rpm package
opensuse/bazel3.7&distro=openSUSE Leap 15.3
pkg:rpm/opensuse/bazel3.7&distro=openSUSE%20Leap%2015.3
Vulnerabilities (63)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-37690 | — | < 3.7.2-bp153.4.1 | 3.7.2-bp153.4.1 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions when running shape functions, some functions (such as `MutableHashTableShape`) produce extra output information in the form of a `ShapeAndType` struct. The shapes embedded in this struct a | ||
| CVE-2021-37678 | — | < 3.7.2-bp153.4.1 | 3.7.2-bp153.4.1 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions TensorFlow and Keras can be tricked to perform arbitrary code execution when deserializing a Keras model from YAML format. The [implementation](https://github.com/tensorflow/tensorflow/blo | ||
| CVE-2021-37692 | — | < 3.7.2-bp153.4.1 | 3.7.2-bp153.4.1 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions under certain conditions, Go code can trigger a segfault in string deallocation. For string tensors, `C.TF_TString_Dealloc` is called during garbage collection within a finalizer function. | ||
| CVE-2021-37669 | — | < 3.7.2-bp153.4.1 | 3.7.2-bp153.4.1 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause denial of service in applications serving models using `tf.raw_ops.NonMaxSuppressionV5` by triggering a division by 0. The [implementation](https://github.com/tensorf | ||
| CVE-2021-37673 | — | < 3.7.2-bp153.4.1 | 3.7.2-bp153.4.1 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a denial of service via a `CHECK`-fail in `tf.raw_ops.MapStage`. The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1 | ||
| CVE-2021-37663 | — | < 3.7.2-bp153.4.1 | 3.7.2-bp153.4.1 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in `tf.raw_ops.QuantizeV2`, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap | ||
| CVE-2021-37682 | — | < 3.7.2-bp153.4.1 | 3.7.2-bp153.4.1 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions all TFLite operations that use quantization can be made to use unitialized values. [For example](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tens | ||
| CVE-2021-37674 | — | < 3.7.2-bp153.4.1 | 3.7.2-bp153.4.1 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a denial of service via a segmentation fault in `tf.raw_ops.MaxPoolGrad` caused by missing validation. The [implementation](https://github.com/tensorflow/tensorflow | ||
| CVE-2021-37665 | — | < 3.7.2-bp153.4.1 | 3.7.2-bp153.4.1 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in MKL implementation of requantization, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bo | ||
| CVE-2021-37677 | — | < 3.7.2-bp153.4.1 | 3.7.2-bp153.4.1 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions the shape inference code for `tf.raw_ops.Dequantize` has a vulnerability that could trigger a denial of service via a segfault if an attacker provides invalid arguments. The shape inferenc | ||
| CVE-2021-37683 | — | < 3.7.2-bp153.4.1 | 3.7.2-bp153.4.1 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of division in TFLite is [vulnerable to a division by 0 error](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/lite/ker | ||
| CVE-2021-37684 | — | < 3.7.2-bp153.4.1 | 3.7.2-bp153.4.1 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementations of pooling in TFLite are vulnerable to division by 0 errors as there are no checks for divisors not being 0. We have patched the issue in GitHub commit [dfa22b348b70bb8 | ||
| CVE-2021-37668 | — | < 3.7.2-bp153.4.1 | 3.7.2-bp153.4.1 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause denial of service in applications serving models using `tf.raw_ops.UnravelIndex` by triggering a division by 0. The [implementation](https://github.com/tensorflow/ten | ||
| CVE-2021-37670 | — | < 3.7.2-bp153.4.1 | 3.7.2-bp153.4.1 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to `tf.raw_ops.UpperBound`. The [implementation](https://github.com/tensor | ||
| CVE-2021-37691 | — | < 3.7.2-bp153.4.1 | 3.7.2-bp153.4.1 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a division by zero error in LSH [implementation](https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b810 | ||
| CVE-2021-37679 | — | < 3.7.2-bp153.4.1 | 3.7.2-bp153.4.1 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions it is possible to nest a `tf.map_fn` within another `tf.map_fn` call. However, if the input tensor is a `RaggedTensor` and there is no function signature provided, code assumes the output | ||
| CVE-2021-37672 | — | < 3.7.2-bp153.4.1 | 3.7.2-bp153.4.1 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to `tf.raw_ops.SdcaOptimizerV2`. The [implementation](https://github.com/t | ||
| CVE-2021-37687 | — | < 3.7.2-bp153.4.1 | 3.7.2-bp153.4.1 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions TFLite's [`GatherNd` implementation](https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels/gather_nd.cc#L124) does not support nega | ||
| CVE-2021-37685 | — | < 3.7.2-bp153.4.1 | 3.7.2-bp153.4.1 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions TFLite's [`expand_dims.cc`](https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels/expand_dims.cc#L36-L50) contains a vulnerability | ||
| CVE-2021-37681 | — | < 3.7.2-bp153.4.1 | 3.7.2-bp153.4.1 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of SVDF in TFLite is [vulnerable to a null pointer error](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/lite/kernels/ |
- CVE-2021-37690Aug 12, 2021affected < 3.7.2-bp153.4.1fixed 3.7.2-bp153.4.1
TensorFlow is an end-to-end open source platform for machine learning. In affected versions when running shape functions, some functions (such as `MutableHashTableShape`) produce extra output information in the form of a `ShapeAndType` struct. The shapes embedded in this struct a
- CVE-2021-37678Aug 12, 2021affected < 3.7.2-bp153.4.1fixed 3.7.2-bp153.4.1
TensorFlow is an end-to-end open source platform for machine learning. In affected versions TensorFlow and Keras can be tricked to perform arbitrary code execution when deserializing a Keras model from YAML format. The [implementation](https://github.com/tensorflow/tensorflow/blo
- CVE-2021-37692Aug 12, 2021affected < 3.7.2-bp153.4.1fixed 3.7.2-bp153.4.1
TensorFlow is an end-to-end open source platform for machine learning. In affected versions under certain conditions, Go code can trigger a segfault in string deallocation. For string tensors, `C.TF_TString_Dealloc` is called during garbage collection within a finalizer function.
