NuGet Package 'Microsoft.ML.TensorFlow.Redist' Detection

The remote host has a 'Microsoft.ML.TensorFlow.Redist' with a Verified NuGet package status and is installed on the remote host. Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc...

NuGet Package 'Microsoft.ML.TensorFlow' Detection

The remote host has a 'Microsoft.ML.TensorFlow' with a Verified NuGet package status and is installed on the remote host. Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow [CVE-2023-33976]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow, caused by a a segfault when not given a rank 2 tensor in the arrayops.upperbound function CVE-2023-33976. TensorFlow is used by our Speech Service runtimes. This...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary code execution in TensorFlow Keras [CVE-2024-3660]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary code execution in TensorFlow Keras, caused by a code injection flaw CVE-2024-3660. TensorFlow Keras is used by our Speech Service runtimes. This vulnerabilitiy has been addressed. Please read the...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Tensorflow

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Tensorflow Vulnerability Details CVEID:CVE-2023-30767 DESCRIPTION: Intel Optimization for TensorFlow could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper...

CBL Mariner 2.0 Security Update: tensorflow (CVE-2023-33976)

The version of tensorflow installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-33976 advisory. - TensorFlow is an end-to-end open source platform for machine learning. arrayops.upperbound causes a...

TensorFlow segfault in array_ops.upper_bound

...

Out-of-bounds Read

tensorflow,tensorflowcpu and tensorflowgpu are vulnerable to Out-of-bounds Read. The vulnerability is caused due to the implementations of the Minimum and Maximum TFLite operators can be used to read data outside of bounds of heap allocated objects, if any of the two input tensor arguments are...

Division By Zero Error

TensorFlow is vulnerable to Division By Zero Error. The vulnerability is due to improper validation of the params input in the GatherNd TFLite operator, which allows an empty tensor to craft a malicious model that can trigger a division by zero and causing a zero dimension in paramsshape.Dims...

Denial Of Service (DoS)

TensorFlow is vulnerable to Denial of Service DoS. The vulnerability is due to insufficient validation of user-controlled input in TFLite's convolution code, where the code does not check if the divisor is zero before performing division. This allows an attacker to exploit the division by zero...

Division By Zero Error

TensorFlow is vulnerable to a Division By Zero Error. The vulnerability is due to the EmbeddingLookup TFLite operator not checking if the first dimension of the value input is zero before performing a division operation. It allows an attacker to craft a model that triggers the error, potentially...

Null Pointer Error

TensorFlow is vulnerable to Null Pointer Error . The vulnerability is due to improper handling of null pointers returned by the GetVariableInput function and the GetMutableInput function, which are not correctly checked before being used in the TFLite implementation of SVDF, allows an attacker to...

Division By Zero Error

TensorFlow is vulnerable to a Division By Zero Error. The vulnerability is due to a division by zero error in the TFLite implementation of hashtable lookup when the values tensor's first dimension is 0, allowing an attacker to craft a model that, when processed, triggers the division by zero erro...

Integer Overflow

tensorflow, tensorflowcpu and tensorflowgpu are vulnerable to Integer Overflow. The vulnerability is caused due to a missing validation where TFLite implementation of concatenation is vulnerable to an integer overflow issue. An attacker can craft a model such that the dimensions of one of the...

AZL-48740 CVE-2024-6232 affecting package tensorflow for versions less than 2.16.1-7

There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives...

Divide By Zero

tensorflow, tensorflowcpu and tensorflowgpu are vulnerable to Divide By Zero. The vulnerability is caused due to a missing validation where the implementation of fully connected layers in TFLite is vulnerable to a division by zero error. An attacker can craft a model such that filter-dims-data1 i...

Division By Zero Error

TensorFlow is vulnerable to Division By Zero Error. The vulnerability is due to the SVDF TFLite operator does not properly handle cases where params-rank is set to 0, allowing an attacker to craft a model that triggers a division by zero error...

Uncontrolled Recursion

TensorFlow is vulnerable to an Uncontrolled Recursion vulnerability. The vulnerability is due to the failure to check for loops between nodes in TFLite graphs, allowing an attacker to craft models that could cause infinite loops or stack overflow during evaluation...

Null Pointer Dereference

TensorFlow is vulnerable to a null pointer dereference. The vulnerability exists due to unconditionally dereferencing a pointer in the TFLite model, allowing an attacker to craft a TFLite model that triggers this dereference. It leads to crash the system and cause a denial of service...

Out-of-bounds Read

TensorFlow is vulnerable to an Out-of-bounds Read. The vulnerability is due to improper validation of the axisvalue in the TFLite implementation of SplitV, which can lead to accessing data outside the bounds of the tensor shape array...