3", @@ -151341,10 +153369,10 @@ "v": "<1.15.4,>=2.0.0a0,<2.0.3,>=2.1.0rc0,<2.1.2,>=2.2.0rc0,<2.2.1" }, { - "advisory": "Tensorflow-rocm versions 1.15.4, 2.0.3, 2.1.2 and 2.2.1 updates its dependency \"SQLite\" to handle CVE-2020-13871.", - "cve": "CVE-2020-13871", - "id": "pyup.io-57968", - "more_info_path": "/vulnerabilities/CVE-2020-13871/57968", + "advisory": "Tensorflow-rocm versions 1.15.4, 2.0.3, 2.1.2 and 2.2.1 updates its dependency \"SQLite\" to handle CVE-2020-13434.", + "cve": "CVE-2020-13434", + "id": "pyup.io-57970", + "more_info_path": "/vulnerabilities/CVE-2020-13434/57970", "specs": [ "<1.15.4", ">=2.0.0a0,<2.0.3", @@ -151396,10 +153424,10 @@ "v": "<1.15.5,>=2.0.0a0,<2.0.4,>=2.1.0rc0,<2.1.3,>=2.2.0rc0,<2.2.2,>=2.3.0rc0,<2.3.2" }, { - "advisory": "Tensorflow-rocm versions 2.3.2, 2.2.2, 2.1.3, 2.0.4 and 1.15.5 updates its dependency \"Libjpeg-turbo\" to handle CVE-2020-13790.", - "cve": "CVE-2020-13790", - "id": "pyup.io-57957", - "more_info_path": "/vulnerabilities/CVE-2020-13790/57957", + "advisory": "Tensorflow-rocm versions 2.3.2, 2.2.2, 2.1.3, 2.0.4 and 1.15.5 update its dependency 'Junit4' to v4.13.1 to include a security fix.", + "cve": "CVE-2020-15250", + "id": "pyup.io-57955", + "more_info_path": "/vulnerabilities/CVE-2020-15250/57955", "specs": [ "<1.15.5", ">=2.0.0a0,<2.0.4", @@ -151410,10 +153438,10 @@ "v": "<1.15.5,>=2.0.0a0,<2.0.4,>=2.1.0rc0,<2.1.3,>=2.2.0rc0,<2.2.2,>=2.3.0rc0,<2.3.2" }, { - "advisory": "Tensorflow-rocm versions 2.3.2, 2.2.2, 2.1.3, 2.0.4 and 1.15.5 update its dependency 'Junit4' to v4.13.1 to include a security fix.", - "cve": "CVE-2020-15250", - "id": "pyup.io-57955", - "more_info_path": "/vulnerabilities/CVE-2020-15250/57955", + "advisory": "Tensorflow-rocm versions 2.3.2, 2.2.2, 2.1.3, 2.0.4 and 1.15.5 updates its dependency \"Libjpeg-turbo\" to handle CVE-2020-13790.", + "cve": "CVE-2020-13790", + "id": "pyup.io-57957", + "more_info_path": "/vulnerabilities/CVE-2020-13790/57957", "specs": [ "<1.15.5", ">=2.0.0a0,<2.0.4", @@ -151513,10 +153541,10 @@ "v": "<1.15.5,>=2.0.0a0,<2.0.4,>=2.1.0rc0,<2.1.3,>=2.2.0rc0,<2.2.2,>=2.3.0rc0,<2.3.2,>=2.4.0rc0,<2.4.0" }, { - "advisory": "Tensorflow-rocm 2.11.0* and previous versions are affected by CVE-2023-25667: Prior to versions 2.12.0 and 2.11.1, integer overflow occurs when '2^31 <= num_frames * height * width * channels < 2^32', for example Full HD screencast of at least 346 frames.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-fqm2-gh8w-gr68", - "cve": "CVE-2023-25667", - "id": "pyup.io-57548", - "more_info_path": "/vulnerabilities/CVE-2023-25667/57548", + "advisory": "Tensorflow-rocm 2.11.0* and previous versions are affected by CVE-2023-25660: Prior to versions 2.12.0 and 2.11.1, when the parameter 'summarize' of 'tf.raw_ops.Print' is zero, the new method 'SummarizeArray' will reference to a nullptr, leading to a seg fault.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-qjqc-vqcf-5qvj", + "cve": "CVE-2023-25660", + "id": "pyup.io-57562", + "more_info_path": "/vulnerabilities/CVE-2023-25660/57562", "specs": [ "<2.11.1", ">=2.12.0rc0,<2.12.0" @@ -151524,10 +153552,10 @@ "v": "<2.11.1,>=2.12.0rc0,<2.12.0" }, { - "advisory": "Tensorflow-rocm 2.11.0* and previous versions are affected by CVE-2023-25660: Prior to versions 2.12.0 and 2.11.1, when the parameter 'summarize' of 'tf.raw_ops.Print' is zero, the new method 'SummarizeArray' will reference to a nullptr, leading to a seg fault.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-qjqc-vqcf-5qvj", - "cve": "CVE-2023-25660", - "id": "pyup.io-57562", - "more_info_path": "/vulnerabilities/CVE-2023-25660/57562", + "advisory": "Tensorflow-rocm 2.11.0* and previous versions are affected by CVE-2023-25671: There is out-of-bounds access due to mismatched integer type sizes.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-j5w9-hmfh-4cr6", + "cve": "CVE-2023-25671", + "id": "pyup.io-57555", + "more_info_path": "/vulnerabilities/CVE-2023-25671/57555", "specs": [ "<2.11.1", ">=2.12.0rc0,<2.12.0" @@ -151535,10 +153563,10 @@ "v": "<2.11.1,>=2.12.0rc0,<2.12.0" }, { - "advisory": "Tensorflow-rocm 2.11.0* and previous versions are affected by CVE-2023-25801: Prior to versions 2.12.0 and 2.11.1, 'nn_ops.fractional_avg_pool_v2' and 'nn_ops.fractional_max_pool_v2' require the first and fourth elements of their parameter 'pooling_ratio' to be equal to 1.0, as pooling on batch and channel dimensions is not supported.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-f49c-87jh-g47q", - "cve": "CVE-2023-25801", - "id": "pyup.io-57551", - "more_info_path": "/vulnerabilities/CVE-2023-25801/57551", + "advisory": "Tensorflow-rocm 2.11.0* and previous versions are affected by CVE-2023-25676: When running versions prior to 2.12.0 and 2.11.1 with XLA, 'tf.raw_ops.ParallelConcat' segfaults with a nullptr dereference when given a parameter 'shape' with rank that is not greater than zero.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-6wfh-89q8-44jq", + "cve": "CVE-2023-25676", + "id": "pyup.io-57546", + "more_info_path": "/vulnerabilities/CVE-2023-25676/57546", "specs": [ "<2.11.1", ">=2.12.0rc0,<2.12.0" @@ -151546,10 +153574,10 @@ "v": "<2.11.1,>=2.12.0rc0,<2.12.0" }, { - "advisory": "Tensorflow-rocm 2.11.0* and previous versions are affected by CVE-2023-25671: There is out-of-bounds access due to mismatched integer type sizes.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-j5w9-hmfh-4cr6", - "cve": "CVE-2023-25671", - "id": "pyup.io-57555", - "more_info_path": "/vulnerabilities/CVE-2023-25671/57555", + "advisory": "Tensorflow-rocm 2.11.0* and previous versions are affected by CVE-2023-25666: Prior to versions 2.12.0 and 2.11.1, there is a floating point exception in AudioSpectrogram. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-f637-vh3r-vfh2", + "cve": "CVE-2023-25666", + "id": "pyup.io-57547", + "more_info_path": "/vulnerabilities/CVE-2023-25666/57547", "specs": [ "<2.11.1", ">=2.12.0rc0,<2.12.0" @@ -151557,10 +153585,10 @@ "v": "<2.11.1,>=2.12.0rc0,<2.12.0" }, { - "advisory": "Tensorflow-rocm 2.11.0* and previous versions are affected by CVE-2023-25665: Prior to versions 2.12.0 and 2.11.1, when 'SparseSparseMaximum' is given invalid sparse tensors as inputs, it can give a null pointer error.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-558h-mq8x-7q9g", - "cve": "CVE-2023-25665", - "id": "pyup.io-57553", - "more_info_path": "/vulnerabilities/CVE-2023-25665/57553", + "advisory": "Tensorflow-rocm 2.11.0* and previous versions are affected by CVE-2023-25663: Prior to versions 2.12.0 and 2.11.1, when 'ctx->step_containter()' is a null ptr, the Lookup function will be executed with a null pointer.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-64jg-wjww-7c5w", + "cve": "CVE-2023-25663", + "id": "pyup.io-57560", + "more_info_path": "/vulnerabilities/CVE-2023-25663/57560", "specs": [ "<2.11.1", ">=2.12.0rc0,<2.12.0" @@ -151568,10 +153596,10 @@ "v": "<2.11.1,>=2.12.0rc0,<2.12.0" }, { - "advisory": "Tensorflow-rocm 2.11.0* and previous versions are affected by CVE-2023-25673: Versions prior to 2.12.0 and 2.11.1 have a Floating Point Exception in TensorListSplit with XLA. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.", - "cve": "CVE-2023-25673", - "id": "pyup.io-57544", - "more_info_path": "/vulnerabilities/CVE-2023-25673/57544", + "advisory": "Tensorflow-rocm 2.11.0* and previous versions are affected by CVE-2023-25662: Versions prior to 2.12.0 and 2.11.1 are vulnerable to integer overflow in EditDistance.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-7jvm-xxmr-v5cw", + "cve": "CVE-2023-25662", + "id": "pyup.io-57561", + "more_info_path": "/vulnerabilities/CVE-2023-25662/57561", "specs": [ "<2.11.1", ">=2.12.0rc0,<2.12.0" @@ -151579,10 +153607,10 @@ "v": "<2.11.1,>=2.12.0rc0,<2.12.0" }, { - "advisory": "Tensorflow-rocm 2.11.0* and previous versions are affected by CVE-2023-25672: The function 'tf.raw_ops.LookupTableImportV2' cannot handle scalars in the 'values' parameter and gives an NPE. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.", - "cve": "CVE-2023-25672", - "id": "pyup.io-57545", - "more_info_path": "/vulnerabilities/CVE-2023-25672/57545", + "advisory": "Tensorflow-rocm 2.11.0* and previous versions are affected by CVE-2023-25659: Prior to versions 2.12.0 and 2.11.1, if the parameter 'indices' for 'DynamicStitch' does not match the shape of the parameter 'data', it can trigger an stack OOB read.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-93vr-9q9m-pj8p", + "cve": "CVE-2023-25659", + "id": "pyup.io-57563", + "more_info_path": "/vulnerabilities/CVE-2023-25659/57563", "specs": [ "<2.11.1", ">=2.12.0rc0,<2.12.0" @@ -151590,10 +153618,10 @@ "v": "<2.11.1,>=2.12.0rc0,<2.12.0" }, { - "advisory": "Tensorflow-rocm 2.11.0* and previous versions are affected by CVE-2023-25676: When running versions prior to 2.12.0 and 2.11.1 with XLA, 'tf.raw_ops.ParallelConcat' segfaults with a nullptr dereference when given a parameter 'shape' with rank that is not greater than zero.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-6wfh-89q8-44jq", - "cve": "CVE-2023-25676", - "id": "pyup.io-57546", - "more_info_path": "/vulnerabilities/CVE-2023-25676/57546", + "advisory": "Tensorflow-rocm 2.11.0* and previous versions are affected by CVE-2023-25668: Attackers using Tensorflow prior to 2.12.0 or 2.11.1 can access heap memory which is not in the control of user, leading to a crash or remote code execution.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-gw97-ff7c-9v96", + "cve": "CVE-2023-25668", + "id": "pyup.io-57558", + "more_info_path": "/vulnerabilities/CVE-2023-25668/57558", "specs": [ "<2.11.1", ">=2.12.0rc0,<2.12.0" @@ -151601,10 +153629,54 @@ "v": "<2.11.1,>=2.12.0rc0,<2.12.0" }, { - "advisory": "Tensorflow-rocm 2.11.0* and previous versions are affected by CVE-2023-25666: Prior to versions 2.12.0 and 2.11.1, there is a floating point exception in AudioSpectrogram. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-f637-vh3r-vfh2", - "cve": "CVE-2023-25666", - "id": "pyup.io-57547", - "more_info_path": "/vulnerabilities/CVE-2023-25666/57547", + "advisory": "Tensorflow-rocm 2.11.0* and previous versions are affected by CVE-2023-25667: Prior to versions 2.12.0 and 2.11.1, integer overflow occurs when '2^31 <= num_frames * height * width * channels < 2^32', for example Full HD screencast of at least 346 frames.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-fqm2-gh8w-gr68", + "cve": "CVE-2023-25667", + "id": "pyup.io-57548", + "more_info_path": "/vulnerabilities/CVE-2023-25667/57548", + "specs": [ + "<2.11.1", + ">=2.12.0rc0,<2.12.0" + ], + "v": "<2.11.1,>=2.12.0rc0,<2.12.0" + }, + { + "advisory": "Tensorflow-rocm 2.11.0* and previous versions are affected by CVE-2023-25801: Prior to versions 2.12.0 and 2.11.1, 'nn_ops.fractional_avg_pool_v2' and 'nn_ops.fractional_max_pool_v2' require the first and fourth elements of their parameter 'pooling_ratio' to be equal to 1.0, as pooling on batch and channel dimensions is not supported.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-f49c-87jh-g47q", + "cve": "CVE-2023-25801", + "id": "pyup.io-57551", + "more_info_path": "/vulnerabilities/CVE-2023-25801/57551", + "specs": [ + "<2.11.1", + ">=2.12.0rc0,<2.12.0" + ], + "v": "<2.11.1,>=2.12.0rc0,<2.12.0" + }, + { + "advisory": "Tensorflow-rocm 2.11.0* and previous versions are affected by CVE-2023-25665: Prior to versions 2.12.0 and 2.11.1, when 'SparseSparseMaximum' is given invalid sparse tensors as inputs, it can give a null pointer error.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-558h-mq8x-7q9g", + "cve": "CVE-2023-25665", + "id": "pyup.io-57553", + "more_info_path": "/vulnerabilities/CVE-2023-25665/57553", + "specs": [ + "<2.11.1", + ">=2.12.0rc0,<2.12.0" + ], + "v": "<2.11.1,>=2.12.0rc0,<2.12.0" + }, + { + "advisory": "Tensorflow-rocm 2.11.0* and previous versions are affected by CVE-2023-25673: Versions prior to 2.12.0 and 2.11.1 have a Floating Point Exception in TensorListSplit with XLA. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.", + "cve": "CVE-2023-25673", + "id": "pyup.io-57544", + "more_info_path": "/vulnerabilities/CVE-2023-25673/57544", + "specs": [ + "<2.11.1", + ">=2.12.0rc0,<2.12.0" + ], + "v": "<2.11.1,>=2.12.0rc0,<2.12.0" + }, + { + "advisory": "Tensorflow-rocm 2.11.0* and previous versions are affected by CVE-2023-25672: The function 'tf.raw_ops.LookupTableImportV2' cannot handle scalars in the 'values' parameter and gives an NPE. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.", + "cve": "CVE-2023-25672", + "id": "pyup.io-57545", + "more_info_path": "/vulnerabilities/CVE-2023-25672/57545", "specs": [ "<2.11.1", ">=2.12.0rc0,<2.12.0" @@ -151655,39 +153727,6 @@ ], "v": "<2.11.1,>=2.12.0rc0,<2.12.0" }, - { - "advisory": "Tensorflow-rocm 2.11.0* and previous versions are affected by CVE-2023-25663: Prior to versions 2.12.0 and 2.11.1, when 'ctx->step_containter()' is a null ptr, the Lookup function will be executed with a null pointer.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-64jg-wjww-7c5w", - "cve": "CVE-2023-25663", - "id": "pyup.io-57560", - "more_info_path": "/vulnerabilities/CVE-2023-25663/57560", - "specs": [ - "<2.11.1", - ">=2.12.0rc0,<2.12.0" - ], - "v": "<2.11.1,>=2.12.0rc0,<2.12.0" - }, - { - "advisory": "Tensorflow-rocm 2.11.0* and previous versions are affected by CVE-2023-25662: Versions prior to 2.12.0 and 2.11.1 are vulnerable to integer overflow in EditDistance.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-7jvm-xxmr-v5cw", - "cve": "CVE-2023-25662", - "id": "pyup.io-57561", - "more_info_path": "/vulnerabilities/CVE-2023-25662/57561", - "specs": [ - "<2.11.1", - ">=2.12.0rc0,<2.12.0" - ], - "v": "<2.11.1,>=2.12.0rc0,<2.12.0" - }, - { - "advisory": "Tensorflow-rocm 2.11.0* and previous versions are affected by CVE-2023-25659: Prior to versions 2.12.0 and 2.11.1, if the parameter 'indices' for 'DynamicStitch' does not match the shape of the parameter 'data', it can trigger an stack OOB read.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-93vr-9q9m-pj8p", - "cve": "CVE-2023-25659", - "id": "pyup.io-57563", - "more_info_path": "/vulnerabilities/CVE-2023-25659/57563", - "specs": [ - "<2.11.1", - ">=2.12.0rc0,<2.12.0" - ], - "v": "<2.11.1,>=2.12.0rc0,<2.12.0" - }, { "advisory": "Tensorflow-rocm 2.11.0* and previous versions are affected by CVE-2023-25675: When running versions prior to 2.12.0 and 2.11.1 with XLA, 'tf.raw_ops.Bincount' segfaults when given a parameter 'weights' that is neither the same shape as parameter 'arr' nor a length-0 tensor.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-7x4v-9gxg-9hwj", "cve": "CVE-2023-25675", @@ -151732,17 +153771,6 @@ ], "v": "<2.11.1,>=2.12.0rc0,<2.12.0" }, - { - "advisory": "Tensorflow-rocm 2.11.0* and previous versions are affected by CVE-2023-25668: Attackers using Tensorflow prior to 2.12.0 or 2.11.1 can access heap memory which is not in the control of user, leading to a crash or remote code execution.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-gw97-ff7c-9v96", - "cve": "CVE-2023-25668", - "id": "pyup.io-57558", - "more_info_path": "/vulnerabilities/CVE-2023-25668/57558", - "specs": [ - "<2.11.1", - ">=2.12.0rc0,<2.12.0" - ], - "v": "<2.11.1,>=2.12.0rc0,<2.12.0" - }, { "advisory": "Tensorflow-rocm 2.4.0 includes a fix for CVE-2020-15266: In Tensorflow before version 2.4.0, when the 'boxes' argument of 'tf.image.crop_and_resize' has a very large value, the CPU kernel implementation receives it as a C++ 'nan' floating point value. Attempting to operate on this is undefined behavior which later produces a segmentation fault.\nhttps://github.com/tensorflow/tensorflow/issues/42129\nhttps://github.com/tensorflow/tensorflow/pull/42143/commits/3ade2efec2e90c6237de32a19680caaa3ebc2845\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-xwhf-g6j5-j5gc", "cve": "CVE-2020-15266", @@ -151796,10 +153824,10 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "Tensorflow-rocm versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41201: In affected versions, during execution, 'EinsumHelper::ParseEquation()' is supposed to set the flags in 'input_has_ellipsis' vector and '*output_has_ellipsis' boolean to indicate whether there is ellipsis in the corresponding inputs and output. However, the code only changes these flags to 'true' and never assigns 'false'. This results in unitialized variable access if callers assume that 'EinsumHelper::ParseEquation()' always sets these flags. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-j86v-p27c-73fm\nhttps://github.com/tensorflow/tensorflow/commit/f09caa532b6e1ac8d2aa61b7832c78c5b79300c6", - "cve": "CVE-2021-41201", - "id": "pyup.io-57748", - "more_info_path": "/vulnerabilities/CVE-2021-41201/57748", + "advisory": "Tensorflow-rocm versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41204: In affected versions, during TensorFlow's Grappler optimizer phase, constant folding might attempt to deep copy a resource tensor. This results in a segfault, as these tensors are supposed to not change. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-786j-5qwq-r36x\nhttps://github.com/tensorflow/tensorflow/commit/7731e8dfbe4a56773be5dc94d631611211156659", + "cve": "CVE-2021-41204", + "id": "pyup.io-57765", + "more_info_path": "/vulnerabilities/CVE-2021-41204/57765", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -151808,10 +153836,10 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "Tensorflow-rocm versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41204: In affected versions, during TensorFlow's Grappler optimizer phase, constant folding might attempt to deep copy a resource tensor. This results in a segfault, as these tensors are supposed to not change. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-786j-5qwq-r36x\nhttps://github.com/tensorflow/tensorflow/commit/7731e8dfbe4a56773be5dc94d631611211156659", - "cve": "CVE-2021-41204", - "id": "pyup.io-57765", - "more_info_path": "/vulnerabilities/CVE-2021-41204/57765", + "advisory": "Tensorflow-rocm versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41214: In affected versions, the shape inference code for 'tf.ragged.cross' has an undefined behavior due to binding a reference to 'nullptr'. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-vwhq-49r4-gj9v\nhttps://github.com/tensorflow/tensorflow/commit/fa6b7782fbb14aa08d767bc799c531f5e1fb3bb8", + "cve": "CVE-2021-41214", + "id": "pyup.io-57758", + "more_info_path": "/vulnerabilities/CVE-2021-41214/57758", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -151820,10 +153848,10 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "Tensorflow-rocm versions 2.4.4, 2.5.2 and 2.6.1 update its dependency 'curl' to v7.78.0 to handle CVE-2021-22926.", - "cve": "CVE-2021-22926", - "id": "pyup.io-57752", - "more_info_path": "/vulnerabilities/CVE-2021-22926/57752", + "advisory": "Tensorflow-rocm versions 2.4.4, 2.5.2 and 2.6.1 update its dependency 'curl' to v7.78.0 to handle CVE-2021-22925.", + "cve": "CVE-2021-22925", + "id": "pyup.io-57743", + "more_info_path": "/vulnerabilities/CVE-2021-22925/57743", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -151832,10 +153860,10 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "Tensorflow-rocm versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41218: In affected versions, the shape inference code for 'AllToAll' can be made to execute a division by 0. This occurs whenever the 'split_count' argument is 0. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9crf-c6qr-r273\nhttps://github.com/tensorflow/tensorflow/commit/a8ad3e5e79c75f36edb81e0ba3f3c0c5442aeddc", - "cve": "CVE-2021-41218", - "id": "pyup.io-57746", - "more_info_path": "/vulnerabilities/CVE-2021-41218/57746", + "advisory": "Tensorflow-rocm versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41196: In affected versions, the Keras pooling layers can trigger a segfault if the size of the pool is 0 or if a dimension is negative. This is due to the TensorFlow's implementation of pooling operations where the values in the sliding window are not checked to be strictly positive. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-m539-j985-hcr8", + "cve": "CVE-2021-41196", + "id": "pyup.io-57747", + "more_info_path": "/vulnerabilities/CVE-2021-41196/57747", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -151844,10 +153872,10 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "Tensorflow-rocm versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41214: In affected versions, the shape inference code for 'tf.ragged.cross' has an undefined behavior due to binding a reference to 'nullptr'. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-vwhq-49r4-gj9v\nhttps://github.com/tensorflow/tensorflow/commit/fa6b7782fbb14aa08d767bc799c531f5e1fb3bb8", - "cve": "CVE-2021-41214", - "id": "pyup.io-57758", - "more_info_path": "/vulnerabilities/CVE-2021-41214/57758", + "advisory": "Tensorflow-rocm versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41223: In affected versions, the implementation of 'FusedBatchNorm' kernels is vulnerable to a heap OOB access. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-f54p-f6jp-4rhr\nhttps://github.com/tensorflow/tensorflow/commit/aab9998916c2ffbd8f0592059fad352622f89cda", + "cve": "CVE-2021-41223", + "id": "pyup.io-57754", + "more_info_path": "/vulnerabilities/CVE-2021-41223/57754", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -151856,10 +153884,10 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "Tensorflow-rocm versions 2.4.4, 2.5.2 and 2.6.1 update its dependency 'curl' to v7.78.0 to handle CVE-2021-22925.", - "cve": "CVE-2021-22925", - "id": "pyup.io-57743", - "more_info_path": "/vulnerabilities/CVE-2021-22925/57743", + "advisory": "Tensorflow-rocm versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41205: In affected versions, the shape inference functions for the 'QuantizeAndDequantizeV*' operations can trigger a read outside of bounds of heap allocated array. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-49rx-x2rw-pc6f\nhttps://github.com/tensorflow/tensorflow/commit/7cf73a2274732c9d82af51c2bc2cf90d13cd7e6d", + "cve": "CVE-2021-41205", + "id": "pyup.io-57757", + "more_info_path": "/vulnerabilities/CVE-2021-41205/57757", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -151868,10 +153896,10 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "Tensorflow-rocm versions 2.4.4, 2.5.2 and 2.6.1 update its dependency 'curl' to v7.78.0 to handle CVE-2021-22922.", - "cve": "CVE-2021-22922", - "id": "pyup.io-57744", - "more_info_path": "/vulnerabilities/CVE-2021-22922/57744", + "advisory": "Tensorflow-rocm versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41207: In affected versions, the implementation of 'ParallelConcat' misses some input validation and can produce a division by 0. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-7v94-64hj-m82h\nhttps://github.com/tensorflow/tensorflow/commit/f2c3931113eaafe9ef558faaddd48e00a6606235", + "cve": "CVE-2021-41207", + "id": "pyup.io-57763", + "more_info_path": "/vulnerabilities/CVE-2021-41207/57763", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -151880,10 +153908,10 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "Tensorflow-rocm versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41209: In affected versions, the implementations for convolution operators trigger a division by 0 if passed empty filter tensor arguments. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-6hpv-v2rx-c5g6\nhttps://github.com/tensorflow/tensorflow/commit/f2c3931113eaafe9ef558faaddd48e00a6606235", - "cve": "CVE-2021-41209", - "id": "pyup.io-57749", - "more_info_path": "/vulnerabilities/CVE-2021-41209/57749", + "advisory": "Tensorflow-rocm versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41199: In affected versions, if 'tf.image.resize' is called with a large input argument then the TensorFlow process will crash due to a 'CHECK'-failure caused by an overflow. The number of elements in the output tensor is too much for the 'int64_t' type and the overflow is detected via a 'CHECK' statement. This aborts the process. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-5hx2-qx8j-qjqm", + "cve": "CVE-2021-41199", + "id": "pyup.io-57767", + "more_info_path": "/vulnerabilities/CVE-2021-41199/57767", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -151892,10 +153920,10 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "Tensorflow-rocm versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41196: In affected versions, the Keras pooling layers can trigger a segfault if the size of the pool is 0 or if a dimension is negative. This is due to the TensorFlow's implementation of pooling operations where the values in the sliding window are not checked to be strictly positive. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-m539-j985-hcr8", - "cve": "CVE-2021-41196", - "id": "pyup.io-57747", - "more_info_path": "/vulnerabilities/CVE-2021-41196/57747", + "advisory": "Tensorflow-rocm versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41201: In affected versions, during execution, 'EinsumHelper::ParseEquation()' is supposed to set the flags in 'input_has_ellipsis' vector and '*output_has_ellipsis' boolean to indicate whether there is ellipsis in the corresponding inputs and output. However, the code only changes these flags to 'true' and never assigns 'false'. This results in unitialized variable access if callers assume that 'EinsumHelper::ParseEquation()' always sets these flags. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-j86v-p27c-73fm\nhttps://github.com/tensorflow/tensorflow/commit/f09caa532b6e1ac8d2aa61b7832c78c5b79300c6", + "cve": "CVE-2021-41201", + "id": "pyup.io-57748", + "more_info_path": "/vulnerabilities/CVE-2021-41201/57748", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -151904,10 +153932,10 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "Tensorflow-rocm versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41228: In affected versions, TensorFlow's 'saved_model_cli' tool is vulnerable to a code injection as it calls 'eval' on user supplied strings. This can be used by attackers to run arbitrary code on the plaform where the CLI tool runs. However, given that the tool is always run manually, the impact of this is not severe. The issue has been patched by adding a 'safe' flag which defaults to 'True' and an explicit warning for users.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-3rcw-9p9x-582v\nhttps://github.com/tensorflow/tensorflow/commit/8b202f08d52e8206af2bdb2112a62fafbc546ec7", - "cve": "CVE-2021-41228", - "id": "pyup.io-57751", - "more_info_path": "/vulnerabilities/CVE-2021-41228/57751", + "advisory": "Tensorflow-rocm versions 2.4.4, 2.5.2 and 2.6.1 update its dependency 'curl' to v7.78.0 to handle CVE-2021-22926.", + "cve": "CVE-2021-22926", + "id": "pyup.io-57752", + "more_info_path": "/vulnerabilities/CVE-2021-22926/57752", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -151916,10 +153944,10 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "Tensorflow-rocm versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41215: In affected versions, the shape inference code for 'DeserializeSparse' can trigger a null pointer dereference. This is because the shape inference function assumes that the 'serialize_sparse' tensor is a tensor with positive rank (and having '3' as the last dimension). The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-x3v8-c8qx-3j3r\nhttps://github.com/tensorflow/tensorflow/commit/d3738dd70f1c9ceb547258cbb82d853da8771850", - "cve": "CVE-2021-41215", - "id": "pyup.io-57753", - "more_info_path": "/vulnerabilities/CVE-2021-41215/57753", + "advisory": "Tensorflow-rocm versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41218: In affected versions, the shape inference code for 'AllToAll' can be made to execute a division by 0. This occurs whenever the 'split_count' argument is 0. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9crf-c6qr-r273\nhttps://github.com/tensorflow/tensorflow/commit/a8ad3e5e79c75f36edb81e0ba3f3c0c5442aeddc", + "cve": "CVE-2021-41218", + "id": "pyup.io-57746", + "more_info_path": "/vulnerabilities/CVE-2021-41218/57746", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -151928,10 +153956,10 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "Tensorflow-rocm versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41223: In affected versions, the implementation of 'FusedBatchNorm' kernels is vulnerable to a heap OOB access. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-f54p-f6jp-4rhr\nhttps://github.com/tensorflow/tensorflow/commit/aab9998916c2ffbd8f0592059fad352622f89cda", - "cve": "CVE-2021-41223", - "id": "pyup.io-57754", - "more_info_path": "/vulnerabilities/CVE-2021-41223/57754", + "advisory": "Tensorflow-rocm versions 2.4.4, 2.5.2 and 2.6.1 update its dependency 'curl' to v7.78.0 to handle CVE-2021-22922.", + "cve": "CVE-2021-22922", + "id": "pyup.io-57744", + "more_info_path": "/vulnerabilities/CVE-2021-22922/57744", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -151940,10 +153968,10 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "Tensorflow-rocm versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41217: In affected versions, the process of building the control flow graph for a TensorFlow model is vulnerable to a null pointer exception when nodes that should be paired are not. This occurs because the code assumes that the first node in the pairing (e.g., an 'Enter' node) always exists when encountering the second node (e.g., an 'Exit' node). When this is not the case, 'parent' is 'nullptr' so dereferencing it causes a crash. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-5crj-c72x-m7gq\nhttps://github.com/tensorflow/tensorflow/commit/05cbebd3c6bb8f517a158b0155debb8df79017ff", - "cve": "CVE-2021-41217", - "id": "pyup.io-57756", - "more_info_path": "/vulnerabilities/CVE-2021-41217/57756", + "advisory": "Tensorflow-rocm versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41209: In affected versions, the implementations for convolution operators trigger a division by 0 if passed empty filter tensor arguments. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-6hpv-v2rx-c5g6\nhttps://github.com/tensorflow/tensorflow/commit/f2c3931113eaafe9ef558faaddd48e00a6606235", + "cve": "CVE-2021-41209", + "id": "pyup.io-57749", + "more_info_path": "/vulnerabilities/CVE-2021-41209/57749", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -151952,10 +153980,10 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "Tensorflow-rocm versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41205: In affected versions, the shape inference functions for the 'QuantizeAndDequantizeV*' operations can trigger a read outside of bounds of heap allocated array. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-49rx-x2rw-pc6f\nhttps://github.com/tensorflow/tensorflow/commit/7cf73a2274732c9d82af51c2bc2cf90d13cd7e6d", - "cve": "CVE-2021-41205", - "id": "pyup.io-57757", - "more_info_path": "/vulnerabilities/CVE-2021-41205/57757", + "advisory": "Tensorflow-rocm versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41228: In affected versions, TensorFlow's 'saved_model_cli' tool is vulnerable to a code injection as it calls 'eval' on user supplied strings. This can be used by attackers to run arbitrary code on the plaform where the CLI tool runs. However, given that the tool is always run manually, the impact of this is not severe. The issue has been patched by adding a 'safe' flag which defaults to 'True' and an explicit warning for users.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-3rcw-9p9x-582v\nhttps://github.com/tensorflow/tensorflow/commit/8b202f08d52e8206af2bdb2112a62fafbc546ec7", + "cve": "CVE-2021-41228", + "id": "pyup.io-57751", + "more_info_path": "/vulnerabilities/CVE-2021-41228/57751", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -151964,10 +153992,10 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "Tensorflow-rocm versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41219: In affected versions, the code for sparse matrix multiplication is vulnerable to undefined behavior via binding a reference to 'nullptr'. This occurs whenever the dimensions of 'a' or 'b' are 0 or less. In the case on one of these is 0, an empty output tensor should be allocated (to conserve the invariant that output tensors are always allocated when the operation is successful) but nothing should be written to it (that is, it should return early from the kernel implementation). Otherwise, attempts to write to this empty tensor would result in heap OOB access. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-4f99-p9c2-3j8x\nhttps://github.com/tensorflow/tensorflow/commit/e6cf28c72ba2eb949ca950d834dd6d66bb01cfae", - "cve": "CVE-2021-41219", - "id": "pyup.io-57759", - "more_info_path": "/vulnerabilities/CVE-2021-41219/57759", + "advisory": "Tensorflow-rocm versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41215: In affected versions, the shape inference code for 'DeserializeSparse' can trigger a null pointer dereference. This is because the shape inference function assumes that the 'serialize_sparse' tensor is a tensor with positive rank (and having '3' as the last dimension). The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-x3v8-c8qx-3j3r\nhttps://github.com/tensorflow/tensorflow/commit/d3738dd70f1c9ceb547258cbb82d853da8771850", + "cve": "CVE-2021-41215", + "id": "pyup.io-57753", + "more_info_path": "/vulnerabilities/CVE-2021-41215/57753", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -151976,10 +154004,10 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "Tensorflow-rocm versions 2.4.4, 2.5.2 and 2.6.1 update its dependency 'curl' to v7.78.0 to handle CVE-2021-22924.", - "cve": "CVE-2021-22924", - "id": "pyup.io-57760", - "more_info_path": "/vulnerabilities/CVE-2021-22924/57760", + "advisory": "Tensorflow-rocm versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41217: In affected versions, the process of building the control flow graph for a TensorFlow model is vulnerable to a null pointer exception when nodes that should be paired are not. This occurs because the code assumes that the first node in the pairing (e.g., an 'Enter' node) always exists when encountering the second node (e.g., an 'Exit' node). When this is not the case, 'parent' is 'nullptr' so dereferencing it causes a crash. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-5crj-c72x-m7gq\nhttps://github.com/tensorflow/tensorflow/commit/05cbebd3c6bb8f517a158b0155debb8df79017ff", + "cve": "CVE-2021-41217", + "id": "pyup.io-57756", + "more_info_path": "/vulnerabilities/CVE-2021-41217/57756", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -151988,10 +154016,10 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "Tensorflow-rocm versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41207: In affected versions, the implementation of 'ParallelConcat' misses some input validation and can produce a division by 0. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-7v94-64hj-m82h\nhttps://github.com/tensorflow/tensorflow/commit/f2c3931113eaafe9ef558faaddd48e00a6606235", - "cve": "CVE-2021-41207", - "id": "pyup.io-57763", - "more_info_path": "/vulnerabilities/CVE-2021-41207/57763", + "advisory": "Tensorflow-rocm versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41219: In affected versions, the code for sparse matrix multiplication is vulnerable to undefined behavior via binding a reference to 'nullptr'. This occurs whenever the dimensions of 'a' or 'b' are 0 or less. In the case on one of these is 0, an empty output tensor should be allocated (to conserve the invariant that output tensors are always allocated when the operation is successful) but nothing should be written to it (that is, it should return early from the kernel implementation). Otherwise, attempts to write to this empty tensor would result in heap OOB access. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-4f99-p9c2-3j8x\nhttps://github.com/tensorflow/tensorflow/commit/e6cf28c72ba2eb949ca950d834dd6d66bb01cfae", + "cve": "CVE-2021-41219", + "id": "pyup.io-57759", + "more_info_path": "/vulnerabilities/CVE-2021-41219/57759", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -152000,10 +154028,10 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "Tensorflow-rocm versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41199: In affected versions, if 'tf.image.resize' is called with a large input argument then the TensorFlow process will crash due to a 'CHECK'-failure caused by an overflow. The number of elements in the output tensor is too much for the 'int64_t' type and the overflow is detected via a 'CHECK' statement. This aborts the process. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-5hx2-qx8j-qjqm", - "cve": "CVE-2021-41199", - "id": "pyup.io-57767", - "more_info_path": "/vulnerabilities/CVE-2021-41199/57767", + "advisory": "Tensorflow-rocm versions 2.4.4, 2.5.2 and 2.6.1 update its dependency 'curl' to v7.78.0 to handle CVE-2021-22924.", + "cve": "CVE-2021-22924", + "id": "pyup.io-57760", + "more_info_path": "/vulnerabilities/CVE-2021-22924/57760", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -152035,6 +154063,18 @@ ], "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, + { + "advisory": "Tensorflow-rocm versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41221: In affected versions, the shape inference code for the 'Cudnn*' operations can be tricked into accessing invalid memory via a heap buffer overflow. This occurs because the ranks of the 'input', 'input_h' and 'input_c' parameters are not validated, but code assumes they have certain values. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-cqv6-3phm-hcwx\nhttps://github.com/tensorflow/tensorflow/commit/af5fcebb37c8b5d71c237f4e59c6477015c78ce6", + "cve": "CVE-2021-41221", + "id": "pyup.io-57772", + "more_info_path": "/vulnerabilities/CVE-2021-41221/57772", + "specs": [ + "<2.4.4", + ">=2.5.0rc0,<2.5.2", + ">=2.6.0rc0,<2.6.1" + ], + "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" + }, { "advisory": "Tensorflow-rocm versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41212: In affected versions, the shape inference code for 'tf.ragged.cross' can trigger a read outside of bounds of heap allocated array. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-fr77-rrx3-cp7g\nhttps://github.com/tensorflow/tensorflow/commit/fa6b7782fbb14aa08d767bc799c531f5e1fb3bb8", "cve": "CVE-2021-41212", @@ -152071,18 +154111,6 @@ ], "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, - { - "advisory": "Tensorflow-rocm versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41221: In affected versions, the shape inference code for the 'Cudnn*' operations can be tricked into accessing invalid memory via a heap buffer overflow. This occurs because the ranks of the 'input', 'input_h' and 'input_c' parameters are not validated, but code assumes they have certain values. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-cqv6-3phm-hcwx\nhttps://github.com/tensorflow/tensorflow/commit/af5fcebb37c8b5d71c237f4e59c6477015c78ce6", - "cve": "CVE-2021-41221", - "id": "pyup.io-57772", - "more_info_path": "/vulnerabilities/CVE-2021-41221/57772", - "specs": [ - "<2.4.4", - ">=2.5.0rc0,<2.5.2", - ">=2.6.0rc0,<2.6.1" - ], - "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" - }, { "advisory": "Tensorflow-rocm versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41227: In affected versions, the 'ImmutableConst' operation in TensorFlow can be tricked into reading arbitrary memory contents. This is because the 'tstring' TensorFlow string class has a special case for memory mapped strings but the operation itself does not offer any support for this datatype. The fix is also included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-j8c8-67vp-6mx7\nhttps://github.com/tensorflow/tensorflow/commit/1cb6bb6c2a6019417c9adaf9e6843ba75ee2580b\nhttps://github.com/tensorflow/tensorflow/commit/3712a2d3455e6ccb924daa5724a3652a86f6b585", "cve": "CVE-2021-41227", @@ -152204,10 +154232,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1" }, { - "advisory": "Tensorflow is an Open Source Machine Learning Framework. The 'GraphDef' format in TensorFlow does not allow self recursive functions. The runtime assumes that this invariant is satisfied. However, a 'GraphDef' containing a fragment such as the following can be consumed when loading a 'SavedModel'. This would result in a stack overflow during execution as resolving each 'NodeDef' means resolving the function itself and its nodes. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", - "cve": "CVE-2022-23591", - "id": "pyup.io-57730", - "more_info_path": "/vulnerabilities/CVE-2022-23591/57730", + "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23563: In multiple places, TensorFlow uses 'tempfile.mktemp' to create temporary files. While this is acceptable in testing, in utilities and libraries it is dangerous as a different process can create the file between the check for the filename in 'mktemp' and the actual creation of the file by a subsequent operation (a TOC/TOU type of weakness). In several instances, TensorFlow was supposed to actually create a temporary directory instead of a file. This logic bug is hidden away by the 'mktemp' function usage. It was replaced 'mktemp' with the safer 'mkstemp'/'mkdtemp' functions, according to the usage pattern.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-wc4g-r73w-x8mm", + "cve": "CVE-2022-23563", + "id": "pyup.io-57693", + "more_info_path": "/vulnerabilities/CVE-2022-23563/57693", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -152217,10 +154245,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, TensorFlow can fail to specialize a type during shape inference. This case is covered by the 'DCHECK' function however, 'DCHECK' is a no-op in production builds and an assertion failure in debug builds. In the first case execution proceeds to the 'ValueOrDie' line. This results in an assertion failure as 'ret' contains an error 'Status', not a value. In the second case we also get a crash due to the assertion failure. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, and TensorFlow 2.6.3, as these are also affected and still in supported range.", - "cve": "CVE-2022-23572", - "id": "pyup.io-57726", - "more_info_path": "/vulnerabilities/CVE-2022-23572/57726", + "advisory": "Tensorflow-rocm is an Open Source Machine Learning Framework. The implementation of `OpLevelCostEstimator::CalculateOutputSize` is vulnerable to an integer overflow if an attacker can create an operation which would involve tensors with large enough number of elements. We can have a large enough number of dimensions in `output_shape.dim()` or just a small number of dimensions being large enough to cause an overflow in the multiplication. