Lucene search
K

65 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2021/05/03 3:14 p.m.33 views

Security Bulletin: Go can panic upon an attempt to process network traffic on IBM Watson Machine Learning on CP4D

Summary Go is vulnerable to a denial of service and can panic upon an attempt to process network traffic on IBM Watson Machine Learning on CP4D Vulnerability Details CVEID: CVE-2019-17596 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a flaw when verifying invalid DSA publ...

7.5CVSS0.6AI score0.04693EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/05/03 3:13 p.m.19 views

Security Bulletin: TensorFlow is vulnerable to a heap-based buffer overflow on IBM Watson Machine Learning on CP4D

Summary TensorFlow is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by UnsortedSegmentSum on IBM Watson Machine Learning on CP4D Vulnerability Details CVEID: CVE-2019-16778 DESCRIPTION: TensorFlow is vulnerable to a heap-based buffer overflow, caused by improper...

9.8CVSS1.8AI score0.00777EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/05/03 3:11 p.m.21 views

Security Bulletin: GO is vulnerable to allows attacks on clients on IBM Watson Machine Learning on CP4D

Summary GO is vulnerable to to a denial of service and allows attacks on clients on IBM Watson Machine Learning on CP4D Vulnerability Details CVEID: CVE-2020-7919 DESCRIPTION: Go is vulnerable to a denial of service. By sending a malformed X.509 certificate, a remote attacker could exploit this...

7.8CVSS2.2AI score0.02582EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/05/03 3:6 p.m.32 views

Security Bulletin: Tensor Flow security vulnerabilities with denial of service on IBM Watson Machine Learning Server

Summary TensorFlow is vulnerable to a denial of service .Remote attacker could exploit this vulnerability to cause a denial of service condition on IBM Watson Machine Learning Server Vulnerability Details CVEID: CVE-2020-15190 DESCRIPTION: TensorFlow is vulnerable to a denial of service, caused b...

5.3CVSS0.8AI score0.00943EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/05/03 3:0 p.m.40 views

Security Bulletin: GO security vulnerabilities on IBM Watson Machine Learning Server

Summary Golang Go is vulnerable to a denial of service on IBM Watson Machine Learning Server Vulnerability Details CVEID: CVE-2020-15586 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by a data race in some net/http servers. By sending specially-crafted HTTP requests, a remot...

5.9CVSS7AI score0.02893EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/02/05 12:14 a.m.9 views

Security Bulletin: The Ubuntu ca-certificates have been updated in Watson Machine Learning Community Edition containers due to expiration.

Summary Ubuntu ca-certficates expire occasionally and need to be updated. The Ubuntu based containers for Watson Machine Learning Community Edition have been updated to recent ca-certificates. Vulnerability Details Third Party Entry: 192370 DESCRIPTION: ca-certificates package for Ubuntu spoofing...

0.7AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/02/04 11:53 p.m.38 views

Security Bulletin: Watson Machine Learning Community Edition docker containers have been updated to fix a security issue in libcurl

Summary Watson Machine Learning Community Edition docker containers have been updated to fix a security issue in libcurl. Users should repull the docker containers from dockerhub.com or issue an in-container update. Vulnerability Details CVEID: CVE-2020-8231 DESCRIPTION: cURL libcurl could allow ...

7.5CVSS0.9AI score0.03721EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/02/04 11:37 p.m.26 views

Security Bulletin: TensorFlow in Watson Machine Learning Community Edition 1.6.2 and 1.7.0 has been patched for various security issues.

Summary TensorFlow in Watson Machine Learning Community Edition 1.6.2 and 1.7.0 has had various CVE reported against it and have been patched. Users should update to the latest available TensorFlow package. Vulnerability Details CVEID: CVE-2020-15265 DESCRIPTION: Tensorflow is vulnerable to a...

7.5CVSS1.5AI score0.00916EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/02/04 11:30 p.m.18 views

Security Bulletin: TensorFlow in Watson Machine Learning 1.6.2 and 1.7.0 has been patched for various security issues in nanopb.

Summary TensorFlow in Watson Machine Learning 1.6.2 and 1.7.0 has had various secuirty issue published for nanopb. These have been patched in the latest versions of TensorFlow. Vulnerability Details Third Party Entry: 193026 DESCRIPTION: Nanopb pbencode buffer overflow CVSS Base score: 4.8 CVSS...

1.3AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/02/04 11:21 p.m.16 views

Security Bulletin: TensorFlow in Watson Machine Learning 1.6.2 and 1.7.0 has been patched for a security issue in nanopb.

Summary TensorFlow in Watson Machine Learning 1.6.2 and 1.7.0 has had various secuirty issue published for nanopb. These have been patched in the latest versions of TensorFlow. Vulnerability Details CVEID: CVE-2020-26243 DESCRIPTION: Nanopb is vulnerable to a denial of service, caused by a memory...

