Malicious code in pytorch-lighting (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 62c64e574f5ad4d75ebc2c82d4cc48edb6185486f8379bfd2a7bd330ce94f50e A campaign of probably pentest packages flooding PYPI. Installing the package or importing the module triggers reporting basic info like hostname, path and the...

MAL-2024-10726 Malicious code in pytorch-lighting (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 62c64e574f5ad4d75ebc2c82d4cc48edb6185486f8379bfd2a7bd330ce94f50e A campaign of probably pentest packages flooding PYPI. Installing the package or importing the module triggers reporting basic info like hostname, path and the...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in PyTorch [CVE-2024-31583]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in PyTorch, caused by a use-after-free flaw in the torch/csrc/jit/mobile/interpreter.cpp component CVE-2024-31583. PyTorch is used by our Speech Service runtimes. This vulnerabilitiy has...

PYSEC-2024-259

In PyTorch =2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed computing...

DEBIAN-CVE-2024-48063

In PyTorch =2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed computing...

CVE-2024-48063

In PyTorch =2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed computing...

PYSEC-2024-259

In PyTorch =2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed computing...

CVE-2024-48063

In PyTorch =2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed computing...

UBUNTU-CVE-2024-48063

In PyTorch =2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed computing...

PyTorch 安全漏洞

PyTorch is a Python package from the PyTorch open source. A security vulnerability exists in PyTorch version 2.4.1 and earlier versions, which stems from RemoteModule containing a remote code execution vulnerability...

CVE-2024-48063

In PyTorch =2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed computing...

PT-2024-32976 · Facebook +1 · Pytorch +1

Name of the Vulnerable Software and Affected Versions: PyTorch versions prior to 2.4.1 Description: The issue concerns the RemoteModule in PyTorch, which is reported to have Deserialization RCE. However, it is noted that this behavior is intended in PyTorch distributed computing and is disputed b...

CVE-2024-48063

In PyTorch

CVE-2024-48063

In PyTorch =2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed computing...

CVE-2024-48063

In PyTorch =2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed computing...

CVE-2022-1941 affecting package pytorch for versions less than 2.2.2-2

CVE-2022-1941 affecting package pytorch for versions less than 2.2.2-2. A patched version of the package is available...

Arbitrary Code Execution

Overview sentence-transformers is a State-of-the-Art Text Embeddings Affected versions of this package are vulnerable to Arbitrary Code Execution when loading PyTorch model files. The torch.load function, used without the weightsonly=True parameter, could deserialize malicious Python objects from...

The vulnerability of the /runtime/vararg_functions.cpp component of the PyTorch machine learning framework, which allows a hacker to cause a service failure.

The vulnerability of the /runtime/varargfunctions.cpp component of the PyTorch machine learning framework is related to buffer overflows in dynamic memory. Exploiting this vulnerability could allow an attacker to cause a system failure...

The vulnerability of the `torch.jit.annotations.parse_type_line()` function in the PyTorch machine learning framework allows a hacker to execute arbitrary code.

The vulnerability of the torch.jit.annotations.parsetypeline function in the PyTorch machine learning framework is related to incorrect code generation. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

The vulnerability of the `torch/csrc/jit/mobile/interpreter.cpp` component of the machine learning training framework PyTorch allows a hacker to execute arbitrary code.

The vulnerability of the torch/csrc/jit/mobile/interpreter.cpp component of the machine learning framework PyTorch lies in the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to execute arbitrary code...