8 matches found
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an Improper Input Validation in ONNX [CVE-2026-34445, CVE-2026-34446, CVE-2026-34447]
Summary IBM Watson Speech Services Cartridge is vulnerable to an Improper Input Validation in ONNX due to an issue with the ExternalDataInfo class in ONNX using Python's setattr function to load metadata like file paths or data lengths directly from an ONNX model file, which fails to properly...
CVE-2026-34445 affecting package pytorch for versions less than 2.2.2-14
CVE-2026-34445 affecting package pytorch for versions less than 2.2.2-14. A patched version of the package is available...
CVE-2026-34445 vulnerabilities
Vulnerabilities for packages: py3-onnx...
Linux Distros Unpatched Vulnerability : CVE-2026-34445
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. Prior to version 1.21.0, the ExternalDataInfo class in ONNX was usi...
acetone-nnet (>=0.1.0 <=0.4.0.dev1), acuity (=6.18.0) +370 more potentially affected by CVE-2026-34445 via onnx (>=0.2.0 <=1.20.1)
onnx PYPI version =0.2.0, =0.1.0, =0.1.0, =0.0.0, =0.0.157, =0.1.0, =0.1.8, =1.7.0, =1.3.0, =0.10.0, =0.3.1, =1.0.2 and more Source cves: CVE-2026-34445 Source advisory: OSV:GHSA-538C-55JV-C5G9...
CVE-2026-34445 ONNX: Malicious ONNX models can crash servers by exploiting unprotected object settings.
Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. Prior to version 1.21.0, the ExternalDataInfo class in ONNX was using Python’s setattr function to load metadata like file paths or data lengths directly from an ONNX model file. It didn’t check if the...
acetone-nnet (>=0.1.0 <=0.4.0.dev1), acuity (=6.18.0) +369 more potentially affected by CVE-2026-34445 via onnx (>=1.10.1 <=1.20.1)
onnx PYPI version =1.10.1, =0.1.0, =0.1.0, =0.0.0, =0.0.157, =0.1.0, =0.1.8, =1.7.0, =1.3.0, =0.10.0, =0.3.1, =1.0.2 and more Source cves: CVE-2026-34445 Source advisory: SNYK:PYTHON-ONNX-15873849...
CVE-2026-34445 ONNX: Malicious ONNX models can crash servers by exploiting unprotected object settings.
Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. Prior to version 1.21.0, the ExternalDataInfo class in ONNX was using Python’s setattr function to load metadata like file paths or data lengths directly from an ONNX model file. It didn’t check if the...