Log

CVE-2021-33574 edited at 13 Aug 2021 15:01:18
Severity
- Medium
+ Low
References
https://sourceware.org/bugzilla/show_bug.cgi?id=27896
+ https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=42d359350510506b87101cf77202fefcbfc790cb
+ https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=217b6dc298156bdb0d6aea9ea93e7e394a5ff091
CVE-2021-29987 edited at 13 Aug 2021 08:35:20
References
https://www.mozilla.org/security/advisories/mfsa2021-33/
- https://www.mozilla.org/security/advisories/mfsa2021-33/
+ https://www.mozilla.org/security/advisories/mfsa2021-36/
https://bugzilla.mozilla.org/show_bug.cgi?id=1716129
CVE-2021-29982 edited at 13 Aug 2021 08:35:14
References
https://www.mozilla.org/security/advisories/mfsa2021-33/
- https://www.mozilla.org/security/advisories/mfsa2021-33/
+ https://www.mozilla.org/security/advisories/mfsa2021-36/
https://bugzilla.mozilla.org/show_bug.cgi?id=1715318
AVG-2292 edited at 13 Aug 2021 08:05:11
Affected
- 2.5.0-1
+ 2.5.0-6
AVG-2292 edited at 13 Aug 2021 08:04:53
Affected
- 2.5.1-1
+ 2.5.0-1
Fixed
- 2.6.0-1
+ 2.5.1-1
AVG-2292 created at 13 Aug 2021 07:59:19
Packages
+ tensorflow
Issues
+ CVE-2021-37635
+ CVE-2021-37636
+ CVE-2021-37637
+ CVE-2021-37638
+ CVE-2021-37639
+ CVE-2021-37640
+ CVE-2021-37641
+ CVE-2021-37642
+ CVE-2021-37643
+ CVE-2021-37644
+ CVE-2021-37645
+ CVE-2021-37646
+ CVE-2021-37647
+ CVE-2021-37648
+ CVE-2021-37649
+ CVE-2021-37650
+ CVE-2021-37651
+ CVE-2021-37652
+ CVE-2021-37653
+ CVE-2021-37654
+ CVE-2021-37655
+ CVE-2021-37656
+ CVE-2021-37657
+ CVE-2021-37658
+ CVE-2021-37659
+ CVE-2021-37660
+ CVE-2021-37661
+ CVE-2021-37662
+ CVE-2021-37663
+ CVE-2021-37664
+ CVE-2021-37665
+ CVE-2021-37666
+ CVE-2021-37667
+ CVE-2021-37668
+ CVE-2021-37669
+ CVE-2021-37670
+ CVE-2021-37671
+ CVE-2021-37672
+ CVE-2021-37673
+ CVE-2021-37674
+ CVE-2021-37675
+ CVE-2021-37676
+ CVE-2021-37677
+ CVE-2021-37678
+ CVE-2021-37679
+ CVE-2021-37680
+ CVE-2021-37681
+ CVE-2021-37682
+ CVE-2021-37683
+ CVE-2021-37684
+ CVE-2021-37685
+ CVE-2021-37686
+ CVE-2021-37687
+ CVE-2021-37688
+ CVE-2021-37689
+ CVE-2021-37690
+ CVE-2021-37691
+ CVE-2021-37692
Status
+ Fixed
Severity
+ Critical
Affected
+ 2.5.1-1
Fixed
+ 2.6.0-1
Ticket
Advisory qualified
+ Yes
References
Notes
CVE-2021-37635 created at 13 Aug 2021 07:58:02
Severity
+ Medium
Remote
+ Local
Type
+ Information disclosure
Description
+ In TensorFlow before version 2.6.0 the implementation of sparse reduction operations in TensorFlow can trigger accesses outside of bounds of heap allocated data. The implementation fails to validate that each reduction group does not overflow and that each corresponding index does not point to outside the bounds of the input tensor.
References
+ https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cgfm-62j4-v4rf
+ https://github.com/tensorflow/tensorflow/commit/87158f43f05f2720a374f3e6d22a7aaa3a33f750
Notes
CVE-2021-37636 created at 13 Aug 2021 07:58:02
Severity
+ Low
Remote
+ Local
Type
+ Denial of service
Description
+ In TensorFlow before version 2.6.0 the implementation of tf.raw_ops.SparseDenseCwiseDiv is vulnerable to a division by 0 error. The implementation uses a common class for all binary operations but fails to treat the division by 0 case separately.
References
+ https://github.com/tensorflow/tensorflow/security/advisories/GHSA-hp4c-x6r7-6555
+ https://github.com/tensorflow/tensorflow/commit/d9204be9f49520cdaaeb2541d1dc5187b23f31d9
Notes
CVE-2021-37637 created at 13 Aug 2021 07:58:02
Severity
+ Low
Remote
+ Local
Type
+ Denial of service
Description
+ In TensorFlow before version 2.6.0 it is possible to trigger a null pointer dereference in TensorFlow by passing an invalid input to tf.raw_ops.CompressElement. The implementation was accessing the size of a buffer obtained from the return of a separate function call before validating that said buffer is valid.
References
+ https://github.com/tensorflow/tensorflow/security/advisories/GHSA-c9qf-r67m-p7cg
+ https://github.com/tensorflow/tensorflow/commit/5dc7f6981fdaf74c8c5be41f393df705841fb7c5
Notes
CVE-2021-37638 created at 13 Aug 2021 07:58:02
Severity
+ Low
Remote
+ Local
Type
+ Denial of service
Description
+ In TensorFlow before version 2.6.0, sending invalid argument for row_partition_types of tf.raw_ops.RaggedTensorToTensor API results in a null pointer dereference and undefined behavior. The implementation accesses the first element of a user supplied list of values without validating that the provided list is not empty.
References
+ https://github.com/tensorflow/tensorflow/security/advisories/GHSA-hwr7-8gxx-fj5p
+ https://github.com/tensorflow/tensorflow/commit/301ae88b331d37a2a16159b65b255f4f9eb39314
Notes