BIT-TENSORFLOW-2023-27579 TensorFlow has Floating Point Exception in TFLite in conv kernel

TensorFlow is an end-to-end open source platform for machine learning. Constructing a tflite model with a paramater filterinputchannel of less than 1 gives a FPE. This issue has been patched in version 2.12. TensorFlow will also cherrypick the fix commit on TensorFlow 2.11.1...

Software vulnerabilities related to application optimization in Intel Optimization for TensorFlow framework, caused by incorrect elimination of special elements in the output data, allow attackers to exploit these vulnerabilities to gain enhanced privileges.

The vulnerability of software for application optimization in Intel Optimization for TensorFlow framework is related to incorrect elimination of certain elements in the output data. Exploiting this vulnerability can allow attackers to enhance their privileges...

CVE-2023-30767

Improper buffer restrictions in IntelR Optimization for TensorFlow before version 2.13.0 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2023-30767

Improper buffer restrictions in IntelR Optimization for TensorFlow before version 2.13.0 may allow an authenticated user to potentially enable escalation of privilege via local access...

Buffer overflow

Improper buffer restrictions in IntelR Optimization for TensorFlow before version 2.13.0 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2023-30767

Improper buffer restrictions in IntelR Optimization for TensorFlow before version 2.13.0 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2023-30767

Improper buffer restrictions in IntelR Optimization for TensorFlow before version 2.13.0 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2023-30767

CVE-2023-30767 affects Intel® Optimization for TensorFlow prior to version 2.13.0. The root cause is improper buffer restrictions/bounds checking, which may allow an authenticated local user to escalate privileges. Documented impact includes local elevation of privilege with confidential/integrit...

PT-2024-1791 · Intel · Intel Optimization For Tensorflow

Name of the Vulnerable Software and Affected Versions: IntelR Optimization for TensorFlow versions prior to 2.13.0 Description: The issue is related to improper buffer restrictions, which may allow an authenticated user to potentially enable escalation of privilege via local access. It is also...

Intel Optimization for TensorFlow Security Vulnerability

Intel Optimization for Tensorflow is a set of tools and libraries optimized for the TensorFlow framework from Intel Corporation. A security vulnerability exists in Intel Optimization for TensorFlow prior to version 2.13.0, which stems from an improperly restricted buffer and could lead to privile...

Intel® Optimization for TensorFlow Advisory

Summary: A potential security vulnerability in Intel® Optimization for TensorFlow may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2023-30767 Description: Improper buffer restrictions in Intel®...

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to TensorFlow denial of service vulnerabilitiy [CVE-2023-25661]

Summary Potential TensorFlow denial of service, caused by improper input validation by the Convolution3DTranspose function have been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information...

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to multiple Tensorflow vulnerabilities.

Summary Multiple Tensorflow vulnerabilitiies have been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerabilities have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-25662 DESCRIPTION: TensorFlow is vulnerable...

autopilotml (>=1.0.1 <=1.0.14), chicken-coop (>=0.0.1 <=0.0.5) +13 more potentially affected by CVE-2024-22415 via jupyter-lsp (>=2.2.0 <=2.2.1)

jupyter-lsp PYPI version =2.2.0, =1.0.1, =0.0.1, =0.0.1, =1.16.0, =0.0.1, =0.0.22, =0.82.0, =1.0.4, =0.1.0.2, =0.0.2, =0.0.12 - zftracker =0.0.3 Source cves: CVE-2024-22415 Source advisory: OSV:GHSA-4QHP-652W-C22X...

TensorFlow CI/CD Flaw Exposed Supply Chain to Poisoning Attacks

Continuous integration and continuous delivery CI/CD misconfigurations discovered in the open-source TensorFlow machine learning framework could have been exploited to orchestrate supply chain attacks. The misconfigurations could be abused by an attacker to "conduct a supply chain compromise of...

ml.shifu:shifu-tensorflow-eval (=0.12.0), ml.shifu:shifu-tensorflow-on-yarn (=0.12.0) potentially affected by CVE-2023-7148 via ml.shifu:shifu (=0.12.0)

ml.shifu:shifu MAVEN version =0.12.0 is affected by a known vulnerability. The following packages have a transitive dependency on ml.shifu:shifu and may be impacted: - ml.shifu:shifu-tensorflow-eval =0.12.0 - ml.shifu:shifu-tensorflow-on-yarn =0.12.0 Source cves: CVE-2023-7148 Source advisory:...

Security Bulletin: Multiple Vulnerabilities affecting IBM Watson Studio in Cloud Pak for Data Are Addressed

Summary There are multiple vulnerabilities in Runtimes 22.2 component impacting IBM Watson Studio in Cloud Pak for Data. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-2800 DESCRIPTION: Hugging Face Transformers is vulnerable to a...

GHSA-897X-XVJ8-42RQ Zip slip in mleap

FileUtil.extract enumerates all zip file entries and extracts each file without validating whether file paths in the archive are outside the intended directory. When creating an instance of TensorflowModel using the savedmodel format and an exported tensorflow model, the apply function invokes th...

CVE-2023-5245

FileUtil.extract enumerates all zip file entries and extracts each file without validating whether file paths in the archive are outside the intended directory. When creating an instance of TensorflowModel using the savedmodel format and an exported tensorflow model, the apply function invokes th...

CBL Mariner 2.0 Security Update: tensorflow (CVE-2023-25661)

The version of tensorflow installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-25661 advisory. - TensorFlow is an Open Source Machine Learning Framework. In versions prior to 2.11.1 a malicious invalid...