Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow (CVE-2023-25664)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow, caused by a heap-based buffer overflow in TAvgPoolGrad CVE-2023-25664. TensorFlow is included as part of the runtimes in our service. This vulnerabilitiy has been addressed...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow (CVE-2023-25659)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow , caused by an out-of-bounds read when the indices parameter in DynamicStitch does not match the data parameter CVE-2023-25659. TensorFlow is included as part of the runtimes...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow (CVE-2023-25658)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow, caused by an out-of-bounds read in GRUBlockCellGrad CVE-2023-25658. TensorFlow is included as part of the runtimes in our service. This vulnerabilitiy has been addressed...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow (CVE-2023-25660)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow, caused by a segmentation fault when the summarize parameter in tf.rawops.Print is zero CVE-2023-25660. TensorFlow is included as part of the runtimes in our service. This...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow (CVE-2023-25675)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow, caused by a segmentation fault in tf.rawops.Bincount when running XLA CVE-2023-25675. TensorFlow is included as part of the runtimes in our service. This vulnerabilitiy has...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary code execution in TensorFlow (CVE-2023-25801)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary code execution in TensorFlow, caused by a double-free in nnops.fractionalavgpoolv2 and nnops.fractionalmaxpoolv2 CVE-2023-25801. TensorFlow is included as part of the runtimes in our service. Thi...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow (CVE-2023-25676)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow, , caused by a NULL pointer dereference in tf.rawops.ParallelConcat when running XLA CVE-2023-25676. TensorFlow is included as part of the runtimes in our service. This...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow (CVE-2023-25666)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow, caused by a floating point exception in AudioSpectrogram. CVE-2023-25666. TensorFlow is included as part of the runtimes in our service. This vulnerabilitiy has been...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow (CVE-2023-25665)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow, caused by a NULL pointer dereference CVE-2023-25665. TensorFlow is included as part of the runtimes in our service. This vulnerabilitiy has been addressed. Please read the...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow ( CVE-2023-25663)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow due to a NULL pointer dereference in the Lookup function CVE-2023-25663. TensorFlow is included as part of the runtimes in our service. This vulnerabilitiy has been addressed...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow (CVE-2023-25662)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow due to an integer overflow in EditDistance CVE-2023-25662. TensorFlow is included as part of the runtimes in our service. This vulnerabilitiy has been addressed. Please read...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow (CVE-2023-25669)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow due to a floating point exception in tf.rawops.AvgPoolGrad CVE-2023-25669. TensorFlow is included as part of the runtimes in our service. This vulnerabilitiy has been...

Security Bulletin: tensorflow-2.7.3-cp37 vulnerable to CVE-2022-41911 CVE-2022-41907 CVE-2022-41908 CVE-2022-41896 CVE-2022-41891 CVE-2022-41894 CVE-2022-41884 IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses tensorflow-2.7.3-cp37 vulnerable to CVE-2022-41911, CVE-2022-41907, CVE-2022-41908, CVE-2022-41896, CVE-2022-41891, CVE-2022-41894, CVE-2022-41884, CVE-2022-41898, CVE-2022-41888, CVE-2022-41897, CVE-2022-41880, CVE-2022-41889,...

AZL-38032 CVE-2023-28321 affecting package tensorflow for versions less than 2.16.1-1

An improper certificate validation vulnerability exists in curl v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS...

AZL-38926 CVE-2023-28320 affecting package tensorflow for versions less than 2.16.1-1

A denial of service vulnerability exists in curl v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. If it is built to use the synchronous resolver, it allows name resolves to time-out slow operations using alarm and siglongjmp. When doi...

AZL-38554 CVE-2023-28319 affecting package tensorflow for versions less than 2.16.1-1

A use after free vulnerability exists in curl v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the now freed hash. This flaw...

Security Bulletin: TensorFlow is vulnerable to security CVEs used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses Tensorflow which is vulnerable to security CVEs. Vulnerability Details CVEID:CVE-2021-37635 DESCRIPTION: TensorFlow could allow a local authenticated attacker to obtain sensitive information, caused by a heap out-of-bounds read flaw in...

Security Bulletin: Tensorflow is vulnerable to security CVEs used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses Tensorflow which is vulnerable to security CVEs. Vulnerability Details CVEID:CVE-2022-23592 DESCRIPTION: TensorFlow could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a heap out-of-bounds rea...

AZL-38767 CVE-2023-29941 affecting package tensorflow for versions less than 2.16.1-1

llvm-project commit a0138390 was discovered to contain a segmentation fault via the component matchAndRewriteSortOpmlir::sparsetensor::SortOp...

FreeBSD : py-tensorflow -- unchecked argument causing crash (52311651-f100-4720-8c62-0887dad6d321)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 52311651-f100-4720-8c62-0887dad6d321 advisory. - TensorFlow is an open source platform for machine learning. The AvgPoolOp function takes an argument...