24 matches found
Security Bulletin: Apache Log4j vulnerability (CVE-2021-4422) addressed in IBM Watson Machine Learning Accelerator
Summary Apache Log4j, which is used by and included with IBM Watson Machine Learning Accelerator , contains security vulnerability issue CVE-2021-44228. This bulletin provides mitigations for the Log4Shell vulnaribility CVE-2021-44228 by applying workaround steps to IBM Watson Machine Learning...
Security Bulletin: The Ubuntu ca-certificates have been updated in Watson Machine Learning Community Edition containers due to expiration.
Summary Ubuntu ca-certficates expire occasionally and need to be updated. The Ubuntu based containers for Watson Machine Learning Community Edition have been updated to recent ca-certificates. Vulnerability Details Third Party Entry: 192370 DESCRIPTION: ca-certificates package for Ubuntu spoofing...
Security Bulletin: A security vulnerability has been identified in FFMpeg shipped with IBM Watson Machine Learning Community Edition (WMLCE) containers
Summary The following CVEs have been resolved as part of this security update. This only affects container images since this package is not published as part of the WMLCE Conda channel. Vulnerability Details CVEID: CVE-2019-15942 DESCRIPTION: FFmpeg is vulnerable to a denial of service, caused by...
Security Bulletin: A security vulnerability has been identified in TensorFlow shipped with PowerAI.
Summary Vulnerability CVE-2020-5215 found in TensorFlow package. Vulnerability Details CVEID: CVE-2020-5215 DESCRIPTION: Tensorflow is vulnerable to a denial of service, caused by a flaw when converting a string from Python to a tf.float16 value. By sending a specially-crafted string, a remote...
Security Bulletin: A security vulnerability has been identified in SQLite shipped with PowerAI.
Summary Multiple vulnerabilities CVE-2019-19959 and CVE-2019-20218 found in SQLite package. Vulnerability Details CVEID: CVE-2019-19959 DESCRIPTION: SQLite is vulnerable to a denial of service in situations when INSERT INTO is used and there are embedded '\0' characters in file names. By using a...
Security Bulletin: A security vulnerability has been identified in SQLite shipped with PowerAI.
Summary Vulnerability CVE-2019-19317 found in SQLite package. Vulnerability Details CVEID: CVE-2019-19317 DESCRIPTION: SQLite is vulnerable to a denial of service, caused by an error in lookupName in resolve.c. By providing specially crafted input, a remote attacker could exploit this vulnerabili...
Security Bulletin: A security vulnerability has been identified in SQLite shipped with PowerAI.
Summary Multiple vulnerabilities CVE-2019-19242 and CVE-2019-19244 found in SQLite package. Vulnerability Details CVEID: CVE-2019-19242 DESCRIPTION: An unspecified error with the mishandling of pExpr-y.pTab in the sqlite3ExprCodeTarget function in expr.c in SQLite has an unknown impact and attack...
Security Bulletin: A security vulnerability has been identified in libjpeg-turbo shipped with PowerAI.
Summary Vulnerability CVE-2019-2201 found in libjpeg-turbo package. Vulnerability Details CVEID: CVE-2019-2201 DESCRIPTION: libjpeg-turbo could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow and subsequent heap corruption. By persuading a victim to...
Security Bulletin: A security vulnerability has been identified in OpenCV shipped with PowerAI
Summary Multiple Vulnerabilities CVE-2019-14493, CVE-2019-14492 and CVE-2019-14491 were found in OpenCV package. Vulnerability Details CVEID: CVE-2019-14493 DESCRIPTION: An issue was discovered in OpenCV before 4.1.1. There is a NULL pointer dereference in the function cv::XMLParser::parse at...
Security Bulletin: A security vulnerability has been identified in lodash shipped with PowerAI.
Summary Vulnerability CVE-2019-10744 found in lodash package. Vulnerability Details CVEID: CVE-2019-10744 DESCRIPTION: Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype...
Security Bulletin: A security vulnerability has been identified in SQLite shipped with PowerAI
Summary Vulnerability CVE-2019-8457 in SqLite package Vulnerability Details CVEID: CVE-2019-8457 DESCRIPTION: SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode function when handling invalid rtree tables. CVSS Base score: 5.3 CVSS Temporal Score:...
Security Bulletin: A security vulnerability has been identified in Pillow shipped with PowerAI.
Summary Vulnerability CVE-2019-16865 was found in a Pillow package Vulnerability Details CVEID: CVE-2019-16865 DESCRIPTION: An issue was discovered in Pillow versions before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or...
Security Bulletin: A security vulnerability has been identified in Openssl shipped with PowerAI.
Summary Multiple vulnerabilities CVE-2019-1547, CVE-2019-1549 and CVE-2019-1563 were found in Openssl package. Vulnerability Details CVEID: CVE-2019-1547 DESCRIPTION: Normally in OpenSSL, EC groups have a cofactor present which is used in side channel resistant code paths. However, it is possible...
Security Bulletin: A security vulnerability has been identified in Werkzeug shipped with PowerAI.
Summary Vulnerability CVE-2019-14806 in Werkzeug package. Vulnerability Details CVEID: CVE-2019-14806 DESCRIPTION: Pallets Werkzeug versions prior to 0.15.3 used with Docker have insufficient debugger PIN randomness because Docker containers share the same machine ID. CVSS Base score: 7.5 CVSS...
Security Bulletin: A security vulnerability has been identified in openssl shipped with PowerAI Vision
Summary Multiple Vulnerabilities CVE-2019-1547, CVE-2019-1549 and CVE-2019-1563 in openssl package Vulnerability Details CVEID: CVE-2019-1547 DESCRIPTION: Normally in OpenSSL, EC groups always have a cofactor that is used in side channel resistant code paths. However, it is possible to construct ...
Security Bulletin: A security vulnerability has been identified in nginx shipped with PowerAI Vision
Summary Multiple vulnerabilities CVE-2019-9516, CVE-2019-9515, CVE-2019-9517, CVE-2019-9518, CVE-2019-9511, CVE-2019-9513 in nginx Vulnerability Details CVEID: CVE-2019-9516 DESCRIPTION: Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The...
Security Bulletin: A security vulnerability has been identified in Kubernetes shipped with PowerAI Vision
Summary Multiple vulnerabilities CVE-2019-11251, CVE-2019-11253 in Kubernetes package. Vulnerability Details CVEID: CVE-2019-11251 DESCRIPTION: Kubernetes could allow a remote attacker to gain unauthorized access to the system, caused by an error in kubectl cp that allows a combination of two...
Security Bulletin: A security vulnerability has been identified in SQLite shipped with PowerAI Vision
Summary Vulnerability CVE-2019-8457 in SQLite package. Vulnerability Details CVEID: CVE-2019-8457 DESCRIPTION: SQLite3 version 3.6.0 - 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode function when handling invalid rtree tables. CVSS Base score: 5.3 CVSS Temporal Score: See:...
Security Bulletin: A security vulnerability has been identified in nginx shipped with PowerAI Vision
Summary Vulnerability CVE-2019-9512, CVE-2019-9514 in nginx Vulnerability Details CVEID: CVE-2019-9512 DESCRIPTION: Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to buil...
Security Bulletin: A security vulnerability has been identified in Kubernetes shipped with PowerAI Vision
Summary Multiple vulnerabilities CVE-2019-11249, CVE-2019-11247 found in Kubernetes package. Vulnerability Details CVEID: CVE-2019-11249 DESCRIPTION: The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the...