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", + "cve": "CVE-2022-23576", + "id": "pyup.io-57701", + "more_info_path": "/vulnerabilities/CVE-2022-23576/57701", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -152230,10 +154258,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23563: In multiple places, TensorFlow uses 'tempfile.mktemp' to create temporary files. While this is acceptable in testing, in utilities and libraries it is dangerous as a different process can create the file between the check for the filename in 'mktemp' and the actual creation of the file by a subsequent operation (a TOC/TOU type of weakness). In several instances, TensorFlow was supposed to actually create a temporary directory instead of a file. This logic bug is hidden away by the 'mktemp' function usage. It was replaced 'mktemp' with the safer 'mkstemp'/'mkdtemp' functions, according to the usage pattern.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-wc4g-r73w-x8mm", - "cve": "CVE-2022-23563", - "id": "pyup.io-57693", - "more_info_path": "/vulnerabilities/CVE-2022-23563/57693", + "advisory": "Tensorflow-rocm versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23558: An attacker can craft a TFLite model that would cause an integer overflow in 'TfLiteIntArrayCreate'. The 'TfLiteIntArrayGetSizeInBytes' returns an 'int' instead of a 'size_t'. An attacker can control model inputs such that 'computed_size' overflows the size of 'int' datatype.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9gwq-6cwj-47h3", + "cve": "CVE-2022-23558", + "id": "pyup.io-57711", + "more_info_path": "/vulnerabilities/CVE-2022-23558/57711", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -152243,10 +154271,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow-rocm versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21728: The implementation of shape inference for 'ReverseSequence' does not fully validate the value of 'batch_dim' and can result in a heap OOB read. There is a check to make sure the value of 'batch_dim' does not go over the rank of the input, but there is no check for negative values. Negative dimensions are allowed in some cases to mimic Python's negative indexing (i.e., indexing from the end of the array), however if the value is too negative then the implementation of 'Dim' would access elements before the start of an array.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-6gmv-pjp9-p8w8", - "cve": "CVE-2022-21728", - "id": "pyup.io-57692", - "more_info_path": "/vulnerabilities/CVE-2022-21728/57692", + "advisory": "Tensorflow-rocm versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23560: An attacker can craft a TFLite model that would allow limited reads and writes outside of arrays in TFLite. This exploits missing validation in the conversion from sparse tensors to dense tensors.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-4hvf-hxvg-f67v", + "cve": "CVE-2022-23560", + "id": "pyup.io-57721", + "more_info_path": "/vulnerabilities/CVE-2022-23560/57721", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -152256,10 +154284,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow-rocm versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21730: The implementation of 'FractionalAvgPoolGrad' does not consider cases where the input tensors are invalid allowing an attacker to read from outside of bounds of heap.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-vjg4-v33c-ggc4", - "cve": "CVE-2022-21730", - "id": "pyup.io-57694", - "more_info_path": "/vulnerabilities/CVE-2022-21730/57694", + "advisory": "Tensorflow-rocm versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23562: The implementation of 'Range' suffers from integer overflows. These can trigger undefined behavior or, in some scenarios, extremely large allocations.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-qx3f-p745-w4hr", + "cve": "CVE-2022-23562", + "id": "pyup.io-57735", + "more_info_path": "/vulnerabilities/CVE-2022-23562/57735", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -152269,10 +154297,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow-rocm is an Open Source Machine Learning Framework. The implementation of `OpLevelCostEstimator::CalculateOutputSize` is vulnerable to an integer overflow if an attacker can create an operation which would involve tensors with large enough number of elements. We can have a large enough number of dimensions in `output_shape.dim()` or just a small number of dimensions being large enough to cause an overflow in the multiplication. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", - "cve": "CVE-2022-23576", - "id": "pyup.io-57701", - "more_info_path": "/vulnerabilities/CVE-2022-23576/57701", + "advisory": "Tensorflow-rocm versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21739: The implementation of 'QuantizedMaxPool' has an undefined behavior where user controlled inputs can trigger a reference binding to null pointer.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-3mw4-6rj6-74g5", + "cve": "CVE-2022-21739", + "id": "pyup.io-57713", + "more_info_path": "/vulnerabilities/CVE-2022-21739/57713", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -152282,10 +154310,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow-rocm is an Open Source Machine Learning Framework. The implementation of `AssignOp` can result in copying uninitialized data to a new tensor. This later results in undefined behavior. The implementation has a check that the left hand side of the assignment is initialized (to minimize number of allocations), but does not check that the right hand side is also initialized. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", - "cve": "CVE-2022-23573", - "id": "pyup.io-57703", - "more_info_path": "/vulnerabilities/CVE-2022-23573/57703", + "advisory": "Tensorflow-rocm versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23564: When decoding a resource handle tensor from protobuf, a TensorFlow process can encounter cases where a 'CHECK' assertion is invalidated based on user controlled arguments. This allows attackers to cause denial of services in TensorFlow processes.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-8rcj-c8pj-v3m3", + "cve": "CVE-2022-23564", + "id": "pyup.io-57719", + "more_info_path": "/vulnerabilities/CVE-2022-23564/57719", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -152295,10 +154323,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow-rocm is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow can trigger a null pointer dereference. There are 2 places where this can occur, for the same malicious alteration of a `SavedModel` file (fixing the first one would trigger the same dereference in the second place). First, during constant folding, the `GraphDef` might not have the required nodes for the binary operation. If a node is missing, the correposning `mul_*child` would be null, and the dereference in the subsequent line would be incorrect. We have a similar issue during `IsIdentityConsumingSwitch`. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", - "cve": "CVE-2022-23589", - "id": "pyup.io-57705", - "more_info_path": "/vulnerabilities/CVE-2022-23589/57705", + "advisory": "Tensorflow-rocm is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow is vulnerable to an integer overflow during cost estimation for crop and resize. Since the cropping parameters are user controlled, a malicious person can trigger undefined behavior. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", + "cve": "CVE-2022-23587", + "id": "pyup.io-57722", + "more_info_path": "/vulnerabilities/CVE-2022-23587/57722", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -152308,10 +154336,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow-rocm versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23558: An attacker can craft a TFLite model that would cause an integer overflow in 'TfLiteIntArrayCreate'. The 'TfLiteIntArrayGetSizeInBytes' returns an 'int' instead of a 'size_t'. An attacker can control model inputs such that 'computed_size' overflows the size of 'int' datatype.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9gwq-6cwj-47h3", - "cve": "CVE-2022-23558", - "id": "pyup.io-57711", - "more_info_path": "/vulnerabilities/CVE-2022-23558/57711", + "advisory": "Tensorflow-rocm versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23565: An attacker can trigger denial of service via assertion failure by altering a 'SavedModel' on disk such that 'AttrDef's of some operation are duplicated.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-4v5p-v5h9-6xjx", + "cve": "CVE-2022-23565", + "id": "pyup.io-57727", + "more_info_path": "/vulnerabilities/CVE-2022-23565/57727", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -152321,10 +154349,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow-rocm versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21727: The implementation of shape inference for 'Dequantize' is vulnerable to an integer overflow weakness. The 'axis' argument can be '-1' (the default value for the optional argument) or any other positive value at most the number of dimensions of the input. Unfortunately, the upper bound is not checked, and, since the code computes 'axis + 1', an attacker can trigger an integer overflow.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-c6fh-56w7-fvjw", - "cve": "CVE-2022-21727", - "id": "pyup.io-57717", - "more_info_path": "/vulnerabilities/CVE-2022-21727/57717", + "advisory": "Tensorflow-rocm versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23579: The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a 'SavedModel' such that 'SafeToRemoveIdentity' would trigger 'CHECK' failures.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-5f2r-qp73-37mr", + "cve": "CVE-2022-23579", + "id": "pyup.io-57734", + "more_info_path": "/vulnerabilities/CVE-2022-23579/57734", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -152334,10 +154362,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow-rocm versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23560: An attacker can craft a TFLite model that would allow limited reads and writes outside of arrays in TFLite. This exploits missing validation in the conversion from sparse tensors to dense tensors.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-4hvf-hxvg-f67v", - "cve": "CVE-2022-23560", - "id": "pyup.io-57721", - "more_info_path": "/vulnerabilities/CVE-2022-23560/57721", + "advisory": "Tensorflow-rocm is an Open Source Machine Learning Framework. A malicious user can cause a use after free behavior when decoding PNG images. After `png::CommonFreeDecode(&decode)` gets called, the values of `decode.width` and `decode.height` are in an unspecified state. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", + "cve": "CVE-2022-23584", + "id": "pyup.io-57738", + "more_info_path": "/vulnerabilities/CVE-2022-23584/57738", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -152347,10 +154375,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow-rocm versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21725: The estimator for the cost of some convolution operations can be made to execute a division by 0. The function fails to check that the stride argument is strictly positive. Hence, the fix is to add a check for the stride argument to ensure it is valid.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-v3f7-j968-4h5f", - "cve": "CVE-2022-21725", - "id": "pyup.io-57723", - "more_info_path": "/vulnerabilities/CVE-2022-21725/57723", + "advisory": "Tensorflow-rocm versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23595: When building an XLA compilation cache, if default settings are used, TensorFlow triggers a null pointer dereference. In the default scenario, all devices are allowed, so 'flr->config_proto' is 'nullptr'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-fpcp-9h7m-ffpx", + "cve": "CVE-2022-23595", + "id": "pyup.io-57696", + "more_info_path": "/vulnerabilities/CVE-2022-23595/57696", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -152360,10 +154388,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow-rocm versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21740: The implementation of 'SparseCountSparseOutput' is vulnerable to a heap overflow.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-44qp-9wwf-734r", - "cve": "CVE-2022-21740", - "id": "pyup.io-57732", - "more_info_path": "/vulnerabilities/CVE-2022-21740/57732", + "advisory": "Tensorflow-rocm versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21741: An attacker can craft a TFLite model that would trigger a division by zero in the implementation of depthwise convolutions. The parameters of the convolution can be user controlled and are also used within a division operation to determine the size of the padding that needs to be added before applying the convolution. There is no check before this division that the divisor is strictly positive.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-428x-9xc2-m8mj", + "cve": "CVE-2022-21741", + "id": "pyup.io-57697", + "more_info_path": "/vulnerabilities/CVE-2022-21741/57697", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -152373,10 +154401,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow-rocm versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23562: The implementation of 'Range' suffers from integer overflows. These can trigger undefined behavior or, in some scenarios, extremely large allocations.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-qx3f-p745-w4hr", - "cve": "CVE-2022-23562", - "id": "pyup.io-57735", - "more_info_path": "/vulnerabilities/CVE-2022-23562/57735", + "advisory": "Tensorflow-rocm is an Open Source Machine Learning Framework. There is a typo in TensorFlow's `SpecializeType` which results in heap OOB read/write. Due to a typo, `arg` is initialized to the `i`th mutable argument in a loop where the loop index is `j`. Hence it is possible to assign to `arg` from outside the vector of arguments. Since this is a mutable proto value, it allows both read and write to outside of bounds data. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, and TensorFlow 2.6.3, as these are also affected and still in supported range.", + "cve": "CVE-2022-23574", + "id": "pyup.io-57708", + "more_info_path": "/vulnerabilities/CVE-2022-23574/57708", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -152386,10 +154414,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow-rocm versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21738: The implementation of 'SparseCountSparseOutput' can be made to crash a TensorFlow process by an integer overflow whose result is then used in a memory allocation.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-x4qx-4fjv-hmw6", - "cve": "CVE-2022-21738", - "id": "pyup.io-57736", - "more_info_path": "/vulnerabilities/CVE-2022-21738/57736", + "advisory": "Tensorflow-rocm is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, TensorFlow might do a null-dereference if attributes of some mutable arguments to some operations are missing from the proto. This is guarded by a `DCHECK`. However, `DCHECK` is a no-op in production builds and an assertion failure in debug builds. In the first case execution proceeds to the dereferencing of the null pointer, whereas in the second case it results in a crash due to the assertion failure. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, and TensorFlow 2.6.3, as these are also affected and still in supported range.", + "cve": "CVE-2022-23570", + "id": "pyup.io-57698", + "more_info_path": "/vulnerabilities/CVE-2022-23570/57698", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -152399,10 +154427,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow-rocm versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23561: An attacker can craft a TFLite model that would cause a write outside of bounds of an array in TFLite. In fact, the attacker can override the linked list used by the memory allocator. This can be leveraged for an arbitrary write primitive under certain conditions.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9c78-vcq7-7vxq", - "cve": "CVE-2022-23561", - "id": "pyup.io-57741", - "more_info_path": "/vulnerabilities/CVE-2022-23561/57741", + "advisory": "Tensorflow-rocm is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that assertions in `function.cc` would be falsified and crash the Python interpreter. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", + "cve": "CVE-2022-23586", + "id": "pyup.io-57716", + "more_info_path": "/vulnerabilities/CVE-2022-23586/57716", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -152412,10 +154440,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow-rocm versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21739: The implementation of 'QuantizedMaxPool' has an undefined behavior where user controlled inputs can trigger a reference binding to null pointer.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-3mw4-6rj6-74g5", - "cve": "CVE-2022-21739", - "id": "pyup.io-57713", - "more_info_path": "/vulnerabilities/CVE-2022-21739/57713", + "advisory": "Tensorflow is an Open Source Machine Learning Framework. The 'GraphDef' format in TensorFlow does not allow self recursive functions. The runtime assumes that this invariant is satisfied. However, a 'GraphDef' containing a fragment such as the following can be consumed when loading a 'SavedModel'. This would result in a stack overflow during execution as resolving each 'NodeDef' means resolving the function itself and its nodes. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", + "cve": "CVE-2022-23591", + "id": "pyup.io-57730", + "more_info_path": "/vulnerabilities/CVE-2022-23591/57730", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -152425,10 +154453,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow-rocm is an Open Source Machine Learning Framework. If a graph node is invalid, TensorFlow can leak memory in the implementation of `ImmutableExecutorState::Initialize`. Here, we set `item->kernel` to `nullptr` but it is a simple `OpKernel*` pointer so the memory that was previously allocated to it would leak. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", - "cve": "CVE-2022-23578", - "id": "pyup.io-57704", - "more_info_path": "/vulnerabilities/CVE-2022-23578/57704", + "advisory": "Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, TensorFlow can fail to specialize a type during shape inference. This case is covered by the 'DCHECK' function however, 'DCHECK' is a no-op in production builds and an assertion failure in debug builds. In the first case execution proceeds to the 'ValueOrDie' line. This results in an assertion failure as 'ret' contains an error 'Status', not a value. In the second case we also get a crash due to the assertion failure. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, and TensorFlow 2.6.3, as these are also affected and still in supported range.", + "cve": "CVE-2022-23572", + "id": "pyup.io-57726", + "more_info_path": "/vulnerabilities/CVE-2022-23572/57726", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -152438,10 +154466,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow-rocm versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23559: An attacker can craft a TFLite model that would cause an integer overflow in embedding lookup operations. Both 'embedding_size' and 'lookup_size' are products of values provided by the user. Hence, a malicious user could trigger overflows in the multiplication. In certain scenarios, this can then result in heap OOB read/write.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-98p5-x8x4-c9m5", - "cve": "CVE-2022-23559", - "id": "pyup.io-57714", - "more_info_path": "/vulnerabilities/CVE-2022-23559/57714", + "advisory": "Tensorflow-rocm versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21728: The implementation of shape inference for 'ReverseSequence' does not fully validate the value of 'batch_dim' and can result in a heap OOB read. There is a check to make sure the value of 'batch_dim' does not go over the rank of the input, but there is no check for negative values. Negative dimensions are allowed in some cases to mimic Python's negative indexing (i.e., indexing from the end of the array), however if the value is too negative then the implementation of 'Dim' would access elements before the start of an array.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-6gmv-pjp9-p8w8", + "cve": "CVE-2022-21728", + "id": "pyup.io-57692", + "more_info_path": "/vulnerabilities/CVE-2022-21728/57692", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -152451,10 +154479,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow-rocm is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, a TensorFlow process can encounter cases where a `CHECK` assertion is invalidated based on user controlled arguments, if the tensors have an invalid `dtype` and 0 elements or an invalid shape. This allows attackers to cause denial of services in TensorFlow processes. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", - "cve": "CVE-2022-23571", - "id": "pyup.io-57718", - "more_info_path": "/vulnerabilities/CVE-2022-23571/57718", + "advisory": "Tensorflow-rocm versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21730: The implementation of 'FractionalAvgPoolGrad' does not consider cases where the input tensors are invalid allowing an attacker to read from outside of bounds of heap.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-vjg4-v33c-ggc4", + "cve": "CVE-2022-21730", + "id": "pyup.io-57694", + "more_info_path": "/vulnerabilities/CVE-2022-21730/57694", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -152464,10 +154492,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow-rocm versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23564: When decoding a resource handle tensor from protobuf, a TensorFlow process can encounter cases where a 'CHECK' assertion is invalidated based on user controlled arguments. This allows attackers to cause denial of services in TensorFlow processes.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-8rcj-c8pj-v3m3", - "cve": "CVE-2022-23564", - "id": "pyup.io-57719", - "more_info_path": "/vulnerabilities/CVE-2022-23564/57719", + "advisory": "Tensorflow-rocm is an Open Source Machine Learning Framework. The implementation of `AssignOp` can result in copying uninitialized data to a new tensor. This later results in undefined behavior. The implementation has a check that the left hand side of the assignment is initialized (to minimize number of allocations), but does not check that the right hand side is also initialized. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", + "cve": "CVE-2022-23573", + "id": "pyup.io-57703", + "more_info_path": "/vulnerabilities/CVE-2022-23573/57703", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -152477,10 +154505,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow-rocm is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow is vulnerable to an integer overflow during cost estimation for crop and resize. Since the cropping parameters are user controlled, a malicious person can trigger undefined behavior. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", - "cve": "CVE-2022-23587", - "id": "pyup.io-57722", - "more_info_path": "/vulnerabilities/CVE-2022-23587/57722", + "advisory": "Tensorflow-rocm is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow can trigger a null pointer dereference. There are 2 places where this can occur, for the same malicious alteration of a `SavedModel` file (fixing the first one would trigger the same dereference in the second place). First, during constant folding, the `GraphDef` might not have the required nodes for the binary operation. If a node is missing, the correposning `mul_*child` would be null, and the dereference in the subsequent line would be incorrect. We have a similar issue during `IsIdentityConsumingSwitch`. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", + "cve": "CVE-2022-23589", + "id": "pyup.io-57705", + "more_info_path": "/vulnerabilities/CVE-2022-23589/57705", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -152490,10 +154518,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow-rocm versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23557: An attacker can craft a TFLite model that would trigger a division by zero in 'BiasAndClamp' implementation. There is no check that the 'bias_size' is non zero.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-gf2j-f278-xh4v", - "cve": "CVE-2022-23557", - "id": "pyup.io-57725", - "more_info_path": "/vulnerabilities/CVE-2022-23557/57725", + "advisory": "Tensorflow-rocm versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21727: The implementation of shape inference for 'Dequantize' is vulnerable to an integer overflow weakness. The 'axis' argument can be '-1' (the default value for the optional argument) or any other positive value at most the number of dimensions of the input. Unfortunately, the upper bound is not checked, and, since the code computes 'axis + 1', an attacker can trigger an integer overflow.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-c6fh-56w7-fvjw", + "cve": "CVE-2022-21727", + "id": "pyup.io-57717", + "more_info_path": "/vulnerabilities/CVE-2022-21727/57717", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -152503,10 +154531,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow-rocm versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23565: An attacker can trigger denial of service via assertion failure by altering a 'SavedModel' on disk such that 'AttrDef's of some operation are duplicated.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-4v5p-v5h9-6xjx", - "cve": "CVE-2022-23565", - "id": "pyup.io-57727", - "more_info_path": "/vulnerabilities/CVE-2022-23565/57727", + "advisory": "Tensorflow-rocm versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21725: The estimator for the cost of some convolution operations can be made to execute a division by 0. The function fails to check that the stride argument is strictly positive. Hence, the fix is to add a check for the stride argument to ensure it is valid.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-v3f7-j968-4h5f", + "cve": "CVE-2022-21725", + "id": "pyup.io-57723", + "more_info_path": "/vulnerabilities/CVE-2022-21725/57723", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -152516,10 +154544,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow-rocm is an Open Source Machine Learning Framework. The implementation of `GetInitOp` is vulnerable to a crash caused by dereferencing a null pointer. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", - "cve": "CVE-2022-23577", - "id": "pyup.io-57729", - "more_info_path": "/vulnerabilities/CVE-2022-23577/57729", + "advisory": "Tensorflow-rocm versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21740: The implementation of 'SparseCountSparseOutput' is vulnerable to a heap overflow.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-44qp-9wwf-734r", + "cve": "CVE-2022-21740", + "id": "pyup.io-57732", + "more_info_path": "/vulnerabilities/CVE-2022-21740/57732", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -152529,10 +154557,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow-rocm is an Open Source Machine Learning Framework. TensorFlow is vulnerable to a heap OOB write in `Grappler`. The `set_output` function writes to an array at the specified index. Hence, this gives a malicious user a write primitive. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", - "cve": "CVE-2022-23566", - "id": "pyup.io-57733", - "more_info_path": "/vulnerabilities/CVE-2022-23566/57733", + "advisory": "Tensorflow-rocm versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21738: The implementation of 'SparseCountSparseOutput' can be made to crash a TensorFlow process by an integer overflow whose result is then used in a memory allocation.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-x4qx-4fjv-hmw6", + "cve": "CVE-2022-21738", + "id": "pyup.io-57736", + "more_info_path": "/vulnerabilities/CVE-2022-21738/57736", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -152542,10 +154570,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow-rocm versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23579: The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a 'SavedModel' such that 'SafeToRemoveIdentity' would trigger 'CHECK' failures.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-5f2r-qp73-37mr", - "cve": "CVE-2022-23579", - "id": "pyup.io-57734", - "more_info_path": "/vulnerabilities/CVE-2022-23579/57734", + "advisory": "Tensorflow-rocm versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23561: An attacker can craft a TFLite model that would cause a write outside of bounds of an array in TFLite. In fact, the attacker can override the linked list used by the memory allocator. This can be leveraged for an arbitrary write primitive under certain conditions.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9c78-vcq7-7vxq", + "cve": "CVE-2022-23561", + "id": "pyup.io-57741", + "more_info_path": "/vulnerabilities/CVE-2022-23561/57741", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -152555,10 +154583,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow-rocm is an Open Source Machine Learning Framework. A malicious user can cause a use after free behavior when decoding PNG images. After `png::CommonFreeDecode(&decode)` gets called, the values of `decode.width` and `decode.height` are in an unspecified state. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", - "cve": "CVE-2022-23584", - "id": "pyup.io-57738", - "more_info_path": "/vulnerabilities/CVE-2022-23584/57738", + "advisory": "Tensorflow-rocm is an Open Source Machine Learning Framework. If a graph node is invalid, TensorFlow can leak memory in the implementation of `ImmutableExecutorState::Initialize`. Here, we set `item->kernel` to `nullptr` but it is a simple `OpKernel*` pointer so the memory that was previously allocated to it would leak. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", + "cve": "CVE-2022-23578", + "id": "pyup.io-57704", + "more_info_path": "/vulnerabilities/CVE-2022-23578/57704", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -152568,10 +154596,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow-rocm versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21734: The implementation of 'MapStage' is vulnerable to a 'CHECK'-fail if the key tensor is not a scalar.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-gcvh-66ff-4mwm", - "cve": "CVE-2022-21734", - "id": "pyup.io-57699", - "more_info_path": "/vulnerabilities/CVE-2022-21734/57699", + "advisory": "Tensorflow-rocm versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23559: An attacker can craft a TFLite model that would cause an integer overflow in embedding lookup operations. Both 'embedding_size' and 'lookup_size' are products of values provided by the user. Hence, a malicious user could trigger overflows in the multiplication. In certain scenarios, this can then result in heap OOB read/write.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-98p5-x8x4-c9m5", + "cve": "CVE-2022-23559", + "id": "pyup.io-57714", + "more_info_path": "/vulnerabilities/CVE-2022-23559/57714", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -152581,10 +154609,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow-rocm versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21735: The implementation of 'FractionalMaxPool' can be made to crash a TensorFlow process via a division by 0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-87v6-crgm-2gfj", - "cve": "CVE-2022-21735", - "id": "pyup.io-57724", - "more_info_path": "/vulnerabilities/CVE-2022-21735/57724", + "advisory": "Tensorflow-rocm is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, a TensorFlow process can encounter cases where a `CHECK` assertion is invalidated based on user controlled arguments, if the tensors have an invalid `dtype` and 0 elements or an invalid shape. This allows attackers to cause denial of services in TensorFlow processes. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", + "cve": "CVE-2022-23571", + "id": "pyup.io-57718", + "more_info_path": "/vulnerabilities/CVE-2022-23571/57718", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -152594,10 +154622,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow-rocm versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21736: The implementation of 'SparseTensorSliceDataset' has an undefined behavior: under certain conditions, it can be made to dereference a 'nullptr' value. The 3 input arguments to 'SparseTensorSliceDataset' represent a sparse tensor. However, there are some preconditions that these arguments must satisfy, but these are not validated in the implementation.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-pfjj-m3jj-9jc9", - "cve": "CVE-2022-21736", - "id": "pyup.io-57695", - "more_info_path": "/vulnerabilities/CVE-2022-21736/57695", + "advisory": "Tensorflow-rocm versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23557: An attacker can craft a TFLite model that would trigger a division by zero in 'BiasAndClamp' implementation. There is no check that the 'bias_size' is non zero.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-gf2j-f278-xh4v", + "cve": "CVE-2022-23557", + "id": "pyup.io-57725", + "more_info_path": "/vulnerabilities/CVE-2022-23557/57725", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -152607,10 +154635,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow-rocm versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23595: When building an XLA compilation cache, if default settings are used, TensorFlow triggers a null pointer dereference. In the default scenario, all devices are allowed, so 'flr->config_proto' is 'nullptr'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-fpcp-9h7m-ffpx", - "cve": "CVE-2022-23595", - "id": "pyup.io-57696", - "more_info_path": "/vulnerabilities/CVE-2022-23595/57696", + "advisory": "Tensorflow-rocm is an Open Source Machine Learning Framework. The implementation of `GetInitOp` is vulnerable to a crash caused by dereferencing a null pointer. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", + "cve": "CVE-2022-23577", + "id": "pyup.io-57729", + "more_info_path": "/vulnerabilities/CVE-2022-23577/57729", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -152620,10 +154648,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow-rocm versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21741: An attacker can craft a TFLite model that would trigger a division by zero in the implementation of depthwise convolutions. The parameters of the convolution can be user controlled and are also used within a division operation to determine the size of the padding that needs to be added before applying the convolution. There is no check before this division that the divisor is strictly positive.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-428x-9xc2-m8mj", - "cve": "CVE-2022-21741", - "id": "pyup.io-57697", - "more_info_path": "/vulnerabilities/CVE-2022-21741/57697", + "advisory": "Tensorflow-rocm is an Open Source Machine Learning Framework. TensorFlow is vulnerable to a heap OOB write in `Grappler`. The `set_output` function writes to an array at the specified index. Hence, this gives a malicious user a write primitive. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", + "cve": "CVE-2022-23566", + "id": "pyup.io-57733", + "more_info_path": "/vulnerabilities/CVE-2022-23566/57733", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -152633,10 +154661,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow-rocm is an Open Source Machine Learning Framework. When decoding PNG images TensorFlow can produce a memory leak if the image is invalid. After calling `png::CommonInitDecode(..., &decode)`, the `decode` value contains allocated buffers which can only be freed by calling `png::CommonFreeDecode(&decode)`. However, several error case in the function implementation invoke the `OP_REQUIRES` macro which immediately terminates the execution of the function, without allowing for the memory free to occur. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", - "cve": "CVE-2022-23585", - "id": "pyup.io-57700", - "more_info_path": "/vulnerabilities/CVE-2022-23585/57700", + "advisory": "Tensorflow-rocm versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21734: The implementation of 'MapStage' is vulnerable to a 'CHECK'-fail if the key tensor is not a scalar.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-gcvh-66ff-4mwm", + "cve": "CVE-2022-21734", + "id": "pyup.io-57699", + "more_info_path": "/vulnerabilities/CVE-2022-21734/57699", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -152646,10 +154674,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow-rocm versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23581: The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a 'SavedModel' such that 'IsSimplifiableReshape' would trigger 'CHECK' failures.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-fq86-3f29-px2c", - "cve": "CVE-2022-23581", - "id": "pyup.io-57706", - "more_info_path": "/vulnerabilities/CVE-2022-23581/57706", + "advisory": "Tensorflow-rocm versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21735: The implementation of 'FractionalMaxPool' can be made to crash a TensorFlow process via a division by 0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-87v6-crgm-2gfj", + "cve": "CVE-2022-21735", + "id": "pyup.io-57724", + "more_info_path": "/vulnerabilities/CVE-2022-21735/57724", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -152659,10 +154687,36 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tensorflow-rocm is an Open Source Machine Learning Framework. There is a typo in TensorFlow's `SpecializeType` which results in heap OOB read/write. Due to a typo, `arg` is initialized to the `i`th mutable argument in a loop where the loop index is `j`. Hence it is possible to assign to `arg` from outside the vector of arguments. Since this is a mutable proto value, it allows both read and write to outside of bounds data. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, and TensorFlow 2.6.3, as these are also affected and still in supported range.", - "cve": "CVE-2022-23574", - "id": "pyup.io-57708", - "more_info_path": "/vulnerabilities/CVE-2022-23574/57708", + "advisory": "Tensorflow-rocm versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21736: The implementation of 'SparseTensorSliceDataset' has an undefined behavior: under certain conditions, it can be made to dereference a 'nullptr' value. The 3 input arguments to 'SparseTensorSliceDataset' represent a sparse tensor. However, there are some preconditions that these arguments must satisfy, but these are not validated in the implementation.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-pfjj-m3jj-9jc9", + "cve": "CVE-2022-21736", + "id": "pyup.io-57695", + "more_info_path": "/vulnerabilities/CVE-2022-21736/57695", + "specs": [ + "<2.5.3", + ">=2.6.0a0,<2.6.3", + ">=2.7.0a0,<2.7.1", + ">=2.8.0a0,<2.8.0" + ], + "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" + }, + { + "advisory": "Tensorflow-rocm is an Open Source Machine Learning Framework. When decoding PNG images TensorFlow can produce a memory leak if the image is invalid. After calling `png::CommonInitDecode(..., &decode)`, the `decode` value contains allocated buffers which can only be freed by calling `png::CommonFreeDecode(&decode)`. However, several error case in the function implementation invoke the `OP_REQUIRES` macro which immediately terminates the execution of the function, without allowing for the memory free to occur. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", + "cve": "CVE-2022-23585", + "id": "pyup.io-57700", + "more_info_path": "/vulnerabilities/CVE-2022-23585/57700", + "specs": [ + "<2.5.3", + ">=2.6.0a0,<2.6.3", + ">=2.7.0a0,<2.7.1", + ">=2.8.0a0,<2.8.0" + ], + "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" + }, + { + "advisory": "Tensorflow-rocm versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23581: The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a 'SavedModel' such that 'IsSimplifiableReshape' would trigger 'CHECK' failures.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-fq86-3f29-px2c", + "cve": "CVE-2022-23581", + "id": "pyup.io-57706", + "more_info_path": "/vulnerabilities/CVE-2022-23581/57706", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -152788,19 +154842,6 @@ ], "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, - { - "advisory": "Tensorflow-rocm is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, TensorFlow might do a null-dereference if attributes of some mutable arguments to some operations are missing from the proto. This is guarded by a `DCHECK`. However, `DCHECK` is a no-op in production builds and an assertion failure in debug builds. In the first case execution proceeds to the dereferencing of the null pointer, whereas in the second case it results in a crash due to the assertion failure. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, and TensorFlow 2.6.3, as these are also affected and still in supported range.", - "cve": "CVE-2022-23570", - "id": "pyup.io-57698", - "more_info_path": "/vulnerabilities/CVE-2022-23570/57698", - "specs": [ - "<2.5.3", - ">=2.6.0a0,<2.6.3", - ">=2.7.0a0,<2.7.1", - ">=2.8.0a0,<2.8.0" - ], - "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" - }, { "advisory": "Tensorflow-rocm versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21737: The implementation of '*Bincount' operations allows malicious users to cause denial of service by passing in arguments which would trigger a 'CHECK'-fail. There are several conditions that the input arguments must satisfy. Some are not caught during shape inference and others are not caught during kernel implementation. This results in 'CHECK' failures later when the output tensors get allocated.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-f2vv-v9cg-qhh7", "cve": "CVE-2022-21737", @@ -152827,19 +154868,6 @@ ], "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, - { - "advisory": "Tensorflow-rocm is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that assertions in `function.cc` would be falsified and crash the Python interpreter. