4 matches found
Cleartext Storage of Sensitive Information
Overview Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information in in Azure Compute Gallery, which writes MAA tokens in the debug log. Remediation Upgrade github.com/Microsoft/confidential-sidecar-containers/pkg/skr to version 2.12 or higher. References -...
PT-2023-20238
Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.12.0 TensorFlow versions prior to 2.11.1 Description The issue occurs when running TensorFlow with XLA, where tf.raw ops.ParallelConcat segfaults with a nullptr dereference when given a parameter shape with rank...
PT-2023-20226
Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.12.0 TensorFlow versions prior to 2.11.1 Description The issue occurs when SparseSparseMaximum is given invalid sparse tensors as inputs, resulting in a null pointer error. This is a problem in the TensorFlow ope...
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read when the BaseCandidateSamplerOp function receives a value in trueclasses larger than rangemax. Remediation Upgrade tensorflow-lite to version 2.12.0 or higher. References - GitHub Commit - Vulnerable Code Credit: Yu...