VYPR

rpm package

suse/bazel-skylib1.0.3&distro=SUSE Package Hub 15 SP3

pkg:rpm/suse/bazel-skylib1.0.3&distro=SUSE%20Package%20Hub%2015%20SP3

Vulnerabilities (63)

  • CVE-2021-37690Aug 12, 2021
    affected < 1.0.3-bp153.2.1fixed 1.0.3-bp153.2.1

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions when running shape functions, some functions (such as `MutableHashTableShape`) produce extra output information in the form of a `ShapeAndType` struct. The shapes embedded in this struct a

  • CVE-2021-37678Aug 12, 2021
    affected < 1.0.3-bp153.2.1fixed 1.0.3-bp153.2.1

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions TensorFlow and Keras can be tricked to perform arbitrary code execution when deserializing a Keras model from YAML format. The [implementation](https://github.com/tensorflow/tensorflow/blo

  • CVE-2021-37692Aug 12, 2021
    affected < 1.0.3-bp153.2.1fixed 1.0.3-bp153.2.1

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions under certain conditions, Go code can trigger a segfault in string deallocation. For string tensors, `C.TF_TString_Dealloc` is called during garbage collection within a finalizer function.

  • CVE-2021-37669Aug 12, 2021
    affected < 1.0.3-bp153.2.1fixed 1.0.3-bp153.2.1

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause denial of service in applications serving models using `tf.raw_ops.NonMaxSuppressionV5` by triggering a division by 0. The [implementation](https://github.com/tensorf

  • CVE-2021-37673Aug 12, 2021
    affected < 1.0.3-bp153.2.1fixed 1.0.3-bp153.2.1

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a denial of service via a `CHECK`-fail in `tf.raw_ops.MapStage`. The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1

  • CVE-2021-37663Aug 12, 2021
    affected < 1.0.3-bp153.2.1fixed 1.0.3-bp153.2.1

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in `tf.raw_ops.QuantizeV2`, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap

  • CVE-2021-37682Aug 12, 2021
    affected < 1.0.3-bp153.2.1fixed 1.0.3-bp153.2.1

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions all TFLite operations that use quantization can be made to use unitialized values. [For example](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tens

  • CVE-2021-37674Aug 12, 2021
    affected < 1.0.3-bp153.2.1fixed 1.0.3-bp153.2.1

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a denial of service via a segmentation fault in `tf.raw_ops.MaxPoolGrad` caused by missing validation. The [implementation](https://github.com/tensorflow/tensorflow

  • CVE-2021-37665Aug 12, 2021
    affected < 1.0.3-bp153.2.1fixed 1.0.3-bp153.2.1

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in MKL implementation of requantization, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bo

  • CVE-2021-37677Aug 12, 2021
    affected < 1.0.3-bp153.2.1fixed 1.0.3-bp153.2.1

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions the shape inference code for `tf.raw_ops.Dequantize` has a vulnerability that could trigger a denial of service via a segfault if an attacker provides invalid arguments. The shape inferenc

  • CVE-2021-37683Aug 12, 2021
    affected < 1.0.3-bp153.2.1fixed 1.0.3-bp153.2.1

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of division in TFLite is [vulnerable to a division by 0 error](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/lite/ker

  • CVE-2021-37684Aug 12, 2021
    affected < 1.0.3-bp153.2.1fixed 1.0.3-bp153.2.1

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementations of pooling in TFLite are vulnerable to division by 0 errors as there are no checks for divisors not being 0. We have patched the issue in GitHub commit [dfa22b348b70bb8

  • CVE-2021-37668Aug 12, 2021
    affected < 1.0.3-bp153.2.1fixed 1.0.3-bp153.2.1

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause denial of service in applications serving models using `tf.raw_ops.UnravelIndex` by triggering a division by 0. The [implementation](https://github.com/tensorflow/ten

  • CVE-2021-37670Aug 12, 2021
    affected < 1.0.3-bp153.2.1fixed 1.0.3-bp153.2.1

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to `tf.raw_ops.UpperBound`. The [implementation](https://github.com/tensor

  • CVE-2021-37691Aug 12, 2021
    affected < 1.0.3-bp153.2.1fixed 1.0.3-bp153.2.1

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a division by zero error in LSH [implementation](https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b810

  • CVE-2021-37679Aug 12, 2021
    affected < 1.0.3-bp153.2.1fixed 1.0.3-bp153.2.1

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions it is possible to nest a `tf.map_fn` within another `tf.map_fn` call. However, if the input tensor is a `RaggedTensor` and there is no function signature provided, code assumes the output

  • CVE-2021-37672Aug 12, 2021
    affected < 1.0.3-bp153.2.1fixed 1.0.3-bp153.2.1

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to `tf.raw_ops.SdcaOptimizerV2`. The [implementation](https://github.com/t

  • CVE-2021-37687Aug 12, 2021
    affected < 1.0.3-bp153.2.1fixed 1.0.3-bp153.2.1

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions TFLite's [`GatherNd` implementation](https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels/gather_nd.cc#L124) does not support nega

  • CVE-2021-37685Aug 12, 2021
    affected < 1.0.3-bp153.2.1fixed 1.0.3-bp153.2.1

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions TFLite's [`expand_dims.cc`](https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels/expand_dims.cc#L36-L50) contains a vulnerability

  • CVE-2021-37681Aug 12, 2021
    affected < 1.0.3-bp153.2.1fixed 1.0.3-bp153.2.1

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of SVDF in TFLite is [vulnerable to a null pointer error](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/lite/kernels/

Page 1 of 4