Aim Security Vulnerabilities

CVE-2024-2195

A critical Remote Code Execution (RCE) vulnerability was identified in the aimhubio/aim project, specifically within the /api/runs/search/run/ endpoint, affecting versions >= 3.0.0. The vulnerability resides in the run_search_api function of the aim/web/api/runs/views.py file, where improper...

CVE-2024-2196

aimhubio/aim is vulnerable to Cross-Site Request Forgery (CSRF), allowing attackers to perform actions such as deleting runs, updating data, and stealing data like log records and notes without the user's consent. The vulnerability stems from the lack of CSRF and CORS protection in the aim...

CVE-2024-2363

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in AOL AIM Triton 1.0.4. It has been declared as problematic. This vulnerability affects unknown code of the component Invite Handler. The manipulation of the argument CSeq leads to denial of service. The attack can be initiated remotely....

CVE-2021-43775

Aim is an open-source, self-hosted machine learning experiment tracking tool. Versions of Aim prior to 3.1.0 are vulnerable to a path traversal attack. By manipulating variables that reference files with “dot-dot-slash (../)” sequences and its variations or by using absolute file paths, it may be.....

CVE-2012-5816

AOL Instant Messenger (AIM) 1.0.1.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid...

CVE-2005-1891

The GIF parser in ateimg32.dll in AOL Instant Messenger (AIM) 5.9.3797 and earlier allows remote attackers to cause a denial of service (crash) via a malformed buddy icon that causes an integer underflow in a loop counter...

CVE-2000-1094

Buffer overflow in AOL Instant Messenger (AIM) before 4.3.2229 allows remote attackers to execute arbitrary commands via a "buddyicon" command with a long "src"...