Security Bulletin: WML CE: Pillow before 7.1.0 has multiple out-of-bounds reads

Summary Pillow before 7.1.0 has multiple out-of-bounds reads in libImaging/FliDecode.c. PyTorch and TensorFlow use Pillow. Vulnerability Details CVEID: CVE-2020-10177 DESCRIPTION: Pillow could allow a remote attacker to obtain sensitive information, caused by multiple out-of-bounds reads in...

Security Bulletin: WML CE: In Pillow before 7.1.0, there is a Buffer Overflow

Summary In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/TiffDecode.c. PyTorch and TensorFlow uses Pillow. Vulnerability Details CVEID: CVE-2020-10378 DESCRIPTION: Pillow could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read when readin...

Security Bulletin: WML CE: TensorBoard: Node.js lodash module is vulnerable to a denial of service, caused by a prototype pollution attack.

Summary Node.js lodash module is vulnerable to a denial of service, caused by a prototype pollution attack. TensorBoard uses lodash. A remote attacker could exploit this vulnerability using the merge, mergeWith, and defaultsDeep functions to inject properties onto Object.prototype to crash the...

Security Bulletin: WMLCE: libpcre in PCRE before 8.44 allows an integer overflow

Summary PCRE, which is using in TensorFlow allows an integer overflow via a large number after a ?C substring. Vulnerability Details CVEID: CVE-2020-14155 DESCRIPTION: PCRE could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in libpcre. By sending ...

Security Bulletin: A security vulnerability has been identified in Bleach shipped with IBM Watson Machine Learning Community Edition (WMLCE)

Summary Multiple vulnerabilities have been found in the Bleach package, which is either built in to or distributed with IBM WMLCE. Vulnerability Details CVEID: CVE-2020-6816 DESCRIPTION: Mozilla Bleach is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by...