AZL-54212 CVE-2024-11053 affecting package tensorflow for versions less than 2.16.1-7

When asked to both use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname but...

PT-2025-39414

Name of the Vulnerable Software and Affected Versions TensorFlow version 2.18.0 Description TensorFlow version 2.18.0 exhibits a behavior where it outputs random results during the compilation of the Embedding component. This can lead to unpredictable application behavior. Recommendations At the...

AZL-52449 CVE-2024-9681 affecting package tensorflow for versions less than 2.16.1-7

When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than otherwise intended. This affects curl using applications that enable HSTS and use URLs with the insecure HTTP:// scheme and perform transfers with host...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow [CVE-2023-33976]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow, caused by a a segfault when not given a rank 2 tensor in the arrayops.upperbound function CVE-2023-33976. TensorFlow is used by our Speech Service runtimes. This...

CVE-2024-6232 affecting package tensorflow for versions less than 2.16.1-7

CVE-2024-6232 affecting package tensorflow for versions less than 2.16.1-7. A patched version of the package is available...

CVE-2024-8088 affecting package tensorflow for versions less than 2.16.1-7

CVE-2024-8088 affecting package tensorflow for versions less than 2.16.1-7. A patched version of the package is available...

CVE-2024-7592 affecting package tensorflow for versions less than 2.16.1-6

CVE-2024-7592 affecting package tensorflow for versions less than 2.16.1-6. A patched version of the package is available...

CVE-2024-3651 affecting package tensorflow for versions less than 2.16.1-7

CVE-2024-3651 affecting package tensorflow for versions less than 2.16.1-7. A patched version of the package is available...

Tensorflow-hub Detection

A Tensorflow-hub Python library is installed on the remote host. Note that Nessus has relied upon on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid208141; scriptversion"1.6";...

NuGet Package 'Microsoft.ML.TensorFlow' Detection

The remote host has a 'Microsoft.ML.TensorFlow' with a Verified NuGet package status and is installed on the remote host. Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if...

NuGet Package 'Microsoft.ML.TensorFlow.Redist' Detection

The remote host has a 'Microsoft.ML.TensorFlow.Redist' with a Verified NuGet package status and is installed on the remote host. Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow [CVE-2023-33976]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow, caused by a a segfault when not given a rank 2 tensor in the arrayops.upperbound function CVE-2023-33976. TensorFlow is used by our Speech Service runtimes. This...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary code execution in TensorFlow Keras [CVE-2024-3660]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary code execution in TensorFlow Keras, caused by a code injection flaw CVE-2024-3660. TensorFlow Keras is used by our Speech Service runtimes. This vulnerabilitiy has been addressed. Please read the...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Tensorflow

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Tensorflow Vulnerability Details CVEID:CVE-2023-30767 DESCRIPTION: Intel Optimization for TensorFlow could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper...

CBL Mariner 2.0 Security Update: tensorflow (CVE-2023-33976)

The version of tensorflow installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-33976 advisory. - TensorFlow is an end-to-end open source platform for machine learning. arrayops.upperbound causes a...

TensorFlow segfault in array_ops.upper_bound

...

Out-of-bounds Read

tensorflow,tensorflowcpu and tensorflowgpu are vulnerable to Out-of-bounds Read. The vulnerability is caused due to the implementations of the Minimum and Maximum TFLite operators can be used to read data outside of bounds of heap allocated objects, if any of the two input tensor arguments are...

Division By Zero Error

TensorFlow is vulnerable to Division By Zero Error. The vulnerability is due to improper validation of the params input in the GatherNd TFLite operator, which allows an empty tensor to craft a malicious model that can trigger a division by zero and causing a zero dimension in paramsshape.Dims...

Denial Of Service (DoS)

TensorFlow is vulnerable to Denial of Service DoS. The vulnerability is due to insufficient validation of user-controlled input in TFLite's convolution code, where the code does not check if the divisor is zero before performing division. This allows an attacker to exploit the division by zero...

Division By Zero Error

TensorFlow is vulnerable to a Division By Zero Error. The vulnerability is due to the EmbeddingLookup TFLite operator not checking if the first dimension of the value input is zero before performing a division operation. It allows an attacker to craft a model that triggers the error, potentially...