GHSA-CPWX-VRP4-4PQ7 vulnerabilities

Vulnerabilities for packages: reflex, grafana-oncall, tensorflow-cpu-jupyter, jupyter-base-notebook, checkov...

CVE-2024-5569 affecting package tensorflow for versions less than 2.16.1-9

CVE-2024-5569 affecting package tensorflow for versions less than 2.16.1-9. A patched version of the package is available...

CVE-2024-6923 affecting package tensorflow for versions less than 2.16.1-9

CVE-2024-6923 affecting package tensorflow for versions less than 2.16.1-9. A patched version of the package is available...

Azure Linux 3.0 Security Update: python3 (CVE-2024-6923)

The version of python3 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-6923 advisory. - There is a MEDIUM severity vulnerability affecting CPython. The email module didn't properly quote newlines...

Azure Linux 3.0 Security Update: cmake / curl / mysql / rust / tensorflow (CVE-2023-27534)

The version of cmake / curl / mysql / rust / tensorflow installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-27534 advisory. - A path traversal vulnerability exists in curl 8.0.0 SFTP implementation...

Azure Linux 3.0 Security Update: cmake / curl / mysql / rust / tensorflow (CVE-2023-27535)

The version of cmake / curl / mysql / rust / tensorflow installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-27535 advisory. - An authentication bypass vulnerability exists in libcurl 8.0.0 in the FTP...

Azure Linux 3.0 Security Update: libpng / tensorflow (CVE-2022-3857)

The version of libpng / tensorflow installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-3857 advisory. - libpng: Null pointer dereference leads to segmentation fault CVE-2022-3857 Note that Nessus has...

Azure Linux 3.0 Security Update: python3 / tensorflow (CVE-2024-6232)

The version of python3 / tensorflow installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-6232 advisory. - There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed...

Azure Linux 3.0 Security Update: python-requests / tensorflow (CVE-2024-35195)

The version of python-requests / tensorflow installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-35195 advisory. - Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests...

Azure Linux 3.0 Security Update: cmake / curl / mysql / rust / tensorflow (CVE-2023-27533)

The version of cmake / curl / mysql / rust / tensorflow installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-27533 advisory. - A vulnerability in input validation exists in curl 8.0 during communicatio...

Azure Linux 3.0 Security Update: cmake / curl / mysql / rust / tensorflow (CVE-2023-28320)

The version of cmake / curl / mysql / rust / tensorflow installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-28320 advisory. - A denial of service vulnerability exists in curl v8.1.0 in the way libcurl...

CVE-2021-37637

TensorFlow is an end-to-end open source platform for machine learning. It is possible to trigger a null pointer dereference in TensorFlow by passing an invalid input to tf.rawops.CompressElement. The implementation was accessing the size of a buffer obtained from the return of a separate function...

CVE-2021-37655

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a read from outside of bounds of heap allocated data by sending invalid arguments to tf.rawops.ResourceScatterUpdate. The implementation has an incomplete validation of the...

CVE-2021-37664

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to BoostedTreesSparseCalculateBestFeatureSplit. The implementation needs to validate that...

CVE-2021-37651

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for tf.rawops.FractionalAvgPoolGrad can be tricked into accessing data outside of bounds of heap allocated buffers. The implementation does not validate that the input tensor is non-empt...

CVE-2021-37659

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all binary cwise operations that don't require broadcasting e.g., gradients of binary cwise operations. The implementatio...

CVE-2021-37671

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.Map and tf.rawops.OrderedMap operations. The implementation has a check in place to ensure that indices is in...

CVE-2021-37635

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of sparse reduction operations in TensorFlow can trigger accesses outside of bounds of heap allocated data. The implementation fails to validate that each reduction group does not overfl...

CVE-2021-37662

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can generate undefined behavior via a reference binding to nullptr in BoostedTreesCalculateBestGainsPerFeature and similar attack can occur in BoostedTreesCalculateBestFeatureSplitV2. The...

CVE-2021-37679

TensorFlow is an end-to-end open source platform for machine learning. In affected versions it is possible to nest a tf.mapfn within another tf.mapfn call. However, if the input tensor is a RaggedTensor and there is no function signature provided, code assumes the output is a fully specified tens...