rpm package
suse/bazel3.7&distro=SUSE Package Hub 15 SP3
pkg:rpm/suse/bazel3.7&distro=SUSE%20Package%20Hub%2015%20SP3
Vulnerabilities (63)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-37689 | — | < 3.7.2-bp153.4.1 | 3.7.2-bp153.4.1 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a crash and denial of service. This is caused by the MLIR optimization of `L2Norma | ||
| CVE-2021-37688 | — | < 3.7.2-bp153.4.1 | 3.7.2-bp153.4.1 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a crash and denial of service. The [implementation](https://github.com/tensorflow/ | ||
| CVE-2021-37686 | — | < 3.7.2-bp153.4.1 | 3.7.2-bp153.4.1 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions the strided slice implementation in TFLite has a logic bug which can allow an attacker to trigger an infinite loop. This arises from newly introduced support for [ellipsis in axis definiti | ||
| CVE-2021-37680 | — | < 3.7.2-bp153.4.1 | 3.7.2-bp153.4.1 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of fully connected layers in TFLite is [vulnerable to a division by zero error](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/te | ||
| CVE-2021-37675 | — | < 3.7.2-bp153.4.1 | 3.7.2-bp153.4.1 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions most implementations of convolution operators in TensorFlow are affected by a division by 0 vulnerability where an attacker can trigger a denial of service via a crash. The shape inference | ||
| CVE-2021-37676 | — | < 3.7.2-bp153.4.1 | 3.7.2-bp153.4.1 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.SparseFillEmptyRows`. The shape inference [implementation](https://github.com/tensorflow/ten | ||
| CVE-2021-37671 | — | < 3.7.2-bp153.4.1 | 3.7.2-bp153.4.1 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.Map*` and `tf.raw_ops.OrderedMap*` operations. The [implementation](https://github.com/tenso | ||
| CVE-2021-37666 | — | < 3.7.2-bp153.4.1 | 3.7.2-bp153.4.1 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.RaggedTensorToVariant`. The [implementation](https://github.com/tensorflow/tensorflow/blob/4 | ||
| CVE-2021-37667 | — | < 3.7.2-bp153.4.1 | 3.7.2-bp153.4.1 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.UnicodeEncode`. The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de | ||
| CVE-2021-37648 | — | < 3.7.2-bp153.4.1 | 3.7.2-bp153.4.1 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions the code for `tf.raw_ops.SaveV2` does not properly validate the inputs and an attacker can trigger a null pointer dereference. The [implementation](https://github.com/tensorflow/tensorflow | ||
| CVE-2021-37652 | — | < 3.7.2-bp153.4.1 | 3.7.2-bp153.4.1 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for `tf.raw_ops.BoostedTreesCreateEnsemble` can result in a use after free error if an attacker supplies specially crafted arguments. The [implementation](https://github | ||
| CVE-2021-37646 | — | < 3.7.2-bp153.4.1 | 3.7.2-bp153.4.1 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.raw_ops.StringNGrams` is vulnerable to an integer overflow issue caused by converting a signed integer value to an unsigned one and then allocating memory based o | ||
| CVE-2021-37661 | — | < 3.7.2-bp153.4.1 | 3.7.2-bp153.4.1 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause a denial of service in `boosted_trees_create_quantile_stream_resource` by using negative arguments. The [implementation](https://github.com/tensorflow/tensorflow/blob | ||
| CVE-2021-37645 | — | < 3.7.2-bp153.4.1 | 3.7.2-bp153.4.1 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.raw_ops.QuantizeAndDequantizeV4Grad` is vulnerable to an integer overflow issue caused by converting a signed integer value to an unsigned one and then allocating | ||
| CVE-2021-37651 | — | < 3.7.2-bp153.4.1 | 3.7.2-bp153.4.1 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for `tf.raw_ops.FractionalAvgPoolGrad` can be tricked into accessing data outside of bounds of heap allocated buffers. The [implementation](https://github.com/tensorflow | ||
| CVE-2021-37650 | — | < 3.7.2-bp153.4.1 | 3.7.2-bp153.4.1 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for `tf.raw_ops.ExperimentalDatasetToTFRecord` and `tf.raw_ops.DatasetToTFRecord` can trigger heap buffer overflow and segmentation fault. The [implementation](https://g | ||
| CVE-2021-37662 | — | < 3.7.2-bp153.4.1 | 3.7.2-bp153.4.1 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can generate undefined behavior via a reference binding to nullptr in `BoostedTreesCalculateBestGainsPerFeature` and similar attack can occur in `BoostedTreesCalculateBestFeatu | ||
| CVE-2021-37656 | — | < 3.7.2-bp153.4.1 | 3.7.2-bp153.4.1 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.RaggedTensorToSparse`. The [implementation](https://github.com/tensorflow/tensorflow/blob/f2 | ||
| CVE-2021-37657 | — | < 3.7.2-bp153.4.1 | 3.7.2-bp153.4.1 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type `tf.raw_ops.MatrixDiagV*`. The [implementation](https://github.com/tensorflow/ten | ||
| CVE-2021-37658 | — | < 3.7.2-bp153.4.1 | 3.7.2-bp153.4.1 | Aug 12, 2021 | TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type `tf.raw_ops.MatrixSetDiagV*`. The [implementation](https://github.com/tensorflow/ |
- CVE-2021-37689Aug 12, 2021affected < 3.7.2-bp153.4.1fixed 3.7.2-bp153.4.1
