Lucene search
K

1144 matches found

Cvelist
Cvelist
added 2024/04/17 12:0 a.m.30 views

CVE-2024-31580

PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/varargfunctions.cpp. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...

7.3AI score0.00223EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/03/13 12:0 a.m.15 views

PyTorch Serve Server-Side Request Forgery

PyTorch Serve version prior to 0.8.2 and versions using a default configuration are vulnerable to a Server-Side Request Forgery allowing an unauthenticated user to write a file to disk, that can lead to an arbitrary code execution. No source data...

10CVSS8AI score0.35256EPSS
Exploits6References3
OSV
OSV
added 2024/03/06 11:2 a.m.41 views

BIT-PYTORCH-2022-45907

In PyTorch before trunk/89695, torch.jit.annotations.parsetypeline can cause arbitrary code execution because eval is used unsafely...

9.8CVSS9.6AI score0.01192EPSS
Exploits1References3
The Hacker News
The Hacker News
added 2024/02/27 10:18 a.m.63 views

New Hugging Face Vulnerability Exposes AI Models to Supply Chain Attacks

Cybersecurity researchers have found that it's possible to compromise the Hugging Face Safetensors conversion service to ultimately hijack the models submitted by users and result in supply chain attacks. "It's possible to send malicious pull requests with attacker-controlled data from the Huggin...

6.5CVSS7.8AI score0.01175EPSS
Exploits1
OSV
OSV
added 2024/02/23 6:15 p.m.6 views

AZL-35146 CVE-2024-27318 affecting package pytorch for versions less than 2.2.2-1

Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as the externaldata field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory. The vulnerability occurs as a bypass for the patch adde...

7.5CVSS6.6AI score0.01189EPSS
Exploits0References1
OSV
OSV
added 2024/02/23 6:15 p.m.8 views

AZL-34464 CVE-2024-27318 affecting package pytorch for versions less than 2.0.0-6

Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as the externaldata field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory. The vulnerability occurs as a bypass for the patch adde...

7.5CVSS6.6AI score0.01189EPSS
Exploits0References1
OSV
OSV
added 2024/02/23 6:15 p.m.7 views

AZL-34465 CVE-2024-27319 affecting package pytorch for versions less than 2.0.0-4

Versions of the package onnx before and including 1.15.0 are vulnerable to Out-of-bounds Read as the ONNXASSERT and ONNXASSERTM functions have an off by one string copy...

9.1CVSS5.8AI score0.00594EPSS
Exploits0References1
OSV
OSV
added 2024/02/23 6:15 p.m.6 views

AZL-35148 CVE-2024-27319 affecting package pytorch for versions less than 2.2.2-1

Versions of the package onnx before and including 1.15.0 are vulnerable to Out-of-bounds Read as the ONNXASSERT and ONNXASSERTM functions have an off by one string copy...

9.1CVSS5.8AI score0.00594EPSS
Exploits0References1
Chainguard
Chainguard
added 2024/01/19 9:30 p.m.34 views

GHSA-3F63-HFP8-52JQ vulnerabilities

Vulnerabilities for packages: py3-seaborn, py3-pillow, kubeflow-pipelines-visualization-server...

5.9AI score
Exploits0
Wolfi
Wolfi
added 2024/01/19 9:30 p.m.24 views

GHSA-3F63-HFP8-52JQ vulnerabilities

Vulnerabilities for packages: kubeflow-pipelines-visualization-server, py3-pillow, py3-seaborn...

5.9AI score
Exploits0
Chainguard
Chainguard
added 2024/01/19 8:15 p.m.32 views

CVE-2023-50447 vulnerabilities

Vulnerabilities for packages: py3-seaborn, py3-pillow, kubeflow-pipelines-visualization-server...

