CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

23 matches found

EUVD•added 2025/10/03 8:7 p.m.•5 views

EUVD-2024-0034

Malicious code in bioql PyPI...

8.4CVSS8AI score0.00671EPSS

Exploits0References6

vulnersOsv•added 2024/11/01 6:30 a.m.•3 views

aistrainer (>=0.0.1 <=0.0.13), aivoifu (>=0.2.8 <=0.2.9) +21 more potentially affected by unknown CVE via deepspeed (>=0.10.2 <=0.15.1)

deepspeed PYPI version =0.10.2, =0.0.1, =0.2.8, =0.2.0, =0.0.1, =1.0.0, =0.0.1, =0.1.0, =0.4.1 and more Source cves: unknown CVE Source advisory: SNYK:PYTHON-DEEPSPEED-8320951...

5.8AI score

Exploits0

Snyk•added 2024/11/01 6:30 a.m.•1 views

Command Injection

Overview deepspeed is a DeepSpeed library Affected versions of this package are vulnerable to Command Injection when multiple instances where subprocess.run and subprocess.checkoutput, are called with unsanitized input and shell=True. An attacker would need to supply specially crafted input to...

9.8CVSS7.3AI score

Exploits0References3

BDU FSTEC•added 2024/10/18 12:0 a.m.•2 views

The vulnerability of Microsoft DeepSpeed’s optimization library, related to the failure to take measures to neutralize special elements used in the operating system’s command set, allows attackers to execute arbitrary code.

The vulnerability of Microsoft DeepSpeed’s optimization library relates to the lack of measures taken to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability can allow attackers to execute arbitrary code...

8.4CVSS5.9AI score0.00671EPSS

Exploits0References3Affected Software1

CNVD•added 2024/10/17 12:0 a.m.•8 views

Microsoft DeepSpeed Remote Code Execution Vulnerability

Microsoft DeepSpeed is an easy-to-use deep learning optimization software suite from Microsoft that delivers unprecedented scale and speed for DL training and inference. A remote code execution vulnerability exists in Microsoft DeepSpeed, which can be exploited by an attacker to execute arbitrary...

8.4CVSS8.1AI score0.00671EPSS

Exploits0References1

NCSC•added 2024/10/08 7:59 p.m.•8 views

Vulnerabilities fixed in Microsoft Developer Tools

Microsoft has fixed vulnerabilities in several Developer Tools. A malicious person could exploit the vulnerabilities to cause a Denial-of-Service, grant themselves elevated privileges or execute arbitrary code with the victim's privileges. Successful exploitation requires the malicious party to...

9.8CVSS8.2AI score0.03034EPSS

Exploits0

vulnersOsv•added 2024/10/08 6:33 p.m.•1 views

aistrainer (>=0.0.1 <=0.0.11), aivoifu (>=0.2.8 <=0.2.9) +20 more potentially affected by CVE-2024-43497 via deepspeed (>=0.10.2 <=0.15.0)

deepspeed PYPI version =0.10.2, =0.0.1, =0.2.8, =0.2.0, =0.0.1, =1.0.0, =0.0.1, =0.1.0, =0.4.1 and more Source cves: CVE-2024-43497 Source advisory: SNYK:PYTHON-DEEPSPEED-8230423...

8.4CVSS5.8AI score0.00671EPSS

Exploits0

Snyk•added 2024/10/08 6:33 p.m.•1 views

Arbitrary Command Injection

Overview deepspeed is a DeepSpeed library Affected versions of this package are vulnerable to Arbitrary Command Injection through the execution of unauthorized commands or code. An attacker can execute arbitrary code on the system by sending crafted inputs to the affected function. Remediation...

9.3CVSS8.4AI score0.00671EPSS

Exploits0References2