Medium Severity

Security Bulletin: CVE-2020-15190 for Tensorflow in Watson Machine Learning Community Edition

Oct 26, 2020 8:00 pm EDT | Medium Severity

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `tf.raw_ops.Switch` operation takes as input a tensor and a boolean and outputs two tensors. Depending on the boolean value, one of the tensors is exactly the input tensor whereas the other one should be an empty tensor. However, the eager runtime traverses all tensors in the output. Since only one of the tensors is defined, the other one is `nullptr`, hence we are binding a reference to `nullptr`. This is undefined behavior and reported as an error if compiling with `-fsanitize=null`. In this case, this results in a segmentation fault The issue is patched in commit da8558533d925694483d2c136a9220d6d49d843c, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1. ...read more



Security Bulletin: Vulnerabilities in Curl affect PowerSC (CVE-2020-8169, CVE-2020-8177)

Oct 23, 2020 8:00 pm EDT | Medium Severity

There are vulnerabilities in Curl that affect PowerSC. ...read more


Security Bulletin: A vulnerability in IBM Java Runtime affects IBM SPSS Statistics

Oct 22, 2020 8:00 pm EDT | Medium Severity

There is a vulnerability in IBM® Runtime Environment Java™ Versions 7.0, 7.1, and 8.0 used by IBM SPSS Statistics. IBM SPSS Statistics has addressed the applicable CVEs. ...read more


Security Bulletin: Publicly disclosed vulnerability from Kernel affects IBM Netezza Host Management

Oct 21, 2020 8:00 pm EDT | Medium Severity

Kernel is used by IBM Netezza Host Management. This bulletin provides mitigation for the reported CVE. ...read more


Security Bulletin: A security vulnerability in angular.js affects IBM Cloud Pak for Multicloud Management Infrastructure Management and Managed Service.

Oct 20, 2020 8:00 pm EDT | Medium Severity

A security vulnerability in angular.js affects IBM Cloud Pak for Multicloud Management Infrastructure Management and Managed Service. ...read more


Security Bulletin: A vulnerability has been identified in IBM Spectrum Scale where an unprivileged local user may cause a denial of service ( CVE-2020-4411)

Oct 20, 2020 8:00 pm EDT | Medium Severity

A security vulnerability has been identified in all levels of IBM Spectrum Scale that could allow a local attacker to cause a denial of service. A fix for this vulnerability is available. ...read more


Security Bulletin: A security vulnerability in Node.js acorn and bootstrap-select affects IBM Cloud Pak for Multicloud Management Infrastructure Management and Managed Service.

Oct 20, 2020 8:00 pm EDT | Medium Severity

A security vulnerability in Node.js acorn and bootstrap-select affects IBM Cloud Pak for Multicloud Management Infrastructure Management and Managed Service. ...read more


Security Bulletin: BIND for IBM i is affected by CVE-2020-8622 and CVE-2020-8624

Oct 20, 2020 8:00 pm EDT | Medium Severity

BIND is used by IBM i. IBM i has addressed the applicable CVEs. ...read more