AZL-35318 CVE-2023-25673 affecting package tensorflow for versions less than 2.11.1-1

TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 have a Floating Point Exception in TensorListSplit with XLA. A fix is included in TensorFlow version 2.12.0 and version 2.11.1...

CVE-2023-25673

TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 have a Floating Point Exception in TensorListSplit with XLA. A fix is included in TensorFlow version 2.12.0 and version 2.11.1...

CVE-2023-25674

TensorFlow is an open source machine learning platform. Versions prior to 2.12.0 and 2.11.1 have a null pointer error in RandomShuffle with XLA enabled. A fix is included in TensorFlow 2.12.0 and 2.11.1...

CVE-2023-25676

TensorFlow is an open source machine learning platform. When running versions prior to 2.12.0 and 2.11.1 with XLA, tf.rawops.ParallelConcat segfaults with a nullptr dereference when given a parameter shape with rank that is not greater than zero. A fix is available in TensorFlow 2.12.0 and 2.11.1...

GHSA-GF97-Q72M-7579 TensorFlow has Null Pointer Error in RandomShuffle with XLA enable

Impact NPE in RandomShuffle with XLA enable python import tensorflow as tf func = tf.rawops.RandomShuffle para = 'value': 1e+20, 'seed': -4294967297, 'seed2': -2147483649 @tf.functionjitcompile=True def test: y = funcpara return y test Patches We have patched the issue in GitHub commit...

ROS-20230322-01

A vulnerability in the HEIF and AVIF libheif file format decoder is related to the data parsing code of strided images in the emscripten wrapper for libheif. Exploitation of the vulnerability could allow an attacker acting remotely to use a specially crafted image file to cause a buffer overflow ...

DEBIAN-CVE-2023-0996

There is a vulnerability in the strided image data parsing code in the emscripten wrapper for libheif. An attacker could exploit this through a crafted image file to cause a buffer overflow in linear memory during a memcpy call...

Buffer overflow

There is a vulnerability in the strided image data parsing code in the emscripten wrapper for libheif. An attacker could exploit this through a crafted image file to cause a buffer overflow in linear memory during a memcpy call...

SUSE CVE-2013-2213

The KRandom::random function in KDE Paste Applet after 4.10.5 in kdeplasma-addons uses the GNU C Library rand function's linear congruential generator, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by predicting the generator output...

SUSE CVE-2017-6830

Heap-based buffer overflow in the alaw2linearbuf function in G711.cpp in Audio File Library aka audiofile 0.3.6 allows remote attackers to cause a denial of service crash via a crafted file...

SUSE CVE-2017-15592

An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to cause a denial of service hypervisor crash or possibly gain privileges because self-linear shadow mappings are mishandled for translated guests...

SUSE CVE-2019-19578

An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to cause a denial of service via degenerate chains of linear pagetables, because of an incorrect fix for CVE-2017-15595. "Linear pagetables" is a technique which involves either pointing a pagetable at itself, or to...

SUSE CVE-2022-2503

Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear...

Battery discharge mechanism doesn't work correctly for first redemption

Lines of code Vulnerability details Impact The RTokenP1 contract implements a throttling mechanism using the RedemptionBatteryLib library. The library models a "battery" which "recharges" linearly block by block, over roughly 1 hour. RToken.sol function redeemuint256 amount external notFrozen //...

GSD-2023-1000328 xen/netback: Ensure protocol headers don't fall in the non-linear area

xen/netback: Ensure protocol headers don't fall in the non-linear area This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.269 by commit...

GSD-2023-1000225 xen/netback: Ensure protocol headers don't fall in the non-linear area

xen/netback: Ensure protocol headers don't fall in the non-linear area This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.159 by commit...

GSD-2023-1000150 xen/netback: Ensure protocol headers don't fall in the non-linear area

xen/netback: Ensure protocol headers don't fall in the non-linear area This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.83 by commit...

GSD-2023-1000053 xen/netback: Ensure protocol headers don't fall in the non-linear area

xen/netback: Ensure protocol headers don't fall in the non-linear area This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.13 by commit...

PT-2023-33302 · Xen · Xen-Netback

Name of the Vulnerable Software and Affected Versions: xen/netback versions prior to v5.10.159 Description: The issue is related to protocol headers falling in the non-linear area. The actual impact and attack plausibility have not yet been proven. Recommendations: For versions prior to v5.10.159...

PT-2023-33363 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.4.227 Description: The issue is related to the xen/netback component, where protocol headers may fall in the non-linear area. The actual impact and attack plausibility have not yet been proven. Recommendation...