- CVE-2021-37669Aug 12, 2021affected < 3.7.2-bp153.4.1fixed 3.7.2-bp153.4.1
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause denial of service in applications serving models using `tf.raw_ops.NonMaxSuppressionV5` by triggering a division by 0. The [implementation](https://github.com/tensorf
- CVE-2021-37673Aug 12, 2021affected < 3.7.2-bp153.4.1fixed 3.7.2-bp153.4.1
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a denial of service via a `CHECK`-fail in `tf.raw_ops.MapStage`. The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1
- CVE-2021-37663Aug 12, 2021affected < 3.7.2-bp153.4.1fixed 3.7.2-bp153.4.1
TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in `tf.raw_ops.QuantizeV2`, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap
- CVE-2021-37682Aug 12, 2021affected < 3.7.2-bp153.4.1fixed 3.7.2-bp153.4.1
TensorFlow is an end-to-end open source platform for machine learning. In affected versions all TFLite operations that use quantization can be made to use unitialized values. [For example](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tens
- CVE-2021-37674Aug 12, 2021affected < 3.7.2-bp153.4.1fixed 3.7.2-bp153.4.1
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a denial of service via a segmentation fault in `tf.raw_ops.MaxPoolGrad` caused by missing validation. The [implementation](https://github.com/tensorflow/tensorflow
- CVE-2021-37665Aug 12, 2021affected < 3.7.2-bp153.4.1fixed 3.7.2-bp153.4.1
TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in MKL implementation of requantization, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bo
- CVE-2021-37677Aug 12, 2021affected < 3.7.2-bp153.4.1fixed 3.7.2-bp153.4.1
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the shape inference code for `tf.raw_ops.Dequantize` has a vulnerability that could trigger a denial of service via a segfault if an attacker provides invalid arguments. The shape inferenc
- CVE-2021-37683Aug 12, 2021affected < 3.7.2-bp153.4.1fixed 3.7.2-bp153.4.1
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of division in TFLite is [vulnerable to a division by 0 error](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/lite/ker
- CVE-2021-37684Aug 12, 2021affected < 3.7.2-bp153.4.1fixed 3.7.2-bp153.4.1
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementations of pooling in TFLite are vulnerable to division by 0 errors as there are no checks for divisors not being 0. We have patched the issue in GitHub commit [dfa22b348b70bb8
- CVE-2021-37668Aug 12, 2021affected < 3.7.2-bp153.4.1fixed 3.7.2-bp153.4.1
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause denial of service in applications serving models using `tf.raw_ops.UnravelIndex` by triggering a division by 0. The [implementation](https://github.com/tensorflow/ten
- CVE-2021-37670Aug 12, 2021affected < 3.7.2-bp153.4.1fixed 3.7.2-bp153.4.1
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to `tf.raw_ops.UpperBound`. The [implementation](https://github.com/tensor
- CVE-2021-37691Aug 12, 2021affected < 3.7.2-bp153.4.1fixed 3.7.2-bp153.4.1
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a division by zero error in LSH [implementation](https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b810
- CVE-2021-37679Aug 12, 2021affected < 3.7.2-bp153.4.1fixed 3.7.2-bp153.4.1
TensorFlow is an end-to-end open source platform for machine learning. In affected versions it is possible to nest a `tf.map_fn` within another `tf.map_fn` call. However, if the input tensor is a `RaggedTensor` and there is no function signature provided, code assumes the output
- CVE-2021-37672Aug 12, 2021affected < 3.7.2-bp153.4.1fixed 3.7.2-bp153.4.1
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to `tf.raw_ops.SdcaOptimizerV2`. The [implementation](https://github.com/t
- CVE-2021-37687Aug 12, 2021affected < 3.7.2-bp153.4.1fixed 3.7.2-bp153.4.1
TensorFlow is an end-to-end open source platform for machine learning. In affected versions TFLite's [`GatherNd` implementation](https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels/gather_nd.cc#L124) does not support nega
- CVE-2021-37685Aug 12, 2021affected < 3.7.2-bp153.4.1fixed 3.7.2-bp153.4.1
TensorFlow is an end-to-end open source platform for machine learning. In affected versions TFLite's [`expand_dims.cc`](https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels/expand_dims.cc#L36-L50) contains a vulnerability
- CVE-2021-37681Aug 12, 2021affected < 3.7.2-bp153.4.1fixed 3.7.2-bp153.4.1
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of SVDF in TFLite is [vulnerable to a null pointer error](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/lite/kernels/
Page 1 of 4