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", - "cve": "CVE-2022-23586", - "id": "pyup.io-57716", - "more_info_path": "/vulnerabilities/CVE-2022-23586/57716", - "specs": [ - "<2.5.3", - ">=2.6.0a0,<2.6.3", - ">=2.7.0a0,<2.7.1", - ">=2.8.0a0,<2.8.0" - ], - "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" - }, { "advisory": "Tensorflow-rocm versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23582: A malicious user can cause a denial of service by altering a 'SavedModel' such that 'TensorByteSize' would trigger 'CHECK' failures. 'TensorShape' constructor throws a 'CHECK'-fail if shape is partial or has a number of elements that would overflow the size of an 'int'. The 'PartialTensorShape' constructor instead does not cause a 'CHECK'-abort if the shape is partial, which is exactly what this function needs to be able to return '-1'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-4j82-5ccr-4r8v", "cve": "CVE-2022-23582", @@ -152904,10 +154932,10 @@ "v": "<2.5.3,>=2.6.0rc0,<2.6.3,>=2.7.0rc0,<2.7.1" }, { - "advisory": "Tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29201: Missing validation which results in undefined behavior in 'QuantizedConv2D'.", - "cve": "CVE-2022-29201", - "id": "pyup.io-57670", - "more_info_path": "/vulnerabilities/CVE-2022-29201/57670", + "advisory": "Tensorflow-rocm versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29193: missing validation which causes 'TensorSummaryV2' to crash.", + "cve": "CVE-2022-29193", + "id": "pyup.io-57651", + "more_info_path": "/vulnerabilities/CVE-2022-29193/57651", "specs": [ "<2.6.4", ">=2.7.0rc0,<2.7.2", @@ -152917,10 +154945,10 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29196: Missing validation which causes denial of service via 'Conv3DBackpropFilterV2'.", - "cve": "CVE-2022-29196", - "id": "pyup.io-57655", - "more_info_path": "/vulnerabilities/CVE-2022-29196/57655", + "advisory": "Tensorflow-rocm versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 update 'curl' to v7.83.1 to handle CVE-2022-27776.", + "cve": "CVE-2022-27776", + "id": "pyup.io-57652", + "more_info_path": "/vulnerabilities/CVE-2022-27776/57652", "specs": [ "<2.6.4", ">=2.7.0rc0,<2.7.2", @@ -152930,10 +154958,10 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Tensorflow-rocm versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29193: missing validation which causes 'TensorSummaryV2' to crash.", - "cve": "CVE-2022-29193", - "id": "pyup.io-57651", - "more_info_path": "/vulnerabilities/CVE-2022-29193/57651", + "advisory": "Tensorflow-rocm versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29194: Missing validation which causes denial of service via 'DeleteSessionTensor'.", + "cve": "CVE-2022-29194", + "id": "pyup.io-57660", + "more_info_path": "/vulnerabilities/CVE-2022-29194/57660", "specs": [ "<2.6.4", ">=2.7.0rc0,<2.7.2", @@ -152943,10 +154971,10 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Tensorflow-rocm versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29208: Segfault and OOB write due to incomplete validation in 'EditDistance'.", - "cve": "CVE-2022-29208", - "id": "pyup.io-57658", - "more_info_path": "/vulnerabilities/CVE-2022-29208/57658", + "advisory": "Tensorflow-rocm versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29204: Missing validation which causes denial of service via 'Conv3DBackpropFilterV2'.", + "cve": "CVE-2022-29204", + "id": "pyup.io-57672", + "more_info_path": "/vulnerabilities/CVE-2022-29204/57672", "specs": [ "<2.6.4", ">=2.7.0rc0,<2.7.2", @@ -152956,10 +154984,10 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Tensorflow-rocm versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 update 'curl' to v7.83.1 to handle CVE-2022-27774.", - "cve": "CVE-2022-27774", - "id": "pyup.io-57662", - "more_info_path": "/vulnerabilities/CVE-2022-27774/57662", + "advisory": "Tensorflow-rocm versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29192: missing validation which crashes 'QuantizeAndDequantizeV4Grad'.", + "cve": "CVE-2022-29192", + "id": "pyup.io-57674", + "more_info_path": "/vulnerabilities/CVE-2022-29192/57674", "specs": [ "<2.6.4", ">=2.7.0rc0,<2.7.2", @@ -152969,10 +154997,10 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Tensorflow-rocm versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 update 'curl' to v7.83.1 to handle CVE-2022-27781.", - "cve": "CVE-2022-27781", - "id": "pyup.io-57665", - "more_info_path": "/vulnerabilities/CVE-2022-27781/57665", + "advisory": "Tensorflow-rocm versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29211: Segfault when 'tf.histogram_fixed_width' is called with NaN values.", + "cve": "CVE-2022-29211", + "id": "pyup.io-57673", + "more_info_path": "/vulnerabilities/CVE-2022-29211/57673", "specs": [ "<2.6.4", ">=2.7.0rc0,<2.7.2", @@ -152982,10 +155010,10 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Tensorflow-rocm versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29206: Missing validation which results in undefined behavior in 'SparseTensorDenseAdd'.", - "cve": "CVE-2022-29206", - "id": "pyup.io-57671", - "more_info_path": "/vulnerabilities/CVE-2022-29206/57671", + "advisory": "Tensorflow-rocm versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 update 'curl' to v7.83.1 to handle CVE-2022-27780.", + "cve": "CVE-2022-27780", + "id": "pyup.io-57675", + "more_info_path": "/vulnerabilities/CVE-2022-27780/57675", "specs": [ "<2.6.4", ">=2.7.0rc0,<2.7.2", @@ -152995,10 +155023,10 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Tensorflow-rocm versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 update 'zlib' to v1.2.12 to handle CVE-2018-25032.", - "cve": "CVE-2018-25032", - "id": "pyup.io-57667", - "more_info_path": "/vulnerabilities/CVE-2018-25032/57667", + "advisory": "Tensorflow-rocm versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29209: Type confusion leading to 'CHECK'-failure based denial of service.", + "cve": "CVE-2022-29209", + "id": "pyup.io-57680", + "more_info_path": "/vulnerabilities/CVE-2022-29209/57680", "specs": [ "<2.6.4", ">=2.7.0rc0,<2.7.2", @@ -153008,10 +155036,10 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29200: Missing validation which causes denial of service via 'LSTMBlockCell'.", - "cve": "CVE-2022-29200", - "id": "pyup.io-57653", - "more_info_path": "/vulnerabilities/CVE-2022-29200/57653", + "advisory": "Tensorflow-rocm versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 update 'curl' to v7.83.1 to handle CVE-2022-27782.", + "cve": "CVE-2022-27782", + "id": "pyup.io-57681", + "more_info_path": "/vulnerabilities/CVE-2022-27782/57681", "specs": [ "<2.6.4", ">=2.7.0rc0,<2.7.2", @@ -153021,10 +155049,10 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Tensorflow-rocm versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 update 'curl' to v7.83.1 to handle CVE-2022-27776.", - "cve": "CVE-2022-27776", - "id": "pyup.io-57652", - "more_info_path": "/vulnerabilities/CVE-2022-27776/57652", + "advisory": "Tensorflow-rocm versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29197: Missing validation which causes denial of service via 'UnsortedSegmentJoin'.", + "cve": "CVE-2022-29197", + "id": "pyup.io-57657", + "more_info_path": "/vulnerabilities/CVE-2022-29197/57657", "specs": [ "<2.6.4", ">=2.7.0rc0,<2.7.2", @@ -153034,10 +155062,10 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Tensorflow-rocm versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29198: Missing validation which causes denial of service via 'SparseTensorToCSRSparseMatrix'.", - "cve": "CVE-2022-29198", - "id": "pyup.io-57654", - "more_info_path": "/vulnerabilities/CVE-2022-29198/57654", + "advisory": "Tensorflow-rocm versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29191: Missing validation which causes denial of service via 'GetSessionTensor'.", + "cve": "CVE-2022-29191", + "id": "pyup.io-57682", + "more_info_path": "/vulnerabilities/CVE-2022-29191/57682", "specs": [ "<2.6.4", ">=2.7.0rc0,<2.7.2", @@ -153047,10 +155075,10 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Tensorflow-rocm versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29207: Issues arising from undefined behavior stemming from users supplying invalid resource handles.", - "cve": "CVE-2022-29207", - "id": "pyup.io-57656", - "more_info_path": "/vulnerabilities/CVE-2022-29207/57656", + "advisory": "Tensorflow-rocm versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2021-41197: Affected versions allow tensors to have a large number of dimensions and each dimension can be as large as desired. However, the total number of elements in a tensor must fit within an 'int64_t'. If an overflow occurs, 'MultiplyWithoutOverflow' would return a negative result. In the majority of TensorFlow codebase this then results in a 'CHECK'-failure. Newer constructs exist which return a 'Status' instead of crashing the binary. This is similar to CVE-2021-29584.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-prcg-wp5q-rv7p\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-wcv5-vrvr-3rx2\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-mw6j-hh29-h379", + "cve": "CVE-2021-41197", + "id": "pyup.io-57661", + "more_info_path": "/vulnerabilities/CVE-2021-41197/57661", "specs": [ "<2.6.4", ">=2.7.0rc0,<2.7.2", @@ -153060,10 +155088,10 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Tensorflow-rocm versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29195: Missing validation which causes denial of service via 'StagePeek'.", - "cve": "CVE-2022-29195", - "id": "pyup.io-57659", - "more_info_path": "/vulnerabilities/CVE-2022-29195/57659", + "advisory": "Tensorflow-rocm versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 update 'curl' to v7.83.1 to handle CVE-2022-22576.", + "cve": "CVE-2022-22576", + "id": "pyup.io-57679", + "more_info_path": "/vulnerabilities/CVE-2022-22576/57679", "specs": [ "<2.6.4", ">=2.7.0rc0,<2.7.2", @@ -153073,10 +155101,10 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Tensorflow-rocm versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29194: Missing validation which causes denial of service via 'DeleteSessionTensor'.", - "cve": "CVE-2022-29194", - "id": "pyup.io-57660", - "more_info_path": "/vulnerabilities/CVE-2022-29194/57660", + "advisory": "Tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29201: Missing validation which results in undefined behavior in 'QuantizedConv2D'.", + "cve": "CVE-2022-29201", + "id": "pyup.io-57670", + "more_info_path": "/vulnerabilities/CVE-2022-29201/57670", "specs": [ "<2.6.4", ">=2.7.0rc0,<2.7.2", @@ -153086,10 +155114,10 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Tensorflow-rocm versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 update 'curl' to v7.83.1 to handle CVE-2022-27778.", - "cve": "CVE-2022-27778", - "id": "pyup.io-57663", - "more_info_path": "/vulnerabilities/CVE-2022-27778/57663", + "advisory": "Tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29196: Missing validation which causes denial of service via 'Conv3DBackpropFilterV2'.", + "cve": "CVE-2022-29196", + "id": "pyup.io-57655", + "more_info_path": "/vulnerabilities/CVE-2022-29196/57655", "specs": [ "<2.6.4", ">=2.7.0rc0,<2.7.2", @@ -153099,10 +155127,10 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Tensorflow-rocm versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 update 'curl' to v7.83.1 to handle CVE-2022-30115.", - "cve": "CVE-2022-30115", - "id": "pyup.io-57666", - "more_info_path": "/vulnerabilities/CVE-2022-30115/57666", + "advisory": "Tensorflow-rocm versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29208: Segfault and OOB write due to incomplete validation in 'EditDistance'.", + "cve": "CVE-2022-29208", + "id": "pyup.io-57658", + "more_info_path": "/vulnerabilities/CVE-2022-29208/57658", "specs": [ "<2.6.4", ">=2.7.0rc0,<2.7.2", @@ -153112,10 +155140,10 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Tensorflow-rocm versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29204: Missing validation which causes denial of service via 'Conv3DBackpropFilterV2'.", - "cve": "CVE-2022-29204", - "id": "pyup.io-57672", - "more_info_path": "/vulnerabilities/CVE-2022-29204/57672", + "advisory": "Tensorflow-rocm versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 update 'curl' to v7.83.1 to handle CVE-2022-27774.", + "cve": "CVE-2022-27774", + "id": "pyup.io-57662", + "more_info_path": "/vulnerabilities/CVE-2022-27774/57662", "specs": [ "<2.6.4", ">=2.7.0rc0,<2.7.2", @@ -153125,10 +155153,10 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Tensorflow-rocm versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29211: Segfault when 'tf.histogram_fixed_width' is called with NaN values.", - "cve": "CVE-2022-29211", - "id": "pyup.io-57673", - "more_info_path": "/vulnerabilities/CVE-2022-29211/57673", + "advisory": "Tensorflow-rocm versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 update 'curl' to v7.83.1 to handle CVE-2022-27781.", + "cve": "CVE-2022-27781", + "id": "pyup.io-57665", + "more_info_path": "/vulnerabilities/CVE-2022-27781/57665", "specs": [ "<2.6.4", ">=2.7.0rc0,<2.7.2", @@ -153138,10 +155166,10 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Tensorflow-rocm versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29192: missing validation which crashes 'QuantizeAndDequantizeV4Grad'.", - "cve": "CVE-2022-29192", - "id": "pyup.io-57674", - "more_info_path": "/vulnerabilities/CVE-2022-29192/57674", + "advisory": "Tensorflow-rocm versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29206: Missing validation which results in undefined behavior in 'SparseTensorDenseAdd'.", + "cve": "CVE-2022-29206", + "id": "pyup.io-57671", + "more_info_path": "/vulnerabilities/CVE-2022-29206/57671", "specs": [ "<2.6.4", ">=2.7.0rc0,<2.7.2", @@ -153151,10 +155179,10 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Tensorflow-rocm versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 update 'curl' to v7.83.1 to handle CVE-2022-27780.", - "cve": "CVE-2022-27780", - "id": "pyup.io-57675", - "more_info_path": "/vulnerabilities/CVE-2022-27780/57675", + "advisory": "Tensorflow-rocm versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 update 'zlib' to v1.2.12 to handle CVE-2018-25032.", + "cve": "CVE-2018-25032", + "id": "pyup.io-57667", + "more_info_path": "/vulnerabilities/CVE-2018-25032/57667", "specs": [ "<2.6.4", ">=2.7.0rc0,<2.7.2", @@ -153164,10 +155192,10 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Tensorflow-rocm versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29205: Segfault due to missing support for quantized types.", - "cve": "CVE-2022-29205", - "id": "pyup.io-57676", - "more_info_path": "/vulnerabilities/CVE-2022-29205/57676", + "advisory": "Tensorflow-rocm versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29198: Missing validation which causes denial of service via 'SparseTensorToCSRSparseMatrix'.", + "cve": "CVE-2022-29198", + "id": "pyup.io-57654", + "more_info_path": "/vulnerabilities/CVE-2022-29198/57654", "specs": [ "<2.6.4", ">=2.7.0rc0,<2.7.2", @@ -153177,10 +155205,10 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Tensorflow-rocm versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29209: Type confusion leading to 'CHECK'-failure based denial of service.", - "cve": "CVE-2022-29209", - "id": "pyup.io-57680", - "more_info_path": "/vulnerabilities/CVE-2022-29209/57680", + "advisory": "Tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29200: Missing validation which causes denial of service via 'LSTMBlockCell'.", + "cve": "CVE-2022-29200", + "id": "pyup.io-57653", + "more_info_path": "/vulnerabilities/CVE-2022-29200/57653", "specs": [ "<2.6.4", ">=2.7.0rc0,<2.7.2", @@ -153190,10 +155218,10 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Tensorflow-rocm versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29212: Core dump when loading TFLite models with quantization.", - "cve": "CVE-2022-29212", - "id": "pyup.io-57683", - "more_info_path": "/vulnerabilities/CVE-2022-29212/57683", + "advisory": "Tensorflow-rocm versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29207: Issues arising from undefined behavior stemming from users supplying invalid resource handles.", + "cve": "CVE-2022-29207", + "id": "pyup.io-57656", + "more_info_path": "/vulnerabilities/CVE-2022-29207/57656", "specs": [ "<2.6.4", ">=2.7.0rc0,<2.7.2", @@ -153203,10 +155231,10 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Tensorflow-rocm versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 update 'curl' to v7.83.1 to handle CVE-2022-27782.", - "cve": "CVE-2022-27782", - "id": "pyup.io-57681", - "more_info_path": "/vulnerabilities/CVE-2022-27782/57681", + "advisory": "Tensorflow-rocm versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29195: Missing validation which causes denial of service via 'StagePeek'.", + "cve": "CVE-2022-29195", + "id": "pyup.io-57659", + "more_info_path": "/vulnerabilities/CVE-2022-29195/57659", "specs": [ "<2.6.4", ">=2.7.0rc0,<2.7.2", @@ -153216,10 +155244,10 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29213: Crashes stemming from incomplete validation in signal ops.", - "cve": "CVE-2022-29213", - "id": "pyup.io-57678", - "more_info_path": "/vulnerabilities/CVE-2022-29213/57678", + "advisory": "Tensorflow-rocm versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 update 'curl' to v7.83.1 to handle CVE-2022-27778.", + "cve": "CVE-2022-27778", + "id": "pyup.io-57663", + "more_info_path": "/vulnerabilities/CVE-2022-27778/57663", "specs": [ "<2.6.4", ">=2.7.0rc0,<2.7.2", @@ -153229,10 +155257,10 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Tensorflow-rocm versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 update 'curl' to v7.83.1 to handle CVE-2022-27775.", - "cve": "CVE-2022-27775", - "id": "pyup.io-57649", - "more_info_path": "/vulnerabilities/CVE-2022-27775/57649", + "advisory": "Tensorflow-rocm versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 update 'curl' to v7.83.1 to handle CVE-2022-30115.", + "cve": "CVE-2022-30115", + "id": "pyup.io-57666", + "more_info_path": "/vulnerabilities/CVE-2022-30115/57666", "specs": [ "<2.6.4", ">=2.7.0rc0,<2.7.2", @@ -153242,10 +155270,10 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Tensorflow-rocm versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29216: Code injection in 'saved_model_cli'.", - "cve": "CVE-2022-29216", - "id": "pyup.io-57650", - "more_info_path": "/vulnerabilities/CVE-2022-29216/57650", + "advisory": "Tensorflow-rocm versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29205: Segfault due to missing support for quantized types.", + "cve": "CVE-2022-29205", + "id": "pyup.io-57676", + "more_info_path": "/vulnerabilities/CVE-2022-29205/57676", "specs": [ "<2.6.4", ">=2.7.0rc0,<2.7.2", @@ -153255,10 +155283,10 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Tensorflow-rocm versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29197: Missing validation which causes denial of service via 'UnsortedSegmentJoin'.", - "cve": "CVE-2022-29197", - "id": "pyup.io-57657", - "more_info_path": "/vulnerabilities/CVE-2022-29197/57657", + "advisory": "Tensorflow-rocm versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29212: Core dump when loading TFLite models with quantization.", + "cve": "CVE-2022-29212", + "id": "pyup.io-57683", + "more_info_path": "/vulnerabilities/CVE-2022-29212/57683", "specs": [ "<2.6.4", ">=2.7.0rc0,<2.7.2", @@ -153268,10 +155296,10 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Tensorflow-rocm versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29203: Integer overflow in 'SpaceToBatchND'.", - "cve": "CVE-2022-29203", - "id": "pyup.io-57668", - "more_info_path": "/vulnerabilities/CVE-2022-29203/57668", + "advisory": "Tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29213: Crashes stemming from incomplete validation in signal ops.", + "cve": "CVE-2022-29213", + "id": "pyup.io-57678", + "more_info_path": "/vulnerabilities/CVE-2022-29213/57678", "specs": [ "<2.6.4", ">=2.7.0rc0,<2.7.2", @@ -153281,10 +155309,10 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Tensorflow-rocm versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29199: Missing validation which causes denial of service via 'LoadAndRemapMatrix'.", - "cve": "CVE-2022-29199", - "id": "pyup.io-57677", - "more_info_path": "/vulnerabilities/CVE-2022-29199/57677", + "advisory": "Tensorflow-rocm versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 update 'curl' to v7.83.1 to handle CVE-2022-27775.", + "cve": "CVE-2022-27775", + "id": "pyup.io-57649", + "more_info_path": "/vulnerabilities/CVE-2022-27775/57649", "specs": [ "<2.6.4", ">=2.7.0rc0,<2.7.2", @@ -153294,10 +155322,10 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Tensorflow-rocm versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29191: Missing validation which causes denial of service via 'GetSessionTensor'.", - "cve": "CVE-2022-29191", - "id": "pyup.io-57682", - "more_info_path": "/vulnerabilities/CVE-2022-29191/57682", + "advisory": "Tensorflow-rocm versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29216: Code injection in 'saved_model_cli'.", + "cve": "CVE-2022-29216", + "id": "pyup.io-57650", + "more_info_path": "/vulnerabilities/CVE-2022-29216/57650", "specs": [ "<2.6.4", ">=2.7.0rc0,<2.7.2", @@ -153307,10 +155335,10 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29202: Denial of service in 'tf.ragged.constant' due to lack of validation.", - "cve": "CVE-2022-29202", - "id": "pyup.io-57669", - "more_info_path": "/vulnerabilities/CVE-2022-29202/57669", + "advisory": "Tensorflow-rocm versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29203: Integer overflow in 'SpaceToBatchND'.", + "cve": "CVE-2022-29203", + "id": "pyup.io-57668", + "more_info_path": "/vulnerabilities/CVE-2022-29203/57668", "specs": [ "<2.6.4", ">=2.7.0rc0,<2.7.2", @@ -153320,10 +155348,10 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Tensorflow-rocm versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2021-41197: Affected versions allow tensors to have a large number of dimensions and each dimension can be as large as desired. However, the total number of elements in a tensor must fit within an 'int64_t'. If an overflow occurs, 'MultiplyWithoutOverflow' would return a negative result. In the majority of TensorFlow codebase this then results in a 'CHECK'-failure. Newer constructs exist which return a 'Status' instead of crashing the binary. This is similar to CVE-2021-29584.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-prcg-wp5q-rv7p\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-wcv5-vrvr-3rx2\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-mw6j-hh29-h379", - "cve": "CVE-2021-41197", - "id": "pyup.io-57661", - "more_info_path": "/vulnerabilities/CVE-2021-41197/57661", + "advisory": "Tensorflow-rocm versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29199: Missing validation which causes denial of service via 'LoadAndRemapMatrix'.", + "cve": "CVE-2022-29199", + "id": "pyup.io-57677", + "more_info_path": "/vulnerabilities/CVE-2022-29199/57677", "specs": [ "<2.6.4", ">=2.7.0rc0,<2.7.2", @@ -153333,10 +155361,10 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Tensorflow-rocm versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 update 'curl' to v7.83.1 to handle CVE-2022-27779.", - "cve": "CVE-2022-27779", - "id": "pyup.io-57664", - "more_info_path": "/vulnerabilities/CVE-2022-27779/57664", + "advisory": "Tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29202: Denial of service in 'tf.ragged.constant' due to lack of validation.", + "cve": "CVE-2022-29202", + "id": "pyup.io-57669", + "more_info_path": "/vulnerabilities/CVE-2022-29202/57669", "specs": [ "<2.6.4", ">=2.7.0rc0,<2.7.2", @@ -153346,10 +155374,10 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Tensorflow-rocm versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 update 'curl' to v7.83.1 to handle CVE-2022-22576.", - "cve": "CVE-2022-22576", - "id": "pyup.io-57679", - "more_info_path": "/vulnerabilities/CVE-2022-22576/57679", + "advisory": "Tensorflow-rocm versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 update 'curl' to v7.83.1 to handle CVE-2022-27779.", + "cve": "CVE-2022-27779", + "id": "pyup.io-57664", + "more_info_path": "/vulnerabilities/CVE-2022-27779/57664", "specs": [ "<2.6.4", ">=2.7.0rc0,<2.7.2", @@ -153358,30 +155386,6 @@ ], "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, - { - "advisory": "Tensorflow-rocm 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35996: Floating point exception in 'Conv2D'. \nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-q5jv-m6qw-5g37", - "cve": "CVE-2022-35996", - "id": "pyup.io-57607", - "more_info_path": "/vulnerabilities/CVE-2022-35996/57607", - "specs": [ - "<2.7.4", - ">=2.8.0rc0,<2.8.3", - ">=2.9.0rc0,<2.9.2" - ], - "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" - }, - { - "advisory": "Tensorflow-rocm 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35974: Segfault in 'QuantizeDownAndShrinkRange'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-vgvh-2pf4-jr2x", - "cve": "CVE-2022-35974", - "id": "pyup.io-57618", - "more_info_path": "/vulnerabilities/CVE-2022-35974/57618", - "specs": [ - "<2.7.4", - ">=2.8.0rc0,<2.8.3", - ">=2.9.0rc0,<2.9.2" - ], - "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" - }, { "advisory": "Tensorflow-rocm 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36027: Segfault TFLite converter on per-channel quantized transposed convolutions.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-79h2-q768-fpxr", "cve": "CVE-2022-36027", @@ -153394,54 +155398,6 @@ ], "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, - { - "advisory": "Tensorflow-rocm 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35972: Segfault in 'QuantizedBiasAdd'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-4pc4-m9mj-v2r9", - "cve": "CVE-2022-35972", - "id": "pyup.io-57626", - "more_info_path": "/vulnerabilities/CVE-2022-35972/57626", - "specs": [ - "<2.7.4", - ">=2.8.0rc0,<2.8.3", - ">=2.9.0rc0,<2.9.2" - ], - "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" - }, - { - "advisory": "Tensorflow-rocm 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36014: Null-dereference in 'mlir::tfg::TFOp::nameAttr'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-7j3m-8g3c-9qqq", - "cve": "CVE-2022-36014", - "id": "pyup.io-57628", - "more_info_path": "/vulnerabilities/CVE-2022-36014/57628", - "specs": [ - "<2.7.4", - ">=2.8.0rc0,<2.8.3", - ">=2.9.0rc0,<2.9.2" - ], - "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" - }, - { - "advisory": "Tensorflow-rocm 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35988: 'CHECK' fail in 'tf.linalg.matrix_rank'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9vqj-64pv-w55c", - "cve": "CVE-2022-35988", - "id": "pyup.io-57631", - "more_info_path": "/vulnerabilities/CVE-2022-35988/57631", - "specs": [ - "<2.7.4", - ">=2.8.0rc0,<2.8.3", - ">=2.9.0rc0,<2.9.2" - ], - "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" - }, - { - "advisory": "Tensorflow-rocm 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36001: 'CHECK' fail in 'DrawBoundingBoxes'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-jqm7-m5q7-3hm5", - "cve": "CVE-2022-36001", - "id": "pyup.io-57639", - "more_info_path": "/vulnerabilities/CVE-2022-36001/57639", - "specs": [ - "<2.7.4", - ">=2.8.0rc0,<2.8.3", - ">=2.9.0rc0,<2.9.2" - ], - "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" - }, { "advisory": "Tensorflow-rocm 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35999: 'CHECK' fail in 'Conv2DBackpropInput'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-37jf-mjv6-xfqw", "cve": "CVE-2022-35999", @@ -153454,30 +155410,6 @@ ], "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, - { - "advisory": "Tensorflow-rocm 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36004: 'CHECK' fail in 'tf.random.gamma'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-mv8m-8x97-937q", - "cve": "CVE-2022-36004", - "id": "pyup.io-57644", - "more_info_path": "/vulnerabilities/CVE-2022-36004/57644", - "specs": [ - "<2.7.4", - ">=2.8.0rc0,<2.8.3", - ">=2.9.0rc0,<2.9.2" - ], - "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" - }, - { - "advisory": "Tensorflow-rocm 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35979: Segfault in 'QuantizedRelu' and 'QuantizedRelu6'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-v7vw-577f-vp8x", - "cve": "CVE-2022-35979", - "id": "pyup.io-57596", - "more_info_path": "/vulnerabilities/CVE-2022-35979/57596", - "specs": [ - "<2.7.4", - ">=2.8.0rc0,<2.8.3", - ">=2.9.0rc0,<2.9.2" - ], - "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" - }, { "advisory": "Tensorflow-rocm 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35960: 'CHECK' failure in 'TensorListReserve' via missing validation.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-v5xg-3q2c-c2r4", "cve": "CVE-2022-35960", @@ -153514,30 +155446,6 @@ ], "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, - { - "advisory": "Tensorflow-rocm 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35983: 'CHECK' fail in 'Save' and 'SaveSlices'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-m6vp-8q9j-whx4", - "cve": "CVE-2022-35983", - "id": "pyup.io-57605", - "more_info_path": "/vulnerabilities/CVE-2022-35983/57605", - "specs": [ - "<2.7.4", - ">=2.8.0rc0,<2.8.3", - ">=2.9.0rc0,<2.9.2" - ], - "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" - }, - { - "advisory": "Tensorflow-rocm 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35990: 'CHECK' fail in 'FakeQuantWithMinMaxVarsPerChannelGradient'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-h7ff-cfc9-wmmh", - "cve": "CVE-2022-35990", - "id": "pyup.io-57608", - "more_info_path": "/vulnerabilities/CVE-2022-35990/57608", - "specs": [ - "<2.7.4", - ">=2.8.0rc0,<2.8.3", - ">=2.9.0rc0,<2.9.2" - ], - "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" - }, { "advisory": "Tensorflow-rocm 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35997: 'CHECK' fail in 'tf.sparse.cross'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-p7hr-f446-x6qf", "cve": "CVE-2022-35997", @@ -153574,6 +155482,18 @@ ], "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, + { + "advisory": "Tensorflow-rocm 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35987: 'CHECK' fail in 'DenseBincount'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-w62h-8xjm-fv49", + "cve": "CVE-2022-35987", + "id": "pyup.io-57620", + "more_info_path": "/vulnerabilities/CVE-2022-35987/57620", + "specs": [ + "<2.7.4", + ">=2.8.0rc0,<2.8.3", + ">=2.9.0rc0,<2.9.2" + ], + "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" + }, { "advisory": "Tensorflow-rocm 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35973: Segfault in 'QuantizedMatMul'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-689c-r7h2-fv9v", "cve": "CVE-2022-35973", @@ -153587,10 +155507,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Tensorflow-rocm 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35987: 'CHECK' fail in 'DenseBincount'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-w62h-8xjm-fv49", - "cve": "CVE-2022-35987", - "id": "pyup.io-57620", - "more_info_path": "/vulnerabilities/CVE-2022-35987/57620", + "advisory": "Tensorflow-rocm 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36026: 'CHECK' fail in 'QuantizeAndDequantizeV3'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9cr2-8pwr-fhfq", + "cve": "CVE-2022-36026", + "id": "pyup.io-57621", + "more_info_path": "/vulnerabilities/CVE-2022-36026/57621", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -153611,10 +155531,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Tensorflow-rocm 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36011: Null dereference on MLIR on empty function attributes.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-fv43-93gv-vm8f", - "cve": "CVE-2022-36011", - "id": "pyup.io-57623", - "more_info_path": "/vulnerabilities/CVE-2022-36011/57623", + "advisory": "Tensorflow-rocm 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35993: 'CHECK' fail in 'SetSize'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-wq6q-6m32-9rv9", + "cve": "CVE-2022-35993", + "id": "pyup.io-57627", + "more_info_path": "/vulnerabilities/CVE-2022-35993/57627", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -153623,10 +155543,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Tensorflow-rocm 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36026: 'CHECK' fail in 'QuantizeAndDequantizeV3'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9cr2-8pwr-fhfq", - "cve": "CVE-2022-36026", - "id": "pyup.io-57621", - "more_info_path": "/vulnerabilities/CVE-2022-36026/57621", + "advisory": "Tensorflow-rocm 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35967: Segfault in 'QuantizedAdd'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-v6h3-348g-6h5x", + "cve": "CVE-2022-35967", + "id": "pyup.io-57634", + "more_info_path": "/vulnerabilities/CVE-2022-35967/57634", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -153635,10 +155555,34 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Tensorflow-rocm 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35993: 'CHECK' fail in 'SetSize'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-wq6q-6m32-9rv9", - "cve": "CVE-2022-35993", - "id": "pyup.io-57627", - "more_info_path": "/vulnerabilities/CVE-2022-35993/57627", + "advisory": "Tensorflow-rocm 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35968: 'CHECK' fail in 'AvgPoolGrad'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-2475-53vw-vp25", + "cve": "CVE-2022-35968", + "id": "pyup.io-57635", + "more_info_path": "/vulnerabilities/CVE-2022-35968/57635", + "specs": [ + "<2.7.4", + ">=2.8.0rc0,<2.8.3", + ">=2.9.0rc0,<2.9.2" + ], + "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" + }, + { + "advisory": "Tensorflow-rocm 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35970: Segfault in 'QuantizedInstanceNorm'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-g35r-369w-3fqp", + "cve": "CVE-2022-35970", + "id": "pyup.io-57636", + "more_info_path": "/vulnerabilities/CVE-2022-35970/57636", + "specs": [ + "<2.7.4", + ">=2.8.0rc0,<2.8.3", + ">=2.9.0rc0,<2.9.2" + ], + "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" + }, + { + "advisory": "Tensorflow-rocm 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35965: Segfault in 'LowerBound' and 'UpperBound'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-qxpx-j395-pw36", + "cve": "CVE-2022-35965", + "id": "pyup.io-57632", + "more_info_path": "/vulnerabilities/CVE-2022-35965/57632", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -153659,10 +155603,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Tensorflow-rocm 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35967: Segfault in 'QuantizedAdd'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-v6h3-348g-6h5x", - "cve": "CVE-2022-35967", - "id": "pyup.io-57634", - "more_info_path": "/vulnerabilities/CVE-2022-35967/57634", + "advisory": "Tensorflow-rocm 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35963: 'CHECK' failures in 'FractionalAvgPoolGrad'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-84jm-4cf3-9jfm", + "cve": "CVE-2022-35963", + "id": "pyup.io-57640", + "more_info_path": "/vulnerabilities/CVE-2022-35963/57640", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -153671,10 +155615,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Tensorflow-rocm 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35968: 'CHECK' fail in 'AvgPoolGrad'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-2475-53vw-vp25", - "cve": "CVE-2022-35968", - "id": "pyup.io-57635", - "more_info_path": "/vulnerabilities/CVE-2022-35968/57635", + "advisory": "Tensorflow-rocm 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36005: 'CHECK' fail in 'FakeQuantWithMinMaxVarsGradient'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-r26c-679w-mrjm", + "cve": "CVE-2022-36005", + "id": "pyup.io-57647", + "more_info_path": "/vulnerabilities/CVE-2022-36005/57647", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -153683,10 +155627,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Tensorflow-rocm 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35970: Segfault in 'QuantizedInstanceNorm'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-g35r-369w-3fqp", - "cve": "CVE-2022-35970", - "id": "pyup.io-57636", - "more_info_path": "/vulnerabilities/CVE-2022-35970/57636", + "advisory": "Tensorflow-rocm 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35995: 'CHECK' fail in 'AudioSummaryV2'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-g9h5-vr8m-x2h4", + "cve": "CVE-2022-35995", + "id": "pyup.io-57642", + "more_info_path": "/vulnerabilities/CVE-2022-35995/57642", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -153695,10 +155639,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Tensorflow-rocm 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35965: Segfault in 'LowerBound' and 'UpperBound'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-qxpx-j395-pw36", - "cve": "CVE-2022-35965", - "id": "pyup.io-57632", - "more_info_path": "/vulnerabilities/CVE-2022-35965/57632", + "advisory": "Tensorflow-rocm 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35937: OOB read in 'Gather_nd' op in TF Lite.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-pxrw-j2fv-hx3h", + "cve": "CVE-2022-35937", + "id": "pyup.io-57592", + "more_info_path": "/vulnerabilities/CVE-2022-35937/57592", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -153707,10 +155651,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Tensorflow-rocm 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35963: 'CHECK' failures in 'FractionalAvgPoolGrad'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-84jm-4cf3-9jfm", - "cve": "CVE-2022-35963", - "id": "pyup.io-57640", - "more_info_path": "/vulnerabilities/CVE-2022-35963/57640", + "advisory": "Tensorflow-rocm 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36002: 'CHECK' fail in 'Unbatch'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-mh3m-62v7-68xg", + "cve": "CVE-2022-36002", + "id": "pyup.io-57603", + "more_info_path": "/vulnerabilities/CVE-2022-36002/57603", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -153719,10 +155663,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Tensorflow-rocm 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36018: 'CHECK' fail in 'RaggedTensorToVariant'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-m6cv-4fmf-66xf", - "cve": "CVE-2022-36018", - "id": "pyup.io-57645", - "more_info_path": "/vulnerabilities/CVE-2022-36018/57645", + "advisory": "Tensorflow-rocm 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35998: 'CHECK' fail in 'EmptyTensorList'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-qhw4-wwr7-gjc5", + "cve": "CVE-2022-35998", + "id": "pyup.io-57612", + "more_info_path": "/vulnerabilities/CVE-2022-35998/57612", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -153731,10 +155675,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Tensorflow-rocm 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35989: 'CHECK' fail in 'MaxPool'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-j43h-pgmg-5hjq", - "cve": "CVE-2022-35989", - "id": "pyup.io-57646", - "more_info_path": "/vulnerabilities/CVE-2022-35989/57646", + "advisory": "Tensorflow-rocm 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35996: Floating point exception in 'Conv2D'. \nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-q5jv-m6qw-5g37", + "cve": "CVE-2022-35996", + "id": "pyup.io-57607", + "more_info_path": "/vulnerabilities/CVE-2022-35996/57607", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -153743,10 +155687,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Tensorflow-rocm 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36005: 'CHECK' fail in 'FakeQuantWithMinMaxVarsGradient'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-r26c-679w-mrjm", - "cve": "CVE-2022-36005", - "id": "pyup.io-57647", - "more_info_path": "/vulnerabilities/CVE-2022-36005/57647", + "advisory": "Tensorflow-rocm 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35974: Segfault in 'QuantizeDownAndShrinkRange'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-vgvh-2pf4-jr2x", + "cve": "CVE-2022-35974", + "id": "pyup.io-57618", + "more_info_path": "/vulnerabilities/CVE-2022-35974/57618", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -153755,10 +155699,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Tensorflow-rocm 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35995: 'CHECK' fail in 'AudioSummaryV2'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-g9h5-vr8m-x2h4", - "cve": "CVE-2022-35995", - "id": "pyup.io-57642", - "more_info_path": "/vulnerabilities/CVE-2022-35995/57642", + "advisory": "Tensorflow-rocm 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35972: Segfault in 'QuantizedBiasAdd'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-4pc4-m9mj-v2r9", + "cve": "CVE-2022-35972", + "id": "pyup.io-57626", + "more_info_path": "/vulnerabilities/CVE-2022-35972/57626", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -153767,10 +155711,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Tensorflow-rocm 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35952: 'CHECK' failures in 'UnbatchGradOp'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-h5vq-gw2c-pq47", - "cve": "CVE-2022-35952", - "id": "pyup.io-57594", - "more_info_path": "/vulnerabilities/CVE-2022-35952/57594", + "advisory": "Tensorflow-rocm 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35988: 'CHECK' fail in 'tf.linalg.matrix_rank'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9vqj-64pv-w55c", + "cve": "CVE-2022-35988", + "id": "pyup.io-57631", + "more_info_path": "/vulnerabilities/CVE-2022-35988/57631", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -153779,10 +155723,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Tensorflow-rocm 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36012: Assertion fail on MLIR empty edge names.