Security Bulletin: TensorFlow is vulnerable to security CVEs used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses Tensorflow which is vulnerable to security CVEs. Vulnerability Details CVEID:CVE-2021-37635 DESCRIPTION: TensorFlow could allow a local authenticated attacker to obtain sensitive information, caused by a heap out-of-bounds read flaw in...

Security Bulletin: Tensorflow is vulnerable to security CVEs used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses Tensorflow which is vulnerable to security CVEs. Vulnerability Details CVEID:CVE-2022-23592 DESCRIPTION: TensorFlow could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a heap out-of-bounds rea...

AZL-38767 CVE-2023-29941 affecting package tensorflow for versions less than 2.16.1-1

llvm-project commit a0138390 was discovered to contain a segmentation fault via the component matchAndRewriteSortOpmlir::sparsetensor::SortOp...

FreeBSD : py-tflite -- denial of service vulnerability (d82bcd2b-5cd6-421c-8179-b3ff0231029f)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the d82bcd2b-5cd6-421c-8179-b3ff0231029f advisory. - TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attack...

FreeBSD : py-tensorflow -- unchecked argument causing crash (52311651-f100-4720-8c62-0887dad6d321)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 52311651-f100-4720-8c62-0887dad6d321 advisory. - TensorFlow is an open source platform for machine learning. The AvgPoolOp function takes an argument...

FreeBSD : py-tflite -- buffer overflow vulnerability (326b2f3e-6fc7-4661-955d-a772760db9cf)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 326b2f3e-6fc7-4661-955d-a772760db9cf advisory. - TensorFlow is an open source platform for machine learning. The reference kernel of the CONV3DTRANSPO...

FreeBSD : py-tensorflow -- denial of service vulnerability (ae132c6c-d716-11ed-956f-7054d21a9e2a)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the ae132c6c-d716-11ed-956f-7054d21a9e2a advisory. - TensorFlow is an open source platform for machine learning. The implementation of...

Double Free

tensorflow is vulnerable to a Double Free attack. The vulnerability occurs when when the first and the fourth elements of the poolingratio function has parameters not equal to 1.0 in nnops.fractionalavgpoolv2 and nnops.fractionalmaxpoolv2 because pooling on batch and channel dimensions is not...

Denial Of Service (DoS)

tensorflow is vulnerable to Denial of Service DoS attacks. The vulnerability is due the tflite model with the parameter filterinputchannel less than 1 which causes a floating point exception, resulting in an application crash...

Denial Of Service (DoS)

TensorFlow is vulnerable to Denial Of Service DoS. The vulnerability exists due to the improper validation checks in the library, which leads to a segmentation fault with a null pointer dereference in ParallelConcat with XLA, allowing an attacker to cause an application crash when the given...

Denial Of Service (DoS)

TensorFlow is vulnerable to Denial Of Service DoS. The vulnerability exists due to an out-of-bounds read in the GRUBlockCellGrad function because it does not check the rank, which allows an attacker to cause an application crash...

AZL-38512 CVE-2023-27535 affecting package tensorflow for versions less than 2.16.1-1

An authentication bypass vulnerability exists in libcurl 8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain...

AZL-38476 CVE-2023-27536 affecting package tensorflow for versions less than 2.16.1-1

An authentication bypass vulnerability exists libcurl 8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPTGSSAPIDELEGATION option. This vulnerability affects...

AZL-38257 CVE-2023-27538 affecting package tensorflow for versions less than 2.16.1-1

An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequen...

AZL-38611 CVE-2023-27534 affecting package tensorflow for versions less than 2.16.1-1

A path traversal vulnerability exists in curl 8.0.0 SFTP implementation causes the tilde character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can...

AZL-38114 CVE-2023-27537 affecting package tensorflow for versions less than 2.16.1-1

A double free vulnerability exists in libcurl 8.0.0 when sharing HSTS data between separate "handles". This sharing was introduced without considerations for do this sharing across separate threads but there was no indication of this fact in the documentation. Due to missing mutexes or thread...

AZL-37878 CVE-2023-27533 affecting package tensorflow for versions less than 2.16.1-1

A vulnerability in input validation exists in curl 8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform...

Denial Of Service (DoS)

tensorflow is vulnerable to Denial of Service DoS attacks. The vulnerability is due to a Null pointer exception via the values parameter in the tf.rawops.LookupTableImportV2 function, resulting in an application crash...

Denial Of Service (DoS)

tensorflow is vulnerable to Denial of Service DoS attacks. The vulnerability is due to a floating point exception in SpectrogramShapeFn when the window size is 1 or the stride is negative resulting in an application crash...

Denial Of Service (DoS)

tensorflow is vulnerable to Denial of Service DoS attacks. The vulnerability is due to a Null pointer exception through the Lookup function when ctx-stepcontainter is a null ptr, causing the application to crash...