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a crash and denial of service. This is caused by the MLIR optimization of `L2Norma
- CVE-2021-37688Aug 12, 2021affected < 3.7.2-bp153.4.1fixed 3.7.2-bp153.4.1
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a crash and denial of service. The [implementation](https://github.com/tensorflow/
- CVE-2021-37686Aug 12, 2021affected < 3.7.2-bp153.4.1fixed 3.7.2-bp153.4.1
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the strided slice implementation in TFLite has a logic bug which can allow an attacker to trigger an infinite loop. This arises from newly introduced support for [ellipsis in axis definiti
- CVE-2021-37680Aug 12, 2021affected < 3.7.2-bp153.4.1fixed 3.7.2-bp153.4.1
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of fully connected layers in TFLite is [vulnerable to a division by zero error](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/te
- CVE-2021-37675Aug 12, 2021affected < 3.7.2-bp153.4.1fixed 3.7.2-bp153.4.1
TensorFlow is an end-to-end open source platform for machine learning. In affected versions most implementations of convolution operators in TensorFlow are affected by a division by 0 vulnerability where an attacker can trigger a denial of service via a crash. The shape inference
- CVE-2021-37676Aug 12, 2021affected < 3.7.2-bp153.4.1fixed 3.7.2-bp153.4.1
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.SparseFillEmptyRows`. The shape inference [implementation](https://github.com/tensorflow/ten
- CVE-2021-37671Aug 12, 2021affected < 3.7.2-bp153.4.1fixed 3.7.2-bp153.4.1
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.Map*` and `tf.raw_ops.OrderedMap*` operations. The [implementation](https://github.com/tenso
- CVE-2021-37666Aug 12, 2021affected < 3.7.2-bp153.4.1fixed 3.7.2-bp153.4.1
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.RaggedTensorToVariant`. The [implementation](https://github.com/tensorflow/tensorflow/blob/4
- CVE-2021-37667Aug 12, 2021affected < 3.7.2-bp153.4.1fixed 3.7.2-bp153.4.1
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.UnicodeEncode`. The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de
- CVE-2021-37648Aug 12, 2021affected < 3.7.2-bp153.4.1fixed 3.7.2-bp153.4.1
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the code for `tf.raw_ops.SaveV2` does not properly validate the inputs and an attacker can trigger a null pointer dereference. The [implementation](https://github.com/tensorflow/tensorflow
- CVE-2021-37652Aug 12, 2021affected < 3.7.2-bp153.4.1fixed 3.7.2-bp153.4.1
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for `tf.raw_ops.BoostedTreesCreateEnsemble` can result in a use after free error if an attacker supplies specially crafted arguments. The [implementation](https://github
- CVE-2021-37646Aug 12, 2021affected < 3.7.2-bp153.4.1fixed 3.7.2-bp153.4.1
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.raw_ops.StringNGrams` is vulnerable to an integer overflow issue caused by converting a signed integer value to an unsigned one and then allocating memory based o
- CVE-2021-37661Aug 12, 2021affected < 3.7.2-bp153.4.1fixed 3.7.2-bp153.4.1
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause a denial of service in `boosted_trees_create_quantile_stream_resource` by using negative arguments. The [implementation](https://github.com/tensorflow/tensorflow/blob
- CVE-2021-37645Aug 12, 2021affected < 3.7.2-bp153.4.1fixed 3.7.2-bp153.4.1
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.raw_ops.QuantizeAndDequantizeV4Grad` is vulnerable to an integer overflow issue caused by converting a signed integer value to an unsigned one and then allocating
- CVE-2021-37651Aug 12, 2021affected < 3.7.2-bp153.4.1fixed 3.7.2-bp153.4.1
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for `tf.raw_ops.FractionalAvgPoolGrad` can be tricked into accessing data outside of bounds of heap allocated buffers. The [implementation](https://github.com/tensorflow
- CVE-2021-37650Aug 12, 2021affected < 3.7.2-bp153.4.1fixed 3.7.2-bp153.4.1
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for `tf.raw_ops.ExperimentalDatasetToTFRecord` and `tf.raw_ops.DatasetToTFRecord` can trigger heap buffer overflow and segmentation fault. The [implementation](https://g
- CVE-2021-37662Aug 12, 2021affected < 3.7.2-bp153.4.1fixed 3.7.2-bp153.4.1
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can generate undefined behavior via a reference binding to nullptr in `BoostedTreesCalculateBestGainsPerFeature` and similar attack can occur in `BoostedTreesCalculateBestFeatu
- CVE-2021-37656Aug 12, 2021affected < 3.7.2-bp153.4.1fixed 3.7.2-bp153.4.1
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.RaggedTensorToSparse`. The [implementation](https://github.com/tensorflow/tensorflow/blob/f2
- CVE-2021-37657Aug 12, 2021affected < 3.7.2-bp153.4.1fixed 3.7.2-bp153.4.1
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type `tf.raw_ops.MatrixDiagV*`. The [implementation](https://github.com/tensorflow/ten
- CVE-2021-37658Aug 12, 2021affected < 3.7.2-bp153.4.1fixed 3.7.2-bp153.4.1
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type `tf.raw_ops.MatrixSetDiagV*`. The [implementation](https://github.com/tensorflow/
Page 2 of 4