AZL-38257 CVE-2023-27538 affecting package tensorflow for versions less than 2.16.1-1

An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequen...

AZL-38476 CVE-2023-27536 affecting package tensorflow for versions less than 2.16.1-1

An authentication bypass vulnerability exists libcurl 8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPTGSSAPIDELEGATION option. This vulnerability affects...

Denial Of Service (DoS)

tensorflow is vulnerable to Denial of Service DoS attacks. The vulnerability is due to a Null pointer exception via the values parameter in the tf.rawops.LookupTableImportV2 function, resulting in an application crash...

Denial Of Service (DoS)

tensorflow is vulnerable to Denial of Service DoS attacks. The vulnerability is due to a floating point exception in SpectrogramShapeFn when the window size is 1 or the stride is negative resulting in an application crash...

Denial Of Service (DoS)

tensorflow is vulnerable to Denial of Service DoS attacks. The vulnerability is due to a Null pointer exception through the Lookup function when ctx-stepcontainter is a null ptr, causing the application to crash...

Denial Of Service (DoS)

tensorflow is vulnerable to Denial of Service DoS attacks. The vulnerability exists due to bincountop when XLA is enabled, which allows an attacker to cause a segmentation fault when given a parameter weights that is neither the same shape as parameter arr nor a length-0 tensor, causing the...

Denial Of Service (DoS)

tensorflow is vulnerable to Denial of Service DoS attacks.The vulnerability is due to a null pointer exception in RandomShuffle when XLA is enabled and an input is negative, causing the application to crash...

Denial Of Service (DoS)

tensorflow is vulnerable to Denial of Service DoS attacks. A malicious user is able to gain out-of-bounds access due to mismatched integer type sizes in functiondefimport.cc, causing the application to crash...

Denial Of Service (DoS)

tensorflow is vulnerable to Denial of Service DoS attacks. A malicious user is able to cause an integer overflow in gifio.cc leading to segmentation fault when opening multiframe gifs, causing the application to crash...

SUSE CVE-2023-25661

TensorFlow is an Open Source Machine Learning Framework. In versions prior to 2.11.1 a malicious invalid input crashes a tensorflow model Check Failed and can be used to trigger a denial of service attack. A proof of concept can be constructed with the Convolution3DTranspose function. This...

Google TensorFlow Buffer Overflow Vulnerability (CNVD-2023-43888)

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. Google TensorFlow suffers from a buffer overflow vulnerability that originates from a boundary error in TAvgPoolGrad when handling untrusted input. A remote attacker could exploit the...

SUSE CVE-2023-25659

TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, if the parameter indices for DynamicStitch does not match the shape of the parameter data, it can trigger an stack OOB read. A fix is included in TensorFlow version 2.12.0 and version 2.11.1...

SUSE CVE-2023-25662

TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 are vulnerable to integer overflow in EditDistance. A fix is included in TensorFlow version 2.12.0 and version 2.11.1...

SUSE CVE-2023-25663

TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when ctx-stepcontainter is a null ptr, the Lookup function will be executed with a null pointer. A fix is included in TensorFlow 2.12.0 and 2.11.1...

SUSE CVE-2023-25660

TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when the parameter summarize of tf.rawops.Print is zero, the new method SummarizeArray will reference to a nullptr, leading to a seg fault. A fix is included in TensorFlow version 2.12 and version...

SUSE CVE-2023-25658

TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, an out of bounds read is in GRUBlockCellGrad. A fix is included in TensorFlow 2.12.0 and 2.11.1...

SUSE CVE-2023-25667

TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, integer overflow occurs when 2^31 = numframes height width channels 2^32, for example Full HD screencast of at least 346 frames. A fix is included in TensorFlow version 2.12.0 and version 2.11.1...

SUSE CVE-2023-25665

TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when SparseSparseMaximum is given invalid sparse tensors as inputs, it can give a null pointer error. A fix is included in TensorFlow version 2.12 and version 2.11.1...

SUSE CVE-2023-25666

TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, there is a floating point exception in AudioSpectrogram. A fix is included in TensorFlow version 2.12.0 and version 2.11.1...

SUSE CVE-2023-25664

TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, there is a heap buffer overflow in TAvgPoolGrad. A fix is included in TensorFlow 2.12.0 and 2.11.1...