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-jvhc-5hhr-w3v5", - "cve": "CVE-2022-36012", - "id": "pyup.io-57604", - "more_info_path": "/vulnerabilities/CVE-2022-36012/57604", + "advisory": "Tensorflow-rocm 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36014: Null-dereference in 'mlir::tfg::TFOp::nameAttr'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-7j3m-8g3c-9qqq", + "cve": "CVE-2022-36014", + "id": "pyup.io-57628", + "more_info_path": "/vulnerabilities/CVE-2022-36014/57628", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -153791,10 +155735,106 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Tensorflow-rocm 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36000: 'CHECK' fail in 'Eig'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-fqxc-pvf8-2w9v", - "cve": "CVE-2022-36000", - "id": "pyup.io-57615", - "more_info_path": "/vulnerabilities/CVE-2022-36000/57615", + "advisory": "Tensorflow-rocm 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36001: 'CHECK' fail in 'DrawBoundingBoxes'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-jqm7-m5q7-3hm5", + "cve": "CVE-2022-36001", + "id": "pyup.io-57639", + "more_info_path": "/vulnerabilities/CVE-2022-36001/57639", + "specs": [ + "<2.7.4", + ">=2.8.0rc0,<2.8.3", + ">=2.9.0rc0,<2.9.2" + ], + "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" + }, + { + "advisory": "Tensorflow-rocm 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36004: 'CHECK' fail in 'tf.random.gamma'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-mv8m-8x97-937q", + "cve": "CVE-2022-36004", + "id": "pyup.io-57644", + "more_info_path": "/vulnerabilities/CVE-2022-36004/57644", + "specs": [ + "<2.7.4", + ">=2.8.0rc0,<2.8.3", + ">=2.9.0rc0,<2.9.2" + ], + "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" + }, + { + "advisory": "Tensorflow-rocm 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35990: 'CHECK' fail in 'FakeQuantWithMinMaxVarsPerChannelGradient'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-h7ff-cfc9-wmmh", + "cve": "CVE-2022-35990", + "id": "pyup.io-57608", + "more_info_path": "/vulnerabilities/CVE-2022-35990/57608", + "specs": [ + "<2.7.4", + ">=2.8.0rc0,<2.8.3", + ">=2.9.0rc0,<2.9.2" + ], + "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" + }, + { + "advisory": "Tensorflow-rocm 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35979: Segfault in 'QuantizedRelu' and 'QuantizedRelu6'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-v7vw-577f-vp8x", + "cve": "CVE-2022-35979", + "id": "pyup.io-57596", + "more_info_path": "/vulnerabilities/CVE-2022-35979/57596", + "specs": [ + "<2.7.4", + ">=2.8.0rc0,<2.8.3", + ">=2.9.0rc0,<2.9.2" + ], + "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" + }, + { + "advisory": "Tensorflow-rocm 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35983: 'CHECK' fail in 'Save' and 'SaveSlices'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-m6vp-8q9j-whx4", + "cve": "CVE-2022-35983", + "id": "pyup.io-57605", + "more_info_path": "/vulnerabilities/CVE-2022-35983/57605", + "specs": [ + "<2.7.4", + ">=2.8.0rc0,<2.8.3", + ">=2.9.0rc0,<2.9.2" + ], + "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" + }, + { + "advisory": "Tensorflow-rocm 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36011: Null dereference on MLIR on empty function attributes.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-fv43-93gv-vm8f", + "cve": "CVE-2022-36011", + "id": "pyup.io-57623", + "more_info_path": "/vulnerabilities/CVE-2022-36011/57623", + "specs": [ + "<2.7.4", + ">=2.8.0rc0,<2.8.3", + ">=2.9.0rc0,<2.9.2" + ], + "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" + }, + { + "advisory": "Tensorflow-rocm 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36018: 'CHECK' fail in 'RaggedTensorToVariant'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-m6cv-4fmf-66xf", + "cve": "CVE-2022-36018", + "id": "pyup.io-57645", + "more_info_path": "/vulnerabilities/CVE-2022-36018/57645", + "specs": [ + "<2.7.4", + ">=2.8.0rc0,<2.8.3", + ">=2.9.0rc0,<2.9.2" + ], + "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" + }, + { + "advisory": "Tensorflow-rocm 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35989: 'CHECK' fail in 'MaxPool'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-j43h-pgmg-5hjq", + "cve": "CVE-2022-35989", + "id": "pyup.io-57646", + "more_info_path": "/vulnerabilities/CVE-2022-35989/57646", + "specs": [ + "<2.7.4", + ">=2.8.0rc0,<2.8.3", + ">=2.9.0rc0,<2.9.2" + ], + "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" + }, + { + "advisory": "Tensorflow-rocm 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35952: 'CHECK' failures in 'UnbatchGradOp'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-h5vq-gw2c-pq47", + "cve": "CVE-2022-35952", + "id": "pyup.io-57594", + "more_info_path": "/vulnerabilities/CVE-2022-35952/57594", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -153815,10 +155855,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Tensorflow-rocm 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36016: 'CHECK'-fail in 'tensorflow::full_type::SubstituteFromAttrs'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-g468-qj8g-vcjc", - "cve": "CVE-2022-36016", - "id": "pyup.io-57630", - "more_info_path": "/vulnerabilities/CVE-2022-36016/57630", + "advisory": "Tensorflow-rocm 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36012: Assertion fail on MLIR empty edge names.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-jvhc-5hhr-w3v5", + "cve": "CVE-2022-36012", + "id": "pyup.io-57604", + "more_info_path": "/vulnerabilities/CVE-2022-36012/57604", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -153827,10 +155867,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Tensorflow-rocm 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35939: OOB write in 'scatter_nd' op in TF Lite.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-ffjm-4qwc-7cmf", - "cve": "CVE-2022-35939", - "id": "pyup.io-57593", - "more_info_path": "/vulnerabilities/CVE-2022-35939/57593", + "advisory": "Tensorflow-rocm 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36000: 'CHECK' fail in 'Eig'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-fqxc-pvf8-2w9v", + "cve": "CVE-2022-36000", + "id": "pyup.io-57615", + "more_info_path": "/vulnerabilities/CVE-2022-36000/57615", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -153839,10 +155879,22 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Tensorflow-rocm 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35937: OOB read in 'Gather_nd' op in TF Lite.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-pxrw-j2fv-hx3h", - "cve": "CVE-2022-35937", - "id": "pyup.io-57592", - "more_info_path": "/vulnerabilities/CVE-2022-35937/57592", + "advisory": "Tensorflow-rocm 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36016: 'CHECK'-fail in 'tensorflow::full_type::SubstituteFromAttrs'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-g468-qj8g-vcjc", + "cve": "CVE-2022-36016", + "id": "pyup.io-57630", + "more_info_path": "/vulnerabilities/CVE-2022-36016/57630", + "specs": [ + "<2.7.4", + ">=2.8.0rc0,<2.8.3", + ">=2.9.0rc0,<2.9.2" + ], + "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" + }, + { + "advisory": "Tensorflow-rocm 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35939: OOB write in 'scatter_nd' op in TF Lite.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-ffjm-4qwc-7cmf", + "cve": "CVE-2022-35939", + "id": "pyup.io-57593", + "more_info_path": "/vulnerabilities/CVE-2022-35939/57593", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -153898,18 +155950,6 @@ ], "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, - { - "advisory": "Tensorflow-rocm 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36002: 'CHECK' fail in 'Unbatch'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-mh3m-62v7-68xg", - "cve": "CVE-2022-36002", - "id": "pyup.io-57603", - "more_info_path": "/vulnerabilities/CVE-2022-36002/57603", - "specs": [ - "<2.7.4", - ">=2.8.0rc0,<2.8.3", - ">=2.9.0rc0,<2.9.2" - ], - "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" - }, { "advisory": "Tensorflow-rocm 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35984: 'CHECK' fail in 'ParameterizedTruncatedNormal'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-p2xf-8hgm-hpw5", "cve": "CVE-2022-35984", @@ -153946,18 +155986,6 @@ ], "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, - { - "advisory": "Tensorflow-rocm 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35998: 'CHECK' fail in 'EmptyTensorList'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-qhw4-wwr7-gjc5", - "cve": "CVE-2022-35998", - "id": "pyup.io-57612", - "more_info_path": "/vulnerabilities/CVE-2022-35998/57612", - "specs": [ - "<2.7.4", - ">=2.8.0rc0,<2.8.3", - ">=2.9.0rc0,<2.9.2" - ], - "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" - }, { "advisory": "Tensorflow-rocm 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36013: Null-dereference in 'mlir::tfg::GraphDefImporter::ConvertNodeDef'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-828c-5j5q-vrjq", "cve": "CVE-2022-36013", @@ -154042,6 +156070,42 @@ ], "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, + { + "advisory": "Tensorflow-rocm 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41888: When running on GPU, 'tf.image.generate_bounding_box_proposals' receives a 'scores' input that must be of rank 4 but is not checked.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-6x99-gv2v-q76v", + "cve": "CVE-2022-41888", + "id": "pyup.io-57587", + "more_info_path": "/vulnerabilities/CVE-2022-41888/57587", + "specs": [ + "<2.8.4", + ">=2.9.0rc0,<2.9.3", + ">=2.10.0rc0,<2.10.1" + ], + "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" + }, + { + "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41891: If 'tf.raw_ops.TensorListConcat' is given 'element_shape=[]', it results segmentation fault which can be used to trigger a denial of service attack.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-66vq-54fq-6jvv", + "cve": "CVE-2022-41891", + "id": "pyup.io-57569", + "more_info_path": "/vulnerabilities/CVE-2022-41891/57569", + "specs": [ + "<2.8.4", + ">=2.9.0rc0,<2.9.3", + ">=2.10.0rc0,<2.10.1" + ], + "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" + }, + { + "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41899: TensorFlow is an open source platform for machine learning. Inputs 'dense_features' or 'example_state_data' not of rank 2 will trigger a 'CHECK' fail in 'SdcaOptimizer'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-27rc-728f-x5w2", + "cve": "CVE-2022-41899", + "id": "pyup.io-57573", + "more_info_path": "/vulnerabilities/CVE-2022-41899/57573", + "specs": [ + "<2.8.4", + ">=2.9.0rc0,<2.9.3", + ">=2.10.0rc0,<2.10.1" + ], + "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" + }, { "advisory": "Tensorflow-rocm 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41908: TensorFlow is an open source platform for machine learning. An input 'token' that is not a UTF-8 bytestring will trigger a 'CHECK' fail in 'tf.raw_ops.PyFunc'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-mv77-9g28-cwg3", "cve": "CVE-2022-41908", @@ -154126,18 +156190,6 @@ ], "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, - { - "advisory": "Tensorflow-rocm 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41888: When running on GPU, 'tf.image.generate_bounding_box_proposals' receives a 'scores' input that must be of rank 4 but is not checked.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-6x99-gv2v-q76v", - "cve": "CVE-2022-41888", - "id": "pyup.io-57587", - "more_info_path": "/vulnerabilities/CVE-2022-41888/57587", - "specs": [ - "<2.8.4", - ">=2.9.0rc0,<2.9.3", - ">=2.10.0rc0,<2.10.1" - ], - "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" - }, { "advisory": "Tensorflow-rocm 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41895: If 'MirrorPadGrad' is given outsize input 'paddings', TensorFlow will give a heap OOB error.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-gq2j-cr96-gvqx", "cve": "CVE-2022-41895", @@ -154234,18 +156286,6 @@ ], "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, - { - "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41891: If 'tf.raw_ops.TensorListConcat' is given 'element_shape=[]', it results segmentation fault which can be used to trigger a denial of service attack.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-66vq-54fq-6jvv", - "cve": "CVE-2022-41891", - "id": "pyup.io-57569", - "more_info_path": "/vulnerabilities/CVE-2022-41891/57569", - "specs": [ - "<2.8.4", - ">=2.9.0rc0,<2.9.3", - ">=2.10.0rc0,<2.10.1" - ], - "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" - }, { "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41898: If 'SparseFillEmptyRowsGrad' is given empty inputs, TensorFlow will crash.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-hq7g-wwwp-q46h", "cve": "CVE-2022-41898", @@ -154282,18 +156322,6 @@ ], "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, - { - "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41899: TensorFlow is an open source platform for machine learning. Inputs 'dense_features' or 'example_state_data' not of rank 2 will trigger a 'CHECK' fail in 'SdcaOptimizer'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-27rc-728f-x5w2", - "cve": "CVE-2022-41899", - "id": "pyup.io-57573", - "more_info_path": "/vulnerabilities/CVE-2022-41899/57573", - "specs": [ - "<2.8.4", - ">=2.9.0rc0,<2.9.3", - ">=2.10.0rc0,<2.10.1" - ], - "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" - }, { "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41901: An input 'sparse_matrix' that is not a matrix with a shape with rank 0 will trigger a 'CHECK' fail in 'tf.raw_ops.SparseMatrixNNZ'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-g9fm-r5mm-rf9f", "cve": "CVE-2022-41901", @@ -154357,17 +156385,6 @@ ], "v": ">=1.15.0rc0,<1.15.4,>=2.0.0a0,<2.0.3,>=2.1.0rc0,<2.1.2,>=2.2.0rc0,<2.2.1,>=2.3.0rc0,<2.3.1" }, - { - "advisory": "Tensorflow-rocm versions 1.15.2 and 2.0.1 updates 'sqlite3' to handle CVE-2019-16168.", - "cve": "CVE-2019-16168", - "id": "pyup.io-58013", - "more_info_path": "/vulnerabilities/CVE-2019-16168/58013", - "specs": [ - ">=2.0.0a0,<2.0.1", - "<1.15.2" - ], - "v": ">=2.0.0a0,<2.0.1,<1.15.2" - }, { "advisory": "Tensorflow-rocm versions 1.15.2 and 2.0.1 updates its dependency \"curl\" to handle CVE-2019-5481.", "cve": "CVE-2019-5481", @@ -154401,6 +156418,17 @@ ], "v": ">=2.0.0a0,<2.0.1,<1.15.2" }, + { + "advisory": "Tensorflow-rocm versions 1.15.2 and 2.0.1 updates 'sqlite3' to handle CVE-2019-16168.", + "cve": "CVE-2019-16168", + "id": "pyup.io-58013", + "more_info_path": "/vulnerabilities/CVE-2019-16168/58013", + "specs": [ + ">=2.0.0a0,<2.0.1", + "<1.15.2" + ], + "v": ">=2.0.0a0,<2.0.1,<1.15.2" + }, { "advisory": "Tensorflow-rocm versions 1.15.2 and 2.0.1 updates its dependency \"curl\" to handle CVE-2019-5482.", "cve": "CVE-2019-5482", @@ -154448,10 +156476,10 @@ "v": ">=2.10.0rc0,<2.10.1" }, { - "advisory": "Tensorflow-rocm versions 2.2.1 and 2.3.1 includes a fix for CVE-2020-15213: In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a denial of service by causing an out of memory allocation in the implementation of segment sum. Since code uses the last element of the tensor holding them to determine the dimension of the output tensor, attackers can use a very large value to trigger a large allocation. The issue was patched in commit 204945b19e44b57906c9344c0d00120eeeae178a. A potential workaround is to add a custom \"Verifier\" to limit the maximum value in the segment ids tensor. This only handles the case when the segment ids are stored statically in the model, but a similar validation could be done if the segment ids are generated at runtime, between inference steps. However, if the segment ids are generated as outputs of a tensor during inference steps, then there are no possible workaround and users are advised to upgrade to patched code.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-hjmq-236j-8m87", - "cve": "CVE-2020-15213", - "id": "pyup.io-57997", - "more_info_path": "/vulnerabilities/CVE-2020-15213/57997", + "advisory": "Tensorflow-rocm versions 2.2.1 and 2.3.1 include a fix for CVE-2020-15193: In Tensorflow before versions 2.2.1 and 2.3.1, the implementation of \"dlpack.to_dlpack\" can be made to use uninitialized memory resulting in further memory corruption. This is because the pybind11 glue code assumes that the argument is a tensor. However, there is nothing stopping users from passing in a Python object instead of a tensor. The uninitialized memory address is due to a \"reinterpret_cast\". Since the \"PyObject\" is a Python object, not a Tensorflow tensor, the cast to \"EagerTensor\" fails. The issue was patched in commit 22e07fb204386768e5bcbea563641ea11f96ceb8\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-rjjg-hgv6-h69v", + "cve": "CVE-2020-15193", + "id": "pyup.io-58001", + "more_info_path": "/vulnerabilities/CVE-2020-15193/58001", "specs": [ ">=2.2.0rc0,<2.2.1", ">=2.3.0rc0,<2.3.1" @@ -154459,10 +156487,10 @@ "v": ">=2.2.0rc0,<2.2.1,>=2.3.0rc0,<2.3.1" }, { - "advisory": "Tensorflow-rocm versions 2.2.1 and 2.3.1 includes a fix for CVE-2020-15212: In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor. Users having access to \"segment_ids_data\" can alter \"output_index\" and then write to outside of \"output_data\" buffer. This might result in a segmentation fault but it can also be used to further corrupt the memory and can be chained with other vulnerabilities to create more advanced exploits. The issue was patched in commit 204945b19e44b57906c9344c0d00120eeeae178a. A potential workaround is to add a custom \"Verifier\" to the model loading code to ensure that the segment ids are all positive, although this only handles the case when the segment ids are stored statically in the model. A similar validation could be done if the segment ids are generated at runtime between inference steps. If the segment ids are generated as outputs of a tensor during inference steps, then there are no possible workaround and users are advised to upgrade to patched code.", - "cve": "CVE-2020-15212", - "id": "pyup.io-57998", - "more_info_path": "/vulnerabilities/CVE-2020-15212/57998", + "advisory": "Tensorflow-rocm versions 2.2.1 and 2.3.1 includes a fix for CVE-2020-15214: In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a write out bounds / segmentation fault if the segment ids are not sorted. Code assumes that the segment ids are in increasing order, using the last element of the tensor holding them to determine the dimension of output tensor. This results in allocating insufficient memory for the output tensor and in a write outside the bounds of the output array. This usually results in a segmentation fault, but depending on runtime conditions it can provide for a write gadget to be used in future memory corruption-based exploits. The issue was patched in commit 204945b19e44b57906c9344c0d00120eeeae178a. A potential workaround is to add a custom \"Verifier\" to the model loading code to ensure that the segment ids are sorted, although this only handles the case when the segment ids are stored statically in the model. A similar validation could be done if the segment ids are generated at runtime between inference steps. If the segment ids are generated as outputs of a tensor during inference steps, then there are no possible workaround and users are advised to upgrade to patched code.", + "cve": "CVE-2020-15214", + "id": "pyup.io-57999", + "more_info_path": "/vulnerabilities/CVE-2020-15214/57999", "specs": [ ">=2.2.0rc0,<2.2.1", ">=2.3.0rc0,<2.3.1" @@ -154470,10 +156498,10 @@ "v": ">=2.2.0rc0,<2.2.1,>=2.3.0rc0,<2.3.1" }, { - "advisory": "Tensorflow-rocm versions 2.2.1 and 2.3.1 include a fix for CVE-2020-15193: In Tensorflow before versions 2.2.1 and 2.3.1, the implementation of \"dlpack.to_dlpack\" can be made to use uninitialized memory resulting in further memory corruption. This is because the pybind11 glue code assumes that the argument is a tensor. However, there is nothing stopping users from passing in a Python object instead of a tensor. The uninitialized memory address is due to a \"reinterpret_cast\". Since the \"PyObject\" is a Python object, not a Tensorflow tensor, the cast to \"EagerTensor\" fails. The issue was patched in commit 22e07fb204386768e5bcbea563641ea11f96ceb8\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-rjjg-hgv6-h69v", - "cve": "CVE-2020-15193", - "id": "pyup.io-58001", - "more_info_path": "/vulnerabilities/CVE-2020-15193/58001", + "advisory": "Tensorflow-rocm versions 2.2.1 and 2.3.1 includes a fix for CVE-2020-15213: In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a denial of service by causing an out of memory allocation in the implementation of segment sum. Since code uses the last element of the tensor holding them to determine the dimension of the output tensor, attackers can use a very large value to trigger a large allocation. The issue was patched in commit 204945b19e44b57906c9344c0d00120eeeae178a. A potential workaround is to add a custom \"Verifier\" to limit the maximum value in the segment ids tensor. This only handles the case when the segment ids are stored statically in the model, but a similar validation could be done if the segment ids are generated at runtime, between inference steps. However, if the segment ids are generated as outputs of a tensor during inference steps, then there are no possible workaround and users are advised to upgrade to patched code.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-hjmq-236j-8m87", + "cve": "CVE-2020-15213", + "id": "pyup.io-57997", + "more_info_path": "/vulnerabilities/CVE-2020-15213/57997", "specs": [ ">=2.2.0rc0,<2.2.1", ">=2.3.0rc0,<2.3.1" @@ -154481,10 +156509,10 @@ "v": ">=2.2.0rc0,<2.2.1,>=2.3.0rc0,<2.3.1" }, { - "advisory": "Tensorflow-rocm versions 2.2.1 and 2.3.1 include a fix for CVE-2020-15191: In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an invalid argument to 'dlpack.to_dlpack' the expected validations will cause variables to bind to 'nullptr' while setting a 'status' variable to the error condition. However, this 'status' argument is not properly checked. Hence, code following these methods will bind references to null pointers. This is undefined behavior and reported as an error if compiling with '-fsanitize=null'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-q8qj-fc9q-cphr", - "cve": "CVE-2020-15191", - "id": "pyup.io-57996", - "more_info_path": "/vulnerabilities/CVE-2020-15191/57996", + "advisory": "Tensorflow-rocm versions 2.2.1 and 2.3.1 includes a fix for CVE-2020-15212: In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor. Users having access to \"segment_ids_data\" can alter \"output_index\" and then write to outside of \"output_data\" buffer. This might result in a segmentation fault but it can also be used to further corrupt the memory and can be chained with other vulnerabilities to create more advanced exploits. The issue was patched in commit 204945b19e44b57906c9344c0d00120eeeae178a. A potential workaround is to add a custom \"Verifier\" to the model loading code to ensure that the segment ids are all positive, although this only handles the case when the segment ids are stored statically in the model. A similar validation could be done if the segment ids are generated at runtime between inference steps. If the segment ids are generated as outputs of a tensor during inference steps, then there are no possible workaround and users are advised to upgrade to patched code.", + "cve": "CVE-2020-15212", + "id": "pyup.io-57998", + "more_info_path": "/vulnerabilities/CVE-2020-15212/57998", "specs": [ ">=2.2.0rc0,<2.2.1", ">=2.3.0rc0,<2.3.1" @@ -154492,10 +156520,10 @@ "v": ">=2.2.0rc0,<2.2.1,>=2.3.0rc0,<2.3.1" }, { - "advisory": "Tensorflow-rocm versions 2.2.1 and 2.3.1 includes a fix for CVE-2020-15214: In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a write out bounds / segmentation fault if the segment ids are not sorted. Code assumes that the segment ids are in increasing order, using the last element of the tensor holding them to determine the dimension of output tensor. This results in allocating insufficient memory for the output tensor and in a write outside the bounds of the output array. This usually results in a segmentation fault, but depending on runtime conditions it can provide for a write gadget to be used in future memory corruption-based exploits. The issue was patched in commit 204945b19e44b57906c9344c0d00120eeeae178a. A potential workaround is to add a custom \"Verifier\" to the model loading code to ensure that the segment ids are sorted, although this only handles the case when the segment ids are stored statically in the model. A similar validation could be done if the segment ids are generated at runtime between inference steps. If the segment ids are generated as outputs of a tensor during inference steps, then there are no possible workaround and users are advised to upgrade to patched code.", - "cve": "CVE-2020-15214", - "id": "pyup.io-57999", - "more_info_path": "/vulnerabilities/CVE-2020-15214/57999", + "advisory": "Tensorflow-rocm versions 2.2.1 and 2.3.1 include a fix for CVE-2020-15191: In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an invalid argument to 'dlpack.to_dlpack' the expected validations will cause variables to bind to 'nullptr' while setting a 'status' variable to the error condition. However, this 'status' argument is not properly checked. Hence, code following these methods will bind references to null pointers. This is undefined behavior and reported as an error if compiling with '-fsanitize=null'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-q8qj-fc9q-cphr", + "cve": "CVE-2020-15191", + "id": "pyup.io-57996", + "more_info_path": "/vulnerabilities/CVE-2020-15191/57996", "specs": [ ">=2.2.0rc0,<2.2.1", ">=2.3.0rc0,<2.3.1" @@ -154586,6 +156614,32 @@ ], "v": ">=2.3.0rc0,<2.3.4,>=2.4.0rc0,<2.4.3,>=2.5.0rc0,<2.5.1,>=2.6.0rc0,<2.6.0" }, + { + "advisory": "Tensorflow-rocm 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37689: In affected versions an attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a crash and denial of service. This is caused by the MLIR optimization of 'L2NormalizeReduceAxis' operator. The implementation (https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/compiler/mlir/lite/transforms/optimize.cc#L67-L70) unconditionally dereferences a pointer to an iterator to a vector without checking that the vector has elements. The Tensorflow team has patched the issue in GitHub commit d6b57f461b39fd1aa8c1b870f1b974aac3554955.", + "cve": "CVE-2021-37689", + "id": "pyup.io-57945", + "more_info_path": "/vulnerabilities/CVE-2021-37689/57945", + "specs": [ + ">=2.3.0rc0,<2.3.4", + ">=2.4.0rc0,<2.4.3", + ">=2.5.0rc0,<2.5.1", + ">=2.6.0rc0,<2.6.0" + ], + "v": ">=2.3.0rc0,<2.3.4,>=2.4.0rc0,<2.4.3,>=2.5.0rc0,<2.5.1,>=2.6.0rc0,<2.6.0" + }, + { + "advisory": "Tensorflow-rocm 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37648: In affected versions the code for 'tf.raw_ops.SaveV2' does not properly validate the inputs and an attacker can trigger a null pointer dereference. The implementation (https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/save_restore_v2_ops.cc) uses 'ValidateInputs' to check that the input arguments are valid. This validation would have caught the illegal state represented by the reproducer above. However, the validation uses 'OP_REQUIRES' which translates to setting the 'Status' object of the current 'OpKernelContext' to an error status, followed by an empty 'return' statement which just terminates the execution of the function it is present in. However, this does not mean that the kernel execution is finalized: instead, execution continues from the nQext line in 'Compute' that follows the call to 'ValidateInputs'. This is equivalent to lacking the validation. The Tensorflow team has patched the issue in GitHub commit 9728c60e136912a12d99ca56e106b7cce7af5986.", + "cve": "CVE-2021-37648", + "id": "pyup.io-57946", + "more_info_path": "/vulnerabilities/CVE-2021-37648/57946", + "specs": [ + ">=2.3.0rc0,<2.3.4", + ">=2.4.0rc0,<2.4.3", + ">=2.5.0rc0,<2.5.1", + ">=2.6.0rc0,<2.6.0" + ], + "v": ">=2.3.0rc0,<2.3.4,>=2.4.0rc0,<2.4.3,>=2.5.0rc0,<2.5.1,>=2.6.0rc0,<2.6.0" + }, { "advisory": "Tensorflow-rocm 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37667: In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in 'tf.raw_ops.UnicodeEncode'. The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/unicode_ops.cc#L533-L539) reads the first dimension of the 'input_splits' tensor before validating that this tensor is not empty. The Tensorflow team has patched the issue in GitHub commit 2e0ee46f1a47675152d3d865797a18358881d7a6.", "cve": "CVE-2021-37667", @@ -154625,19 +156679,6 @@ ], "v": ">=2.3.0rc0,<2.3.4,>=2.4.0rc0,<2.4.3,>=2.5.0rc0,<2.5.1,>=2.6.0rc0,<2.6.0" }, - { - "advisory": "Tensorflow-rocm 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37689: In affected versions an attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a crash and denial of service. This is caused by the MLIR optimization of 'L2NormalizeReduceAxis' operator. The implementation (https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/compiler/mlir/lite/transforms/optimize.cc#L67-L70) unconditionally dereferences a pointer to an iterator to a vector without checking that the vector has elements. The Tensorflow team has patched the issue in GitHub commit d6b57f461b39fd1aa8c1b870f1b974aac3554955.", - "cve": "CVE-2021-37689", - "id": "pyup.io-57945", - "more_info_path": "/vulnerabilities/CVE-2021-37689/57945", - "specs": [ - ">=2.3.0rc0,<2.3.4", - ">=2.4.0rc0,<2.4.3", - ">=2.5.0rc0,<2.5.1", - ">=2.6.0rc0,<2.6.0" - ], - "v": ">=2.3.0rc0,<2.3.4,>=2.4.0rc0,<2.4.3,>=2.5.0rc0,<2.5.1,>=2.6.0rc0,<2.6.0" - }, { "advisory": "Tensorflow-rocm 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37636: In affected versions the implementation of 'tf.raw_ops.SparseDenseCwiseDiv' is vulnerable to a division by 0 error. The implementation (https://github.com/tensorflow/tensorflow/blob/a1bc56203f21a5a4995311825ffaba7a670d7747/tensorflow/core/kernels/sparse_dense_binary_op_shared.cc#L56) uses a common class for all binary operations but fails to treat the division by 0 case separately. The Tensorflow team has patched the issue in GitHub commit d9204be9f49520cdaaeb2541d1dc5187b23f31d9.", "cve": "CVE-2021-37636", @@ -154691,23 +156732,23 @@ "v": ">=2.3.0rc0,<2.3.4,>=2.4.0rc0,<2.4.3,>=2.5.0rc0,<2.5.1,>=2.6.0rc0,<2.6.0" }, { - "advisory": "Tensorflow-rocm 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37648: In affected versions the code for 'tf.raw_ops.SaveV2' does not properly validate the inputs and an attacker can trigger a null pointer dereference. The implementation (https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/save_restore_v2_ops.cc) uses 'ValidateInputs' to check that the input arguments are valid. This validation would have caught the illegal state represented by the reproducer above. However, the validation uses 'OP_REQUIRES' which translates to setting the 'Status' object of the current 'OpKernelContext' to an error status, followed by an empty 'return' statement which just terminates the execution of the function it is present in. However, this does not mean that the kernel execution is finalized: instead, execution continues from the nQext line in 'Compute' that follows the call to 'ValidateInputs'. This is equivalent to lacking the validation. The Tensorflow team has patched the issue in GitHub commit 9728c60e136912a12d99ca56e106b7cce7af5986.", - "cve": "CVE-2021-37648", - "id": "pyup.io-57946", - "more_info_path": "/vulnerabilities/CVE-2021-37648/57946", + "advisory": "Tensorflow-rocm 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37651: In affected versions the implementation for 'tf.raw_ops.FractionalAvgPoolGrad' can be tricked into accessing data outside of bounds of heap allocated buffers. The implementation (https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/fractional_avg_pool_op.cc#L205) does not validate that the input tensor is non-empty. Thus, code constructs an empty 'EigenDoubleMatrixMap' and then accesses this buffer with indices that are outside of the empty area. The Tensorflow team has patched the issue in GitHub commit 0f931751fb20f565c4e94aa6df58d54a003cdb30.", + "cve": "CVE-2021-37651", + "id": "pyup.io-57936", + "more_info_path": "/vulnerabilities/CVE-2021-37651/57936", "specs": [ ">=2.3.0rc0,<2.3.4", - ">=2.4.0rc0,<2.4.3", ">=2.5.0rc0,<2.5.1", + ">=2.4.0rc0,<2.4.3", ">=2.6.0rc0,<2.6.0" ], - "v": ">=2.3.0rc0,<2.3.4,>=2.4.0rc0,<2.4.3,>=2.5.0rc0,<2.5.1,>=2.6.0rc0,<2.6.0" + "v": ">=2.3.0rc0,<2.3.4,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.6.0rc0,<2.6.0" }, { - "advisory": "Tensorflow-rocm 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37638: Sending invalid argument for 'row_partition_types' of 'tf.raw_ops.RaggedTensorToTensor' API results in a null pointer dereference and undefined behavior. The implementation (https://github.com/tensorflow/tensorflow/blob/47a06f40411a69c99f381495f490536972152ac0/tensorflow/core/kernels/ragged_tensor_to_tensor_op.cc#L328) accesses the first element of a user supplied list of values without validating that the provided list is not empty. The Tensorflow team has patched the issue in GitHub commit 301ae88b331d37a2a16159b65b255f4f9eb39314.", - "cve": "CVE-2021-37638", - "id": "pyup.io-57934", - "more_info_path": "/vulnerabilities/CVE-2021-37638/57934", + "advisory": "Tensorflow-rocm 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37649: The code for 'tf.raw_ops.UncompressElement' can be made to trigger a null pointer dereference. The implementation (https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/data/experimental/compression_ops.cc#L50-L53) obtains a pointer to a 'CompressedElement' from a 'Variant' tensor and then proceeds to dereference it for decompressing. There is no check that the 'Variant' tensor contained a 'CompressedElement', so the pointer is actually 'nullptr'. The Tensorflow team has patched the issue in GitHub commit 7bdf50bb4f5c54a4997c379092888546c97c3ebd.", + "cve": "CVE-2021-37649", + "id": "pyup.io-57940", + "more_info_path": "/vulnerabilities/CVE-2021-37649/57940", "specs": [ ">=2.3.0rc0,<2.3.4", ">=2.5.0rc0,<2.5.1", @@ -154717,10 +156758,10 @@ "v": ">=2.3.0rc0,<2.3.4,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.6.0rc0,<2.6.0" }, { - "advisory": "Tensorflow-rocm 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37654: In affected versions an attacker can trigger a crash via a 'CHECK'-fail in debug builds of TensorFlow using 'tf.raw_ops.ResourceGather' or a read from outside the bounds of heap allocated data in the same API in a release build. The implementation (https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/resource_variable_ops.cc#L660-L668) does not check that the 'batch_dims' value that the user supplies is less than the rank of the input tensor. Since the implementation uses several for loops over the dimensions of 'tensor', this results in reading data from outside the bounds of heap allocated buffer backing the tensor. The Tensorflow team has patched the issue in GitHub commit bc9c546ce7015c57c2f15c168b3d9201de679a1d.", - "cve": "CVE-2021-37654", - "id": "pyup.io-57935", - "more_info_path": "/vulnerabilities/CVE-2021-37654/57935", + "advisory": "Tensorflow-rocm 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37652: In affected versions the implementation for 'tf.raw_ops.BoostedTreesCreateEnsemble' can result in a use after free error if an attacker supplies specially crafted arguments. The implementation (https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/boosted_trees/resource_ops.cc#L55) uses a reference counted resource and decrements the refcount if the initialization fails, as it should. However, when the code was written, the resource was represented as a naked pointer but later refactoring has changed it to be a smart pointer. Thus, when the pointer leaves the scope, a subsequent 'free'-ing of the resource occurs, but this fails to take into account that the refcount has already reached 0, thus the resource has been already freed. During this double-free process, members of the resource object are accessed for cleanup but they are invalid as the entire resource has been freed. The Tensorflow team has patched the issue in GitHub commit 5ecec9c6fbdbc6be03295685190a45e7eee726ab.", + "cve": "CVE-2021-37652", + "id": "pyup.io-57933", + "more_info_path": "/vulnerabilities/CVE-2021-37652/57933", "specs": [ ">=2.3.0rc0,<2.3.4", ">=2.5.0rc0,<2.5.1", @@ -154730,10 +156771,10 @@ "v": ">=2.3.0rc0,<2.3.4,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.6.0rc0,<2.6.0" }, { - "advisory": "Tensorflow-rocm 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37658: In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type 'tf.raw_ops.MatrixSetDiagV*'. The implementation (https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/linalg/matrix_diag_op.cc) has incomplete validation that the value of 'k' is a valid tensor. We have check that this value is either a scalar or a vector, but there is no check for the number of elements. If this is an empty tensor, then code that accesses the first element of the tensor is wrong. The Tensorflow team has patched the issue in GitHub commit ff8894044dfae5568ecbf2ed514c1a37dc394f1b.", - "cve": "CVE-2021-37658", - "id": "pyup.io-57939", - "more_info_path": "/vulnerabilities/CVE-2021-37658/57939", + "advisory": "Tensorflow-rocm 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37656: In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in 'tf.raw_ops.RaggedTensorToSparse'. The implementation (https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/ragged_tensor_to_sparse_kernel.cc#L30) has an incomplete validation of the splits values: it does not check that they are in increasing order. The Tensorflow team has patched the issue in GitHub commit 1071f554dbd09f7e101324d366eec5f4fe5a3ece.", + "cve": "CVE-2021-37656", + "id": "pyup.io-57937", + "more_info_path": "/vulnerabilities/CVE-2021-37656/57937", "specs": [ ">=2.3.0rc0,<2.3.4", ">=2.5.0rc0,<2.5.1", @@ -154743,10 +156784,10 @@ "v": ">=2.3.0rc0,<2.3.4,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.6.0rc0,<2.6.0" }, { - "advisory": "Tensorflow-rocm 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37651: In affected versions the implementation for 'tf.raw_ops.FractionalAvgPoolGrad' can be tricked into accessing data outside of bounds of heap allocated buffers. The implementation (https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/fractional_avg_pool_op.cc#L205) does not validate that the input tensor is non-empty. Thus, code constructs an empty 'EigenDoubleMatrixMap' and then accesses this buffer with indices that are outside of the empty area. The Tensorflow team has patched the issue in GitHub commit 0f931751fb20f565c4e94aa6df58d54a003cdb30.", - "cve": "CVE-2021-37651", - "id": "pyup.io-57936", - "more_info_path": "/vulnerabilities/CVE-2021-37651/57936", + "advisory": "Tensorflow-rocm 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37639: When restoring tensors via raw APIs, if the tensor name is not provided, TensorFlow can be tricked into dereferencing a null pointer. Alternatively, attackers can read memory outside the bounds of heap allocated data by providing some tensor names but not enough for a successful restoration. The implementation (https://github.com/tensorflow/tensorflow/blob/47a06f40411a69c99f381495f490536972152ac0/tensorflow/core/kernels/save_restore_tensor.cc#L158-L159) retrieves the tensor list corresponding to the 'tensor_name' user controlled input and immediately retrieves the tensor at the restoration index (controlled via 'preferred_shard' argument). This occurs without validating that the provided list has enough values. If the list is empty this results in dereferencing a null pointer (undefined behavior). If, however, the list has some elements and if the restoration index is outside the bounds, this results in heap OOB read. The Tensorflow team has patched the issue in GitHub commit 9e82dce6e6bd1f36a57e08fa85af213e2b2f2622.", + "cve": "CVE-2021-37639", + "id": "pyup.io-57938", + "more_info_path": "/vulnerabilities/CVE-2021-37639/57938", "specs": [ ">=2.3.0rc0,<2.3.4", ">=2.5.0rc0,<2.5.1", @@ -154756,10 +156797,10 @@ "v": ">=2.3.0rc0,<2.3.4,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.6.0rc0,<2.6.0" }, { - "advisory": "Tensorflow-rocm 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37649: The code for 'tf.raw_ops.UncompressElement' can be made to trigger a null pointer dereference. The implementation (https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/data/experimental/compression_ops.cc#L50-L53) obtains a pointer to a 'CompressedElement' from a 'Variant' tensor and then proceeds to dereference it for decompressing. There is no check that the 'Variant' tensor contained a 'CompressedElement', so the pointer is actually 'nullptr'. The Tensorflow team has patched the issue in GitHub commit 7bdf50bb4f5c54a4997c379092888546c97c3ebd.", - "cve": "CVE-2021-37649", - "id": "pyup.io-57940", - "more_info_path": "/vulnerabilities/CVE-2021-37649/57940", + "advisory": "Tensorflow-rocm 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37664: In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to `BoostedTreesSparseCalculateBestFeatureSplit`. The [implementation](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/boosted_trees/stats_ops.cc) needs to validate that each value in `stats_summary_indices` is in range. The Tensorflow team has patched the issue in GitHub commit e84c975313e8e8e38bb2ea118196369c45c51378.", + "cve": "CVE-2021-37664", + "id": "pyup.io-57942", + "more_info_path": "/vulnerabilities/CVE-2021-37664/57942", "specs": [ ">=2.3.0rc0,<2.3.4", ">=2.5.0rc0,<2.5.1", @@ -154769,10 +156810,10 @@ "v": ">=2.3.0rc0,<2.3.4,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.6.0rc0,<2.6.0" }, { - "advisory": "Tensorflow-rocm 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37659: In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all binary cwise operations that don't require broadcasting (e.g., gradients of binary cwise operations). The [implementation](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/cwise_ops_common.h#L264) assumes that the two inputs have exactly the same number of elements but does not check that. Hence, when the eigen functor executes it triggers heap OOB reads and undefined behavior due to binding to nullptr. We have patched the issue in GitHub commit 