Security Bulletin: Multiple security vulnerabilities affect IBM Robotic Process Automation

Summary Python, Apache Spark, Tensorflow and Traefik contain multiple vulnerabilities and are used by IBM Robotic Process Automation as part of Watson NLP CVE-2022-40898, CVE-2023-22946, CVE-2023-25658, CVE-2023-25659, CVE-2023-25660, CVE-2023-25661, CVE-2023-25662, CVE-2023-25663, CVE-2023-25664...

a2grunnerp (>=0.1.0 <=0.1.8), da4rdm-recsys-contentbased (>=1.0.1 <=1.0.3) potentially affected by CVE-2023-27506 via tensorflow-intel (>=2.10.0 <=2.11.0)

tensorflow-intel PYPI version =2.10.0, =0.1.0, =1.0.1, =1.0.3 Source cves: CVE-2023-27506 Source advisory: OSV:GHSA-M2F8-V8Q4-3M59...

CVE-2023-27506

Improper buffer restrictions in the IntelR Optimization for Tensorflow software before version 2.12 may allow an authenticated user to potentially enable escalation of privilege via local access...

Buffer overflow

Improper buffer restrictions in the IntelR Optimization for Tensorflow software before version 2.12 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2023-27506

CVE-2023-27506 affects Intel® Optimization for TensorFlow prior to 2.12. The issue arises from improper buffer restrictions, enabling a locally authenticated attacker to potentially escalate privileges on the system. Intel and multiple advisories reference the same vulnerability, with the primary...

CVE-2023-27506

Improper buffer restrictions in the IntelR Optimization for Tensorflow software before version 2.12 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2023-27506

Improper buffer restrictions in the IntelR Optimization for Tensorflow software before version 2.12 may allow an authenticated user to potentially enable escalation of privilege via local access...

Intel Optimization for Tensorflow software buffer error vulnerability

Intel Optimization for Tensorflow is a set of tools and libraries optimized for the TensorFlow framework from Intel Corporation USA. A security vulnerability exists in Intel Optimization for Tensorflow versions prior to 2.12, which stems from incorrect buffer limits. An attacker can exploit the...

PT-2023-21178 · Intel · Intel Optimization For Tensorflow

Name of the Vulnerable Software and Affected Versions: IntelR Optimization for Tensorflow versions prior to 2.12 Description: The issue is related to improper buffer restrictions, which may allow an authenticated user to potentially enable escalation of privilege via local access. Recommendations...

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to multiple vulerabilities in TensorFlow

Summary Multiple vulnerabilities in TensorFlow have been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerabilities have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-25658 DESCRIPTION: TensorFlow is vulnerab...

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in TensorFlow

Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of TensorFlow. IBM has addressed the vulnerabilities. Vulnerability Details CVEID:CVE-2023-25661 DESCRIPTION: TensorFlow is vulnerable to a denial of service, caused by improper input validation by the...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow [CVE-2023-25668]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow, caused by a heap-based buffer overflow. CVE-2023-25668 TensorFlow is included as part of the runtimes in our service. This vulnerabilitiy has been addressed. Please read the...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow (CVE-2023-25661)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow, caused by improper input validation by the Convolution3DTranspose function CVE-2023-25661. TensorFlow is included as part of the runtimes in our service. This vulnerabilitiy...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow ( CVE-2023-27579)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow, caused by a floating point exception when a tflite model with a paramater filterinputchannel of less than 1 is constructed. CVE-2023-27579. TensorFlow is included as part of...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow (CVE-2023-25672)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow, caused by a NULL pointer dereference in tf.rawops CVE-2023-25672. TensorFlow is included as part of the runtimes in our service. This vulnerabilitiy has been addressed. Plea...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow (CVE-2023-25671)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow, caused by an out-of-bounds read in ValueMap::Manager::GetValueOrCreatePlaceholder CVE-2023-25671. TensorFlow is included as part of the runtimes in our service. This...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow (CVE-2023-25670)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow, caused by a NULL pointer dereference in QuantizedMatMulWithBiasAndDequantize when MKL is enabled CVE-2023-25670. TensorFlow is included as part of the runtimes in our servic...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow (CVE-2023-25674)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow, caused by a NULL pointer dereference in RandomShuffle when XLA is enabled CVE-2023-25674. TensorFlow is included as part of the runtimes in our service. This vulnerabilitiy...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow (CVE-2023-25673)

Summary Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow, caused by a floating point exception in TensorListSplit when XLA is enabled CVE-2023-25673. TensorFlow is included as part of the runtimes in our service...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow (CVE-2023-25667)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow, caused by an integer overflow when 2^31 = numframes height width channels 2^32 CVE-2023-25667. TensorFlow is included as part of the runtimes in our service. This...