Security Bulletin: Arbitrary File Read, SSRF, and Code Execution Vulnerabilities in TensorFlow Keras Model Loading (v2.13) affects watsonx.data

Summary A vulnerability in TensorFlow Keras v2.13 allows malicious .keras model files to trigger arbitrary local file reads, Server-Side Request Forgery SSRF, and potential code execution during model loading—even when safemode=True is enabled. The issue arises from improper handling of external...

EUVD-2021-0404

Malware in sbrugna...

EUVD-2024-1329

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2024-3660

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A arbitrary code injection vulnerability in TensorFlow's Keras framework 2.13 allows attackers to execute arbitrary code with the same permissions as the...

Exploit for CVE-2024-3660

CVE-2024-3660 – TensorFlow Keras Arbitrary Code Execution via...

CVE-2024-3660

A arbitrary code injection vulnerability in TensorFlow's Keras framework 2.13 allows attackers to execute arbitrary code with the same permissions as the application using a model that allow arbitrary code irrespective of the application...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary code execution in TensorFlow Keras [CVE-2024-3660]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary code execution in TensorFlow Keras, caused by a code injection flaw CVE-2024-3660. TensorFlow Keras is used by our Speech Service runtimes. This vulnerabilitiy has been addressed. Please read the...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to keras-2.12.0-py2.py3-none-any.whl CVE-2024-3660

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to keras-2.12.0-py2.py3-none-any.whl CVE-2024-3660. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-3660 DESCRIPTION: TensorFlow Keras could allow a remote attack...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary code execution in TensorFlow Keras [CVE-2024-3660]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary code execution in TensorFlow Keras, caused by a code injection flaw CVE-2024-3660. TensorFlow Keras is used by our Speech Service runtimes. This vulnerabilitiy has been addressed. Please read the...

DEBIAN-CVE-2024-3660

A arbitrary code injection vulnerability in TensorFlow's Keras framework 2.13 allows attackers to execute arbitrary code with the same permissions as the application using a model that allow arbitrary code irrespective of the application...

AZL-67629 CVE-2024-3660 affecting package keras 2.11.0-3

A arbitrary code injection vulnerability in TensorFlow's Keras framework 2.13 allows attackers to execute arbitrary code with the same permissions as the application using a model that allow arbitrary code irrespective of the application...

CVE-2024-3660

A arbitrary code injection vulnerability in TensorFlow's Keras framework 2.13 allows attackers to execute arbitrary code with the same permissions as the application using a model that allow arbitrary code irrespective of the application...

CVE-2024-3660

A arbitrary code injection vulnerability in TensorFlow's Keras framework 2.13 allows attackers to execute arbitrary code with the same permissions as the application using a model that allow arbitrary code irrespective of the application...

UBUNTU-CVE-2024-3660

A arbitrary code injection vulnerability in TensorFlow's Keras framework 2.13 allows attackers to execute arbitrary code with the same permissions as the application using a model that allow arbitrary code irrespective of the application...

PT-2024-27091

Name of the Vulnerable Software and Affected Versions TensorFlow's Keras framework versions prior to 2.13 Description A code injection issue in TensorFlow's Keras framework allows attackers to execute arbitrary code with the same permissions as the application. This can be achieved by using a mod...

TensorFlow Keras 安全漏洞

TensorFlow Keras is a framework open-sourced by TensorFlow. It provides an approachable and efficient interface for solving machine learning problems. A security vulnerability exists in TensorFlow Keras versions prior to 2.13, which stems from the presence of an arbitrary code injection...

GHSA-8FVV-46HW-VPG3 Overflow in `tf.keras.losses.poisson`

Impact tf.keras.losses.poisson receives a ypred and ytrue that are passed through functor::mul in BinaryOp. If the resulting dimensions overflow an int32, TensorFlow will crash due to a size mismatch during broadcast assignment. python import numpy as np import tensorflow as tf truevalue =...

PYSEC-2021-300

TensorFlow is an end-to-end open source platform for machine learning. In affected versions TensorFlow and Keras can be tricked to perform arbitrary code execution when deserializing a Keras model from YAML format. The implementation uses yaml.unsafeload which can perform arbitrary code execution...