Msrc Azl3 Tensorflow 2.11.1-1 On Azure Linux 3.0 vulnerabilities

CVE-2023-38546 [LOW] This flaw allows an attacker to insert cookies at will into a running program using libcurl if the specific series of conditions are met. libcurl performs transfers. In its API an application creates This flaw allows an attacker to insert cookies at will into a running program using libcurl if the specific series of conditions are met. libcurl performs transfers. In its API an application creates "easy handles" that are the individual handles for single transfers. libcurl

CVE-2023-28319 [HIGH] CWE-416 A use after free vulnerability exists in curl <v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails libcurl would free the memory A use after free vulnerability exists in curl Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distr

CVE-2023-28321 [MEDIUM] CWE-295 An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl An improper certificate validation vulnerability exists in curl Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use t

CVE-2023-28320 [MEDIUM] CWE-362 A denial of service vulnerability exists in curl <v8.1.0 in the way libcurl provides several different backends for resolving host names selected at build time. If it is built to use the synchronous r A denial of service vulnerability exists in curl Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux

CVE-2023-29941 [MEDIUM] CWE-125 llvm-project commit a0138390 was discovered to contain a segmentation fault via the component matchAndRewriteSortOp<mlir::sparse_tensor::SortOp>(mlir::sparse_tensor::SortOp. llvm-project commit a0138390 was discovered to contain a segmentation fault via the component matchAndRewriteSortOp(mlir::sparse_tensor::SortOp. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? O

CVE-2023-28322 [LOW] CWE-200 An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send even when t An information disclosure vulnerability exists in curl Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Lin

CVE-2023-25668 [CRITICAL] CWE-122 TensorFlow vulnerable to heap out-of-buffer read in the QuantizeAndDequantize operation TensorFlow vulnerable to heap out-of-buffer read in the QuantizeAndDequantize operation FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recen

CVE-2023-25664 [HIGH] CWE-120 TensorFlow vulnerable to Heap Buffer Overflow in AvgPoolGrad TensorFlow vulnerable to Heap Buffer Overflow in AvgPoolGrad FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries wi

CVE-2023-25672 [HIGH] CWE-476 TensorFlow has Null Pointer Error in LookupTableImportV2 TensorFlow has Null Pointer Error in LookupTableImportV2 FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which

CVE-2023-25673 [HIGH] CWE-697 TensorFlow has Floating Point Exception in TensorListSplit with XLA TensorFlow has Floating Point Exception in TensorListSplit with XLA FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open sourc

CVE-2023-25662 [HIGH] CWE-190 TensorFlow vulnerable to integer overflow in EditDistance TensorFlow vulnerable to integer overflow in EditDistance FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with whi

CVE-2023-25667 [MEDIUM] CWE-190 TensorFlow vulnerable to segfault when opening multiframe gif TensorFlow vulnerable to segfault when opening multiframe gif FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source librarie

CVE-2023-25671 [HIGH] CWE-787 TensorFlow has segmentation fault in tfg-translate TensorFlow has segmentation fault in tfg-translate FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro

CVE-2023-25669 [HIGH] CWE-697 TensorFlow has Floating Point Exception in AvgPoolGrad with XLA TensorFlow has Floating Point Exception in AvgPoolGrad with XLA FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source librar

CVE-2023-27533 [HIGH] CWE-74 A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server A vulnerability in input validation exists in curl Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux d

CVE-2023-25674 [HIGH] CWE-476 TensorFlow has Null Pointer Error in RandomShuffle with XLA enable TensorFlow has Null Pointer Error in RandomShuffle with XLA enable FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source

CVE-2023-25663 [HIGH] CWE-476 TensorFlow has Null Pointer Error in TensorArrayConcatV2 TensorFlow has Null Pointer Error in TensorArrayConcatV2 FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which

CVE-2023-25658 [HIGH] CWE-125 TensorFlow vulnerable to Out-of-Bounds Read in GRUBlockCellGrad TensorFlow vulnerable to Out-of-Bounds Read in GRUBlockCellGrad FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source librar

CVE-2023-27534 [HIGH] CWE-22 A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element in addition to its intend A path traversal vulnerability exists in curl Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro

CVE-2023-25666 [HIGH] CWE-697 TensorFlow has Floating Point Exception in AudioSpectrogram TensorFlow has Floating Point Exception in AudioSpectrogram FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with