SUSE CVE-2022-36012

TensorFlow is an open source platform for machine learning. When mlir::tfg::ConvertGenericFunctionToFunctionDef is given empty function attributes, it crashes. We have patched the issue in GitHub commit ad069af92392efee1418c48ff561fd3070a03d7b. The fix will be included in TensorFlow 2.10.0. We wi...

SUSE CVE-2022-36014

TensorFlow is an open source platform for machine learning. When mlir::tfg::TFOp::nameAttr receives null type list attributes, it crashes. We have patched the issue in GitHub commits 3a754740d5414e362512ee981eefba41561a63a6 and a0f0b9a21c9270930457095092f558fbad4c03e5. The fix will be included in...

SUSE CVE-2022-36015

TensorFlow is an open source platform for machine learning. When RangeSize receives values that do not fit into an int64t, it crashes. We have patched the issue in GitHub commit 37e64539cd29fcfb814c4451152a60f5d107b0f0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this...

SUSE CVE-2022-36016

TensorFlow is an open source platform for machine learning. When tensorflow::fulltype::SubstituteFromAttrs receives a FullTypeDef& t that is not exactly three args, it triggers a CHECK-fail instead of returning a status. We have patched the issue in GitHub commit...

SUSE CVE-2022-36017

TensorFlow is an open source platform for machine learning. If Requantize is given inputmin, inputmax, requestedoutputmin, requestedoutputmax tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...

SUSE CVE-2022-36018

TensorFlow is an open source platform for machine learning. If RaggedTensorToVariant is given a rtnestedsplits list that contains tensors of ranks other than one, it results in a CHECK fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...

SUSE CVE-2022-36019

TensorFlow is an open source platform for machine learning. If FakeQuantWithMinMaxVarsPerChannel is given min or max tensors of a rank other than one, it results in a CHECK fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...

SUSE CVE-2022-36026

TensorFlow is an open source platform for machine learning. If QuantizeAndDequantizeV3 is given a nonscalar numbits input tensor, it results in a CHECK fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit f3f9cb38ecfe5a8a703f2c4a8fead434ef291713...

SUSE CVE-2022-36027

TensorFlow is an open source platform for machine learning. When converting transposed convolutions using per-channel weight quantization the converter segfaults and crashes the Python process. We have patched the issue in GitHub commit aa0b852a4588cea4d36b74feb05d93055540b450. The fix will be...

SUSE CVE-2022-41910

TensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. We hav...

MAL-2023-2309 Malicious code in tensroflow (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 650caecb429c52cb105dd6014566941cb97e4d18b9793b1f2b3cef30d91d4d71 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

MAL-2023-2337 Malicious code in tnesorflow (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 7bdde09ea070dc3aac0b7102490f33b1fba0895e62b305870e3e5d163b0df44a Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

MAL-2023-2298 Malicious code in tensoorflow (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx bc72c89db47285f11cdf85ec30ba3938cd027a6060feeb49a17056a1e2693444 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

Malicious code in tesorflow (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx da675968aba8029f78261f1156be7774988c1dd8794e1803dec26bbde9133dd4 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

MAL-2023-2312 Malicious code in tesorflow (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx da675968aba8029f78261f1156be7774988c1dd8794e1803dec26bbde9133dd4 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

Malicious code in tenosrflow (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx c080b6b3fa0fc705c7fe895c0ab698c66dff3849684bd2a2161c9013f431614a Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

Malicious code in tensorlfow (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx d5c92538897f03e16a506f1e9956f41a3cc5b540a39ad7401f73e7481ac0a2d4 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

Malicious code in tensorfllow (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 2ba43e5ae4441e87766653d8096fb936bfe20f1b3c53b02b6a2fe35990a1ef0f Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

MAL-2023-2300 Malicious code in tensorfllow (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 2ba43e5ae4441e87766653d8096fb936bfe20f1b3c53b02b6a2fe35990a1ef0f Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

Malicious code in teensorflow (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 0a2ff806f353099e45e280a9b7aaafd122299635b37541ddd0b931719467693f Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...