93f428fd1768df147171ed674fee1fc5ab8309ec.", - "cve": "CVE-2021-37659", - "id": "pyup.io-57941", - "more_info_path": "/vulnerabilities/CVE-2021-37659/57941", + "advisory": "Tensorflow-rocm 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37638: Sending invalid argument for 'row_partition_types' of 'tf.raw_ops.RaggedTensorToTensor' API results in a null pointer dereference and undefined behavior. The implementation (https://github.com/tensorflow/tensorflow/blob/47a06f40411a69c99f381495f490536972152ac0/tensorflow/core/kernels/ragged_tensor_to_tensor_op.cc#L328) accesses the first element of a user supplied list of values without validating that the provided list is not empty. The Tensorflow team has patched the issue in GitHub commit 301ae88b331d37a2a16159b65b255f4f9eb39314.", + "cve": "CVE-2021-37638", + "id": "pyup.io-57934", + "more_info_path": "/vulnerabilities/CVE-2021-37638/57934", "specs": [ ">=2.3.0rc0,<2.3.4", ">=2.5.0rc0,<2.5.1", @@ -154782,10 +156823,10 @@ "v": ">=2.3.0rc0,<2.3.4,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.6.0rc0,<2.6.0" }, { - "advisory": "Tensorflow-rocm 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37652: In affected versions the implementation for 'tf.raw_ops.BoostedTreesCreateEnsemble' can result in a use after free error if an attacker supplies specially crafted arguments. The implementation (https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/boosted_trees/resource_ops.cc#L55) uses a reference counted resource and decrements the refcount if the initialization fails, as it should. However, when the code was written, the resource was represented as a naked pointer but later refactoring has changed it to be a smart pointer. Thus, when the pointer leaves the scope, a subsequent 'free'-ing of the resource occurs, but this fails to take into account that the refcount has already reached 0, thus the resource has been already freed. During this double-free process, members of the resource object are accessed for cleanup but they are invalid as the entire resource has been freed. The Tensorflow team has patched the issue in GitHub commit 5ecec9c6fbdbc6be03295685190a45e7eee726ab.", - "cve": "CVE-2021-37652", - "id": "pyup.io-57933", - "more_info_path": "/vulnerabilities/CVE-2021-37652/57933", + "advisory": "Tensorflow-rocm 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37654: In affected versions an attacker can trigger a crash via a 'CHECK'-fail in debug builds of TensorFlow using 'tf.raw_ops.ResourceGather' or a read from outside the bounds of heap allocated data in the same API in a release build. The implementation (https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/resource_variable_ops.cc#L660-L668) does not check that the 'batch_dims' value that the user supplies is less than the rank of the input tensor. Since the implementation uses several for loops over the dimensions of 'tensor', this results in reading data from outside the bounds of heap allocated buffer backing the tensor. The Tensorflow team has patched the issue in GitHub commit bc9c546ce7015c57c2f15c168b3d9201de679a1d.", + "cve": "CVE-2021-37654", + "id": "pyup.io-57935", + "more_info_path": "/vulnerabilities/CVE-2021-37654/57935", "specs": [ ">=2.3.0rc0,<2.3.4", ">=2.5.0rc0,<2.5.1", @@ -154795,10 +156836,10 @@ "v": ">=2.3.0rc0,<2.3.4,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.6.0rc0,<2.6.0" }, { - "advisory": "Tensorflow-rocm 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37656: In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in 'tf.raw_ops.RaggedTensorToSparse'. The implementation (https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/ragged_tensor_to_sparse_kernel.cc#L30) has an incomplete validation of the splits values: it does not check that they are in increasing order. The Tensorflow team has patched the issue in GitHub commit 1071f554dbd09f7e101324d366eec5f4fe5a3ece.", - "cve": "CVE-2021-37656", - "id": "pyup.io-57937", - "more_info_path": "/vulnerabilities/CVE-2021-37656/57937", + "advisory": "Tensorflow-rocm 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37658: In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type 'tf.raw_ops.MatrixSetDiagV*'. The implementation (https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/linalg/matrix_diag_op.cc) has incomplete validation that the value of 'k' is a valid tensor. We have check that this value is either a scalar or a vector, but there is no check for the number of elements. If this is an empty tensor, then code that accesses the first element of the tensor is wrong. The Tensorflow team has patched the issue in GitHub commit ff8894044dfae5568ecbf2ed514c1a37dc394f1b.", + "cve": "CVE-2021-37658", + "id": "pyup.io-57939", + "more_info_path": "/vulnerabilities/CVE-2021-37658/57939", "specs": [ ">=2.3.0rc0,<2.3.4", ">=2.5.0rc0,<2.5.1", @@ -154808,10 +156849,10 @@ "v": ">=2.3.0rc0,<2.3.4,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.6.0rc0,<2.6.0" }, { - "advisory": "Tensorflow-rocm 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37639: When restoring tensors via raw APIs, if the tensor name is not provided, TensorFlow can be tricked into dereferencing a null pointer. Alternatively, attackers can read memory outside the bounds of heap allocated data by providing some tensor names but not enough for a successful restoration. The implementation (https://github.com/tensorflow/tensorflow/blob/47a06f40411a69c99f381495f490536972152ac0/tensorflow/core/kernels/save_restore_tensor.cc#L158-L159) retrieves the tensor list corresponding to the 'tensor_name' user controlled input and immediately retrieves the tensor at the restoration index (controlled via 'preferred_shard' argument). This occurs without validating that the provided list has enough values. If the list is empty this results in dereferencing a null pointer (undefined behavior). If, however, the list has some elements and if the restoration index is outside the bounds, this results in heap OOB read. The Tensorflow team has patched the issue in GitHub commit 9e82dce6e6bd1f36a57e08fa85af213e2b2f2622.", - "cve": "CVE-2021-37639", - "id": "pyup.io-57938", - "more_info_path": "/vulnerabilities/CVE-2021-37639/57938", + "advisory": "Tensorflow-rocm 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37659: In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all binary cwise operations that don't require broadcasting (e.g., gradients of binary cwise operations). The [implementation](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/cwise_ops_common.h#L264) assumes that the two inputs have exactly the same number of elements but does not check that. Hence, when the eigen functor executes it triggers heap OOB reads and undefined behavior due to binding to nullptr. We have patched the issue in GitHub commit 93f428fd1768df147171ed674fee1fc5ab8309ec.", + "cve": "CVE-2021-37659", + "id": "pyup.io-57941", + "more_info_path": "/vulnerabilities/CVE-2021-37659/57941", "specs": [ ">=2.3.0rc0,<2.3.4", ">=2.5.0rc0,<2.5.1", @@ -154833,19 +156874,6 @@ ], "v": ">=2.3.0rc0,<2.3.4,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.6.0rc0,<2.6.0" }, - { - "advisory": "Tensorflow-rocm 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37664: In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to `BoostedTreesSparseCalculateBestFeatureSplit`. The [implementation](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/boosted_trees/stats_ops.cc) needs to validate that each value in `stats_summary_indices` is in range. The Tensorflow team has patched the issue in GitHub commit e84c975313e8e8e38bb2ea118196369c45c51378.", - "cve": "CVE-2021-37664", - "id": "pyup.io-57942", - "more_info_path": "/vulnerabilities/CVE-2021-37664/57942", - "specs": [ - ">=2.3.0rc0,<2.3.4", - ">=2.5.0rc0,<2.5.1", - ">=2.4.0rc0,<2.4.3", - ">=2.6.0rc0,<2.6.0" - ], - "v": ">=2.3.0rc0,<2.3.4,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.6.0rc0,<2.6.0" - }, { "advisory": "Several versions of Tensorflow-rocm are affected by CVE-2021-37686: In affected versions, the strided slice implementation in TFLite has a logic bug which can allow an attacker to trigger an infinite loop. This arises from newly introduced support for ellipsis in axis definition (https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels/strided_slice.cc#L103-L122). An attacker can craft a model such that 'ellipsis_end_idx' is smaller than 'i' (e.g., always negative). In this case, the inner loop does not increase 'i' and the 'continue' statement causes execution to skip over the preincrement at the end of the outer loop. The Tensorflow team has patched the issue in GitHub commit dfa22b348b70bb89d6d6ec0ff53973bacb4f4695.", "cve": "CVE-2021-37686", @@ -154884,24 +156912,10 @@ "v": ">=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4,>=2.5.0rc0,<2.5.0" }, { - "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29532: An attacker can force accesses outside the bounds of heap allocated arrays by passing in invalid tensor values to `tf.raw_ops.RaggedCross`. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/efea03b38fb8d3b81762237dc85e579cc5fc6e87/tensorflow/core/kernels/ragged_cross_op.cc#L456-L487) lacks validation for the user supplied arguments. Each of the above branches call a helper function after accessing array elements via a `*_list[next_*]` pattern, followed by incrementing the `next_*` index. However, as there is no validation that the `next_*` values are in the valid range for the corresponding `*_list` arrays, this results in heap OOB reads.", - "cve": "CVE-2021-29532", - "id": "pyup.io-57913", - "more_info_path": "/vulnerabilities/CVE-2021-29532/57913", - "specs": [ - ">=2.5.0rc0,<2.5.0", - ">=2.1.0rc0,<2.1.4", - ">=2.2.0rc0,<2.2.3", - ">=2.3.0rc0,<2.3.3", - ">=2.4.0rc0,<2.4.2" - ], - "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" - }, - { - "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2 and 2.5.0 fix a segfault in 'SparseCountSparseOutput'. See CVE-2021-29521.", - "cve": "CVE-2021-29521", - "id": "pyup.io-57925", - "more_info_path": "/vulnerabilities/CVE-2021-29521/57925", + "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29537: An attacker can cause a heap buffer overflow in `QuantizedResizeBilinear` by passing in invalid thresholds for the quantization. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/50711818d2e61ccce012591eeb4fdf93a8496726/tensorflow/core/kernels/quantized_resize_bilinear_op.cc#L705-L706) assumes that the 2 arguments are always valid scalars and tries to access the numeric value directly.", + "cve": "CVE-2021-29537", + "id": "pyup.io-57928", + "more_info_path": "/vulnerabilities/CVE-2021-29537/57928", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.1.0rc0,<2.1.4", @@ -154912,10 +156926,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" }, { - "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29537: An attacker can cause a heap buffer overflow in `QuantizedResizeBilinear` by passing in invalid thresholds for the quantization. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/50711818d2e61ccce012591eeb4fdf93a8496726/tensorflow/core/kernels/quantized_resize_bilinear_op.cc#L705-L706) assumes that the 2 arguments are always valid scalars and tries to access the numeric value directly.", - "cve": "CVE-2021-29537", - "id": "pyup.io-57928", - "more_info_path": "/vulnerabilities/CVE-2021-29537/57928", + "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2 and 2.5.0 fix vulnerabilities where session operations in eager mode lead to null pointer dereferences. See CVE-2021-29518.", + "cve": "CVE-2021-29518", + "id": "pyup.io-57915", + "more_info_path": "/vulnerabilities/CVE-2021-29518/57915", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.1.0rc0,<2.1.4", @@ -154968,10 +156982,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" }, { - "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2 and 2.5.0 fix a division by 0 in 'Conv3DBackprop*'. See CVE-2021-29522.", - "cve": "CVE-2021-29522", - "id": "pyup.io-57912", - "more_info_path": "/vulnerabilities/CVE-2021-29522/57912", + "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 includes a fix for CVE-2021-29533: An attacker can trigger a denial of service via a 'CHECK' failure by passing an empty image to 'tf.raw_ops.DrawBoundingBoxes'. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/ea34a18dc3f5c8d80a40ccca1404f343b5d55f91/tensorflow/core/kernels/image/draw_bounding_box_op.cc#L148-L165) uses 'CHECK_*' assertions instead of 'OP_REQUIRES' to validate user controlled inputs. Whereas 'OP_REQUIRES' allows returning an error condition back to the user, the 'CHECK_*' macros result in a crash if the condition is false, similar to 'assert'. In this case, 'height' is 0 from the 'images' input. This results in 'max_box_row_clamp' being negative and the assertion being falsified, followed by aborting program execution.", + "cve": "CVE-2021-29533", + "id": "pyup.io-57920", + "more_info_path": "/vulnerabilities/CVE-2021-29533/57920", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.1.0rc0,<2.1.4", @@ -154982,10 +156996,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" }, { - "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2 and 2.5.0 fix a division by 0 in 'Conv2DBackpropFilter'. See CVE-2021-29524.", - "cve": "CVE-2021-29524", - "id": "pyup.io-57914", - "more_info_path": "/vulnerabilities/CVE-2021-29524/57914", + "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2 and 2.5.0 fix a 'CHECK'-fail in 'AddManySparseToTensorsMap'. See CVE-2021-29523.", + "cve": "CVE-2021-29523", + "id": "pyup.io-57916", + "more_info_path": "/vulnerabilities/CVE-2021-29523/57916", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.1.0rc0,<2.1.4", @@ -154996,10 +157010,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" }, { - "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2 and 2.5.0 fix vulnerabilities where session operations in eager mode lead to null pointer dereferences. See CVE-2021-29518.", - "cve": "CVE-2021-29518", - "id": "pyup.io-57915", - "more_info_path": "/vulnerabilities/CVE-2021-29518/57915", + "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix fixes a heap buffer overflow caused by rounding. See CVE-2021-29529.", + "cve": "CVE-2021-29529", + "id": "pyup.io-57917", + "more_info_path": "/vulnerabilities/CVE-2021-29529/57917", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.1.0rc0,<2.1.4", @@ -155010,10 +157024,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" }, { - "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2 and 2.5.0 fix a 'CHECK'-fail in 'AddManySparseToTensorsMap'. See CVE-2021-29523.", - "cve": "CVE-2021-29523", - "id": "pyup.io-57916", - "more_info_path": "/vulnerabilities/CVE-2021-29523/57916", + "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29538: An attacker can cause a division by zero to occur in 'Conv2DBackpropFilter'. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/1b0296c3b8dd9bd948f924aa8cd62f87dbb7c3da/tensorflow/core/kernels/conv_grad_filter_ops.cc#L513-L522) computes a divisor based on user provided data (i.e., the shape of the tensors given as arguments). If all shapes are empty then 'work_unit_size' is 0. Since there is no check for this case before division, this results in a runtime exception, with potential to be abused for a denial of service.", + "cve": "CVE-2021-29538", + "id": "pyup.io-57926", + "more_info_path": "/vulnerabilities/CVE-2021-29538/57926", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.1.0rc0,<2.1.4", @@ -155024,10 +157038,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" }, { - "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix fixes a heap buffer overflow caused by rounding. See CVE-2021-29529.", - "cve": "CVE-2021-29529", - "id": "pyup.io-57917", - "more_info_path": "/vulnerabilities/CVE-2021-29529/57917", + "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a stack overflow in 'ParseAttrValue' with nested tensors. See CVE-2021-29615.", + "cve": "CVE-2021-29615", + "id": "pyup.io-57929", + "more_info_path": "/vulnerabilities/CVE-2021-29615/57929", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.1.0rc0,<2.1.4", @@ -155038,10 +157052,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" }, { - "advisory": "Tensorflow-rocm 2.5.0, 2.4.2, 2.3.3, 2.2.3 and 2.1.4 include a fix for CVE-2021-29548: An attacker can cause a runtime division by zero error and denial of service in `tf.raw_ops.QuantizedBatchNormWithGlobalNormalization`. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/55a97caa9e99c7f37a0bbbeb414dc55553d3ae7f/tensorflow/core/kernels/quantized_batch_norm_op.cc) does not validate all constraints specified in the op's contract (https://www.tensorflow.org/api_docs/python/tf/raw_ops/QuantizedBatchNormWithGlobalNormalization).", - "cve": "CVE-2021-29548", - "id": "pyup.io-57919", - "more_info_path": "/vulnerabilities/CVE-2021-29548/57919", + "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a 'CHECK'-fail in 'tf.raw_ops.EncodePng'. See CVE-2021-29531.", + "cve": "CVE-2021-29531", + "id": "pyup.io-57924", + "more_info_path": "/vulnerabilities/CVE-2021-29531/57924", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.1.0rc0,<2.1.4", @@ -155052,10 +157066,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" }, { - "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 includes a fix for CVE-2021-29533: An attacker can trigger a denial of service via a 'CHECK' failure by passing an empty image to 'tf.raw_ops.DrawBoundingBoxes'. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/ea34a18dc3f5c8d80a40ccca1404f343b5d55f91/tensorflow/core/kernels/image/draw_bounding_box_op.cc#L148-L165) uses 'CHECK_*' assertions instead of 'OP_REQUIRES' to validate user controlled inputs. Whereas 'OP_REQUIRES' allows returning an error condition back to the user, the 'CHECK_*' macros result in a crash if the condition is false, similar to 'assert'. In this case, 'height' is 0 from the 'images' input. This results in 'max_box_row_clamp' being negative and the assertion being falsified, followed by aborting program execution.", - "cve": "CVE-2021-29533", - "id": "pyup.io-57920", - "more_info_path": "/vulnerabilities/CVE-2021-29533/57920", + "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29552: An attacker can cause a denial of service by controlling the values of `num_segments` tensor argument for `UnsortedSegmentJoin`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/a2a607db15c7cd01d754d37e5448d72a13491bdb/tensorflow/core/kernels/unsorted_segment_join_op.cc#L92-L93) assumes that the `num_segments` tensor is a valid scalar. Since the tensor is empty the `CHECK` involved in `.scalar()()` that checks that the number of elements is exactly 1 will be invalidated and this would result in process termination.", + "cve": "CVE-2021-29552", + "id": "pyup.io-57918", + "more_info_path": "/vulnerabilities/CVE-2021-29552/57918", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.1.0rc0,<2.1.4", @@ -155066,10 +157080,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" }, { - "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2 and 2.5.0 fix a heap buffer overflow in 'Conv3DBackprop*'. See CVE-2021-29520.", - "cve": "CVE-2021-29520", - "id": "pyup.io-57921", - "more_info_path": "/vulnerabilities/CVE-2021-29520/57921", + "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29534: An attacker can trigger a denial of service via a 'CHECK'-fail in 'tf.raw_ops.SparseConcat'. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/b432a38fe0e1b4b904a6c222cbce794c39703e87/tensorflow/core/kernels/sparse_concat_op.cc#L76) takes the values specified in 'shapes[0]' as dimensions for the output shape. The 'TensorShape' constructor (https://github.com/tensorflow/tensorflow/blob/6f9896890c4c703ae0a0845394086e2e1e523299/tensorflow/core/framework/tensor_shape.cc#L183-L188) uses a 'CHECK' operation which triggers when 'InitDims' (https://github.com/tensorflow/tensorflow/blob/6f9896890c4c703ae0a0845394086e2e1e523299/tensorflow/core/framework/tensor_shape.cc#L212-L296) returns a non-OK status. This is a legacy implementation of the constructor and operations should use 'BuildTensorShapeBase' or 'AddDimWithStatus' to prevent 'CHECK'-failures in the presence of overflows.", + "cve": "CVE-2021-29534", + "id": "pyup.io-57922", + "more_info_path": "/vulnerabilities/CVE-2021-29534/57922", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.1.0rc0,<2.1.4", @@ -155080,10 +157094,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" }, { - "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a 'CHECK'-fail in 'tf.raw_ops.EncodePng'. See CVE-2021-29531.", - "cve": "CVE-2021-29531", - "id": "pyup.io-57924", - "more_info_path": "/vulnerabilities/CVE-2021-29531/57924", + "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29549: An attacker can cause a runtime division by zero error and denial of service in `tf.raw_ops.QuantizedBatchNormWithGlobalNormalization`. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/6f26b3f3418201479c264f2a02000880d8df151c/tensorflow/core/kernels/quantized_add_op.cc#L289-L295) computes a modulo operation without validating that the divisor is not zero. Since `vector_num_elements` is determined based on input shapes (https://github.com/tensorflow/tensorflow/blob/6f26b3f3418201479c264f2a02000880d8df151c/tensorflow/core/kernels/quantized_add_op.cc#L522-L544), a user can trigger scenarios where this quantity is 0.", + "cve": "CVE-2021-29549", + "id": "pyup.io-57927", + "more_info_path": "/vulnerabilities/CVE-2021-29549/57927", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.1.0rc0,<2.1.4", @@ -155094,10 +157108,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" }, { - "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29538: An attacker can cause a division by zero to occur in 'Conv2DBackpropFilter'. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/1b0296c3b8dd9bd948f924aa8cd62f87dbb7c3da/tensorflow/core/kernels/conv_grad_filter_ops.cc#L513-L522) computes a divisor based on user provided data (i.e., the shape of the tensors given as arguments). If all shapes are empty then 'work_unit_size' is 0. Since there is no check for this case before division, this results in a runtime exception, with potential to be abused for a denial of service.", - "cve": "CVE-2021-29538", - "id": "pyup.io-57926", - "more_info_path": "/vulnerabilities/CVE-2021-29538/57926", + "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29532: An attacker can force accesses outside the bounds of heap allocated arrays by passing in invalid tensor values to `tf.raw_ops.RaggedCross`. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/efea03b38fb8d3b81762237dc85e579cc5fc6e87/tensorflow/core/kernels/ragged_cross_op.cc#L456-L487) lacks validation for the user supplied arguments. Each of the above branches call a helper function after accessing array elements via a `*_list[next_*]` pattern, followed by incrementing the `next_*` index. However, as there is no validation that the `next_*` values are in the valid range for the corresponding `*_list` arrays, this results in heap OOB reads.", + "cve": "CVE-2021-29532", + "id": "pyup.io-57913", + "more_info_path": "/vulnerabilities/CVE-2021-29532/57913", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.1.0rc0,<2.1.4", @@ -155108,10 +157122,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" }, { - "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a stack overflow in 'ParseAttrValue' with nested tensors. See CVE-2021-29615.", - "cve": "CVE-2021-29615", - "id": "pyup.io-57929", - "more_info_path": "/vulnerabilities/CVE-2021-29615/57929", + "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2 and 2.5.0 fix a segfault in 'SparseCountSparseOutput'. See CVE-2021-29521.", + "cve": "CVE-2021-29521", + "id": "pyup.io-57925", + "more_info_path": "/vulnerabilities/CVE-2021-29521/57925", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.1.0rc0,<2.1.4", @@ -155122,10 +157136,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" }, { - "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29539: TensorFlow is an end-to-end open source platform for machine learning. Calling `tf.raw_ops.ImmutableConst`(https://www.tensorflow.org/api_docs/python/tf/raw_ops/ImmutableConst) with a `dtype` of `tf.resource` or `tf.variant` results in a segfault in the implementation as code assumes that the tensor contents are pure scalars. We have patched the issue in 4f663d4b8f0bec1b48da6fa091a7d29609980fa4 and will release TensorFlow 2.5.0 containing the patch. TensorFlow nightly packages after this commit will also have the issue resolved. If using `tf.raw_ops.ImmutableConst` in code, you can prevent the segfault by inserting a filter for the `dtype` argument.", - "cve": "CVE-2021-29539", - "id": "pyup.io-57930", - "more_info_path": "/vulnerabilities/CVE-2021-29539/57930", + "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2 and 2.5.0 fix a division by 0 in 'Conv3DBackprop*'. See CVE-2021-29522.", + "cve": "CVE-2021-29522", + "id": "pyup.io-57912", + "more_info_path": "/vulnerabilities/CVE-2021-29522/57912", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.1.0rc0,<2.1.4", @@ -155136,10 +157150,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" }, { - "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29552: An attacker can cause a denial of service by controlling the values of `num_segments` tensor argument for `UnsortedSegmentJoin`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/a2a607db15c7cd01d754d37e5448d72a13491bdb/tensorflow/core/kernels/unsorted_segment_join_op.cc#L92-L93) assumes that the `num_segments` tensor is a valid scalar. Since the tensor is empty the `CHECK` involved in `.scalar()()` that checks that the number of elements is exactly 1 will be invalidated and this would result in process termination.", - "cve": "CVE-2021-29552", - "id": "pyup.io-57918", - "more_info_path": "/vulnerabilities/CVE-2021-29552/57918", + "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2 and 2.5.0 fix a division by 0 in 'Conv2DBackpropFilter'. See CVE-2021-29524.", + "cve": "CVE-2021-29524", + "id": "pyup.io-57914", + "more_info_path": "/vulnerabilities/CVE-2021-29524/57914", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.1.0rc0,<2.1.4", @@ -155150,10 +157164,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" }, { - "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29513: Calling TF operations with tensors of non-numeric types when the operations expect numeric tensors result in null pointer dereferences. The conversion from Python array to C++ array (https://github.com/tensorflow/tensorflow/blob/ff70c47a396ef1e3cb73c90513da4f5cb71bebba/tensorflow/python/lib/core/ndarray_tensor.cc#L113-L169) is vulnerable to a type confusion.", - "cve": "CVE-2021-29513", - "id": "pyup.io-57923", - "more_info_path": "/vulnerabilities/CVE-2021-29513/57923", + "advisory": "Tensorflow-rocm 2.5.0, 2.4.2, 2.3.3, 2.2.3 and 2.1.4 include a fix for CVE-2021-29548: An attacker can cause a runtime division by zero error and denial of service in `tf.raw_ops.QuantizedBatchNormWithGlobalNormalization`. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/55a97caa9e99c7f37a0bbbeb414dc55553d3ae7f/tensorflow/core/kernels/quantized_batch_norm_op.cc) does not validate all constraints specified in the op's contract (https://www.tensorflow.org/api_docs/python/tf/raw_ops/QuantizedBatchNormWithGlobalNormalization).", + "cve": "CVE-2021-29548", + "id": "pyup.io-57919", + "more_info_path": "/vulnerabilities/CVE-2021-29548/57919", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.1.0rc0,<2.1.4", @@ -155164,10 +157178,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" }, { - "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29534: An attacker can trigger a denial of service via a 'CHECK'-fail in 'tf.raw_ops.SparseConcat'. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/b432a38fe0e1b4b904a6c222cbce794c39703e87/tensorflow/core/kernels/sparse_concat_op.cc#L76) takes the values specified in 'shapes[0]' as dimensions for the output shape. The 'TensorShape' constructor (https://github.com/tensorflow/tensorflow/blob/6f9896890c4c703ae0a0845394086e2e1e523299/tensorflow/core/framework/tensor_shape.cc#L183-L188) uses a 'CHECK' operation which triggers when 'InitDims' (https://github.com/tensorflow/tensorflow/blob/6f9896890c4c703ae0a0845394086e2e1e523299/tensorflow/core/framework/tensor_shape.cc#L212-L296) returns a non-OK status. This is a legacy implementation of the constructor and operations should use 'BuildTensorShapeBase' or 'AddDimWithStatus' to prevent 'CHECK'-failures in the presence of overflows.", - "cve": "CVE-2021-29534", - "id": "pyup.io-57922", - "more_info_path": "/vulnerabilities/CVE-2021-29534/57922", + "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2 and 2.5.0 fix a heap buffer overflow in 'Conv3DBackprop*'. See CVE-2021-29520.", + "cve": "CVE-2021-29520", + "id": "pyup.io-57921", + "more_info_path": "/vulnerabilities/CVE-2021-29520/57921", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.1.0rc0,<2.1.4", @@ -155178,10 +157192,24 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" }, { - "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29549: An attacker can cause a runtime division by zero error and denial of service in `tf.raw_ops.QuantizedBatchNormWithGlobalNormalization`. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/6f26b3f3418201479c264f2a02000880d8df151c/tensorflow/core/kernels/quantized_add_op.cc#L289-L295) computes a modulo operation without validating that the divisor is not zero. Since `vector_num_elements` is determined based on input shapes (https://github.com/tensorflow/tensorflow/blob/6f26b3f3418201479c264f2a02000880d8df151c/tensorflow/core/kernels/quantized_add_op.cc#L522-L544), a user can trigger scenarios where this quantity is 0.", - "cve": "CVE-2021-29549", - "id": "pyup.io-57927", - "more_info_path": "/vulnerabilities/CVE-2021-29549/57927", + "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29539: TensorFlow is an end-to-end open source platform for machine learning. Calling `tf.raw_ops.ImmutableConst`(https://www.tensorflow.org/api_docs/python/tf/raw_ops/ImmutableConst) with a `dtype` of `tf.resource` or `tf.variant` results in a segfault in the implementation as code assumes that the tensor contents are pure scalars. We have patched the issue in 4f663d4b8f0bec1b48da6fa091a7d29609980fa4 and will release TensorFlow 2.5.0 containing the patch. TensorFlow nightly packages after this commit will also have the issue resolved. If using `tf.raw_ops.ImmutableConst` in code, you can prevent the segfault by inserting a filter for the `dtype` argument.", + "cve": "CVE-2021-29539", + "id": "pyup.io-57930", + "more_info_path": "/vulnerabilities/CVE-2021-29539/57930", + "specs": [ + ">=2.5.0rc0,<2.5.0", + ">=2.1.0rc0,<2.1.4", + ">=2.2.0rc0,<2.2.3", + ">=2.3.0rc0,<2.3.3", + ">=2.4.0rc0,<2.4.2" + ], + "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" + }, + { + "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29513: Calling TF operations with tensors of non-numeric types when the operations expect numeric tensors result in null pointer dereferences. The conversion from Python array to C++ array (https://github.com/tensorflow/tensorflow/blob/ff70c47a396ef1e3cb73c90513da4f5cb71bebba/tensorflow/python/lib/core/ndarray_tensor.cc#L113-L169) is vulnerable to a type confusion.", + "cve": "CVE-2021-29513", + "id": "pyup.io-57923", + "more_info_path": "/vulnerabilities/CVE-2021-29513/57923", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.1.0rc0,<2.1.4", @@ -155388,10 +157416,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4,>=2.4.0rc0,<2.4.2" }, { - "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29551: The implementation of 'MatrixTriangularSolve' (https://github.com/tensorflow/tensorflow/blob/8cae746d8449c7dda5298327353d68613f16e798/tensorflow/core/kernels/linalg/matrix_triangular_solve_op_impl.h#L160-L240) fails to terminate kernel execution if one validation condition fails.", - "cve": "CVE-2021-29551", - "id": "pyup.io-57893", - "more_info_path": "/vulnerabilities/CVE-2021-29551/57893", + "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29545: An attacker can trigger a denial of service via a 'CHECK'-fail in converting sparse tensors to CSR Sparse matrices. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/800346f2c03a27e182dd4fba48295f65e7790739/tensorflow/core/kernels/sparse/kernels.cc#L66) does a double redirection to access an element of an array allocated on the heap. If the value at 'indices(i, 0)' is such that 'indices(i, 0) + 1' is outside the bounds of 'csr_row_ptr', this results in writing outside of bounds of heap allocated data.", + "cve": "CVE-2021-29545", + "id": "pyup.io-57894", + "more_info_path": "/vulnerabilities/CVE-2021-29545/57894", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.3.0rc0,<2.3.3", @@ -155402,10 +157430,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.4.0rc0,<2.4.2,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29545: An attacker can trigger a denial of service via a 'CHECK'-fail in converting sparse tensors to CSR Sparse matrices. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/800346f2c03a27e182dd4fba48295f65e7790739/tensorflow/core/kernels/sparse/kernels.cc#L66) does a double redirection to access an element of an array allocated on the heap. If the value at 'indices(i, 0)' is such that 'indices(i, 0) + 1' is outside the bounds of 'csr_row_ptr', this results in writing outside of bounds of heap allocated data.", - "cve": "CVE-2021-29545", - "id": "pyup.io-57894", - "more_info_path": "/vulnerabilities/CVE-2021-29545/57894", + "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29551: The implementation of 'MatrixTriangularSolve' (https://github.com/tensorflow/tensorflow/blob/8cae746d8449c7dda5298327353d68613f16e798/tensorflow/core/kernels/linalg/matrix_triangular_solve_op_impl.h#L160-L240) fails to terminate kernel execution if one validation condition fails.", + "cve": "CVE-2021-29551", + "id": "pyup.io-57893", + "more_info_path": "/vulnerabilities/CVE-2021-29551/57893", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.3.0rc0,<2.3.3", @@ -155542,10 +157570,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4,>=2.3.0rc0,<2.3.3" }, { - "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29595: The implementation of the `DepthToSpace` TFLite operator is vulnerable to a division by zero error (https://github.com/tensorflow/tensorflow/blob/0d45ea1ca641b21b73bcf9c00e0179cda284e7e7/tensorflow/lite/kernels/depth_to_space.cc#L63-L69). An attacker can craft a model such that `params->block_size` is 0.", - "cve": "CVE-2021-29595", - "id": "pyup.io-57884", - "more_info_path": "/vulnerabilities/CVE-2021-29595/57884", + "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by 0 in 'QuantizedConv2D'. See CVE-2021-29527.", + "cve": "CVE-2021-29527", + "id": "pyup.io-57883", + "more_info_path": "/vulnerabilities/CVE-2021-29527/57883", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -155556,10 +157584,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4,>=2.3.0rc0,<2.3.3" }, { - "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by 0 in 'QuantizedConv2D'. See CVE-2021-29527.", - "cve": "CVE-2021-29527", - "id": "pyup.io-57883", - "more_info_path": "/vulnerabilities/CVE-2021-29527/57883", + "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29595: The implementation of the `DepthToSpace` TFLite operator is vulnerable to a division by zero error (https://github.com/tensorflow/tensorflow/blob/0d45ea1ca641b21b73bcf9c00e0179cda284e7e7/tensorflow/lite/kernels/depth_to_space.cc#L63-L69). An attacker can craft a model such that `params->block_size` is 0.", + "cve": "CVE-2021-29595", + "id": "pyup.io-57884", + "more_info_path": "/vulnerabilities/CVE-2021-29595/57884", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -155584,10 +157612,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29589: The reference implementation of the `GatherNd` TFLite operator is vulnerable to a division by zero error (https://github.com/tensorflow/tensorflow/blob/0d45ea1ca641b21b73bcf9c00e0179cda284e7e7/tensorflow/lite/kernels/internal/reference/reference_ops.h#L966). An attacker can craft a model such that `params` input would be an empty tensor. In turn, `params_shape.Dims(.)` would be zero, in at least one dimension.", - "cve": "CVE-2021-29589", - "id": "pyup.io-57877", - "more_info_path": "/vulnerabilities/CVE-2021-29589/57877", + "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap out of bounds read in 'MaxPoolGradWithArgmax'. See CVE-2021-29570.", + "cve": "CVE-2021-29570", + "id": "pyup.io-57876", + "more_info_path": "/vulnerabilities/CVE-2021-29570/57876", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -155598,10 +157626,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3" }, { - "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by zero in TFLite's implementation of 'TransposeConv'. See CVE-2021-29588.", - "cve": "CVE-2021-29588", - "id": "pyup.io-57873", - "more_info_path": "/vulnerabilities/CVE-2021-29588/57873", + "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap OOB access in unicode ops. See CVE-2021-29559.", + "cve": "CVE-2021-29559", + "id": "pyup.io-57878", + "more_info_path": "/vulnerabilities/CVE-2021-29559/57878", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -155612,10 +157640,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3" }, { - "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap buffer overflow in 'BandedTriangularSolve'. See CVE-2021-29612.", - "cve": "CVE-2021-29612", - "id": "pyup.io-57875", - "more_info_path": "/vulnerabilities/CVE-2021-29612/57875", + "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by zero in TFLite's implementation of 'TransposeConv'. See CVE-2021-29588.", + "cve": "CVE-2021-29588", + "id": "pyup.io-57873", + "more_info_path": "/vulnerabilities/CVE-2021-29588/57873", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -155626,10 +157654,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3" }, { - "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap out of bounds read in 'MaxPoolGradWithArgmax'. See CVE-2021-29570.", - "cve": "CVE-2021-29570", - "id": "pyup.io-57876", - "more_info_path": "/vulnerabilities/CVE-2021-29570/57876", + "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by 0 in 'SparseMatMul'. See CVE-2021-29557.", + "cve": "CVE-2021-29557", + "id": "pyup.io-57874", + "more_info_path": "/vulnerabilities/CVE-2021-29557/57874", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -155640,10 +157668,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3" }, { - "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap OOB access in unicode ops. See CVE-2021-29559.", - "cve": "CVE-2021-29559", - "id": "pyup.io-57878", - "more_info_path": "/vulnerabilities/CVE-2021-29559/57878", + "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap buffer overflow in 'BandedTriangularSolve'. See CVE-2021-29612.", + "cve": "CVE-2021-29612", + "id": "pyup.io-57875", + "more_info_path": "/vulnerabilities/CVE-2021-29612/57875", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -155668,10 +157696,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3" }, { - "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by 0 in 'SparseMatMul'. See CVE-2021-29557.", - "cve": "CVE-2021-29557", - "id": "pyup.io-57874", - "more_info_path": "/vulnerabilities/CVE-2021-29557/57874", + "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29514: If the 'splits' argument of 'RaggedBincount' does not specify a valid 'SparseTensor' (https://www.tensorflow.org/api_docs/python/tf/sparse/SparseTensor), then an attacker can trigger a heap buffer overflow. This will cause a read from outside the bounds of the 'splits' tensor buffer in the implementation of the 'RaggedBincount' op (https://github.com/tensorflow/tensorflow/blob/8b677d79167799f71c42fd3fa074476e0295413a/tensorflow/core/kernels/bincount_op.cc#L430-L446). Before the 'for' loop, 'batch_idx' is set to 0. The attacker sets 'splits(0)' to be 7, hence the 'while' loop does not execute and 'batch_idx' remains 0. This then results in writing to 'out(-1, bin)', which is before the heap allocated buffer for the output tensor.", + "cve": "CVE-2021-29514", + "id": "pyup.io-57880", + "more_info_path": "/vulnerabilities/CVE-2021-29514/57880", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -155682,10 +157710,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3" }, { - "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29514: If the 'splits' argument of 'RaggedBincount' does not specify a valid 'SparseTensor' (https://www.tensorflow.org/api_docs/python/tf/sparse/SparseTensor), then an attacker can trigger a heap buffer overflow. This will cause a read from outside the bounds of the 'splits' tensor buffer in the implementation of the 'RaggedBincount' op (https://github.com/tensorflow/tensorflow/blob/8b677d79167799f71c42fd3fa074476e0295413a/tensorflow/core/kernels/bincount_op.cc#L430-L446). Before the 'for' loop, 'batch_idx' is set to 0. The attacker sets 'splits(0)' to be 7, hence the 'while' loop does not execute and 'batch_idx' remains 0. This then results in writing to 'out(-1, bin)', which is before the heap allocated buffer for the output tensor.", - "cve": "CVE-2021-29514", - "id": "pyup.io-57880", - "more_info_path": "/vulnerabilities/CVE-2021-29514/57880", + "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29589: The reference implementation of the `GatherNd` TFLite operator is vulnerable to a division by zero error (https://github.com/tensorflow/tensorflow/blob/0d45ea1ca641b21b73bcf9c00e0179cda284e7e7/tensorflow/lite/kernels/internal/reference/reference_ops.h#L966). An attacker can craft a model such that `params` input would be an empty tensor. In turn, `params_shape.Dims(.)