BIT-TENSORFLOW-2023-33976 TensorFlow segfault in array_ops.upper_bound

TensorFlow is an end-to-end open source platform for machine learning. arrayops.upperbound causes a segfault when not given a rank 2 tensor. The fix will be included in TensorFlow 2.13 and will also cherrypick this commit on TensorFlow 2.12...

CVE-2023-33976

TensorFlow is an end-to-end open source platform for machine learning. arrayops.upperbound causes a segfault when not given a rank 2 tensor. The fix will be included in TensorFlow 2.13 and will also cherrypick this commit on TensorFlow 2.12...

CVE-2023-33976

CVE-2023-33976: TensorFlow is vulnerable to a denial-of-service crash due to a segfault in array_ops.upper_bound when not given a rank-2 tensor. The documented root cause is a segfault in array_ops.upper_bound; impact is a crash that can be triggered remotely as described in the advisory. The pub...

CVE-2023-33976 TensorFlow segfault in array_ops.upper_bound

TensorFlow is an end-to-end open source platform for machine learning. arrayops.upperbound causes a segfault when not given a rank 2 tensor. The fix will be included in TensorFlow 2.13 and will also cherrypick this commit on TensorFlow 2.12...

CVE-2023-33976 TensorFlow segfault in array_ops.upper_bound

TensorFlow is an end-to-end open source platform for machine learning. arrayops.upperbound causes a segfault when not given a rank 2 tensor. The fix will be included in TensorFlow 2.13 and will also cherrypick this commit on TensorFlow 2.12...

Microsoft Azure Machine Learning Notebooks azuremlpackages Uncontrolled Search Path Element Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Azure Machine Learning Notebooks for Microsoft Azure. Authentication is not required to exploit this vulnerability. The specific flaw exists within the installation of Azure Machine Learning Notebook...

Microsoft Azure Machine Learning Forecasting Toolkit azuremlftkrelease Uncontrolled Search Path Element Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Forecasting Toolkit for Microsoft Azure. Authentication is not required to exploit this vulnerability. The specific flaw exists within the installation of Forecasting Toolkit. When installed from the...

LMS ZAI 6.3 Insecure Settings

==================================================================================================================================== | Title : LMS ZAI v6.3 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | | Vendo...

CVE-2024-6960

CVE-2024-6960 describes an unsafe deserialization flaw in H2O’s Iced framework: deserialized models can execute arbitrary code due to lack of a class whitelist. Public sources (including Red Hat RH/CVE and PT-Security) confirm this affects H2O, enabling potential code execution when importing cra...

H2O vulnerable to Deserialization of Untrusted Data

The H2O machine learning platform uses "Iced" classes as the primary means of moving Java Objects around the cluster. The Iced format supports inclusion of serialized Java objects. When a model is deserialized, any class is allowed to be deserialized no class allowlist. An attacker can construct ...

SAP Enable Now Authorization Issues Vulnerability

SAP Enable Now is a collaborative content creation, management and sharing platform from SAP. The platform is primarily used for e-learning and training in SAP and non-SAP systems. SAP Enable Now suffers from an authorization issue vulnerability that stems from a lack of authorization checking,...

CVE-2024-35198 TorchServe bypass allowed_urls configuration

TorchServe is a flexible and easy-to-use tool for serving and scaling PyTorch models in production. TorchServe 's check on allowedurls configuration can be by-passed if the URL contains characters such as ".." but it does not prevent the model from being downloaded into the model store. Once a fi...

CVE-2024-35199 TorchServe gRPC Port Exposure

TorchServe is a flexible and easy-to-use tool for serving and scaling PyTorch models in production. In affected versions the two gRPC ports 7070 and 7071, are not bound to localhost by default, so when TorchServe is launched, these two interfaces are bound to all interfaces. Customers using PyTor...

TorchServe gRPC Port Exposure

Impact The two gRPC ports 7070 and 7071, are not bound to localhost by default, so when TorchServe is launched, these two interfaces are bound to all interfaces. Customers using PyTorch inference Deep Learning Containers DLC through Amazon SageMaker and EKS are not affected. Patches This issue in...

TorchServe vulnerable to bypass of allowed_urls configuration

Impact TorchServe's check on allowedurls configuration can be by-passed if the URL contains characters such as ".." but it does not prevent the model from being downloaded into the model store. Once a file is downloaded, it can be referenced without providing a URL the second time, which...

Fortinet FortiAIOps Cross-Site Request Forgery Vulnerability

Fortinet FortiAIOps is a Fortinet networking solution that combines artificial intelligence and machine learning AI/ML from Fortinet. Fortinet FortiAIOps version 2.0.0 suffers from a cross-site request forgery vulnerability that arises from a web application that does not adequately validate that...

Fortinet FortiAIOps Code Issue Vulnerability

Fortinet FortiAIOps is a Fortinet networking solution that combines artificial intelligence and machine learning AI/ML from Fortinet. A code issue vulnerability exists in Fortinet FortiAIOps version 2.0.0, which stems from the presence of multiple sessions that have insufficiently expired, and ca...

Learning Management System SQL Injection Vulnerability (CNVD-2024-35193)

Learning Management System is itsourcecode open source a learning management system . Learning Management System version 1.0 suffers from a SQL injection vulnerability , the vulnerability stems from the application lack of validation of external input SQL statements . Attackers can use this...

[SECURITY] Fedora 40 Update: onnx-1.14.1-3.fc40

onnx provides an open source format for AI models, both deep learning and traditional ML. It defines an extensible computation graph model, as well as definitions of built-in operators and standard data types...

CVE-2024-39557

An Uncontrolled Resource Consumption vulnerability in the Layer 2 Address Learning Daemon l2ald of Juniper Networks Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a memory leak, eventually exhausting all system memory, leading to a system crash and Denial of Service DoS...