Lucene search
K

8 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 3:2 p.m.8 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an Improper Input Validation in ONNX [CVE-2026-34445, CVE-2026-34446, CVE-2026-34447]

Summary IBM Watson Speech Services Cartridge is vulnerable to an Improper Input Validation in ONNX due to an issue with the ExternalDataInfo class in ONNX using Python's setattr function to load metadata like file paths or data lengths directly from an ONNX model file, which fails to properly...

8.6CVSS5.8AI score0.00288EPSS
Exploits1Affected Software1
CBLMariner
CBLMariner
added 2026/04/17 6:38 p.m.6 views

CVE-2026-34445 affecting package pytorch for versions less than 2.2.2-14

CVE-2026-34445 affecting package pytorch for versions less than 2.2.2-14. A patched version of the package is available...

8.6CVSS5.8AI score0.00288EPSS
Exploits0
Wolfi
Wolfi
added 2026/04/04 1:55 a.m.7 views

CVE-2026-34445 vulnerabilities

Vulnerabilities for packages: py3-onnx...

8.6CVSS5.9AI score0.00288EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/03 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-34445

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. Prior to version 1.21.0, the ExternalDataInfo class in ONNX was usi...

8.6CVSS5.3AI score0.00288EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2026/04/01 9:10 p.m.3 views

acetone-nnet (>=0.1.0 <=0.4.0.dev1), acuity (=6.18.0) +370 more potentially affected by CVE-2026-34445 via onnx (>=0.2.0 <=1.20.1)

onnx PYPI version =0.2.0, =0.1.0, =0.1.0, =0.0.0, =0.0.157, =0.1.0, =0.1.8, =1.7.0, =1.3.0, =0.10.0, =0.3.1, =1.0.2 and more Source cves: CVE-2026-34445 Source advisory: OSV:GHSA-538C-55JV-C5G9...

8.6CVSS5.7AI score0.00288EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/04/01 5:30 p.m.2 views

CVE-2026-34445 ONNX: Malicious ONNX models can crash servers by exploiting unprotected object settings.

Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. Prior to version 1.21.0, the ExternalDataInfo class in ONNX was using Python’s setattr function to load metadata like file paths or data lengths directly from an ONNX model file. It didn’t check if the...

8.6CVSS5.7AI score0.00288EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2026/04/01 5:30 p.m.6 views

acetone-nnet (>=0.1.0 <=0.4.0.dev1), acuity (=6.18.0) +369 more potentially affected by CVE-2026-34445 via onnx (>=1.10.1 <=1.20.1)

onnx PYPI version =1.10.1, =0.1.0, =0.1.0, =0.0.0, =0.0.157, =0.1.0, =0.1.8, =1.7.0, =1.3.0, =0.10.0, =0.3.1, =1.0.2 and more Source cves: CVE-2026-34445 Source advisory: SNYK:PYTHON-ONNX-15873849...

8.6CVSS5.7AI score0.00288EPSS
Exploits0
Cvelist
Cvelist
added 2026/04/01 5:30 p.m.22 views

CVE-2026-34445 ONNX: Malicious ONNX models can crash servers by exploiting unprotected object settings.

Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. Prior to version 1.21.0, the ExternalDataInfo class in ONNX was using Python’s setattr function to load metadata like file paths or data lengths directly from an ONNX model file. It didn’t check if the...

8.6CVSS0.00288EPSS
Exploits0References3
Rows per page
Query Builder