` would be zero, in at least one dimension.", + "cve": "CVE-2021-29589", + "id": "pyup.io-57877", + "more_info_path": "/vulnerabilities/CVE-2021-29589/57877", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -155724,10 +157752,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a 'CHECK'-fail due to integer overflow. See CVE-2021-29584.", - "cve": "CVE-2021-29584", - "id": "pyup.io-57819", - "more_info_path": "/vulnerabilities/CVE-2021-29584/57819", + "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by zero in TFLite's implementation of 'SpaceToBatchNd'. See CVE-2021-29597.", + "cve": "CVE-2021-29597", + "id": "pyup.io-57825", + "more_info_path": "/vulnerabilities/CVE-2021-29597/57825", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -155738,10 +157766,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix an overflow and a denial of service in 'tf.raw_ops.ReverseSequence'. See CVE-2021-29575.", - "cve": "CVE-2021-29575", - "id": "pyup.io-57821", - "more_info_path": "/vulnerabilities/CVE-2021-29575/57821", + "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by zero in TFLite's implementation of 'Split'. See CVE-2021-29599.", + "cve": "CVE-2021-29599", + "id": "pyup.io-57826", + "more_info_path": "/vulnerabilities/CVE-2021-29599/57826", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -155752,10 +157780,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap OOB read in 'tf.raw_ops.Dequantize'. See CVE-2021-29582.", - "cve": "CVE-2021-29582", - "id": "pyup.io-57822", - "more_info_path": "/vulnerabilities/CVE-2021-29582/57822", + "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix vulnerabilities caused by incomplete validation in 'SparseSparseMinimum'. See CVE-2021-29607.", + "cve": "CVE-2021-29607", + "id": "pyup.io-57827", + "more_info_path": "/vulnerabilities/CVE-2021-29607/57827", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -155766,10 +157794,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a stack overflow due to looping TFLite subgraph. See CVE-2021-29591.", - "cve": "CVE-2021-29591", - "id": "pyup.io-57820", - "more_info_path": "/vulnerabilities/CVE-2021-29591/57820", + "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a null pointer dereference in 'SparseFillEmptyRows'. See CVE-2021-29565.", + "cve": "CVE-2021-29565", + "id": "pyup.io-57828", + "more_info_path": "/vulnerabilities/CVE-2021-29565/57828", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -155780,10 +157808,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by zero in TFLite's implementation of 'SpaceToBatchNd'. See CVE-2021-29597.", - "cve": "CVE-2021-29597", - "id": "pyup.io-57825", - "more_info_path": "/vulnerabilities/CVE-2021-29597/57825", + "advisory": "Tensorflow-rocm versions 2.1.4, 2.2.3, 2.3.3, 2.4.2 and 2.5.0 update its dependency \"curl\" to handle CVE-2020-8284.", + "cve": "CVE-2020-8284", + "id": "pyup.io-57842", + "more_info_path": "/vulnerabilities/CVE-2020-8284/57842", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -155794,10 +157822,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by zero in TFLite's implementation of 'Split'. See CVE-2021-29599.", - "cve": "CVE-2021-29599", - "id": "pyup.io-57826", - "more_info_path": "/vulnerabilities/CVE-2021-29599/57826", + "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap buffer overflow in 'FractionalAvgPoolGrad'. See CVE-2021-29578.", + "cve": "CVE-2021-29578", + "id": "pyup.io-57834", + "more_info_path": "/vulnerabilities/CVE-2021-29578/57834", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -155808,10 +157836,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix vulnerabilities caused by incomplete validation in 'SparseSparseMinimum'. See CVE-2021-29607.", - "cve": "CVE-2021-29607", - "id": "pyup.io-57827", - "more_info_path": "/vulnerabilities/CVE-2021-29607/57827", + "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 update 'curl' to '7.76.0' to handle CVE-2020-8177.", + "cve": "CVE-2020-8177", + "id": "pyup.io-57837", + "more_info_path": "/vulnerabilities/CVE-2020-8177/57837", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -155822,10 +157850,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a null pointer dereference in 'SparseFillEmptyRows'. See CVE-2021-29565.", - "cve": "CVE-2021-29565", - "id": "pyup.io-57828", - "more_info_path": "/vulnerabilities/CVE-2021-29565/57828", + "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29566: An attacker can write outside the bounds of heap allocated arrays by passing invalid arguments to 'tf.raw_ops.Dilation2DBackpropInput'. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/afd954e65f15aea4d438d0a219136fc4a63a573d/tensorflow/core/kernels/dilation_ops.cc#L321-L322) does not validate before writing to the output array. The values for 'h_out' and 'w_out' are guaranteed to be in range for 'out_backprop' (as they are loop indices bounded by the size of the array). However, there are no similar guarantees relating 'h_in_max'/'w_in_max' and 'in_backprop'.", + "cve": "CVE-2021-29566", + "id": "pyup.io-57851", + "more_info_path": "/vulnerabilities/CVE-2021-29566/57851", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -155836,10 +157864,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29608: TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in 'tf.raw_ops.RaggedTensorToTensor', an attacker can exploit an undefined behavior if input arguments are empty. The implementation (https://github.com/tensorflow/tensorflow/blob/656e7673b14acd7835dc778867f84916c6d1cac2/tensorflow/core/kernels/ragged_tensor_to_tensor_op.cc#L356-L360) only checks that one of the tensors is not empty, but does not check for the other ones. There are multiple 'DCHECK' validations to prevent heap OOB, but these are no-op in release builds, hence they don't prevent anything.", - "cve": "CVE-2021-29608", - "id": "pyup.io-57831", - "more_info_path": "/vulnerabilities/CVE-2021-29608/57831", + "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by zero in TFLite's implementation of 'OneHot'. See CVE-2021-29600.", + "cve": "CVE-2021-29600", + "id": "pyup.io-57846", + "more_info_path": "/vulnerabilities/CVE-2021-29600/57846", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -155850,10 +157878,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix vulnerabilities caused by incomplete validation in 'SparseAdd'. See CVE-2021-29609.", - "cve": "CVE-2021-29609", - "id": "pyup.io-57832", - "more_info_path": "/vulnerabilities/CVE-2021-29609/57832", + "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a null pointer dereference in 'EditDistance'. See CVE-2021-29564.", + "cve": "CVE-2021-29564", + "id": "pyup.io-57847", + "more_info_path": "/vulnerabilities/CVE-2021-29564/57847", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -155864,10 +157892,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap buffer overflow in 'FractionalAvgPoolGrad'. See CVE-2021-29578.", - "cve": "CVE-2021-29578", - "id": "pyup.io-57834", - "more_info_path": "/vulnerabilities/CVE-2021-29578/57834", + "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a integer overflow in TFLite concatentation. See CVE-2021-29601.", + "cve": "CVE-2021-29601", + "id": "pyup.io-57858", + "more_info_path": "/vulnerabilities/CVE-2021-29601/57858", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -155878,10 +157906,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 update its dependency \"curl\" to v7.76.0 to include security fixes.", - "cve": "CVE-2020-8231", - "id": "pyup.io-57836", - "more_info_path": "/vulnerabilities/CVE-2020-8231/57836", + "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by 0 in 'MaxPoolGradWithArgmax'. See CVE-2021-29573.", + "cve": "CVE-2021-29573", + "id": "pyup.io-57859", + "more_info_path": "/vulnerabilities/CVE-2021-29573/57859", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -155892,10 +157920,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 update 'curl' to '7.76.0' to handle CVE-2020-8177.", - "cve": "CVE-2020-8177", - "id": "pyup.io-57837", - "more_info_path": "/vulnerabilities/CVE-2020-8177/57837", + "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap OOB read in TFLite's implementation of 'Minimum' or 'Maximum'. See CVE-2021-29590.", + "cve": "CVE-2021-29590", + "id": "pyup.io-57861", + "more_info_path": "/vulnerabilities/CVE-2021-29590/57861", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -155906,10 +157934,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 updates 'curl' to '7.76.0' to handle CVE-2020-8286: curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.", - "cve": "CVE-2020-8286", - "id": "pyup.io-57838", - "more_info_path": "/vulnerabilities/CVE-2020-8286/57838", + "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by zero in TFLite's implementation of 'SVDF'. See CVE-2021-29598.", + "cve": "CVE-2021-29598", + "id": "pyup.io-57862", + "more_info_path": "/vulnerabilities/CVE-2021-29598/57862", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -155920,10 +157948,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by zero in TFLite's implementation of 'BatchToSpaceNd'. See CVE-2021-29593.", - "cve": "CVE-2021-29593", - "id": "pyup.io-57839", - "more_info_path": "/vulnerabilities/CVE-2021-29593/57839", + "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap out of bounds read in 'RequantizationRange'. See CVE-2021-29569.", + "cve": "CVE-2021-29569", + "id": "pyup.io-57855", + "more_info_path": "/vulnerabilities/CVE-2021-29569/57855", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -155934,10 +157962,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by 0 in 'DenseCountSparseOutput'. See CVE-2021-29554.", - "cve": "CVE-2021-29554", - "id": "pyup.io-57840", - "more_info_path": "/vulnerabilities/CVE-2021-29554/57840", + "advisory": "Tensorflow-rocm versions 2.5.0, 2.4.2, 2.3.3, 2.2.3 and 2.1.4 updates its dependency \"curl\" to a secure version (7.76.0).", + "cve": "CVE-2020-8285", + "id": "pyup.io-57857", + "more_info_path": "/vulnerabilities/CVE-2020-8285/57857", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -155948,10 +157976,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap buffer overflow in 'AvgPool3DGrad'. See CVE-2021-29577.", - "cve": "CVE-2021-29577", - "id": "pyup.io-57841", - "more_info_path": "/vulnerabilities/CVE-2021-29577/57841", + "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by zero in optimized pooling implementations in TFLite. See CVE-2021-29586.", + "cve": "CVE-2021-29586", + "id": "pyup.io-57860", + "more_info_path": "/vulnerabilities/CVE-2021-29586/57860", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -155962,10 +157990,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow-rocm versions 2.1.4, 2.2.3, 2.3.3, 2.4.2 and 2.5.0 update its dependency \"curl\" to handle CVE-2020-8284.", - "cve": "CVE-2020-8284", - "id": "pyup.io-57842", - "more_info_path": "/vulnerabilities/CVE-2020-8284/57842", + "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap OOB in 'QuantizeAndDequantizeV3'. See CVE-2021-29553.", + "cve": "CVE-2021-29553", + "id": "pyup.io-57865", + "more_info_path": "/vulnerabilities/CVE-2021-29553/57865", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -155976,10 +158004,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap buffer overflow in 'MaxPoolGrad'. See CVE-2021-29579.", - "cve": "CVE-2021-29579", - "id": "pyup.io-57843", - "more_info_path": "/vulnerabilities/CVE-2021-29579/57843", + "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29546: TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger an integer division by zero undefined behavior in `tf.raw_ops.QuantizedBiasAdd`. This is because the implementation of the Eigen kernel (https://github.com/tensorflow/tensorflow/blob/61bca8bd5ba8a68b2d97435ddfafcdf2b85672cd/tensorflow/core/kernels/quantization_utils.h#L812-L849) does a division by the number of elements of the smaller input (based on shape) without checking that this is not zero.", + "cve": "CVE-2021-29546", + "id": "pyup.io-57869", + "more_info_path": "/vulnerabilities/CVE-2021-29546/57869", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -155990,10 +158018,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a integer overflow in TFLite memory allocation. See CVE-2021-29605.", - "cve": "CVE-2021-29605", - "id": "pyup.io-57844", - "more_info_path": "/vulnerabilities/CVE-2021-29605/57844", + "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29560: An attacker can cause a heap buffer overflow in `tf.raw_ops.RaggedTensorToTensor`. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/d94227d43aa125ad8b54115c03cece54f6a1977b/tensorflow/core/kernels/ragged_tensor_to_tensor_op.cc#L219-L222) uses the same index to access two arrays in parallel. Since the user controls the shape of the input arguments, an attacker could trigger a heap OOB access when 'parent_output_index' is shorter than 'row_split'.", + "cve": "CVE-2021-29560", + "id": "pyup.io-57871", + "more_info_path": "/vulnerabilities/CVE-2021-29560/57871", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -156004,10 +158032,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by zero in TFLite's implementation of 'OneHot'. See CVE-2021-29600.", - "cve": "CVE-2021-29600", - "id": "pyup.io-57846", - "more_info_path": "/vulnerabilities/CVE-2021-29600/57846", + "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by 0 in 'QuantizedMul'. See CVE-2021-29528.", + "cve": "CVE-2021-29528", + "id": "pyup.io-57864", + "more_info_path": "/vulnerabilities/CVE-2021-29528/57864", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -156018,10 +158046,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a null pointer dereference in 'EditDistance'. See CVE-2021-29564.", - "cve": "CVE-2021-29564", - "id": "pyup.io-57847", - "more_info_path": "/vulnerabilities/CVE-2021-29564/57847", + "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29563: An attacker can cause a denial of service by exploiting a `CHECK`-failure coming from the implementation of `tf.raw_ops.RFFT`. Eigen code operating on an empty matrix can trigger on an assertion and will cause program termination.", + "cve": "CVE-2021-29563", + "id": "pyup.io-57863", + "more_info_path": "/vulnerabilities/CVE-2021-29563/57863", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -156032,10 +158060,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap OOB write in TFLite. See CVE-2021-29603.", - "cve": "CVE-2021-29603", - "id": "pyup.io-57849", - "more_info_path": "/vulnerabilities/CVE-2021-29603/57849", + "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix fixes a heap OOB read in TFLite. See CVE-2021-29606.", + "cve": "CVE-2021-29606", + "id": "pyup.io-57823", + "more_info_path": "/vulnerabilities/CVE-2021-29606/57823", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -156046,10 +158074,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by zero in TFLite's implementation of hashtable lookup. See CVE-2021-29604.", - "cve": "CVE-2021-29604", - "id": "pyup.io-57850", - "more_info_path": "/vulnerabilities/CVE-2021-29604/57850", + "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap buffer overflow in 'MaxPool3DGradGrad'. See CVE-2021-29576.", + "cve": "CVE-2021-29576", + "id": "pyup.io-57845", + "more_info_path": "/vulnerabilities/CVE-2021-29576/57845", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -156060,10 +158088,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29566: An attacker can write outside the bounds of heap allocated arrays by passing invalid arguments to 'tf.raw_ops.Dilation2DBackpropInput'. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/afd954e65f15aea4d438d0a219136fc4a63a573d/tensorflow/core/kernels/dilation_ops.cc#L321-L322) does not validate before writing to the output array. The values for 'h_out' and 'w_out' are guaranteed to be in range for 'out_backprop' (as they are loop indices bounded by the size of the array). However, there are no similar guarantees relating 'h_in_max'/'w_in_max' and 'in_backprop'.", - "cve": "CVE-2021-29566", - "id": "pyup.io-57851", - "more_info_path": "/vulnerabilities/CVE-2021-29566/57851", + "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29547: An attacker can cause a segfault and denial of service via accessing data outside of bounds in 'tf.raw_ops.QuantizedBatchNormWithGlobalNormalization'. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/55a97caa9e99c7f37a0bbbeb414dc55553d3ae7f/tensorflow/core/kernels/quantized_batch_norm_op.cc#L176-L189) assumes the inputs are not empty. If any of these inputs is empty, '.flat()' is an empty buffer, so accessing the element at index 0 is accessing data outside of bounds.", + "cve": "CVE-2021-29547", + "id": "pyup.io-57848", + "more_info_path": "/vulnerabilities/CVE-2021-29547/57848", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -156074,10 +158102,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow-rocm 2.5.0, 2.4.2, 2.3.3, 2.2.3, and 2.1.4 include a fix for CVE-2021-29572: The implementation of `tf.raw_ops.SdcaOptimizer` triggers undefined behavior due to dereferencing a null pointer. The implementation (https://github.com/tensorflow/tensorflow/blob/60a45c8b6192a4699f2e2709a2645a751d435cc3/tensorflow/core/kernels/sdca_internal.cc) does not validate that the user supplied arguments satisfy all constraints expected by the op(https://www.tensorflow.org/api_docs/python/tf/raw_ops/SdcaOptimizer).", - "cve": "CVE-2021-29572", - "id": "pyup.io-57856", - "more_info_path": "/vulnerabilities/CVE-2021-29572/57856", + "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a segfault in 'tf.raw_ops.SparseCountSparseOutput'. See CVE-2021-29619.", + "cve": "CVE-2021-29619", + "id": "pyup.io-57833", + "more_info_path": "/vulnerabilities/CVE-2021-29619/57833", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -156088,10 +158116,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow-rocm versions 2.5.0, 2.4.2, 2.3.3, 2.2.3 and 2.1.4 updates its dependency \"curl\" to a secure version (7.76.0).", - "cve": "CVE-2020-8285", - "id": "pyup.io-57857", - "more_info_path": "/vulnerabilities/CVE-2020-8285/57857", + "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29571: The implementation of 'tf.raw_ops.MaxPoolGradWithArgmax' can cause reads outside of bounds of heap allocated data if attacker supplies specially crafted inputs. The implementation (https://github.com/tensorflow/tensorflow/blob/31bd5026304677faa8a0b77602c6154171b9aec1/tensorflow/core/kernels/image/draw_bounding_box_op.cc#L116-L130) assumes that the last element of 'boxes' input is 4, as required by the op (https://www.tensorflow.org/api_docs/python/tf/raw_ops/DrawBoundingBoxesV2). Since this is not checked attackers passing values less than 4 can write outside of bounds of heap allocated objects and cause memory corruption. If the last dimension in 'boxes' is less than 4, accesses similar to 'tboxes(b, bb, 3)' will access data outside of bounds. Further during code execution there are also writes to these indices.", + "cve": "CVE-2021-29571", + "id": "pyup.io-57854", + "more_info_path": "/vulnerabilities/CVE-2021-29571/57854", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -156102,10 +158130,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a integer overflow in TFLite concatentation. See CVE-2021-29601.", - "cve": "CVE-2021-29601", - "id": "pyup.io-57858", - "more_info_path": "/vulnerabilities/CVE-2021-29601/57858", + "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29550: An attacker can cause a runtime division by zero error and denial of service in `tf.raw_ops.FractionalAvgPool`. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/acc8ee69f5f46f92a3f1f11230f49c6ac266f10c/tensorflow/core/kernels/fractional_avg_pool_op.cc#L85-L89) computes a divisor quantity by dividing two user controlled values. The user controls the values of `input_size[i]` and `pooling_ratio_[i]` (via the `value.shape()` and `pooling_ratio` arguments). If the value in `input_size[i]` is smaller than the `pooling_ratio_[i]`, then the floor operation results in `output_size[i]` being 0. The `DCHECK_GT` line is a no-op outside of debug mode, so in released versions of TF this does not trigger. Later, these computed values are used as arguments (https://github.com/tensorflow/tensorflow/blob/acc8ee69f5f46f92a3f1f11230f49c6ac266f10c/tensorflow/core/kernels/fractional_avg_pool_op.cc#L96-L99) to `GeneratePoolingSequence`(https://github.com/tensorflow/tensorflow/blob/acc8ee69f5f46f92a3f1f11230f49c6ac266f10c/tensorflow/core/kernels/fractional_pool_common.cc#L100-L108). There, the first computation is a division in a modulo operation. Since `output_length` can be 0, this results in runtime crashing.", + "cve": "CVE-2021-29550", + "id": "pyup.io-57868", + "more_info_path": "/vulnerabilities/CVE-2021-29550/57868", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -156116,10 +158144,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by 0 in 'MaxPoolGradWithArgmax'. See CVE-2021-29573.", - "cve": "CVE-2021-29573", - "id": "pyup.io-57859", - "more_info_path": "/vulnerabilities/CVE-2021-29573/57859", + "advisory": "TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger undefined behavior by binding to null pointer in 'tf.raw_ops.ParameterizedTruncatedNormal'. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/3f6fe4dfef6f57e768260b48166c27d148f3015f/tensorflow/core/kernels/parameterized_truncated_normal_op.cc#L630) does not validate input arguments before accessing the first element of 'shape'. If 'shape' argument is empty, then 'shape_tensor.flat()' is an empty array. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.", + "cve": "CVE-2021-29568", + "id": "pyup.io-57853", + "more_info_path": "/vulnerabilities/CVE-2021-29568/57853", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -156130,10 +158158,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by zero in optimized pooling implementations in TFLite. See CVE-2021-29586.", - "cve": "CVE-2021-29586", - "id": "pyup.io-57860", - "more_info_path": "/vulnerabilities/CVE-2021-29586/57860", + "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a 'CHECK'-fail due to integer overflow. See CVE-2021-29584.", + "cve": "CVE-2021-29584", + "id": "pyup.io-57819", + "more_info_path": "/vulnerabilities/CVE-2021-29584/57819", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -156144,10 +158172,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap OOB read in TFLite's implementation of 'Minimum' or 'Maximum'. See CVE-2021-29590.", - "cve": "CVE-2021-29590", - "id": "pyup.io-57861", - "more_info_path": "/vulnerabilities/CVE-2021-29590/57861", + "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a stack overflow due to looping TFLite subgraph. See CVE-2021-29591.", + "cve": "CVE-2021-29591", + "id": "pyup.io-57820", + "more_info_path": "/vulnerabilities/CVE-2021-29591/57820", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -156158,10 +158186,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by zero in TFLite's implementation of 'SVDF'. See CVE-2021-29598.", - "cve": "CVE-2021-29598", - "id": "pyup.io-57862", - "more_info_path": "/vulnerabilities/CVE-2021-29598/57862", + "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix an overflow and a denial of service in 'tf.raw_ops.ReverseSequence'. See CVE-2021-29575.", + "cve": "CVE-2021-29575", + "id": "pyup.io-57821", + "more_info_path": "/vulnerabilities/CVE-2021-29575/57821", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -156172,10 +158200,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap out of bounds read in 'RequantizationRange'. See CVE-2021-29569.", - "cve": "CVE-2021-29569", - "id": "pyup.io-57855", - "more_info_path": "/vulnerabilities/CVE-2021-29569/57855", + "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap OOB read in 'tf.raw_ops.Dequantize'. See CVE-2021-29582.", + "cve": "CVE-2021-29582", + "id": "pyup.io-57822", + "more_info_path": "/vulnerabilities/CVE-2021-29582/57822", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -156186,10 +158214,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by 0 in 'QuantizedMul'. See CVE-2021-29528.", - "cve": "CVE-2021-29528", - "id": "pyup.io-57864", - "more_info_path": "/vulnerabilities/CVE-2021-29528/57864", + "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29608: TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in 'tf.raw_ops.RaggedTensorToTensor', an attacker can exploit an undefined behavior if input arguments are empty. The implementation (https://github.com/tensorflow/tensorflow/blob/656e7673b14acd7835dc778867f84916c6d1cac2/tensorflow/core/kernels/ragged_tensor_to_tensor_op.cc#L356-L360) only checks that one of the tensors is not empty, but does not check for the other ones. There are multiple 'DCHECK' validations to prevent heap OOB, but these are no-op in release builds, hence they don't prevent anything.", + "cve": "CVE-2021-29608", + "id": "pyup.io-57831", + "more_info_path": "/vulnerabilities/CVE-2021-29608/57831", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -156200,10 +158228,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap OOB in 'QuantizeAndDequantizeV3'. See CVE-2021-29553.", - "cve": "CVE-2021-29553", - "id": "pyup.io-57865", - "more_info_path": "/vulnerabilities/CVE-2021-29553/57865", + "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix vulnerabilities caused by incomplete validation in 'SparseAdd'. See CVE-2021-29609.", + "cve": "CVE-2021-29609", + "id": "pyup.io-57832", + "more_info_path": "/vulnerabilities/CVE-2021-29609/57832", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -156214,10 +158242,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix vulnerabilities caused by incomplete validation in 'SparseReshape'. See CVE-2021-29611.", - "cve": "CVE-2021-29611", - "id": "pyup.io-57866", - "more_info_path": "/vulnerabilities/CVE-2021-29611/57866", + "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 update its dependency \"curl\" to v7.76.0 to include security fixes.", + "cve": "CVE-2020-8231", + "id": "pyup.io-57836", + "more_info_path": "/vulnerabilities/CVE-2020-8231/57836", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -156228,10 +158256,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29546: TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger an integer division by zero undefined behavior in `tf.raw_ops.QuantizedBiasAdd`. This is because the implementation of the Eigen kernel (https://github.com/tensorflow/tensorflow/blob/61bca8bd5ba8a68b2d97435ddfafcdf2b85672cd/tensorflow/core/kernels/quantization_utils.h#L812-L849) does a division by the number of elements of the smaller input (based on shape) without checking that this is not zero.", - "cve": "CVE-2021-29546", - "id": "pyup.io-57869", - "more_info_path": "/vulnerabilities/CVE-2021-29546/57869", + "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 updates 'curl' to '7.76.0' to handle CVE-2020-8286: curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.", + "cve": "CVE-2020-8286", + "id": "pyup.io-57838", + "more_info_path": "/vulnerabilities/CVE-2020-8286/57838", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -156242,10 +158270,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29618: Passing a complex argument to `tf.transpose` at the same time as passing 'conjugate=True' argument results in a crash.", - "cve": "CVE-2021-29618", - "id": "pyup.io-57870", - "more_info_path": "/vulnerabilities/CVE-2021-29618/57870", + "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by zero in TFLite's implementation of 'BatchToSpaceNd'. See CVE-2021-29593.", + "cve": "CVE-2021-29593", + "id": "pyup.io-57839", + "more_info_path": "/vulnerabilities/CVE-2021-29593/57839", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -156256,10 +158284,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29560: An attacker can cause a heap buffer overflow in `tf.raw_ops.RaggedTensorToTensor`. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/d94227d43aa125ad8b54115c03cece54f6a1977b/tensorflow/core/kernels/ragged_tensor_to_tensor_op.cc#L219-L222) uses the same index to access two arrays in parallel. Since the user controls the shape of the input arguments, an attacker could trigger a heap OOB access when 'parent_output_index' is shorter than 'row_split'.", - "cve": "CVE-2021-29560", - "id": "pyup.io-57871", - "more_info_path": "/vulnerabilities/CVE-2021-29560/57871", + "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by 0 in 'DenseCountSparseOutput'. See CVE-2021-29554.", + "cve": "CVE-2021-29554", + "id": "pyup.io-57840", + "more_info_path": "/vulnerabilities/CVE-2021-29554/57840", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -156270,10 +158298,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29616: The implementation of TrySimplify (https://github.com/tensorflow/tensorflow/blob/c22d88d6ff33031aa113e48aa3fc9aa74ed79595/tensorflow/core/grappler/optimizers/arithmetic_optimizer.cc#L390-L401) has undefined behavior due to dereferencing a null pointer in corner cases that result in optimizing a node with no inputs.", - "cve": "CVE-2021-29616", - "id": "pyup.io-57829", - "more_info_path": "/vulnerabilities/CVE-2021-29616/57829", + "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap buffer overflow in 'AvgPool3DGrad'. See CVE-2021-29577.", + "cve": "CVE-2021-29577", + "id": "pyup.io-57841", + "more_info_path": "/vulnerabilities/CVE-2021-29577/57841", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -156284,10 +158312,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29587: TensorFlow is an end-to-end open source platform for machine learning. The `Prepare` step of the `SpaceToDepth` TFLite operator does not check for 0 before division (https://github.com/tensorflow/tensorflow/blob/5f7975d09eac0f10ed8a17dbb6f5964977725adc/tensorflow/lite/kernels/space_to_depth.cc#L63-L67). An attacker can craft a model such that `params->block_size` would be zero.", - "cve": "CVE-2021-29587", - "id": "pyup.io-57852", - "more_info_path": "/vulnerabilities/CVE-2021-29587/57852", + "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap buffer overflow in 'MaxPoolGrad'. See CVE-2021-29579.", + "cve": "CVE-2021-29579", + "id": "pyup.io-57843", + "more_info_path": "/vulnerabilities/CVE-2021-29579/57843", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -156298,10 +158326,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29563: An attacker can cause a denial of service by exploiting a `CHECK`-failure coming from the implementation of `tf.raw_ops.RFFT`. Eigen code operating on an empty matrix can trigger on an assertion and will cause program termination.", - "cve": "CVE-2021-29563", - "id": "pyup.io-57863", - "more_info_path": "/vulnerabilities/CVE-2021-29563/57863", + "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a integer overflow in TFLite memory allocation. See CVE-2021-29605.", + "cve": "CVE-2021-29605", + "id": "pyup.io-57844", + "more_info_path": "/vulnerabilities/CVE-2021-29605/57844", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -156312,10 +158340,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix fixes a heap OOB read in TFLite. See CVE-2021-29606.", - "cve": "CVE-2021-29606", - "id": "pyup.io-57823", - "more_info_path": "/vulnerabilities/CVE-2021-29606/57823", + "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap OOB write in TFLite. See CVE-2021-29603.", + "cve": "CVE-2021-29603", + "id": "pyup.io-57849", + "more_info_path": "/vulnerabilities/CVE-2021-29603/57849", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -156326,10 +158354,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a segfault in 'tf.raw_ops.SparseCountSparseOutput'. See CVE-2021-29619.", - "cve": "CVE-2021-29619", - "id": "pyup.io-57833", - "more_info_path": "/vulnerabilities/CVE-2021-29619/57833", + "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by zero in TFLite's implementation of hashtable lookup. See CVE-2021-29604.", + "cve": "CVE-2021-29604", + "id": "pyup.io-57850", + "more_info_path": "/vulnerabilities/CVE-2021-29604/57850", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -156340,10 +158368,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by zero in TFLite's implementation of 'DepthwiseConv'. See CVE-2021-29602.", - "cve": "CVE-2021-29602", - "id": "pyup.io-57835", - "more_info_path": "/vulnerabilities/CVE-2021-29602/57835", + "advisory": "Tensorflow-rocm 2.5.0, 2.4.2, 2.3.3, 2.2.3, and 2.1.4 include a fix for CVE-2021-29572: The implementation of `tf.raw_ops.SdcaOptimizer` triggers undefined behavior due to dereferencing a null pointer. The implementation (https://github.com/tensorflow/tensorflow/blob/60a45c8b6192a4699f2e2709a2645a751d435cc3/tensorflow/core/kernels/sdca_internal.cc) does not validate that the user supplied arguments satisfy all constraints expected by the op(https://www.tensorflow.org/api_docs/python/tf/raw_ops/SdcaOptimizer).", + "cve": "CVE-2021-29572", + "id": "pyup.io-57856", + "more_info_path": "/vulnerabilities/CVE-2021-29572/57856", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -156354,10 +158382,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap buffer overflow in 'MaxPool3DGradGrad'. See CVE-2021-29576.", - "cve": "CVE-2021-29576", - "id": "pyup.io-57845", - "more_info_path": "/vulnerabilities/CVE-2021-29576/57845", + "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix vulnerabilities caused by incomplete validation in 'SparseReshape'. See CVE-2021-29611.", + "cve": "CVE-2021-29611", + "id": "pyup.io-57866", + "more_info_path": "/vulnerabilities/CVE-2021-29611/57866", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -156368,10 +158396,52 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29547: An attacker can cause a segfault and denial of service via accessing data outside of bounds in 'tf.raw_ops.QuantizedBatchNormWithGlobalNormalization'. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/55a97caa9e99c7f37a0bbbeb414dc55553d3ae7f/tensorflow/core/kernels/quantized_batch_norm_op.cc#L176-L189) assumes the inputs are not empty. If any of these inputs is empty, '.flat()' is an empty buffer, so accessing the element at index 0 is accessing data outside of bounds.", - "cve": "CVE-2021-29547", - "id": "pyup.io-57848", - "more_info_path": "/vulnerabilities/CVE-2021-29547/57848", + "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29618: Passing a complex argument to `tf.transpose` at the same time as passing 'conjugate=True' argument results in a crash.", + "cve": "CVE-2021-29618", + "id": "pyup.io-57870", + "more_info_path": "/vulnerabilities/CVE-2021-29618/57870", + "specs": [ + ">=2.5.0rc0,<2.5.0", + ">=2.4.0rc0,<2.4.2", + ">=2.3.0rc0,<2.3.3", + ">=2.2.0rc0,<2.2.3", + ">=2.1.0rc0,<2.1.4" + ], + "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" + }, + { + "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29616: The implementation of TrySimplify (https://github.com/tensorflow/tensorflow/blob/c22d88d6ff33031aa113e48aa3fc9aa74ed79595/tensorflow/core/grappler/optimizers/arithmetic_optimizer.cc#L390-L401) has undefined behavior due to dereferencing a null pointer in corner cases that result in optimizing a node with no inputs.", + "cve": "CVE-2021-29616", + "id": "pyup.io-57829", + "more_info_path": "/vulnerabilities/CVE-2021-29616/57829", + "specs": [ + ">=2.5.0rc0,<2.5.0", + ">=2.4.0rc0,<2.4.2", + ">=2.3.0rc0,<2.3.3", + ">=2.2.0rc0,<2.2.3", + ">=2.1.0rc0,<2.1.4" + ], + "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" + }, + { + "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29587: TensorFlow is an end-to-end open source platform for machine learning. The `Prepare` step of the `SpaceToDepth` TFLite operator does not check for 0 before division (https://github.com/tensorflow/tensorflow/blob/5f7975d09eac0f10ed8a17dbb6f5964977725adc/tensorflow/lite/kernels/space_to_depth.cc#L63-L67). An attacker can craft a model such that `params->block_size` would be zero.", + "cve": "CVE-2021-29587", + "id": "pyup.io-57852", + "more_info_path": "/vulnerabilities/CVE-2021-29587/57852", + "specs": [ + ">=2.5.0rc0,<2.5.0", + ">=2.4.0rc0,<2.4.2", + ">=2.3.0rc0,<2.3.3", + ">=2.2.0rc0,<2.2.3", + ">=2.1.0rc0,<2.1.4" + ], + "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" + }, + { + "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by zero in TFLite's implementation of 'DepthwiseConv'. See CVE-2021-29602.", + "cve": "CVE-2021-29602", + "id": "pyup.io-57835", + "more_info_path": "/vulnerabilities/CVE-2021-29602/57835", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -156409,48 +158479,6 @@ ], "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, - { - "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29571: The implementation of 'tf.raw_ops.MaxPoolGradWithArgmax' can cause reads outside of bounds of heap allocated data if attacker supplies specially crafted inputs. The implementation (https://github.com/tensorflow/tensorflow/blob/31bd5026304677faa8a0b77602c6154171b9aec1/tensorflow/core/kernels/image/draw_bounding_box_op.cc#L116-L130) assumes that the last element of 'boxes' input is 4, as required by the op (https://www.tensorflow.org/api_docs/python/tf/raw_ops/DrawBoundingBoxesV2). Since this is not checked attackers passing values less than 4 can write outside of bounds of heap allocated objects and cause memory corruption. If the last dimension in 'boxes' is less than 4, accesses similar to 'tboxes(b, bb, 3)' will access data outside of bounds. Further during code execution there are also writes to these indices.", - "cve": "CVE-2021-29571", - "id": "pyup.io-57854", - "more_info_path": "/vulnerabilities/CVE-2021-29571/57854", - "specs": [ - ">=2.5.0rc0,<2.5.0", - ">=2.4.0rc0,<2.4.2", - ">=2.3.0rc0,<2.3.3", - ">=2.2.0rc0,<2.2.3", - ">=2.1.0rc0,<2.1.4" - ], - "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" - }, - { - "advisory": "Tensorflow-rocm 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29550: An attacker can cause a runtime division by zero error and denial of service in `tf.raw_ops.FractionalAvgPool`. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/acc8ee69f5f46f92a3f1f11230f49c6ac266f10c/tensorflow/core/kernels/fractional_avg_pool_op.cc#L85-L89) computes a divisor quantity by dividing two user controlled values. The user controls the values of `input_size[i]` and `pooling_ratio_[i]` (via the `value.shape()` and `pooling_ratio` arguments). If the value in `input_size[i]` is smaller than the `pooling_ratio_[i]`, then the floor operation results in `output_size[i]` being 0. The `DCHECK_GT` line is a no-op outside of debug mode, so in released versions of TF this does not trigger. Later, these computed values are used as arguments (https://github.com/tensorflow/tensorflow/blob/acc8ee69f5f46f92a3f1f11230f49c6ac266f10c/tensorflow/core/kernels/fractional_avg_pool_op.cc#L96-L99) to `GeneratePoolingSequence`(https://github.com/tensorflow/tensorflow/blob/acc8ee69f5f46f92a3f1f11230f49c6ac266f10c/tensorflow/core/kernels/fractional_pool_common.cc#L100-L108). There, the first computation is a division in a modulo operation. Since `output_length` can be 0, this results in runtime crashing.", - "cve": "CVE-2021-29550", - "id": "pyup.io-57868", - "more_info_path": "/vulnerabilities/CVE-2021-29550/57868", - "specs": [ - ">=2.5.0rc0,<2.5.0", - ">=2.4.0rc0,<2.4.2", - ">=2.3.0rc0,<2.3.3", - ">=2.2.0rc0,<2.2.3", - ">=2.1.0rc0,<2.1.4" - ], - "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" - }, - { - "advisory": "TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger undefined behavior by binding to null pointer in 'tf.raw_ops.ParameterizedTruncatedNormal'. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/3f6fe4dfef6f57e768260b48166c27d148f3015f/tensorflow/core/kernels/parameterized_truncated_normal_op.cc#L630) does not validate input arguments before accessing the first element of 'shape'. If 'shape' argument is empty, then 'shape_tensor.flat()' is an empty array. