CVE-2024-37057

Deserialization of untrusted data can occur in versions of the MLflow platform running version 2.0.0rc0 or newer, enabling a maliciously uploaded Tensorflow model to run arbitrary code on an end user’s system when interacted with...

CVE-2024-37057

Deserialization of untrusted data can occur in versions of the MLflow platform running version 2.0.0rc0 or newer, enabling a maliciously uploaded Tensorflow model to run arbitrary code on an end user’s system when interacted with...

PT-2024-27272 · Unknown +1 · Tensorflow +1

Name of the Vulnerable Software and Affected Versions: MLflow platform versions 2.0.0rc0 and newer Description: The issue allows deserialization of untrusted data, enabling a maliciously uploaded Tensorflow model to run arbitrary code on an end user's system when interacted with. Recommendations:...

TensorFlow < 2.12.0 Multiple Vulnerabilities

The version of TensorFlow installed on the remote host is prior to 2.12.0. It is, therefore, affected by multiple vulnerabilities as referenced in the release notes. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...

TensorFlow < 2.9.3 Multiple Vulnerabilities

The version of TensorFlow installed on the remote host is prior to 2.9.3. It is, therefore, affected by multiple vulnerabilities as referenced in the release notes. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...

AZL-42106 CVE-2024-35195 affecting package tensorflow for versions less than 2.16.1-8

Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests Session, if the first request is made with verify=False to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of verif...

GHSA-9WX4-H78V-VM56 vulnerabilities

Vulnerabilities for packages: ggshield, kubeflow-volumes-web-app, py3.11-torchvision-cuda-12.3, reflex, jwt-tool, kubeflow-pipelines-visualization-server, patroni, az, superset, apache-beam-python-3.11-sdk, airflow, checkov, py3-cassandra-medusa, request-1276, py3-torchvision-cuda-11.8,...

TensorFlow < 2.11.1 Multiple Vulnerabilities

The version of TensorFlow installed on the remote host is prior to 2.11.1. It is, therefore, affected by multiple vulnerabilities as referenced in the release notes. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...

TensorFlow < 2.10.1 Multiple Vulnerabilities

The version of TensorFlow installed on the remote host is prior to 2.10.1. It is, therefore, affected by multiple vulnerabilities as referenced in the release notes. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...

TensorFlow < 2.14.1 Multiple Vulnerabilities

The version of TensorFlow installed on the remote host is prior to 2.14.1. It is, therefore, affected by multiple vulnerabilities as referenced in the release notes. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...

TensorFlow Detection

Binary data tensorflowdetect.nbin...

Security Bulletin:Tensorflow, which is vulnerable to multiple security CVEs, is used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses Tensorflow which is vulnerable to multiple security CVEs. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-25658 DESCRIPTION: TensorFlow is vulnerable to a denial of servic...

CVE-2023-27536 affecting package tensorflow for versions less than 2.16.1-1

CVE-2023-27536 affecting package tensorflow for versions less than 2.16.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2023-27538 affecting package tensorflow for versions less than 2.16.1-1

CVE-2023-27538 affecting package tensorflow for versions less than 2.16.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2023-28320 affecting package tensorflow for versions less than 2.16.1-1

CVE-2023-28320 affecting package tensorflow for versions less than 2.16.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2023-27534 affecting package tensorflow for versions less than 2.16.1-1

CVE-2023-27534 affecting package tensorflow for versions less than 2.16.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2023-28322 affecting package tensorflow for versions less than 2.16.1-1

CVE-2023-28322 affecting package tensorflow for versions less than 2.16.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2023-23914 affecting package tensorflow for versions less than 2.16.1-1

CVE-2023-23914 affecting package tensorflow for versions less than 2.16.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2022-43552 affecting package tensorflow for versions less than 2.16.1-1

CVE-2022-43552 affecting package tensorflow for versions less than 2.16.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2023-38545 affecting package tensorflow for versions less than 2.16.1-1

CVE-2023-38545 affecting package tensorflow for versions less than 2.16.1-1. An upgraded version of the package is available that resolves this issue...