Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow (CVE-2023-25670)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow, caused by a NULL pointer dereference in QuantizedMatMulWithBiasAndDequantize when MKL is enabled CVE-2023-25670. TensorFlow is included as part of the runtimes in our servic...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow (CVE-2023-25674)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow, caused by a NULL pointer dereference in RandomShuffle when XLA is enabled CVE-2023-25674. TensorFlow is included as part of the runtimes in our service. This vulnerabilitiy...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow (CVE-2023-25673)

Summary Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow, caused by a floating point exception in TensorListSplit when XLA is enabled CVE-2023-25673. TensorFlow is included as part of the runtimes in our service...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow (CVE-2023-25667)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow, caused by an integer overflow when 2^31 = numframes height width channels 2^32 CVE-2023-25667. TensorFlow is included as part of the runtimes in our service. This...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow (CVE-2023-25664)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow, caused by a heap-based buffer overflow in TAvgPoolGrad CVE-2023-25664. TensorFlow is included as part of the runtimes in our service. This vulnerabilitiy has been addressed...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow (CVE-2023-25659)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow , caused by an out-of-bounds read when the indices parameter in DynamicStitch does not match the data parameter CVE-2023-25659. TensorFlow is included as part of the runtimes...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow (CVE-2023-25658)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow, caused by an out-of-bounds read in GRUBlockCellGrad CVE-2023-25658. TensorFlow is included as part of the runtimes in our service. This vulnerabilitiy has been addressed...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow (CVE-2023-25660)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow, caused by a segmentation fault when the summarize parameter in tf.rawops.Print is zero CVE-2023-25660. TensorFlow is included as part of the runtimes in our service. This...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow (CVE-2023-25675)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow, caused by a segmentation fault in tf.rawops.Bincount when running XLA CVE-2023-25675. TensorFlow is included as part of the runtimes in our service. This vulnerabilitiy has...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary code execution in TensorFlow (CVE-2023-25801)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary code execution in TensorFlow, caused by a double-free in nnops.fractionalavgpoolv2 and nnops.fractionalmaxpoolv2 CVE-2023-25801. TensorFlow is included as part of the runtimes in our service. Thi...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow (CVE-2023-25676)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow, , caused by a NULL pointer dereference in tf.rawops.ParallelConcat when running XLA CVE-2023-25676. TensorFlow is included as part of the runtimes in our service. This...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow (CVE-2023-25666)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow, caused by a floating point exception in AudioSpectrogram. CVE-2023-25666. TensorFlow is included as part of the runtimes in our service. This vulnerabilitiy has been...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow (CVE-2023-25665)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow, caused by a NULL pointer dereference CVE-2023-25665. TensorFlow is included as part of the runtimes in our service. This vulnerabilitiy has been addressed. Please read the...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow ( CVE-2023-25663)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow due to a NULL pointer dereference in the Lookup function CVE-2023-25663. TensorFlow is included as part of the runtimes in our service. This vulnerabilitiy has been addressed...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow (CVE-2023-25662)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow due to an integer overflow in EditDistance CVE-2023-25662. TensorFlow is included as part of the runtimes in our service. This vulnerabilitiy has been addressed. Please read...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow (CVE-2023-25669)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow due to a floating point exception in tf.rawops.AvgPoolGrad CVE-2023-25669. TensorFlow is included as part of the runtimes in our service. This vulnerabilitiy has been...

Security Bulletin: tensorflow-2.7.3-cp37 vulnerable to CVE-2022-41911 CVE-2022-41907 CVE-2022-41908 CVE-2022-41896 CVE-2022-41891 CVE-2022-41894 CVE-2022-41884 IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses tensorflow-2.7.3-cp37 vulnerable to CVE-2022-41911, CVE-2022-41907, CVE-2022-41908, CVE-2022-41896, CVE-2022-41891, CVE-2022-41894, CVE-2022-41884, CVE-2022-41898, CVE-2022-41888, CVE-2022-41897, CVE-2022-41880, CVE-2022-41889,...

AZL-38032 CVE-2023-28321 affecting package tensorflow for versions less than 2.16.1-1

An improper certificate validation vulnerability exists in curl v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS...

AZL-38926 CVE-2023-28320 affecting package tensorflow for versions less than 2.16.1-1

A denial of service vulnerability exists in curl v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. If it is built to use the synchronous resolver, it allows name resolves to time-out slow operations using alarm and siglongjmp. When doi...

AZL-38554 CVE-2023-28319 affecting package tensorflow for versions less than 2.16.1-1

A use after free vulnerability exists in curl v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the now freed hash. This flaw...