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.", - "cve": "CVE-2021-29568", - "id": "pyup.io-57853", - "more_info_path": "/vulnerabilities/CVE-2021-29568/57853", - "specs": [ - ">=2.5.0rc0,<2.5.0", - ">=2.4.0rc0,<2.4.2", - ">=2.3.0rc0,<2.3.3", - ">=2.2.0rc0,<2.2.3", - ">=2.1.0rc0,<2.1.4" - ], - "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" - }, { "advisory": "Tensorflow-rocm 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37688: In affected versions an attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a crash and denial of service. The [implementation](https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels/internal/optimized/optimized_ops.h#L268-L285) unconditionally dereferences a pointer. The Tensorflow team has patched the issue in GitHub commit 15691e456c7dc9bd6be203b09765b063bf4a380c.", "cve": "CVE-2021-37688", @@ -156539,10 +158567,10 @@ "v": ">=2.6.0rc0,<2.6.0,>=2.3.0rc0,<2.3.4,>=2.4.0rc0,<2.4.3,>=2.5.0rc0,<2.5.1" }, { - "advisory": "Tensorflow-rocm version 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37663:\nIn affected versions, due to incomplete validation in \"tf.raw_ops.QuantizeV2\", an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap allocated arrays. The implementation (https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/quantize_op.cc#L59) has some validation but does not check that \"min_range\" and \"max_range\" both have the same non-zero number of elements. If \"axis\" is provided (i.e., not \"-1\"), then validation should check that it is a value in range for the rank of \"input\" tensor and then the lengths of \"min_range\" and \"max_range\" inputs match the \"axis\" dimension of the \"input\" tensor. The Tensorflow team has patched the issue in GitHub commit 6da6620efad397c85493b8f8667b821403516708. \nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-g25h-jr74-qp5j\nhttps://github.com/tensorflow/tensorflow/commit/6da6620efad397c85493b8f8667b821403516708", - "cve": "CVE-2021-37663", - "id": "pyup.io-57804", - "more_info_path": "/vulnerabilities/CVE-2021-37663/57804", + "advisory": "Tensorflow-rocm 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37675: In affected versions most implementations of convolution operators in TensorFlow are affected by a division by 0 vulnerability where an attacker can trigger a denial of service via a crash. The shape inference implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/framework/common_shape_fns.cc#L577) is missing several validations before doing divisions and modulo operations. The Tensorflow team has patched the issue in GitHub commit 8a793b5d7f59e37ac7f3cd0954a750a2fe76bad4.", + "cve": "CVE-2021-37675", + "id": "pyup.io-57808", + "more_info_path": "/vulnerabilities/CVE-2021-37675/57808", "specs": [ ">=2.6.0rc0,<2.6.0", ">=2.3.0rc0,<2.3.4", @@ -156552,10 +158580,10 @@ "v": ">=2.6.0rc0,<2.6.0,>=2.3.0rc0,<2.3.4,>=2.4.0rc0,<2.4.3,>=2.5.0rc0,<2.5.1" }, { - "advisory": "Tensorflow-rocm 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37675: In affected versions most implementations of convolution operators in TensorFlow are affected by a division by 0 vulnerability where an attacker can trigger a denial of service via a crash. The shape inference implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/framework/common_shape_fns.cc#L577) is missing several validations before doing divisions and modulo operations. The Tensorflow team has patched the issue in GitHub commit 8a793b5d7f59e37ac7f3cd0954a750a2fe76bad4.", - "cve": "CVE-2021-37675", - "id": "pyup.io-57808", - "more_info_path": "/vulnerabilities/CVE-2021-37675/57808", + "advisory": "Tensorflow-rocm 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37685: In affected versions TFLite's 'expand_dims.cc' (https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels/expand_dims.cc#L36-L50) contains a vulnerability which allows reading one element outside of bounds of heap allocated data. If 'axis' is a large negative value (e.g., '-100000'), then after the first 'if' it would still be negative. The check following the 'if' statement will pass and the 'for' loop would read one element before the start of 'input_dims.data' (when 'i = 0'). The Tensorflow team has patched the issue in GitHub commit d94ffe08a65400f898241c0374e9edc6fa8ed257.", + "cve": "CVE-2021-37685", + "id": "pyup.io-57805", + "more_info_path": "/vulnerabilities/CVE-2021-37685/57805", "specs": [ ">=2.6.0rc0,<2.6.0", ">=2.3.0rc0,<2.3.4", @@ -156565,10 +158593,10 @@ "v": ">=2.6.0rc0,<2.6.0,>=2.3.0rc0,<2.3.4,>=2.4.0rc0,<2.4.3,>=2.5.0rc0,<2.5.1" }, { - "advisory": "Tensorflow-rocm 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37676: In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in 'tf.raw_ops.SparseFillEmptyRows'. The shape inference implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/ops/sparse_ops.cc#L608-L634) does not validate that the input arguments are not empty tensors. The Tensorflow team has patched the issue in GitHub commit 578e634b4f1c1c684d4b4294f9e5281b2133b3ed.", - "cve": "CVE-2021-37676", - "id": "pyup.io-57810", - "more_info_path": "/vulnerabilities/CVE-2021-37676/57810", + "advisory": "Tensorflow-rocm 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37661: In affected versions an attacker can cause a denial of service in 'boosted_trees_create_quantile_stream_resource' by using negative arguments. The implementation (https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/boosted_trees/quantile_ops.cc#L96) does not validate that 'num_streams' only contains non-negative numbers. In turn, this results in using this value to allocate memory (https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/boosted_trees/quantiles/quantile_stream_resource.h#L31-L40). However, 'reserve' receives an unsigned integer so there is an implicit conversion from a negative value to a large positive unsigned. This results in a crash from the standard library. The Tensorflow team has patched the issue in GitHub commit 8a84f7a2b5a2b27ecf88d25bad9ac777cd2f7992.", + "cve": "CVE-2021-37661", + "id": "pyup.io-57806", + "more_info_path": "/vulnerabilities/CVE-2021-37661/57806", "specs": [ ">=2.6.0rc0,<2.6.0", ">=2.3.0rc0,<2.3.4", @@ -156578,10 +158606,10 @@ "v": ">=2.6.0rc0,<2.6.0,>=2.3.0rc0,<2.3.4,>=2.4.0rc0,<2.4.3,>=2.5.0rc0,<2.5.1" }, { - "advisory": "Tensorflow-rocm 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37653: In affected versions an attacker can trigger a crash via a floating point exception in 'tf.raw_ops.ResourceGather'. The implementation (https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/resource_variable_ops.cc#L725-L731) computes the value of a value, 'batch_size', and then divides by it without checking that this value is not 0. The Tensorflow team has patched the issue in GitHub commit ac117ee8a8ea57b73d34665cdf00ef3303bc0b11.", - "cve": "CVE-2021-37653", - "id": "pyup.io-57811", - "more_info_path": "/vulnerabilities/CVE-2021-37653/57811", + "advisory": "Tensorflow-rocm 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37660: In affected versions an attacker can cause a floating point exception by calling inplace operations with crafted arguments that would result in a division by 0. The implementation (https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/inplace_ops.cc#L283) has a logic error: it should skip processing if 'x' and 'v' are empty but the code uses '||' instead of '&&'. The Tensorflow team has patched the issue in GitHub commit e86605c0a336c088b638da02135ea6f9f6753618.", + "cve": "CVE-2021-37660", + "id": "pyup.io-57812", + "more_info_path": "/vulnerabilities/CVE-2021-37660/57812", "specs": [ ">=2.6.0rc0,<2.6.0", ">=2.3.0rc0,<2.3.4", @@ -156591,10 +158619,10 @@ "v": ">=2.6.0rc0,<2.6.0,>=2.3.0rc0,<2.3.4,>=2.4.0rc0,<2.4.3,>=2.5.0rc0,<2.5.1" }, { - "advisory": "Tensorflow-rocm 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37685: In affected versions TFLite's 'expand_dims.cc' (https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels/expand_dims.cc#L36-L50) contains a vulnerability which allows reading one element outside of bounds of heap allocated data. If 'axis' is a large negative value (e.g., '-100000'), then after the first 'if' it would still be negative. The check following the 'if' statement will pass and the 'for' loop would read one element before the start of 'input_dims.data' (when 'i = 0'). The Tensorflow team has patched the issue in GitHub commit d94ffe08a65400f898241c0374e9edc6fa8ed257.", - "cve": "CVE-2021-37685", - "id": "pyup.io-57805", - "more_info_path": "/vulnerabilities/CVE-2021-37685/57805", + "advisory": "Tensorflow-rocm version 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37665:\nIn affected versions, due to incomplete validation in MKL implementation of requantization, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap allocated arrays. The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/mkl/mkl_requantization_range_per_channel_op.cc) does not validate the dimensions of the \"input\" tensor. A similar issue occurs in \"MklRequantizePerChannelOp\". The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/mkl/mkl_requantize_per_channel_op.cc) does not perform full validation for all the input arguments. The Tensorflow team has patched the issue in GitHub commit 9e62869465573cb2d9b5053f1fa02a81fce21d69 and in the Github commit 203214568f5bc237603dbab6e1fd389f1572f5c9.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-v82p-hv3v-p6qp\nhttps://github.com/tensorflow/tensorflow/commit/203214568f5bc237603dbab6e1fd389f1572f5c9\nhttps://github.com/tensorflow/tensorflow/commit/9e62869465573cb2d9b5053f1fa02a81fce21d69", + "cve": "CVE-2021-37665", + "id": "pyup.io-57807", + "more_info_path": "/vulnerabilities/CVE-2021-37665/57807", "specs": [ ">=2.6.0rc0,<2.6.0", ">=2.3.0rc0,<2.3.4", @@ -156604,10 +158632,10 @@ "v": ">=2.6.0rc0,<2.6.0,>=2.3.0rc0,<2.3.4,>=2.4.0rc0,<2.4.3,>=2.5.0rc0,<2.5.1" }, { - "advisory": "Tensorflow-rocm 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37661: In affected versions an attacker can cause a denial of service in 'boosted_trees_create_quantile_stream_resource' by using negative arguments. The implementation (https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/boosted_trees/quantile_ops.cc#L96) does not validate that 'num_streams' only contains non-negative numbers. In turn, this results in using this value to allocate memory (https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/boosted_trees/quantiles/quantile_stream_resource.h#L31-L40). However, 'reserve' receives an unsigned integer so there is an implicit conversion from a negative value to a large positive unsigned. This results in a crash from the standard library. The Tensorflow team has patched the issue in GitHub commit 8a84f7a2b5a2b27ecf88d25bad9ac777cd2f7992.", - "cve": "CVE-2021-37661", - "id": "pyup.io-57806", - "more_info_path": "/vulnerabilities/CVE-2021-37661/57806", + "advisory": "Tensorflow-rocm version 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37663:\nIn affected versions, due to incomplete validation in \"tf.raw_ops.QuantizeV2\", an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap allocated arrays. The implementation (https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/quantize_op.cc#L59) has some validation but does not check that \"min_range\" and \"max_range\" both have the same non-zero number of elements. If \"axis\" is provided (i.e., not \"-1\"), then validation should check that it is a value in range for the rank of \"input\" tensor and then the lengths of \"min_range\" and \"max_range\" inputs match the \"axis\" dimension of the \"input\" tensor. The Tensorflow team has patched the issue in GitHub commit 6da6620efad397c85493b8f8667b821403516708. \nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-g25h-jr74-qp5j\nhttps://github.com/tensorflow/tensorflow/commit/6da6620efad397c85493b8f8667b821403516708", + "cve": "CVE-2021-37663", + "id": "pyup.io-57804", + "more_info_path": "/vulnerabilities/CVE-2021-37663/57804", "specs": [ ">=2.6.0rc0,<2.6.0", ">=2.3.0rc0,<2.3.4", @@ -156617,10 +158645,10 @@ "v": ">=2.6.0rc0,<2.6.0,>=2.3.0rc0,<2.3.4,>=2.4.0rc0,<2.4.3,>=2.5.0rc0,<2.5.1" }, { - "advisory": "Tensorflow-rocm 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37687: In affected versions TFLite's 'GatherNd' implementation (https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels/gather_nd.cc#L124) does not support negative indices but there are no checks for this situation. Hence, an attacker can read arbitrary data from the heap by carefully crafting a model with negative values in 'indices'. Similar issue exists in 'Gather' implementation (https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels/gather.cc). The Tensorflow team has patched the issue in GitHub commits bb6a0383ed553c286f87ca88c207f6774d5c4a8f and eb921122119a6b6e470ee98b89e65d721663179d.", - "cve": "CVE-2021-37687", - "id": "pyup.io-57809", - "more_info_path": "/vulnerabilities/CVE-2021-37687/57809", + "advisory": "Tensorflow-rocm 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37676: In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in 'tf.raw_ops.SparseFillEmptyRows'. The shape inference implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/ops/sparse_ops.cc#L608-L634) does not validate that the input arguments are not empty tensors. The Tensorflow team has patched the issue in GitHub commit 578e634b4f1c1c684d4b4294f9e5281b2133b3ed.", + "cve": "CVE-2021-37676", + "id": "pyup.io-57810", + "more_info_path": "/vulnerabilities/CVE-2021-37676/57810", "specs": [ ">=2.6.0rc0,<2.6.0", ">=2.3.0rc0,<2.3.4", @@ -156630,10 +158658,10 @@ "v": ">=2.6.0rc0,<2.6.0,>=2.3.0rc0,<2.3.4,>=2.4.0rc0,<2.4.3,>=2.5.0rc0,<2.5.1" }, { - "advisory": "Tensorflow-rocm 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37660: In affected versions an attacker can cause a floating point exception by calling inplace operations with crafted arguments that would result in a division by 0. The implementation (https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/inplace_ops.cc#L283) has a logic error: it should skip processing if 'x' and 'v' are empty but the code uses '||' instead of '&&'. The Tensorflow team has patched the issue in GitHub commit e86605c0a336c088b638da02135ea6f9f6753618.", - "cve": "CVE-2021-37660", - "id": "pyup.io-57812", - "more_info_path": "/vulnerabilities/CVE-2021-37660/57812", + "advisory": "Tensorflow-rocm 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37653: In affected versions an attacker can trigger a crash via a floating point exception in 'tf.raw_ops.ResourceGather'. The implementation (https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/resource_variable_ops.cc#L725-L731) computes the value of a value, 'batch_size', and then divides by it without checking that this value is not 0. The Tensorflow team has patched the issue in GitHub commit ac117ee8a8ea57b73d34665cdf00ef3303bc0b11.", + "cve": "CVE-2021-37653", + "id": "pyup.io-57811", + "more_info_path": "/vulnerabilities/CVE-2021-37653/57811", "specs": [ ">=2.6.0rc0,<2.6.0", ">=2.3.0rc0,<2.3.4", @@ -156643,10 +158671,10 @@ "v": ">=2.6.0rc0,<2.6.0,>=2.3.0rc0,<2.3.4,>=2.4.0rc0,<2.4.3,>=2.5.0rc0,<2.5.1" }, { - "advisory": "Tensorflow-rocm 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37657: In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type 'tf.raw_ops.MatrixDiagV*'. The implementation (https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/linalg/matrix_diag_op.cc) has incomplete validation that the value of 'k' is a valid tensor. The Tensorflow team has checked that this value is either a scalar or a vector, but there is no check for the number of elements. If this is an empty tensor, then code that accesses the first element of the tensor is wrong. The Tensorflow team has patched the issue in GitHub commit f2a673bd34f0d64b8e40a551ac78989d16daad09.", - "cve": "CVE-2021-37657", - "id": "pyup.io-57802", - "more_info_path": "/vulnerabilities/CVE-2021-37657/57802", + "advisory": "Tensorflow-rocm 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37687: In affected versions TFLite's 'GatherNd' implementation (https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels/gather_nd.cc#L124) does not support negative indices but there are no checks for this situation. Hence, an attacker can read arbitrary data from the heap by carefully crafting a model with negative values in 'indices'. Similar issue exists in 'Gather' implementation (https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels/gather.cc). The Tensorflow team has patched the issue in GitHub commits bb6a0383ed553c286f87ca88c207f6774d5c4a8f and eb921122119a6b6e470ee98b89e65d721663179d.", + "cve": "CVE-2021-37687", + "id": "pyup.io-57809", + "more_info_path": "/vulnerabilities/CVE-2021-37687/57809", "specs": [ ">=2.6.0rc0,<2.6.0", ">=2.3.0rc0,<2.3.4", @@ -156656,10 +158684,10 @@ "v": ">=2.6.0rc0,<2.6.0,>=2.3.0rc0,<2.3.4,>=2.4.0rc0,<2.4.3,>=2.5.0rc0,<2.5.1" }, { - "advisory": "Tensorflow-rocm version 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37665:\nIn affected versions, due to incomplete validation in MKL implementation of requantization, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap allocated arrays. The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/mkl/mkl_requantization_range_per_channel_op.cc) does not validate the dimensions of the \"input\" tensor. A similar issue occurs in \"MklRequantizePerChannelOp\". The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/mkl/mkl_requantize_per_channel_op.cc) does not perform full validation for all the input arguments. The Tensorflow team has patched the issue in GitHub commit 9e62869465573cb2d9b5053f1fa02a81fce21d69 and in the Github commit 203214568f5bc237603dbab6e1fd389f1572f5c9.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-v82p-hv3v-p6qp\nhttps://github.com/tensorflow/tensorflow/commit/203214568f5bc237603dbab6e1fd389f1572f5c9\nhttps://github.com/tensorflow/tensorflow/commit/9e62869465573cb2d9b5053f1fa02a81fce21d69", - "cve": "CVE-2021-37665", - "id": "pyup.io-57807", - "more_info_path": "/vulnerabilities/CVE-2021-37665/57807", + "advisory": "Tensorflow-rocm 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37657: In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type 'tf.raw_ops.MatrixDiagV*'. The implementation (https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/linalg/matrix_diag_op.cc) has incomplete validation that the value of 'k' is a valid tensor. The Tensorflow team has checked that this value is either a scalar or a vector, but there is no check for the number of elements. If this is an empty tensor, then code that accesses the first element of the tensor is wrong. The Tensorflow team has patched the issue in GitHub commit f2a673bd34f0d64b8e40a551ac78989d16daad09.", + "cve": "CVE-2021-37657", + "id": "pyup.io-57802", + "more_info_path": "/vulnerabilities/CVE-2021-37657/57802", "specs": [ ">=2.6.0rc0,<2.6.0", ">=2.3.0rc0,<2.3.4", @@ -156682,10 +158710,10 @@ "v": ">=2.6.0rc0,<2.6.0,>=2.3.0rc0,<2.3.4,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3" }, { - "advisory": "Tensorflow-rocm 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37681: In affected versions the implementation of SVDF in TFLite is vulnerable to a null pointer error (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/lite/kernels/svdf.cc#L300-L313). The 'GetVariableInput' function (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/lite/kernels/kernel_util.cc#L115-L119) can return a null pointer but 'GetTensorData' assumes that the argument is always a valid tensor. Furthermore, because 'GetVariableInput' calls 'GetMutableInput' (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/lite/kernels/kernel_util.cc#L82-L90) which might return 'nullptr', the 'tensor->is_variable' expression can also trigger a null pointer exception. The Tensorflow team has patched the issue in GitHub commit 5b048e87e4e55990dae6b547add4dae59f4e1c76.", - "cve": "CVE-2021-37681", - "id": "pyup.io-57798", - "more_info_path": "/vulnerabilities/CVE-2021-37681/57798", + "advisory": "Tensorflow-rocm 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37643: If a user does not provide a valid padding value to 'tf.raw_ops.MatrixDiagPartOp', then the code triggers a null pointer dereference (if input is empty) or produces invalid behavior, ignoring all values after the first. The implementation (https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/linalg/matrix_diag_op.cc#L89) reads the first value from a tensor buffer without first checking that the tensor has values to read from. The Tensorflow team has patched the issue in GitHub commit 482da92095c4d48f8784b1f00dda4f81c28d2988.", + "cve": "CVE-2021-37643", + "id": "pyup.io-57796", + "more_info_path": "/vulnerabilities/CVE-2021-37643/57796", "specs": [ ">=2.6.0rc0,<2.6.0", ">=2.3.0rc0,<2.3.4", @@ -156695,10 +158723,10 @@ "v": ">=2.6.0rc0,<2.6.0,>=2.3.0rc0,<2.3.4,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3" }, { - "advisory": "Tensorflow-rocm 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37643: If a user does not provide a valid padding value to 'tf.raw_ops.MatrixDiagPartOp', then the code triggers a null pointer dereference (if input is empty) or produces invalid behavior, ignoring all values after the first. The implementation (https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/linalg/matrix_diag_op.cc#L89) reads the first value from a tensor buffer without first checking that the tensor has values to read from. The Tensorflow team has patched the issue in GitHub commit 482da92095c4d48f8784b1f00dda4f81c28d2988.", - "cve": "CVE-2021-37643", - "id": "pyup.io-57796", - "more_info_path": "/vulnerabilities/CVE-2021-37643/57796", + "advisory": "Tensorflow-rocm 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37681: In affected versions the implementation of SVDF in TFLite is vulnerable to a null pointer error (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/lite/kernels/svdf.cc#L300-L313). The 'GetVariableInput' function (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/lite/kernels/kernel_util.cc#L115-L119) can return a null pointer but 'GetTensorData' assumes that the argument is always a valid tensor. Furthermore, because 'GetVariableInput' calls 'GetMutableInput' (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/lite/kernels/kernel_util.cc#L82-L90) which might return 'nullptr', the 'tensor->is_variable' expression can also trigger a null pointer exception. The Tensorflow team has patched the issue in GitHub commit 5b048e87e4e55990dae6b547add4dae59f4e1c76.", + "cve": "CVE-2021-37681", + "id": "pyup.io-57798", + "more_info_path": "/vulnerabilities/CVE-2021-37681/57798", "specs": [ ">=2.6.0rc0,<2.6.0", ">=2.3.0rc0,<2.3.4", @@ -156798,19 +158826,6 @@ ], "v": ">=2.6.0rc0,<2.6.0,>=2.4.0rc0,<2.4.3,>=2.3.0rc0,<2.3.4,>=2.5.0rc0,<2.5.1" }, - { - "advisory": "TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a denial of service via a segmentation fault in 'tf.raw_ops.MaxPoolGrad' caused by missing validation. The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/maxpooling_op.cc) misses some validation for the 'orig_input' and 'orig_output' tensors. The fixes for CVE-2021-29579 were incomplete. We have patched the issue in GitHub commit 136b51f10903e044308cf77117c0ed9871350475. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.", - "cve": "CVE-2021-37674", - "id": "pyup.io-57788", - "more_info_path": "/vulnerabilities/CVE-2021-37674/57788", - "specs": [ - ">=2.6.0rc0,<2.6.0", - ">=2.5.0rc0,<2.5.1", - ">=2.4.0rc0,<2.4.3", - ">=2.3.0rc0,<2.3.4" - ], - "v": ">=2.6.0rc0,<2.6.0,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.3.0rc0,<2.3.4" - }, { "advisory": "Tensorflow-rocm version 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37672:\nIn affected versions, an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to \"tf.raw_ops.SdcaOptimizerV2\". The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/sdca_internal.cc#L320-L353) does not check that the length of \"example_labels\" is the same as the number of examples. The Tensorflow team has patched the issue in GitHub commit a4e138660270e7599793fa438cd7b2fc2ce215a6.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-5hj3-vjjf-f5m7\nhttps://github.com/tensorflow/tensorflow/commit/a4e138660270e7599793fa438cd7b2fc2ce215a6", "cve": "CVE-2021-37672", @@ -156824,19 +158839,6 @@ ], "v": ">=2.6.0rc0,<2.6.0,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.3.0rc0,<2.3.4" }, - { - "advisory": "TensorFlow is an end-to-end open source platform for machine learning. In affected versions the shape inference code for 'tf.raw_ops.Dequantize' has a vulnerability that could trigger a denial of service via a segfault if an attacker provides invalid arguments. The shape inference [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/ops/array_ops.cc#L2999-L3014) uses 'axis' to select between two different values for 'minmax_rank' which is then used to retrieve tensor dimensions. However, code assumes that 'axis' can be either '-1' or a value greater than '-1', with no validation for the other values. We have patched the issue in GitHub commit da857cfa0fde8f79ad0afdbc94e88b5d4bbec764. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.", - "cve": "CVE-2021-37677", - "id": "pyup.io-57790", - "more_info_path": "/vulnerabilities/CVE-2021-37677/57790", - "specs": [ - ">=2.6.0rc0,<2.6.0", - ">=2.5.0rc0,<2.5.1", - ">=2.4.0rc0,<2.4.3", - ">=2.3.0rc0,<2.3.4" - ], - "v": ">=2.6.0rc0,<2.6.0,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.3.0rc0,<2.3.4" - }, { "advisory": "Tensorflow-rocm version 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37670:\nIn affected versions, an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to \"tf.raw_ops.UpperBound\". The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/searchsorted_op.cc#L85-L104) does not validate the rank of \"sorted_input\" argument. A similar issue occurs in \"tf.raw_ops.LowerBound\". The Tensorflow team has patched the issue in GitHub commit 42459e4273c2e47a3232cc16c4f4fff3b3a35c38.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9697-98pf-4rw7\nhttps://github.com/tensorflow/tensorflow/commit/42459e4273c2e47a3232cc16c4f4fff3b3a35c38", "cve": "CVE-2021-37670", @@ -156889,6 +158891,45 @@ ], "v": ">=2.6.0rc0,<2.6.0,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.3.0rc0,<2.3.4" }, + { + "advisory": "Tensorflow-rocm version 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37669:\nIn affected versions, an attacker can cause denial of service in applications serving models using \"tf.raw_ops.NonMaxSuppressionV5\" by triggering a division by 0. The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/image/non_max_suppression_op.cc#L170-L271) uses a user controlled argument to resize a \"std::vector\". However, as \"std::vector::resize\" takes the size argument as a \"size_t\" and \"output_size\" is an \"int\", there is an implicit conversion to unsigned. If the attacker supplies a negative value, this conversion results in a crash. A similar issue occurs in \"CombinedNonMaxSuppression\". The Tensorflow team has patched the issue in GitHub commit 3a7362750d5c372420aa8f0caf7bf5b5c3d0f52d and commit b5cdbf12ffcaaffecf98f22a6be5a64bb96e4f58.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-vmjw-c2vp-p33c\nhttps://github.com/tensorflow/tensorflow/commit/3a7362750d5c372420aa8f0caf7bf5b5c3d0f52d\nhttps://github.com/tensorflow/tensorflow/commit/b5cdbf12ffcaaffecf98f22a6be5a64bb96e4f58", + "cve": "CVE-2021-37669", + "id": "pyup.io-57789", + "more_info_path": "/vulnerabilities/CVE-2021-37669/57789", + "specs": [ + ">=2.6.0rc0,<2.6.0", + ">=2.5.0rc0,<2.5.1", + ">=2.4.0rc0,<2.4.3", + ">=2.3.0rc0,<2.3.4" + ], + "v": ">=2.6.0rc0,<2.6.0,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.3.0rc0,<2.3.4" + }, + { + "advisory": "TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a denial of service via a segmentation fault in 'tf.raw_ops.MaxPoolGrad' caused by missing validation. The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/maxpooling_op.cc) misses some validation for the 'orig_input' and 'orig_output' tensors. The fixes for CVE-2021-29579 were incomplete. We have patched the issue in GitHub commit 136b51f10903e044308cf77117c0ed9871350475. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.", + "cve": "CVE-2021-37674", + "id": "pyup.io-57788", + "more_info_path": "/vulnerabilities/CVE-2021-37674/57788", + "specs": [ + ">=2.6.0rc0,<2.6.0", + ">=2.5.0rc0,<2.5.1", + ">=2.4.0rc0,<2.4.3", + ">=2.3.0rc0,<2.3.4" + ], + "v": ">=2.6.0rc0,<2.6.0,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.3.0rc0,<2.3.4" + }, + { + "advisory": "TensorFlow is an end-to-end open source platform for machine learning. In affected versions the shape inference code for 'tf.raw_ops.Dequantize' has a vulnerability that could trigger a denial of service via a segfault if an attacker provides invalid arguments. The shape inference [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/ops/array_ops.cc#L2999-L3014) uses 'axis' to select between two different values for 'minmax_rank' which is then used to retrieve tensor dimensions. However, code assumes that 'axis' can be either '-1' or a value greater than '-1', with no validation for the other values. We have patched the issue in GitHub commit da857cfa0fde8f79ad0afdbc94e88b5d4bbec764. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.", + "cve": "CVE-2021-37677", + "id": "pyup.io-57790", + "more_info_path": "/vulnerabilities/CVE-2021-37677/57790", + "specs": [ + ">=2.6.0rc0,<2.6.0", + ">=2.5.0rc0,<2.5.1", + ">=2.4.0rc0,<2.4.3", + ">=2.3.0rc0,<2.3.4" + ], + "v": ">=2.6.0rc0,<2.6.0,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.3.0rc0,<2.3.4" + }, { "advisory": "Tensorflow-rocm version 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37673:\nIn affected versions, an attacker can trigger a denial of service via a \"CHECK\"-fail in \"tf.raw_ops.MapStage\". The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/map_stage_op.cc#L513) does not check that the \"key\" input is a valid non-empty tensor. The Tensorflow team has patched the issue in GitHub commit d7de67733925de196ec8863a33445b73f9562d1d.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-278g-rq84-9hmg\nhttps://github.com/tensorflow/tensorflow/commit/d7de67733925de196ec8863a33445b73f9562d1d", "cve": "CVE-2021-37673", @@ -156941,19 +158982,6 @@ ], "v": ">=2.6.0rc0,<2.6.0,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.3.0rc0,<2.3.4" }, - { - "advisory": "Tensorflow-rocm version 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37669:\nIn affected versions, an attacker can cause denial of service in applications serving models using \"tf.raw_ops.NonMaxSuppressionV5\" by triggering a division by 0. The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/image/non_max_suppression_op.cc#L170-L271) uses a user controlled argument to resize a \"std::vector\". However, as \"std::vector::resize\" takes the size argument as a \"size_t\" and \"output_size\" is an \"int\", there is an implicit conversion to unsigned. If the attacker supplies a negative value, this conversion results in a crash. A similar issue occurs in \"CombinedNonMaxSuppression\". The Tensorflow team has patched the issue in GitHub commit 3a7362750d5c372420aa8f0caf7bf5b5c3d0f52d and commit b5cdbf12ffcaaffecf98f22a6be5a64bb96e4f58.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-vmjw-c2vp-p33c\nhttps://github.com/tensorflow/tensorflow/commit/3a7362750d5c372420aa8f0caf7bf5b5c3d0f52d\nhttps://github.com/tensorflow/tensorflow/commit/b5cdbf12ffcaaffecf98f22a6be5a64bb96e4f58", - "cve": "CVE-2021-37669", - "id": "pyup.io-57789", - "more_info_path": "/vulnerabilities/CVE-2021-37669/57789", - "specs": [ - ">=2.6.0rc0,<2.6.0", - ">=2.5.0rc0,<2.5.1", - ">=2.4.0rc0,<2.4.3", - ">=2.3.0rc0,<2.3.4" - ], - "v": ">=2.6.0rc0,<2.6.0,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.3.0rc0,<2.3.4" - }, { "advisory": "Tensorflow-rocm version 2.3.4, 2.4.3, 2.5.1, 2.6.0 and 2.7.0 include a fix for CVE-2021-37678:\nIn affected versions, TensorFlow and Keras can be tricked to perform arbitrary code execution when deserializing a Keras model from YAML format. The implementation(https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/python/keras/saving/model_config.py#L66-L104) uses \"yaml.unsafe_load\" which can perform arbitrary code execution on the input. Given that YAML format support requires a significant amount of work, the Tensorflow team has removed it for now. The Tensorflow team has patched the issue in GitHub commit 23d6383eb6c14084a8fc3bdf164043b974818012.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-r6jx-9g48-2r5r\nhttps://github.com/tensorflow/tensorflow/commit/23d6383eb6c14084a8fc3bdf164043b974818012", "cve": "CVE-2021-37678", @@ -161381,6 +163409,18 @@ "v": "<0.2.0" } ], + "text2qti": [ + { + "advisory": "Text2qti version 0.4.0 has addressed a vulnerability related to catastrophic backtracking in LaTeX math regex.", + "cve": "PVE-2023-62064", + "id": "pyup.io-62064", + "more_info_path": "/vulnerabilities/PVE-2023-62064/62064", + "specs": [ + "<0.4.0" + ], + "v": "<0.4.0" + } + ], "textattack": [ { "advisory": "Textattack 0.3.4 updates its dependency 'tensorflow' to v2.5.1 to include several security fixes.", @@ -162129,10 +164169,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tflite-runtime 2.8.0 includes a fix for CVE-2022-21741: An attacker can craft a TFLite model that would trigger a division by zero in the implementation of depthwise convolutions. The parameters of the convolution can be user controlled and are also used within a division operation to determine the size of the padding that needs to be added before applying the convolution. There is no check before this division that the divisor is strictly positive.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-428x-9xc2-m8mj", - "cve": "CVE-2022-21741", - "id": "pyup.io-56481", - "more_info_path": "/vulnerabilities/CVE-2022-21741/56481", + "advisory": "Tflite-runtime 2.8.0 includes a fix for CVE-2022-23561: An attacker can craft a TFLite model that would cause a write outside of bounds of an array in TFLite. In fact, the attacker can override the linked list used by the memory allocator. This can be leveraged for an arbitrary write primitive under certain conditions.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9c78-vcq7-7vxq", + "cve": "CVE-2022-23561", + "id": "pyup.io-56485", + "more_info_path": "/vulnerabilities/CVE-2022-23561/56485", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -162142,10 +164182,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tflite-runtime 2.8.0 includes a fix for CVE-2022-23561: An attacker can craft a TFLite model that would cause a write outside of bounds of an array in TFLite. In fact, the attacker can override the linked list used by the memory allocator. This can be leveraged for an arbitrary write primitive under certain conditions.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9c78-vcq7-7vxq", - "cve": "CVE-2022-23561", - "id": "pyup.io-56485", - "more_info_path": "/vulnerabilities/CVE-2022-23561/56485", + "advisory": "Tflite-runtime 2.8.0 includes a fix for CVE-2022-23557: An attacker can craft a TFLite model that would trigger a division by zero in 'BiasAndClamp' implementation. There is no check that the 'bias_size' is non zero.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-gf2j-f278-xh4v", + "cve": "CVE-2022-23557", + "id": "pyup.io-56484", + "more_info_path": "/vulnerabilities/CVE-2022-23557/56484", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -162155,10 +164195,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Tflite-runtime 2.8.0 includes a fix for CVE-2022-23557: An attacker can craft a TFLite model that would trigger a division by zero in 'BiasAndClamp' implementation. There is no check that the 'bias_size' is non zero.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-gf2j-f278-xh4v", - "cve": "CVE-2022-23557", - "id": "pyup.io-56484", - "more_info_path": "/vulnerabilities/CVE-2022-23557/56484", + "advisory": "Tflite-runtime 2.8.0 includes a fix for CVE-2022-21741: An attacker can craft a TFLite model that would trigger a division by zero in the implementation of depthwise convolutions. The parameters of the convolution can be user controlled and are also used within a division operation to determine the size of the padding that needs to be added before applying the convolution. There is no check before this division that the divisor is strictly positive.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-428x-9xc2-m8mj", + "cve": "CVE-2022-21741", + "id": "pyup.io-56481", + "more_info_path": "/vulnerabilities/CVE-2022-21741/56481", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -162207,10 +164247,10 @@ "v": ">=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.3.0rc0,<2.3.4,>=2.6.0rc0,<2.6.0" }, { - "advisory": "Tflite-runtime 2.7.0 includes a fix for CVE-2021-37685: In affected versions TFLite's 'expand_dims.cc' (https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels/expand_dims.cc#L36-L50) contains a vulnerability which allows reading one element outside of bounds of heap allocated data. If 'axis' is a large negative value (e.g., '-100000'), then after the first 'if' it would still be negative. The check following the 'if' statement will pass and the 'for' loop would read one element before the start of 'input_dims.data' (when 'i = 0'). The Tensorflow team has patched the issue in GitHub commit d94ffe08a65400f898241c0374e9edc6fa8ed257.", - "cve": "CVE-2021-37685", - "id": "pyup.io-56489", - "more_info_path": "/vulnerabilities/CVE-2021-37685/56489", + "advisory": "Tflite-runtime 2.7.0 includes a fix for CVE-2021-37687: In affected versions TFLite's 'GatherNd' implementation (https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels/gather_nd.cc#L124) does not support negative indices but there are no checks for this situation. Hence, an attacker can read arbitrary data from the heap by carefully crafting a model with negative values in 'indices'. Similar issue exists in 'Gather' implementation (https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels/gather.cc). The Tensorflow team has patched the issue in GitHub commits bb6a0383ed553c286f87ca88c207f6774d5c4a8f and eb921122119a6b6e470ee98b89e65d721663179d.", + "cve": "CVE-2021-37687", + "id": "pyup.io-56490", + "more_info_path": "/vulnerabilities/CVE-2021-37687/56490", "specs": [ ">=2.6.0rc0,<2.6.0", ">=2.3.0rc0,<2.3.4", @@ -162220,10 +164260,10 @@ "v": ">=2.6.0rc0,<2.6.0,>=2.3.0rc0,<2.3.4,>=2.4.0rc0,<2.4.3,>=2.5.0rc0,<2.5.1" }, { - "advisory": "Tflite-runtime 2.7.0 includes a fix for CVE-2021-37687: In affected versions TFLite's 'GatherNd' implementation (https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels/gather_nd.cc#L124) does not support negative indices but there are no checks for this situation. Hence, an attacker can read arbitrary data from the heap by carefully crafting a model with negative values in 'indices'. Similar issue exists in 'Gather' implementation (https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels/gather.cc). The Tensorflow team has patched the issue in GitHub commits bb6a0383ed553c286f87ca88c207f6774d5c4a8f and eb921122119a6b6e470ee98b89e65d721663179d.", - "cve": "CVE-2021-37687", - "id": "pyup.io-56490", - "more_info_path": "/vulnerabilities/CVE-2021-37687/56490", + "advisory": "Tflite-runtime 2.7.0 includes a fix for CVE-2021-37685: In affected versions TFLite's 'expand_dims.cc' (https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels/expand_dims.cc#L36-L50) contains a vulnerability which allows reading one element outside of bounds of heap allocated data. If 'axis' is a large negative value (e.g., '-100000'), then after the first 'if' it would still be negative. The check following the 'if' statement will pass and the 'for' loop would read one element before the start of 'input_dims.data' (when 'i = 0'). The Tensorflow team has patched the issue in GitHub commit d94ffe08a65400f898241c0374e9edc6fa8ed257.", + "cve": "CVE-2021-37685", + "id": "pyup.io-56489", + "more_info_path": "/vulnerabilities/CVE-2021-37685/56489", "specs": [ ">=2.6.0rc0,<2.6.0", ">=2.3.0rc0,<2.3.4", @@ -162835,9 +164875,9 @@ "tomtoolkit": [ { "advisory": "Tomtoolkit 1.6.1 updates its dependency 'Django' requirement to '>=3.0.7' to include security fixes.", - "cve": "CVE-2019-14234", - "id": "pyup.io-49471", - "more_info_path": "/vulnerabilities/CVE-2019-14234/49471", + "cve": "CVE-2019-12781", + "id": "pyup.io-49475", + "more_info_path": "/vulnerabilities/CVE-2019-12781/49475", "specs": [ "<1.6.1" ], @@ -162845,9 +164885,9 @@ }, { "advisory": "Tomtoolkit 1.6.1 updates its dependency 'Django' requirement to '>=3.0.7' to include security fixes.", - "cve": "CVE-2019-12308", - "id": "pyup.io-49476", - "more_info_path": "/vulnerabilities/CVE-2019-12308/49476", + "cve": "CVE-2020-13596", + "id": "pyup.io-38397", + "more_info_path": "/vulnerabilities/CVE-2020-13596/38397", "specs": [ "<1.6.1" ], @@ -162855,9 +164895,9 @@ }, { "advisory": "Tomtoolkit 1.6.1 updates its dependency 'Django' requirement to '>=3.0.7' to include security fixes.", - "cve": "CVE-2019-12781", - "id": "pyup.io-49475", - "more_info_path": "/vulnerabilities/CVE-2019-12781/49475", + "cve": "CVE-2020-9402", + "id": "pyup.io-49467", + "more_info_path": "/vulnerabilities/CVE-2020-9402/49467", "specs": [ "<1.6.1" ], @@ -162865,9 +164905,9 @@ }, { "advisory": "Tomtoolkit 1.6.1 updates its dependency 'Django' requirement to '>=3.0.7' to include security fixes.", - "cve": "CVE-2020-13596", - "id": "pyup.io-38397", - "more_info_path": "/vulnerabilities/CVE-2020-13596/38397", + "cve": "CVE-2020-7471", + "id": "pyup.io-49468", + "more_info_path": "/vulnerabilities/CVE-2020-7471/49468", "specs": [ "<1.6.1" ], @@ -162875,9 +164915,9 @@ }, { "advisory": "Tomtoolkit 1.6.1 updates its dependency 'Django' requirement to '>=3.0.7' to include security fixes.", - "cve": "CVE-2019-14232", - "id": "pyup.io-49474", - "more_info_path": "/vulnerabilities/CVE-2019-14232/49474", + "cve": "CVE-2019-19118", + "id": "pyup.io-49470", + "more_info_path": "/vulnerabilities/CVE-2019-19118/49470", "specs": [ "<1.6.1" ], @@ -162885,9 +164925,9 @@ }, { "advisory": "Tomtoolkit 1.6.1 updates its dependency 'Django' requirement to '>=3.0.7' to include security fixes.", - "cve": "CVE-2020-9402", - "id": "pyup.io-49467", - "more_info_path": "/vulnerabilities/CVE-2020-9402/49467", + "cve": "CVE-2020-13254", + "id": "pyup.io-49466", + "more_info_path": "/vulnerabilities/CVE-2020-13254/49466", "specs": [ "<1.6.1" ], @@ -162895,9 +164935,9 @@ }, { "advisory": "Tomtoolkit 1.6.1 updates its dependency 'Django' requirement to '>=3.0.7' to include security fixes.", - "cve": "CVE-2020-7471", - "id": "pyup.io-49468", - "more_info_path": "/vulnerabilities/CVE-2020-7471/49468", + "cve": "CVE-2019-12308", + "id": "pyup.io-49476", + "more_info_path": "/vulnerabilities/CVE-2019-12308/49476", "specs": [ "<1.6.1" ], @@ -162905,9 +164945,9 @@ }, { "advisory": "Tomtoolkit 1.6.1 updates its dependency 'Django' requirement to '>=3.0.7' to include security fixes.", - "cve": "CVE-2019-19118", - "id": "pyup.io-49470", - "more_info_path": "/vulnerabilities/CVE-2019-19118/49470", + "cve": "CVE-2019-14232", + "id": "pyup.io-49474", + "more_info_path": "/vulnerabilities/CVE-2019-14232/49474", "specs": [ "<1.6.1" ], @@ -162915,9 +164955,9 @@ }, { "advisory": "Tomtoolkit 1.6.1 updates its dependency 'Django' requirement to '>=3.0.7' to include security fixes.", - "cve": "CVE-2019-14235", - "id": "pyup.io-49472", - "more_info_path": "/vulnerabilities/CVE-2019-14235/49472", + "cve": "CVE-2019-14234", + "id": "pyup.io-49471", + "more_info_path": "/vulnerabilities/CVE-2019-14234/49471", "specs": [ "<1.6.1" ], @@ -162925,9 +164965,9 @@ }, { "advisory": "Tomtoolkit 1.6.1 updates its dependency 'Django' requirement to '>=3.0.7' to include security fixes.", - "cve": "CVE-2020-13254", - "id": "pyup.io-49466", - "more_info_path": "/vulnerabilities/CVE-2020-13254/49466", + "cve": "CVE-2019-14233", + "id": "pyup.io-49473", + "more_info_path": "/vulnerabilities/CVE-2019-14233/49473", "specs": [ "<1.6.1" ], @@ -162935,9 +164975,9 @@ }, { "advisory": "Tomtoolkit 1.6.1 updates its dependency 'Django' requirement to '>=3.0.7' to include security fixes.", - "cve": "CVE-2019-19844", - "id": "pyup.io-49469", - "more_info_path": "/vulnerabilities/CVE-2019-19844/49469", + "cve": "CVE-2019-14235", + "id": "pyup.io-49472", + "more_info_path": "/vulnerabilities/CVE-2019-14235/49472", "specs": [ "<1.6.1" ], @@ -162945,9 +164985,9 @@ }, { "advisory": "Tomtoolkit 1.6.1 updates its dependency 'Django' requirement to '>=3.0.7' to include security fixes.", - "cve": "CVE-2019-14233", - "id": "pyup.io-49473", - "more_info_path": "/vulnerabilities/CVE-2019-14233/49473", + "cve": "CVE-2019-19844", + "id": "pyup.io-49469", + "more_info_path": "/vulnerabilities/CVE-2019-19844/49469", "specs": [ "<1.6.1" ], @@ -163000,6 +165040,18 @@ "v": ">=0" } ], + "torbot": [ + { + "advisory": "Torbot 4.0.0 includes a fix for CVE-2023-45813: In affected versions the 'torbot.modules.validators.validate_link function' uses the python-validators URL validation regex. This particular regular expression has an exponential complexity which allows an attacker to cause an application crash using a well-crafted argument. An attacker can use a well-crafted URL argument to exploit the vulnerability in the regular expression and cause a Denial of Service on the system. The validators file has been removed in version 4.0.0.