8.1CVSS6.8AI score0.01703EPSS
Exploits0
Wolfi
Wolfi
added 2024/01/19 8:15 p.m.83 views

CVE-2023-50447 vulnerabilities

Vulnerabilities for packages: kubeflow-pipelines-visualization-server, py3-pillow, py3-seaborn...

8.1CVSS6.8AI score0.01703EPSS
Exploits0
Wolfi
Wolfi
added 2024/01/11 3:20 p.m.13 views

GHSA-H5C8-RQWP-CP95 vulnerabilities

Vulnerabilities for packages: py3-jinja2, kubeflow-pipelines-visualization-server, checkov, reflex...

5.9AI score
Exploits0
Chainguard
Chainguard
added 2024/01/11 3:15 a.m.65 views

CVE-2024-22195 vulnerabilities

Vulnerabilities for packages: checkov, reflex, py3-jinja2, kubeflow-pipelines-visualization-server...

6.1CVSS6.7AI score0.00892EPSS
Exploits0
Wolfi
Wolfi
added 2024/01/11 3:15 a.m.49 views

CVE-2024-22195 vulnerabilities

Vulnerabilities for packages: py3-jinja2, kubeflow-pipelines-visualization-server, checkov, reflex...

6.1CVSS6.7AI score0.00892EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/03 6:58 a.m.33 views

Security Bulletin: PyTorch vulnerability affects IBM Watson Machine Learning in Cloud Pak for Data [CVE-2022-45907]

Summary PyTorch vulnerability affects IBM Watson Machine Learning in Cloud Pak for Data. The vulnerabilty is addressed below. Vulnerability Details CVEID:CVE-2022-45907 DESCRIPTION: PyTorch could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the...

9.8CVSS9.6AI score0.01192EPSS
Exploits1Affected Software1
vulnersOsv
vulnersOsv
added 2023/12/12 4:15 a.m.5 views

a2 (>=0.1.0 <=0.3.17), abnativ (>=1.1.0 <=1.2.9) +339 more potentially affected by CVE-2023-6709 via mlflow (>=0.8.2 <=2.9.1)

mlflow PYPI version =0.8.2, =0.1.0, =1.1.0, =0.0.5, =0.1.0, =0.1.0, =1.7.0, =1.7.0, =1.8.0, =1.7.0, =1.7.0, =0.1.1, =0.1.5 - anovos =1.1.0 and more Source cves: CVE-2023-6709 Source advisory: OSV:PYSEC-2023-281...

10CVSS7.2AI score0.0093EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2023/12/05 9:33 a.m.5 views

a2 (>=0.1.0 <=0.3.17), abnativ (>=1.1.0 <=1.2.9) +338 more potentially affected by CVE-2023-43472 via mlflow (>=0.8.2 <=2.8.1)

mlflow PYPI version =0.8.2, =0.1.0, =1.1.0, =0.0.5, =0.1.0, =0.1.0, =1.7.0, =1.7.0, =1.8.0, =1.7.0, =1.7.0, =0.1.1, =0.1.5 - anovos =1.1.0 and more Source cves: CVE-2023-43472 Source advisory: OSV:GHSA-WQXF-447M-6F5F...

7.5CVSS7AI score0.36582EPSS
Exploits1
Prion
Prion
added 2023/11/21 9:15 p.m.24 views

Code injection

TorchServe is a tool for serving and scaling PyTorch models in production. Starting in version 0.1.0 and prior to version 0.9.0, using the model/workflow management API, there is a chance of uploading potentially harmful archives that contain files that are extracted to any location on the...

5CVSS7.2AI score0.00673EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2023/11/21 8:55 p.m.34 views

CVE-2023-48299 TorchServe ZipSlip

TorchServe is a tool for serving and scaling PyTorch models in production. Starting in version 0.1.0 and prior to version 0.9.0, using the model/workflow management API, there is a chance of uploading potentially harmful archives that contain files that are extracted to any location on the...

5.3CVSS5.6AI score0.00673EPSS
Exploits0References4
Rows per page
Query Builder