7.5CVSS1.1AI score0.0261EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/02/04 10:54 p.m.39 views

Security Bulletin: TensorFlow in Watson Machine Learning Community Edition 1.6.2 and 1.7.0 has been patched for various security issues.

Summary TensorFlow in Watson Machine Learning Community Edition 1.6.2 and 1.7.0 has had various reported CVEID's included below. These issues have been patched and users should update to the latest available versions. Vulnerability Details CVEID: CVE-2020-26270 DESCRIPTION: TensorFlow is vulnerab...

7.8CVSS0.3AI score0.00663EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/31 10:2 p.m.50 views

Security Bulletin: Watson Machine Learning Service is impacted by security vulnerabilities in OpenJDK 11

Summary Security vulnerabilities in OpenJDK impacts Watson Machine Learning Service. These vulnerabilities are now addressed. Vulnerability Details CVEID: CVE-2019-2964 DESCRIPTION: An unspecified vulnerability in Java SE related to the Concurrency component could allow an unauthenticated attacke...

8.3CVSS1.8AI score0.0623EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/20 8:12 p.m.50 views

Security Bulletin: WML CE: TensorFlow: In SQLite before 3.32.3, select.c mishandles query-flattener optimization

Summary In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation. TensorFlow in WML CE uses SQLite as its embedded SQL database engine. Vulnerability Details CVEID:...

5.5CVSS1.3AI score0.01027EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/20 8:1 p.m.23 views

Security Bulletin: WML CE Scikit-learn vulnerable to irresponsible usage

Summary WML containers include scikit-learn. Scikit-learn includes joblib and pickle to cache and load models. Pickle and joblib by extension, has some issues regarding maintainability and security. Because of this, usage of the joblib.load function in scikit-learn must be done in a responsible...

9.8CVSS0.7AI score0.02645EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/17 11:6 p.m.29 views

Security Bulletin: WML CE: Pillow before 7.1.0 has multiple out-of-bounds reads

Summary Pillow before 7.1.0 has multiple out-of-bounds reads in libImaging/FliDecode.c. PyTorch and TensorFlow use Pillow. Vulnerability Details CVEID: CVE-2020-10177 DESCRIPTION: Pillow could allow a remote attacker to obtain sensitive information, caused by multiple out-of-bounds reads in...

5.5CVSS1.1AI score0.01468EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/17 11:4 p.m.11 views

Security Bulletin: WML CE: TensorBoard: Node.js lodash module is vulnerable to a denial of service, caused by a prototype pollution attack.

Summary Node.js lodash module is vulnerable to a denial of service, caused by a prototype pollution attack. TensorBoard uses lodash. A remote attacker could exploit this vulnerability using the merge, mergeWith, and defaultsDeep functions to inject properties onto Object.prototype to crash the...

2.2AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/17 10:58 p.m.21 views

Security Bulletin: WML CE: libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read

Summary libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in getrgbrow in rdppm.c via a malformed PPM input file. Vulnerability Details CVEID: CVE-2020-13790 DESCRIPTION: Libjpeg-turbo is vulnerable to a denial of service, caused by heap-based buffer over-read in getrgbrow...

8.1CVSS2.1AI score0.03178EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/03/01 6:2 p.m.25 views

Security Bulletin: A security vulnerability has been identified in TensorFlow shipped with PowerAI.

Summary Vulnerability CVE-2020-5215 found in TensorFlow package. Vulnerability Details CVEID: CVE-2020-5215 DESCRIPTION: Tensorflow is vulnerable to a denial of service, caused by a flaw when converting a string from Python to a tf.float16 value. By sending a specially-crafted string, a remote...

7.5CVSS0.1AI score0.00581EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/03/01 5:12 p.m.26 views

Security Bulletin: A security vulnerability has been identified in SQLite shipped with PowerAI.

Summary Vulnerability CVE-2019-19317 found in SQLite package. Vulnerability Details CVEID: CVE-2019-19317 DESCRIPTION: SQLite is vulnerable to a denial of service, caused by an error in lookupName in resolve.c. By providing specially crafted input, a remote attacker could exploit this vulnerabili...

9.8CVSS0.4AI score0.04276EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/03/01 5:2 p.m.29 views

Security Bulletin: A security vulnerability has been identified in SQLite shipped with PowerAI.

Summary Multiple vulnerabilities CVE-2019-19242 and CVE-2019-19244 found in SQLite package. Vulnerability Details CVEID: CVE-2019-19242 DESCRIPTION: An unspecified error with the mishandling of pExpr-y.pTab in the sqlite3ExprCodeTarget function in expr.c in SQLite has an unknown impact and attack...

7.5CVSS0.7AI score0.03333EPSS
Exploits0Affected Software1
Rows per page
Query Builder