VYPR

rpm package

suse/tensorflow2_2_6_0-gnu-hpc&distro=SUSE Package Hub 15 SP3

pkg:rpm/suse/tensorflow2_2_6_0-gnu-hpc&distro=SUSE%20Package%20Hub%2015%20SP3

Vulnerabilities (63)

  • CVE-2021-37689Aug 12, 2021
    affected < 2.6.0-bp153.2.3.1fixed 2.6.0-bp153.2.3.1

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a crash and denial of service. This is caused by the MLIR optimization of `L2Norma

  • CVE-2021-37688Aug 12, 2021
    affected < 2.6.0-bp153.2.3.1fixed 2.6.0-bp153.2.3.1

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a crash and denial of service. The [implementation](https://github.com/tensorflow/

  • CVE-2021-37686Aug 12, 2021
    affected < 2.6.0-bp153.2.3.1fixed 2.6.0-bp153.2.3.1

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions the strided slice implementation in TFLite has a logic bug which can allow an attacker to trigger an infinite loop. This arises from newly introduced support for [ellipsis in axis definiti

  • CVE-2021-37680Aug 12, 2021
    affected < 2.6.0-bp153.2.3.1fixed 2.6.0-bp153.2.3.1

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of fully connected layers in TFLite is [vulnerable to a division by zero error](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/te

  • CVE-2021-37675Aug 12, 2021
    affected < 2.6.0-bp153.2.3.1fixed 2.6.0-bp153.2.3.1

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions most implementations of convolution operators in TensorFlow are affected by a division by 0 vulnerability where an attacker can trigger a denial of service via a crash. The shape inference

  • CVE-2021-37676Aug 12, 2021
    affected < 2.6.0-bp153.2.3.1fixed 2.6.0-bp153.2.3.1

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.SparseFillEmptyRows`. The shape inference [implementation](https://github.com/tensorflow/ten

  • CVE-2021-37671Aug 12, 2021
    affected < 2.6.0-bp153.2.3.1fixed 2.6.0-bp153.2.3.1

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.Map*` and `tf.raw_ops.OrderedMap*` operations. The [implementation](https://github.com/tenso

  • CVE-2021-37666Aug 12, 2021
    affected < 2.6.0-bp153.2.3.1fixed 2.6.0-bp153.2.3.1

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.RaggedTensorToVariant`. The [implementation](https://github.com/tensorflow/tensorflow/blob/4

  • CVE-2021-37667Aug 12, 2021
    affected < 2.6.0-bp153.2.3.1fixed 2.6.0-bp153.2.3.1

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.UnicodeEncode`. The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de

  • CVE-2021-37648Aug 12, 2021
    affected < 2.6.0-bp153.2.3.1fixed 2.6.0-bp153.2.3.1

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions the code for `tf.raw_ops.SaveV2` does not properly validate the inputs and an attacker can trigger a null pointer dereference. The [implementation](https://github.com/tensorflow/tensorflow

  • CVE-2021-37652Aug 12, 2021
    affected < 2.6.0-bp153.2.3.1fixed 2.6.0-bp153.2.3.1

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for `tf.raw_ops.BoostedTreesCreateEnsemble` can result in a use after free error if an attacker supplies specially crafted arguments. The [implementation](https://github

  • CVE-2021-37646Aug 12, 2021
    affected < 2.6.0-bp153.2.3.1fixed 2.6.0-bp153.2.3.1

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.raw_ops.StringNGrams` is vulnerable to an integer overflow issue caused by converting a signed integer value to an unsigned one and then allocating memory based o

  • CVE-2021-37661Aug 12, 2021
    affected < 2.6.0-bp153.2.3.1fixed 2.6.0-bp153.2.3.1

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause a denial of service in `boosted_trees_create_quantile_stream_resource` by using negative arguments. The [implementation](https://github.com/tensorflow/tensorflow/blob

  • CVE-2021-37645Aug 12, 2021
    affected < 2.6.0-bp153.2.3.1fixed 2.6.0-bp153.2.3.1

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.raw_ops.QuantizeAndDequantizeV4Grad` is vulnerable to an integer overflow issue caused by converting a signed integer value to an unsigned one and then allocating

  • CVE-2021-37651Aug 12, 2021
    affected < 2.6.0-bp153.2.3.1fixed 2.6.0-bp153.2.3.1

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for `tf.raw_ops.FractionalAvgPoolGrad` can be tricked into accessing data outside of bounds of heap allocated buffers. The [implementation](https://github.com/tensorflow

  • CVE-2021-37650Aug 12, 2021
    affected < 2.6.0-bp153.2.3.1fixed 2.6.0-bp153.2.3.1

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for `tf.raw_ops.ExperimentalDatasetToTFRecord` and `tf.raw_ops.DatasetToTFRecord` can trigger heap buffer overflow and segmentation fault. The [implementation](https://g

  • CVE-2021-37662Aug 12, 2021
    affected < 2.6.0-bp153.2.3.1fixed 2.6.0-bp153.2.3.1

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can generate undefined behavior via a reference binding to nullptr in `BoostedTreesCalculateBestGainsPerFeature` and similar attack can occur in `BoostedTreesCalculateBestFeatu

  • CVE-2021-37656Aug 12, 2021
    affected < 2.6.0-bp153.2.3.1fixed 2.6.0-bp153.2.3.1

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.RaggedTensorToSparse`. The [implementation](https://github.com/tensorflow/tensorflow/blob/f2

  • CVE-2021-37657Aug 12, 2021
    affected < 2.6.0-bp153.2.3.1fixed 2.6.0-bp153.2.3.1

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type `tf.raw_ops.MatrixDiagV*`. The [implementation](https://github.com/tensorflow/ten

  • CVE-2021-37658Aug 12, 2021
    affected < 2.6.0-bp153.2.3.1fixed 2.6.0-bp153.2.3.1

    TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type `tf.raw_ops.MatrixSetDiagV*`. The [implementation](https://github.com/tensorflow/