\r\nhttps://github.com/DedSecInside/TorBot/security/advisories/GHSA-72qw-p7hh-m3ff", + "cve": "CVE-2023-45813", + "id": "pyup.io-61923", + "more_info_path": "/vulnerabilities/CVE-2023-45813/61923", + "specs": [ + "<4.0.0" + ], + "v": "<4.0.0" + } + ], "torch": [ { "advisory": "In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is used unsafely.", @@ -163014,20 +165066,20 @@ ], "torchserve": [ { - "advisory": "Torchserve 0.5.1 updates its dependency 'log4j2' to v2.16.0 to fix critical vulnerabilities.", - "cve": "CVE-2021-45046", - "id": "pyup.io-43744", - "more_info_path": "/vulnerabilities/CVE-2021-45046/43744", + "advisory": "Torchserve 0.5.1 updates its dependency 'log4j' to v2.16.0 to include a fix for a critical vulnerability.", + "cve": "CVE-2021-44228", + "id": "pyup.io-43736", + "more_info_path": "/vulnerabilities/CVE-2021-44228/43736", "specs": [ "<0.5.1" ], "v": "<0.5.1" }, { - "advisory": "Torchserve 0.5.1 updates its dependency 'log4j' to v2.16.0 to include a fix for a critical vulnerability.", - "cve": "CVE-2021-44228", - "id": "pyup.io-43736", - "more_info_path": "/vulnerabilities/CVE-2021-44228/43736", + "advisory": "Torchserve 0.5.1 updates its dependency 'log4j2' to v2.16.0 to fix critical vulnerabilities.", + "cve": "CVE-2021-45046", + "id": "pyup.io-43744", + "more_info_path": "/vulnerabilities/CVE-2021-45046/43744", "specs": [ "<0.5.1" ], @@ -163045,9 +165097,9 @@ }, { "advisory": "Torchserve 0.5.3 updates its dependency 'pillow' to v9.0.0 to include security fixes.", - "cve": "PVE-2021-44525", - "id": "pyup.io-48565", - "more_info_path": "/vulnerabilities/PVE-2021-44525/48565", + "cve": "CVE-2022-22816", + "id": "pyup.io-48564", + "more_info_path": "/vulnerabilities/CVE-2022-22816/48564", "specs": [ "<0.5.3" ], @@ -163055,9 +165107,9 @@ }, { "advisory": "Torchserve 0.5.3 updates its dependency 'pillow' to v9.0.0 to include security fixes.", - "cve": "CVE-2022-22815", - "id": "pyup.io-48563", - "more_info_path": "/vulnerabilities/CVE-2022-22815/48563", + "cve": "PVE-2022-44524", + "id": "pyup.io-48566", + "more_info_path": "/vulnerabilities/PVE-2022-44524/48566", "specs": [ "<0.5.3" ], @@ -163075,9 +165127,9 @@ }, { "advisory": "Torchserve 0.5.3 updates its dependency 'pillow' to v9.0.0 to include security fixes.", - "cve": "CVE-2022-22816", - "id": "pyup.io-48564", - "more_info_path": "/vulnerabilities/CVE-2022-22816/48564", + "cve": "CVE-2022-22815", + "id": "pyup.io-48563", + "more_info_path": "/vulnerabilities/CVE-2022-22815/48563", "specs": [ "<0.5.3" ], @@ -163085,9 +165137,9 @@ }, { "advisory": "Torchserve 0.5.3 updates its dependency 'pillow' to v9.0.0 to include security fixes.", - "cve": "PVE-2022-44524", - "id": "pyup.io-48566", - "more_info_path": "/vulnerabilities/PVE-2022-44524/48566", + "cve": "PVE-2021-44525", + "id": "pyup.io-48565", + "more_info_path": "/vulnerabilities/PVE-2021-44525/48565", "specs": [ "<0.5.3" ], @@ -163157,6 +165209,16 @@ ], "v": "<6.3.2" }, + { + "advisory": "Summary: Tornado's interpretation of symbols `-`, `+`, and `_` within chunk lengths and 'Content-Length' values contradicts the HTTP RFCs stipulations, potentially creating an avenue for request smuggling. This issue is generally found when Tornado operates behind specific proxies that understand these non-standard characters diversely, mostly observed in earlier versions of 'haproxy'; however, the latest version remains unaffected.\r\n\r\nDetails: Tornado utilizes the 'int' constructor to decipher the 'Content-Length' headers and chunk lengths in the locations mentioned below:\r\n\r\n`tornado/http1connection.py:445`\r\nPython3 code: self._expected_content_remaining = int(headers[\"Content-Length\"])\r\n\r\n`tornado/http1connection.py:621`\r\nPython3 code: content_length = int(headers[\"Content-Length\"])\r\n\r\n`tornado/http1connection.py:671`\r\nPython3 code: chunk_len = int(chunk_len_str.strip(), 16)\r\n\r\nNotably, though the equation `int(\"0_0\")` equates to `int(\"+0\")`, `int(\"-0\")`, and `int(\"0\")`, using the 'int' constructor as a strategy for validating and parsing strings containing ASCII digits only is proven inadequate.", + "cve": "PVE-2023-99925", + "id": "pyup.io-61949", + "more_info_path": "/vulnerabilities/PVE-2023-99925/61949", + "specs": [ + "<6.3.3" + ], + "v": "<6.3.3" + }, { "advisory": "Tornado before 3.2.2 sends arbitrary responses that contain a fixed CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests.", "cve": "CVE-2014-9720", @@ -163268,6 +165330,16 @@ ], "v": "<=0.9.4" }, + { + "advisory": "Trac 0.11.6 does not properly check workflow permissions before modifying a ticket. This can be exploited by an attacker to change the status and resolution of tickets without having proper permissions.", + "cve": "CVE-2010-5108", + "id": "pyup.io-61744", + "more_info_path": "/vulnerabilities/CVE-2010-5108/61744", + "specs": [ + ">0.11.5,>0.11.7" + ], + "v": ">0.11.5,>0.11.7" + }, { "advisory": "Cross-site scripting (XSS) vulnerability in the HTML WikiProcessor in Edgewall Trac 0.9.2 allows remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of an IMG tag.", "cve": "CVE-2005-4644", @@ -163535,6 +165607,18 @@ "v": "<0.1.7" } ], + "triplea": [ + { + "advisory": "Triplea 0.0.2 updates its dependency 'tornado' to v6.3.2 to include a security fix.", + "cve": "CVE-2023-28370", + "id": "pyup.io-61560", + "more_info_path": "/vulnerabilities/CVE-2023-28370/61560", + "specs": [ + "<0.0.2" + ], + "v": "<0.0.2" + } + ], "tripleo-ansible": [ { "advisory": "A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the relevant directory and discover the file. This issue leads to information disclosure of important configuration details from the OpenStack deployment.\r\nhttps://github.com/advisories/GHSA-w4x6-6w3r-9h2m", @@ -163692,10 +165776,10 @@ "v": "<2.4.0" }, { - "advisory": "file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allows remote authenticated users with certain permissions to read arbitrary files via the name parameter or unspecified other vectors.", - "cve": "CVE-2016-1242", - "id": "pyup.io-54111", - "more_info_path": "/vulnerabilities/CVE-2016-1242/54111", + "advisory": "Tryton 3.x before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allow remote authenticated users to discover user password hashes via unspecified vectors.", + "cve": "CVE-2016-1241", + "id": "pyup.io-54110", + "more_info_path": "/vulnerabilities/CVE-2016-1241/54110", "specs": [ ">=0,<3.2.17", ">=3.4,<3.4.14", @@ -163706,10 +165790,10 @@ "v": ">=0,<3.2.17,>=3.4,<3.4.14,>=3.6,<3.6.12,>=3.8,<3.8.8,>=4.0,<4.0.4" }, { - "advisory": "Tryton 3.x before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allow remote authenticated users to discover user password hashes via unspecified vectors.", - "cve": "CVE-2016-1241", - "id": "pyup.io-54110", - "more_info_path": "/vulnerabilities/CVE-2016-1241/54110", + "advisory": "file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allows remote authenticated users with certain permissions to read arbitrary files via the name parameter or unspecified other vectors.", + "cve": "CVE-2016-1242", + "id": "pyup.io-54111", + "more_info_path": "/vulnerabilities/CVE-2016-1242/54111", "specs": [ ">=0,<3.2.17", ">=3.4,<3.4.14", @@ -164372,9 +166456,9 @@ }, { "advisory": "Tutor 3.9.0 includes security patches for the 'Django' underlying dependency (1.11.21 -> 1.11.27).", - "cve": "CVE-2019-14232", - "id": "pyup.io-49774", - "more_info_path": "/vulnerabilities/CVE-2019-14232/49774", + "cve": "CVE-2019-14234", + "id": "pyup.io-49776", + "more_info_path": "/vulnerabilities/CVE-2019-14234/49776", "specs": [ "<3.9.0" ], @@ -164382,9 +166466,9 @@ }, { "advisory": "Tutor 3.9.0 includes security patches for the 'Django' underlying dependency (1.11.21 -> 1.11.27).", - "cve": "CVE-2019-14234", - "id": "pyup.io-49776", - "more_info_path": "/vulnerabilities/CVE-2019-14234/49776", + "cve": "CVE-2019-19118", + "id": "pyup.io-49778", + "more_info_path": "/vulnerabilities/CVE-2019-19118/49778", "specs": [ "<3.9.0" ], @@ -164392,9 +166476,9 @@ }, { "advisory": "Tutor 3.9.0 includes security patches for the 'Django' underlying dependency (1.11.21 -> 1.11.27).", - "cve": "CVE-2019-19118", - "id": "pyup.io-49778", - "more_info_path": "/vulnerabilities/CVE-2019-19118/49778", + "cve": "CVE-2019-12781", + "id": "pyup.io-49773", + "more_info_path": "/vulnerabilities/CVE-2019-12781/49773", "specs": [ "<3.9.0" ], @@ -164402,9 +166486,9 @@ }, { "advisory": "Tutor 3.9.0 includes security patches for the 'Django' underlying dependency (1.11.21 -> 1.11.27).", - "cve": "CVE-2019-14233", - "id": "pyup.io-49775", - "more_info_path": "/vulnerabilities/CVE-2019-14233/49775", + "cve": "CVE-2019-19844", + "id": "pyup.io-49779", + "more_info_path": "/vulnerabilities/CVE-2019-19844/49779", "specs": [ "<3.9.0" ], @@ -164412,9 +166496,9 @@ }, { "advisory": "Tutor 3.9.0 includes security patches for the 'Django' underlying dependency (1.11.21 -> 1.11.27).", - "cve": "CVE-2019-14235", - "id": "pyup.io-49777", - "more_info_path": "/vulnerabilities/CVE-2019-14235/49777", + "cve": "CVE-2019-12308", + "id": "pyup.io-40921", + "more_info_path": "/vulnerabilities/CVE-2019-12308/40921", "specs": [ "<3.9.0" ], @@ -164422,9 +166506,9 @@ }, { "advisory": "Tutor 3.9.0 includes security patches for the 'Django' underlying dependency (1.11.21 -> 1.11.27).", - "cve": "CVE-2019-12781", - "id": "pyup.io-49773", - "more_info_path": "/vulnerabilities/CVE-2019-12781/49773", + "cve": "CVE-2019-14235", + "id": "pyup.io-49777", + "more_info_path": "/vulnerabilities/CVE-2019-14235/49777", "specs": [ "<3.9.0" ], @@ -164432,9 +166516,9 @@ }, { "advisory": "Tutor 3.9.0 includes security patches for the 'Django' underlying dependency (1.11.21 -> 1.11.27).", - "cve": "CVE-2019-19844", - "id": "pyup.io-49779", - "more_info_path": "/vulnerabilities/CVE-2019-19844/49779", + "cve": "CVE-2019-14232", + "id": "pyup.io-49774", + "more_info_path": "/vulnerabilities/CVE-2019-14232/49774", "specs": [ "<3.9.0" ], @@ -164442,9 +166526,9 @@ }, { "advisory": "Tutor 3.9.0 includes security patches for the 'Django' underlying dependency (1.11.21 -> 1.11.27).", - "cve": "CVE-2019-12308", - "id": "pyup.io-40921", - "more_info_path": "/vulnerabilities/CVE-2019-12308/40921", + "cve": "CVE-2019-14233", + "id": "pyup.io-49775", + "more_info_path": "/vulnerabilities/CVE-2019-14233/49775", "specs": [ "<3.9.0" ], @@ -164476,9 +166560,9 @@ }, { "advisory": "Twilio 7.16.2 requires 'pygments>=2.7.4' to include security fixes.", - "cve": "CVE-2021-27291", - "id": "pyup.io-53125", - "more_info_path": "/vulnerabilities/CVE-2021-27291/53125", + "cve": "CVE-2021-20270", + "id": "pyup.io-53071", + "more_info_path": "/vulnerabilities/CVE-2021-20270/53071", "specs": [ "<7.16.2" ], @@ -164486,9 +166570,9 @@ }, { "advisory": "Twilio 7.16.2 requires 'pygments>=2.7.4' to include security fixes.", - "cve": "CVE-2021-20270", - "id": "pyup.io-53071", - "more_info_path": "/vulnerabilities/CVE-2021-20270/53071", + "cve": "CVE-2021-27291", + "id": "pyup.io-53125", + "more_info_path": "/vulnerabilities/CVE-2021-27291/53125", "specs": [ "<7.16.2" ], @@ -164542,9 +166626,9 @@ }, { "advisory": "Twisted 19.10.0 includes security fixes to HTTP/2 DoS Attacks: Ping, Reset, and Settings Floods.\r\nhttps://github.com/advisories/GHSA-32gv-6cf3-wcmq", - "cve": "CVE-2019-9512", - "id": "pyup.io-55098", - "more_info_path": "/vulnerabilities/CVE-2019-9512/55098", + "cve": "CVE-2019-9514", + "id": "pyup.io-55099", + "more_info_path": "/vulnerabilities/CVE-2019-9514/55099", "specs": [ "<19.10.0" ], @@ -164552,9 +166636,9 @@ }, { "advisory": "Twisted 19.10.0 includes security fixes to HTTP/2 DoS Attacks: Ping, Reset, and Settings Floods.\r\nhttps://github.com/advisories/GHSA-32gv-6cf3-wcmq", - "cve": "CVE-2019-9514", - "id": "pyup.io-55099", - "more_info_path": "/vulnerabilities/CVE-2019-9514/55099", + "cve": "CVE-2019-9512", + "id": "pyup.io-55098", + "more_info_path": "/vulnerabilities/CVE-2019-9512/55098", "specs": [ "<19.10.0" ], @@ -164669,6 +166753,16 @@ ">=11.1,<22.1" ], "v": ">=11.1,<22.1" + }, + { + "advisory": "A vulnerability has been identified in Twisted, affecting versions from 16.3.0 up to, but not including, 23.10.0rc1. The issue lies in the twisted.web module and its handling of HTTP/1.1 pipelined requests. Clients can send multiple full HTTP requests in a single TCP segment, triggering asynchronous processing of later requests, which can result in out-of-order responses. This poses a security risk, leading to potential information disclosure and data corruption.", + "cve": "CVE-2023-46137", + "id": "pyup.io-62105", + "more_info_path": "/vulnerabilities/CVE-2023-46137/62105", + "specs": [ + ">=16.3.0,<23.10.0rc1" + ], + "v": ">=16.3.0,<23.10.0rc1" } ], "twitchirc": [ @@ -165014,9 +167108,9 @@ "unbabel-comet": [ { "advisory": "Unbabel-comet 1.1.0 updates its dependency 'pytorch-lightning' to v1.6.0 to include security fixes.", - "cve": "CVE-2022-0845", - "id": "pyup.io-49297", - "more_info_path": "/vulnerabilities/CVE-2022-0845/49297", + "cve": "CVE-2021-4118", + "id": "pyup.io-49247", + "more_info_path": "/vulnerabilities/CVE-2021-4118/49247", "specs": [ "<1.1.0" ], @@ -165024,15 +167118,37 @@ }, { "advisory": "Unbabel-comet 1.1.0 updates its dependency 'pytorch-lightning' to v1.6.0 to include security fixes.", - "cve": "CVE-2021-4118", - "id": "pyup.io-49247", - "more_info_path": "/vulnerabilities/CVE-2021-4118/49247", + "cve": "CVE-2022-0845", + "id": "pyup.io-49297", + "more_info_path": "/vulnerabilities/CVE-2022-0845/49297", "specs": [ "<1.1.0" ], "v": "<1.1.0" } ], + "unearth": [ + { + "advisory": "Unearth 0.11.2 includes a fix for CVE-2023-45805: It's possible to craft a malicious pdm.lock file that could allow e.g. an insider or a malicious open source project to appear to depend on a trusted PyPI project, but actually install another project.\r\nhttps://github.com/frostming/unearth/pull/77", + "cve": "CVE-2023-45805", + "id": "pyup.io-61951", + "more_info_path": "/vulnerabilities/CVE-2023-45805/61951", + "specs": [ + "<0.11.2" + ], + "v": "<0.11.2" + }, + { + "advisory": "Unearth 0.11.2 includes a security fix: Validate the package name extracted from the part before the last hyphen.\r\nhttps://github.com/frostming/unearth/pull/77", + "cve": "PVE-2023-61901", + "id": "pyup.io-61901", + "more_info_path": "/vulnerabilities/PVE-2023-61901/61901", + "specs": [ + "<0.11.2" + ], + "v": "<0.11.2" + } + ], "unicef-locations": [ { "advisory": "Unicef-locations 3.1 allows as dependency an insecure version of Django.", @@ -165275,7 +167391,7 @@ "v": "<1.23" }, { - "advisory": "The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to use of the ssl_context, ca_certs, or ca_certs_dir argument.", + "advisory": "Urllib3 1.24.2 includes a fix for CVE-2019-11324: The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to use of the ssl_context, ca_certs, or ca_certs_dir argument.", "cve": "CVE-2019-11324", "id": "pyup.io-37071", "more_info_path": "/vulnerabilities/CVE-2019-11324/37071", @@ -165285,7 +167401,17 @@ "v": "<1.24.2" }, { - "advisory": "Urllib3 1.25.9 includes a fix for CVE-2020-26137: Urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.\r\nhttps://github.com/python/cpython/issues/83784", + "advisory": "Urllib3 1.24.3 includes a fix for CVE-2019-11236: CRLF injection is possible if the attacker controls the request parameter.\r\nhttps://github.com/urllib3/urllib3/commit/5d523706c7b03f947dc50a7e783758a2bfff0532\r\nhttps://github.com/urllib3/urllib3/issues/1553", + "cve": "CVE-2019-11236", + "id": "pyup.io-37055", + "more_info_path": "/vulnerabilities/CVE-2019-11236/37055", + "specs": [ + "<1.24.3" + ], + "v": "<1.24.3" + }, + { + "advisory": "Urllib3 1.25.9 includes a fix for CVE-2020-26137: Urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.\r\nhttps://github.com/python/cpython/issues/83784\r\nhttps://github.com/urllib3/urllib3/pull/1800", "cve": "CVE-2020-26137", "id": "pyup.io-38834", "more_info_path": "/vulnerabilities/CVE-2020-26137/38834", @@ -165294,6 +167420,28 @@ ], "v": "<1.25.9" }, + { + "advisory": "Urllib3 1.26.17 and 2.0.5 include a fix for CVE-2023-43804: Urllib3 doesn't treat the 'Cookie' HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a 'Cookie' header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly.\r\nhttps://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f", + "cve": "CVE-2023-43804", + "id": "pyup.io-61601", + "more_info_path": "/vulnerabilities/CVE-2023-43804/61601", + "specs": [ + "<1.26.17", + ">=2.0.0a1,<2.0.5" + ], + "v": "<1.26.17,>=2.0.0a1,<2.0.5" + }, + { + "advisory": "Urllib3 1.26.18 and 2.0.7 include a fix for CVE-2023-45803: Request body not stripped after redirect from 303 status changes request method to GET.\r\nhttps://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4", + "cve": "CVE-2023-45803", + "id": "pyup.io-61893", + "more_info_path": "/vulnerabilities/CVE-2023-45803/61893", + "specs": [ + "<1.26.18", + ">=2.0.0a1,<2.0.7" + ], + "v": "<1.26.18,>=2.0.0a1,<2.0.7" + }, { "advisory": "Urllib3 1.26.5 includes a fix for CVE-2021-33503: When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect.\r\nhttps://github.com/advisories/GHSA-q2q7-5pp4-w6pg", "cve": "CVE-2021-33503", @@ -165304,16 +167452,6 @@ ], "v": "<1.26.5" }, - { - "advisory": "In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter.", - "cve": "CVE-2019-11236", - "id": "pyup.io-37055", - "more_info_path": "/vulnerabilities/CVE-2019-11236/37055", - "specs": [ - "<=1.24.1" - ], - "v": "<=1.24.1" - }, { "advisory": "Urllib3 version 1.18.1 includes a fix for CVE-2016-9015: Versions 1.17 and 1.18 of the Python urllib3 library suffer from a vulnerability that can cause them, in certain configurations, to not correctly validate TLS certificates. This places users of the library with those configurations at risk of man-in-the-middle and information leakage attacks. This vulnerability affects users using versions 1.17 and 1.18 of the urllib3 library, who are using the optional PyOpenSSL support for TLS instead of the regular standard library TLS backend, and who are using OpenSSL 1.1.0 via PyOpenSSL. This is an extremely uncommon configuration, so the security impact of this vulnerability is low.\r\nhttps://www.openwall.com/lists/oss-security/2016/10/27/6", "cve": "CVE-2016-9015", @@ -165346,6 +167484,18 @@ "v": ">=1.26.0,<1.26.4" } ], + "urllib3-future": [ + { + "advisory": "Urllib3-future 2.1.902 includes a fix for CVE-2023-45803: Urllib3's request body not stripped after redirect from 303 status changes request method to GET.", + "cve": "CVE-2023-45803", + "id": "pyup.io-61979", + "more_info_path": "/vulnerabilities/CVE-2023-45803/61979", + "specs": [ + "<2.1.902" + ], + "v": "<2.1.902" + } + ], "urlllib": [ { "advisory": "Urlllib is a malicious package. It injects obfuscated JS code that replaces crypto addresses in developer clipboards.", @@ -165435,6 +167585,16 @@ } ], "validators": [ + { + "advisory": "Validators 0.21.0 includes a fix for CVE-2023-45813: Inefficient Regular Expression Complexity in validate_link.\r\nhttps://github.com/DedSecInside/TorBot/security/advisories/GHSA-72qw-p7hh-m3ff\r\nhttps://github.com/python-validators/validators/pull/243", + "cve": "CVE-2023-45813", + "id": "pyup.io-61924", + "more_info_path": "/vulnerabilities/CVE-2023-45813/61924", + "specs": [ + ">=0.11.0,<0.21.0" + ], + "v": ">=0.11.0,<0.21.0" + }, { "advisory": "The validators package 0.12.2 through 0.12.5 for Python enters an infinite loop when validators.domain is called with a crafted domain string. This is fixed in 0.12.6. See: CVE-2019-19588.", "cve": "CVE-2019-19588", @@ -165447,6 +167607,26 @@ } ], "vantage6": [ + { + "advisory": "Vantage6 4.0.0 includes a fix for CVE-2023-23930: Versions prior to 4.0.0 use pickle, which has known security issue, as a default serialization module but that has known security issues. All users of vantage6 that post tasks with the default serialization are affected. Users may specify JSON serialization as a workaround.\r\nhttps://github.com/vantage6/vantage6/security/advisories/GHSA-5m22-cfq9-86x6", + "cve": "CVE-2023-23930", + "id": "pyup.io-61778", + "more_info_path": "/vulnerabilities/CVE-2023-23930/61778", + "specs": [ + "<4.0.0" + ], + "v": "<4.0.0" + }, + { + "advisory": "### Impact\nWe are incorporating the password policies listed in https://github.com/vantage6/vantage6/issues/59. One measure is that we don't let the user know in case of wrong username/password combination if the username actually exists, to prevent that bots can guess usernames. However, if a wrong password is entered a number of times, the user account is blocked temporarily. This way you could still find out which usernames exist.\n\n### Patches\nUpdate to 3.8.0+\n\n### Workarounds\nNo\n\n### References\nhttps://github.com/vantage6/vantage6/issues/59\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Email us at [vantage6@iknl.nl](mailto:vantage6@iknl.nl)\n", + "cve": "CVE-2022-39228", + "id": "pyup.io-54659", + "more_info_path": "/vulnerabilities/CVE-2022-39228/54659", + "specs": [ + ">=0,<3.8.0" + ], + "v": ">=0,<3.8.0" + }, { "advisory": "From issue: \n\nProblem description\nCurrently, the refresh token is valid indefinitely. This is bad security practice.\n\nDesired solution\nThe refresh token should get a validity of 24-48 hours.\n\nAdditional context\n\nWhen implementing this, also check that the refresh token returns a new refresh token\nWhen implementing this, also adapt the UI so that it logs out if refresh token is no longer valid.\nWhen implementing this, ensure that nodes refresh their token periodically so that they do not have to be restarted manually.\n\n\n### Impact\n### Patches\nNone available \n\n### Workarounds\nNone available\n\n", "cve": "CVE-2023-23929", @@ -165466,16 +167646,6 @@ ">=0,<3.8.0" ], "v": ">=0,<3.8.0" - }, - { - "advisory": "### Impact\nWe are incorporating the password policies listed in https://github.com/vantage6/vantage6/issues/59. One measure is that we don't let the user know in case of wrong username/password combination if the username actually exists, to prevent that bots can guess usernames. However, if a wrong password is entered a number of times, the user account is blocked temporarily. This way you could still find out which usernames exist.\n\n### Patches\nUpdate to 3.8.0+\n\n### Workarounds\nNo\n\n### References\nhttps://github.com/vantage6/vantage6/issues/59\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Email us at [vantage6@iknl.nl](mailto:vantage6@iknl.nl)\n", - "cve": "CVE-2022-39228", - "id": "pyup.io-54659", - "more_info_path": "/vulnerabilities/CVE-2022-39228/54659", - "specs": [ - ">=0,<3.8.0" - ], - "v": ">=0,<3.8.0" } ], "vault-cli": [ @@ -165580,7 +167750,7 @@ "v": "<0.4.8" }, { - "advisory": "Vermin 0.4.9 updates its dependency \"urllib3\" to v1.24.1. to include a security fix.", + "advisory": "Vermin 0.4.9 updates its dependency \"urllib3\" to include a security fix.", "cve": "CVE-2019-11236", "id": "pyup.io-36725", "more_info_path": "/vulnerabilities/CVE-2019-11236/36725", @@ -165590,7 +167760,7 @@ "v": "<0.4.9" }, { - "advisory": "Vermin 0.5.0 includes a fix for CVE-2019-11324: The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to use of the ssl_context, ca_certs, or ca_certs_dir argument.", + "advisory": "Vermin 0.5.0 updates its dependency 'urllib3' to v1.24.2 to include a security fix.", "cve": "CVE-2019-11324", "id": "pyup.io-37094", "more_info_path": "/vulnerabilities/CVE-2019-11324/37094", @@ -165819,7 +167989,7 @@ ], "virustotal-python": [ { - "advisory": "Virustotal-python 0.0.3 includes a fix for CVE-2019-11236: In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter.", + "advisory": "Virustotal-python 0.0.3 updates its dependency 'urllib3' to v1.24.2 to include a security fix.", "cve": "CVE-2019-11236", "id": "pyup.io-37078", "more_info_path": "/vulnerabilities/CVE-2019-11236/37078", @@ -165925,6 +168095,30 @@ "v": "<3.4.0rc2" } ], + "vizro": [ + { + "advisory": "Vizro 0.1.4 updates 'pydantic' requirement to '>=1.10.13, <2' to include a security fix.", + "cve": "PVE-2023-61416", + "id": "pyup.io-61685", + "more_info_path": "/vulnerabilities/PVE-2023-61416/61685", + "specs": [ + "<0.1.4" + ], + "v": "<0.1.4" + } + ], + "vllm": [ + { + "advisory": "Vllm 0.2.1 includes a security fix: Vulnerable memory modification to GPU shared memory.\r\nhttps://github.com/vllm-project/vllm/pull/1241", + "cve": "PVE-2023-61866", + "id": "pyup.io-61866", + "more_info_path": "/vulnerabilities/PVE-2023-61866/61866", + "specs": [ + "<0.2.1" + ], + "v": "<0.2.1" + } + ], "vmware-aria-operations-integration-sdk": [ { "advisory": "Vmware-aria-operations-integration-sdk 1.0.1 updates it dependency 'gitpython' to v3.1.34 to include a security fix.", @@ -166178,16 +168372,6 @@ ], "v": "<0.3.0" }, - { - "advisory": "Vyper is affected by CVE-2023-42443: In version 0.3.9 and prior, under certain conditions, the memory used by the builtins 'raw_call', 'create_from_blueprint' and 'create_copy_of' can be corrupted.\r\nhttps://github.com/vyperlang/vyper/security/advisories/GHSA-c647-pxm2-c52w", - "cve": "CVE-2023-42443", - "id": "pyup.io-61308", - "more_info_path": "/vulnerabilities/CVE-2023-42443/61308", - "specs": [ - "<0.3.10" - ], - "v": "<0.3.10" - }, { "advisory": "Vyper 0.3.10 includes a fix for CVE-2023-41052: In affected versions the order of evaluation of the arguments of the builtin functions 'uint256_addmod', 'uint256_mulmod', 'ecadd' and 'ecmul' does not follow source order. This behaviour is problematic when the evaluation of one of the arguments produces side effects that other arguments depend on. A patch is currently being developed on pull request #3583. When using builtins from the list above, users should make sure that the arguments of the expression do not produce side effects or, if one does, that no other argument is dependent on those side effects.\r\nhttps://github.com/vyperlang/vyper/security/advisories/GHSA-4hg4-9mf5-wxxq", "cve": "CVE-2023-41052", @@ -166199,14 +168383,14 @@ "v": "<0.3.10" }, { - "advisory": "Vyper 0.3.2 includes a fix for CVE-2022-24788: Versions of Vyper prior to 0.3.2 suffer from a potential buffer overrun. Importing a function from a JSON interface which returns 'bytes' generates bytecode which does not clamp bytes length, potentially resulting in a buffer overrun.\r\nhttps://github.com/vyperlang/vyper/security/advisories/GHSA-4mrx-6fxm-8jpg", - "cve": "CVE-2022-24788", - "id": "pyup.io-48132", - "more_info_path": "/vulnerabilities/CVE-2022-24788/48132", + "advisory": "Vyper is affected by CVE-2023-42443: In version 0.3.9 and prior, under certain conditions, the memory used by the builtins 'raw_call', 'create_from_blueprint' and 'create_copy_of' can be corrupted.\r\nhttps://github.com/vyperlang/vyper/security/advisories/GHSA-c647-pxm2-c52w", + "cve": "CVE-2023-42443", + "id": "pyup.io-61308", + "more_info_path": "/vulnerabilities/CVE-2023-42443/61308", "specs": [ - "<0.3.2" + "<0.3.10" ], - "v": "<0.3.2" + "v": "<0.3.10" }, { "advisory": "Vyper 0.3.2 includes a fix for CVE-2022-24787: In version 0.3.1 and prior, bytestrings can have dirty bytes in them, resulting in the word-for-word comparisons giving incorrect results. Even without dirty nonzero bytes, two bytestrings can compare to equal if one ends with \"\\x00\" because there is no comparison of the length. \r\nhttps://github.com/vyperlang/vyper/security/advisories/GHSA-7vrm-3jc8-5wwm", @@ -166228,6 +168412,16 @@ ], "v": "<0.3.2" }, + { + "advisory": "Vyper 0.3.2 includes a fix for CVE-2022-24788: Versions of Vyper prior to 0.3.2 suffer from a potential buffer overrun. Importing a function from a JSON interface which returns 'bytes' generates bytecode which does not clamp bytes length, potentially resulting in a buffer overrun.\r\nhttps://github.com/vyperlang/vyper/security/advisories/GHSA-4mrx-6fxm-8jpg", + "cve": "CVE-2022-24788", + "id": "pyup.io-48132", + "more_info_path": "/vulnerabilities/CVE-2022-24788/48132", + "specs": [ + "<0.3.2" + ], + "v": "<0.3.2" + }, { "advisory": "Vyper 0.3.4 includes a fix for CVE-2022-29255: In versions prior to 0.3.4 when a calling an external contract with no return value, the contract address (including side effects) could be evaluated twice. This may result in incorrect outcomes for contracts.\r\nhttps://github.com/vyperlang/vyper/security/advisories/GHSA-4v9q-cgpw-cf38", "cve": "CVE-2022-29255", @@ -166238,26 +168432,6 @@ ], "v": "<0.3.4" }, - { - "advisory": "Vyper 0.3.8 includes a fix for CVE-2023-30837: The storage allocator does not guard against allocation overflows in versions prior to 0.3.8. An attacker can overwrite the owner variable.\r\nhttps://github.com/vyperlang/vyper/security/advisories/GHSA-mgv8-gggw-mrg6", - "cve": "CVE-2023-30837", - "id": "pyup.io-58241", - "more_info_path": "/vulnerabilities/CVE-2023-30837/58241", - "specs": [ - "<0.3.8" - ], - "v": "<0.3.8" - }, - { - "advisory": "Vyper 0.3.8 includes a fix for CVE-2023-31146: Prior to version 0.3.8, during codegen, the length word of a dynarray is written before the data, which can result in out-of-bounds array access in the case where the dynarray is on both the lhs and rhs of an assignment. The issue can cause data corruption across call frames. The expected behavior is to revert due to out-of-bounds array access.\r\nhttps://github.com/vyperlang/vyper/security/advisories/GHSA-3p37-3636-q8wv", - "cve": "CVE-2023-31146", - "id": "pyup.io-58658", - "more_info_path": "/vulnerabilities/CVE-2023-31146/58658", - "specs": [ - "<0.3.8" - ], - "v": "<0.3.8" - }, { "advisory": "Vyper 0.3.8 includes a fix for CVE-2023-32058: Prior to version 0.3.8, due to missing overflow check for loop variables, by assigning the iterator of a loop to a variable, it is possible to overflow the type of the latter. The issue seems to happen only in loops of type 'for i in range(a, a + N)' as in loops of type 'for i in range(start, stop)' and 'for i in range(stop)', the compiler is able to raise a 'TypeMismatch' when trying to overflow the variable.\r\nhttps://github.com/vyperlang/vyper/security/advisories/GHSA-6r8q-pfpv-7cgj", "cve": "CVE-2023-32058", @@ -166288,6 +168462,26 @@ ], "v": "<0.3.8" }, + { + "advisory": "Vyper 0.3.8 includes a fix for CVE-2023-30837: The storage allocator does not guard against allocation overflows in versions prior to 0.3.8. An attacker can overwrite the owner variable.\r\nhttps://github.com/vyperlang/vyper/security/advisories/GHSA-mgv8-gggw-mrg6", + "cve": "CVE-2023-30837", + "id": "pyup.io-58241", + "more_info_path": "/vulnerabilities/CVE-2023-30837/58241", + "specs": [ + "<0.3.8" + ], + "v": "<0.3.8" + }, + { + "advisory": "Vyper 0.3.8 includes a fix for CVE-2023-31146: Prior to version 0.3.8, during codegen, the length word of a dynarray is written before the data, which can result in out-of-bounds array access in the case where the dynarray is on both the lhs and rhs of an assignment. The issue can cause data corruption across call frames. The expected behavior is to revert due to out-of-bounds array access.\r\nhttps://github.com/vyperlang/vyper/security/advisories/GHSA-3p37-3636-q8wv", + "cve": "CVE-2023-31146", + "id": "pyup.io-58658", + "more_info_path": "/vulnerabilities/CVE-2023-31146/58658", + "specs": [ + "<0.3.8" + ], + "v": "<0.3.8" + }, { "advisory": "A security flaw was detected in Vyper up to version 0.1.0b16. The vulnerability arises when interfaces return integer types smaller than 256 bits and uint256 is employed, allowing for potential manipulation.", "cve": "PVE-2023-99970", @@ -166457,15 +168651,27 @@ "v": "<4.1.4,>=4.2rc1,<4.2.2" }, { - "advisory": "Wagtail 5.1rc1 and 4.1.8 update its requirement 'pillow' spec to '>=6.0.0,<11.0.0' to include a security fix.\r\nhttps://github.com/wagtail/wagtail/commit/1ea8a0e3603c8cccbaba03f75b706955d531c999", + "advisory": "Wagtail 5.0.4 and 4.1.8 update its requirement 'pillow' spec to '>=6.0.0,<11.0.0' to include a security fix.\r\nhttps://github.com/wagtail/wagtail/commit/1ea8a0e3603c8cccbaba03f75b706955d531c999", "cve": "CVE-2023-4863", "id": "pyup.io-61487", "more_info_path": "/vulnerabilities/CVE-2023-4863/61487", "specs": [ "<4.1.8", - ">=5.0rc1,<5.1rc1" + ">=5.0rc1,<5.0.4" ], - "v": "<4.1.8,>=5.0rc1,<5.1rc1" + "v": "<4.1.8,>=5.0rc1,<5.0.4" + }, + { + "advisory": "Wagtail 4.1.9, 5.0.5 and 5.1.3 include a fix for CVE-2023-45809: A user with a limited-permission editor account for the Wagtail admin can make a direct URL request to the admin view that handles bulk actions on user accounts. While authentication rules prevent the user from making any changes, the error message discloses the display names of user accounts, and by modifying URL parameters, the user can retrieve the display name for any user. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin.\r\nhttps://github.com/wagtail/wagtail/security/advisories/GHSA-fc75-58r8-rm3h", + "cve": "CVE-2023-45809", + "id": "pyup.io-61943", + "more_info_path": "/vulnerabilities/CVE-2023-45809/61943", + "specs": [ + "<4.1.9", + ">=5.1rc1,<5.1.3", + ">=4.2rc1,<5.0.5" + ], + "v": "<4.1.9,>=5.1rc1,<5.1.3,>=4.2rc1,<5.0.5" }, { "advisory": "Wagtail is a Django content management system. In affected versions of Wagtail, when saving the contents of a rich text field in the admin interface, Wagtail does not apply server-side checks to ensure that link URLs use a valid protocol. A malicious user with access to the admin interface could thus craft a POST request to publish content with `javascript:` URLs containing arbitrary code. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. See referenced GitHub advisory for additional details, including a workaround. Patched versions have been released as Wagtail 2.11.7 (for the LTS 2.11 branch) and Wagtail 2.12.4 (for the current 2.12 branch). See CVE-2021-29434.", @@ -166879,16 +169085,6 @@ ], "v": "<0.12.12" }, - { - "advisory": "Wandb 0.12.18 updates its dependency 'urllib3' to v1.26.5 to include security fixes.", - "cve": "CVE-2020-26137", - "id": "pyup.io-49368", - "more_info_path": "/vulnerabilities/CVE-2020-26137/49368", - "specs": [ - "<0.12.18" - ], - "v": "<0.12.18" - }, { "advisory": "Wandb 0.12.18 updates its dependency 'rsa' to v4.7 to include security fixes.", "cve": "CVE-2020-13757", @@ -166919,16 +169115,6 @@ ], "v": "<0.12.18" }, - { - "advisory": "Wandb 0.12.18 updates its dependency 'urllib3' to v1.26.5 to include security fixes.", - "cve": "CVE-2020-7212", - "id": "pyup.io-49370", - "more_info_path": "/vulnerabilities/CVE-2020-7212/49370", - "specs": [ - "<0.12.18" - ], - "v": "<0.12.18" - }, { "advisory": "Wandb 0.12.18 updates its dependency 'httplib2' to v0.19.0 to include security fixes.", "cve": "CVE-2020-11078", @@ -166949,6 +169135,26 @@ ], "v": "<0.12.18" }, + { + "advisory": "Wandb 0.12.18 updates its dependency 'urllib3' to v1.26.5 to include security fixes.", + "cve": "CVE-2020-7212", + "id": "pyup.io-49370", + "more_info_path": "/vulnerabilities/CVE-2020-7212/49370", + "specs": [ + "<0.12.18" + ], + "v": "<0.12.18" + }, + { + "advisory": "Wandb 0.12.18 updates its dependency 'urllib3' to v1.26.5 to include security fixes.", + "cve": "CVE-2020-26137", + "id": "pyup.io-49368", + "more_info_path": "/vulnerabilities/CVE-2020-26137/49368", + "specs": [ + "<0.12.18" + ], + "v": "<0.12.18" + }, { "advisory": "Socket in wandb 0.8.0 only binds to localhost for improved security and prevents firewall warnings in OSX.", "cve": "PVE-2021-37149", @@ -167087,20 +169293,20 @@ "v": "<3.0.0" }, { - "advisory": "Wasmtime (Python bindings) 7.0.0 downloads a precompiled version of Wasmtime core that includes security fixes.\r\nhttps://github.com/bytecodealliance/wasmtime-py/commit/4a52ebbe0a7e577721a30a38170b7472aa153329", - "cve": "CVE-2023-26489", - "id": "pyup.io-53755", - "more_info_path": "/vulnerabilities/CVE-2023-26489/53755", + "advisory": "Wasmtime (Python bindings) 7.0.0 downloads a precompiled version of Wastime core that includes security fixes.\r\nhttps://github.com/bytecodealliance/wasmtime-py/commit/4a52ebbe0a7e577721a30a38170b7472aa153329", + "cve": "CVE-2023-27477", + "id": "pyup.io-53756", + "more_info_path": "/vulnerabilities/CVE-2023-27477/53756", "specs": [ "<7.0.0" ], "v": "<7.0.0" }, { - "advisory": "Wasmtime (Python bindings) 7.0.0 downloads a precompiled version of Wastime core that includes security fixes.\r\nhttps://github.com/bytecodealliance/wasmtime-py/commit/4a52ebbe0a7e577721a30a38170b7472aa153329", - "cve": "CVE-2023-27477", - "id": "pyup.io-53756", - "more_info_path": "/vulnerabilities/CVE-2023-27477/53756", + "advisory": "Wasmtime (Python bindings) 7.0.0 downloads a precompiled version of Wasmtime core that includes security fixes.\r\nhttps://github.com/bytecodealliance/wasmtime-py/commit/4a52ebbe0a7e577721a30a38170b7472aa153329", + "cve": "CVE-2023-26489", + "id": "pyup.io-53755", + "more_info_path": "/vulnerabilities/CVE-2023-26489/53755", "specs": [ "<7.0.0" ], @@ -167603,6 +169809,38 @@ "<0.1.2" ], "v": "<0.1.2" + }, + { + "advisory": "Webp 0.3.0 bundles 'libwebp' 1.3.2 (formerly 1.0.3) to address CVE-2023-4863, a high-risk vulnerability.\r\nhttps://github.com/anibali/pywebp/security/advisories/GHSA-f9pm-4g9p-6vm3", + "cve": "CVE-2023-4863", + "id": "pyup.io-61640", + "more_info_path": "/vulnerabilities/CVE-2023-4863/61640", + "specs": [ + "<0.3.0" + ], + "v": "<0.3.0" + } + ], + "webptools": [ + { + "advisory": "Webptools is vulnerable to shell command injection in filename or options due to lack of validation.\r\nhttps://github.com/scionoftech/webptools/issues/4", + "cve": "PVE-2023-61582", + "id": "pyup.io-61582", + "more_info_path": "/vulnerabilities/PVE-2023-61582/61582", + "specs": [ + "<=0.0.9" + ], + "v": "<=0.0.9" + }, + { + "advisory": "Webptools 0.0.9 and prior releases ship with C library 'libwebp' version 1.1.0, which is affected by a high-risk vulnerability.\r\nhttps://github.com/scionoftech/webptools/blob/master/lib/version_info.txt", + "cve": "CVE-2023-4863", + "id": "pyup.io-61583", + "more_info_path": "/vulnerabilities/CVE-2023-4863/61583", + "specs": [ + "<=0.0.9" + ], + "v": "<=0.0.9" } ], "webscrapbook": [ @@ -167774,6 +170012,16 @@ ], "v": "<2.2.3" }, + { + "advisory": "Werkzeug 3.0.1 includes a security fix: Slow multipart parsing for large parts potentially enabling DoS attacks.\r\nhttps://github.com/pallets/werkzeug/commit/b1916c0c083e0be1c9d887ee2f3d696922bfc5c1", + "cve": "PVE-2023-62019", + "id": "pyup.io-62019", + "more_info_path": "/vulnerabilities/PVE-2023-62019/62019", + "specs": [ + "==3.0.0" + ], + "v": "==3.0.0" + }, { "advisory": "Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id.", "cve": "CVE-2019-14806", @@ -167818,6 +170066,16 @@ } ], "whatsapp-chat-exporter": [ + { + "advisory": "The Whatsapp-Chat-Exporter contains a security flaw due to inadequate sanitization of input during the production of a web page, which could result in Cross-site Scripting (XSS).", + "cve": "PVE-2023-99924", + "id": "pyup.io-61950", + "more_info_path": "/vulnerabilities/PVE-2023-99924/61950", + "specs": [ + "<0.9.5" + ], + "v": "<0.9.5" + }, { "advisory": "Whatsapp-chat-exporter 0.9.5 includes a fix for a XSS vulnerability.\r\nhttps://github.com/KnugiHK/WhatsApp-Chat-Exporter/commit/032af6cdcf3377e2736badaaaee36fdc91673be5", "cve": "PVE-2023-59192", @@ -168676,9 +170934,9 @@ "xtgeo": [ { "advisory": "Xtgeo 2.17.1 drops dependency on 'pillow' to avoid security issues with versions <=8.4.\r\nhttps://github.com/equinor/xtgeo/pull/748", - "cve": "CVE-2022-22816", - "id": "pyup.io-48287", - "more_info_path": "/vulnerabilities/CVE-2022-22816/48287", + "cve": "PVE-2022-44524", + "id": "pyup.io-48286", + "more_info_path": "/vulnerabilities/PVE-2022-44524/48286", "specs": [ "<2.17.1" ], @@ -168686,19 +170944,19 @@ }, { "advisory": "Xtgeo 2.17.1 drops dependency on 'pillow' to avoid security issues with versions <=8.4.\r\nhttps://github.com/equinor/xtgeo/pull/748", - "cve": "PVE-2021-44525", - "id": "pyup.io-48285", - "more_info_path": "/vulnerabilities/PVE-2021-44525/48285", + "cve": "CVE-2022-22817", + "id": "pyup.io-48284", + "more_info_path": "/vulnerabilities/CVE-2022-22817/48284", "specs": [ "<2.17.1" ], "v": "<2.17.1" }, { - "advisory": "Xtgeo 2.17.1 drops dependency on 'pillow' to avoid security issues affecting versions <=8.4.\r\nhttps://github.com/equinor/xtgeo/pull/748", - "cve": "CVE-2022-24303", - "id": "pyup.io-48264", - "more_info_path": "/vulnerabilities/CVE-2022-24303/48264", + "advisory": "Xtgeo 2.17.1 drops dependency on 'pillow' to avoid security issues with versions <=8.4.\r\nhttps://github.com/equinor/xtgeo/pull/748", + "cve": "PVE-2021-44525", + "id": "pyup.io-48285", + "more_info_path": "/vulnerabilities/PVE-2021-44525/48285", "specs": [ "<2.17.1" ], @@ -168706,19 +170964,19 @@ }, { "advisory": "Xtgeo 2.17.1 drops dependency on 'pillow' to avoid security issues with versions <=8.4.\r\nhttps://github.com/equinor/xtgeo/pull/748", - "cve": "CVE-2022-22817", - "id": "pyup.io-48284", - "more_info_path": "/vulnerabilities/CVE-2022-22817/48284", + "cve": "CVE-2022-22816", + "id": "pyup.io-48287", + "more_info_path": "/vulnerabilities/CVE-2022-22816/48287", "specs": [ "<2.17.1" ], "v": "<2.17.1" }, { - "advisory": "Xtgeo 2.17.1 drops dependency on 'pillow' to avoid security issues with versions <=8.4.\r\nhttps://github.com/equinor/xtgeo/pull/748", - "cve": "PVE-2022-44524", - "id": "pyup.io-48286", - "more_info_path": "/vulnerabilities/PVE-2022-44524/48286", + "advisory": "Xtgeo 2.17.1 drops dependency on 'pillow' to avoid security issues affecting versions <=8.4.\r\nhttps://github.com/equinor/xtgeo/pull/748", + "cve": "CVE-2022-24303", + "id": "pyup.io-48264", + "more_info_path": "/vulnerabilities/CVE-2022-24303/48264", "specs": [ "<2.17.1" ], @@ -168851,9 +171109,9 @@ }, { "advisory": "Yandex2lightroom 1.0.9.2 updates its dependency 'urllib3' to v1.26.7 for including security fixes.", - "cve": "CVE-2020-26137", - "id": "pyup.io-42672", - "more_info_path": "/vulnerabilities/CVE-2020-26137/42672", + "cve": "CVE-2021-33503", + "id": "pyup.io-42673", + "more_info_path": "/vulnerabilities/CVE-2021-33503/42673", "specs": [ "<1.0.9.2" ], @@ -168861,9 +171119,9 @@ }, { "advisory": "Yandex2lightroom 1.0.9.2 updates its dependency 'urllib3' to v1.26.7 for including security fixes.", - "cve": "CVE-2021-33503", - "id": "pyup.io-42673", - "more_info_path": "/vulnerabilities/CVE-2021-33503/42673", + "cve": "CVE-2020-26137", + "id": "pyup.io-42672", + "more_info_path": "/vulnerabilities/CVE-2020-26137/42672", "specs": [ "<1.0.9.2" ], @@ -169581,6 +171839,17 @@ ], "v": "<4.8.10,>=5.0a1,<5.8.5" }, + { + "advisory": "Zope 4.8.11 and 5.8.6 include a fix for CVE-2023-44389: The title property, available on most Zope objects, can be used to store script code that is executed while viewing the affected object in the Zope Management Interface (ZMI). All versions of Zope 4 and Zope 5 are affected.\r\nhttps://github.com/zopefoundation/Zope/security/advisories/GHSA-m755-gxxg-r5qh", + "cve": "CVE-2023-44389", + "id": "pyup.io-61581", + "more_info_path": "/vulnerabilities/CVE-2023-44389/61581", + "specs": [ + "<4.8.11", + ">=5.0a1,<5.8.6" + ], + "v": "<4.8.11,>=5.0a1,<5.8.6" + }, { "advisory": "Zope 5.8.4 updates its dependency 'AccessControl' to '6.2' to include a security fix.\r\nhttps://github.com/zopefoundation/Zope/commit/49ec18f06033c9af285f957463c3b9123789bead", "cve": "CVE-2023-41050",