7047 matches found
CVE-2023-30444
IBM Watson Machine Learning on Cloud Pak for Data 4.0 and 4.5 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 253350...
CVE-2023-30444 IBM Watson Machine Learning on Cloud Pak for Data server-side request forgery
IBM Watson Machine Learning on Cloud Pak for Data 4.0 and 4.5 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 253350...
CVE-2023-30444 IBM Watson Machine Learning on Cloud Pak for Data server-side request forgery
IBM Watson Machine Learning on Cloud Pak for Data 4.0 and 4.5 is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 253350...
PT-2023-22695 · Ibm · Ibm Watson Machine Learning
Name of the Vulnerable Software and Affected Versions: IBM Watson Machine Learning on Cloud Pak for Data versions 4.0 through 4.5 Description: The issue allows an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other...
Moodle Uncontrolled Resource Consumption Vulnerability
Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. An uncontrolled resource consumption vulnerability exists in the Moodle URL parsing process, which can be exploited by an attacker to...
Security Bulletin: IBM Watson Machine Learning on Cloud Pak for Data is affected by SSRF vulnerability (CVE-2023-30444)
Summary IBM Watson Machine Learning on Cloud Pak for Data is affected to server-side request forgery SSRF. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2023-30444 DESCRIPTION: IBM Watson Machine Learning on Cloud Pak for Data is vulnerable to server-side request forgery...
Google Cloud Introduces Security AI Workbench for Faster Threat Detection and Analysis
Google's cloud division is following in the footsteps of Microsoft with the launch of Security AI Workbench that leverages generative AI models to gain better visibility into the threat landscape. Powering the cybersecurity suite is Sec-PaLM, a specialized large language model LLM that's...
Vulristics News: EPSS v3 Support, Integration into Cloud Advisor
Vulristics News: EPSS v3 Support, Integration into Cloud Advisor. Hello everyone! This episode will focus on the news from my open source Vulristics project for vulnerability analysis and prioritization. Alternative video link for Russia: https://vk.com/video-149273431456239122 EPSS v3 The third...
The vulnerability of the software for working with Azure Machine Learning algorithms lies in the lack of protection for operational data, which allows a malicious actor to gain unauthorized access to protected information.
The vulnerability of the software for working with Azure Machine Learning algorithms is related to the lack of protection for operational data. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to protected information...
CVE-2023-30620
mindsdb is a Machine Learning platform to help developers build AI solutions. In affected versions an unsafe extraction is being performed using tarfile.extractall from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended location. Sometimes, the...
Design/Logic Flaw
mindsdb is a Machine Learning platform to help developers build AI solutions. In affected versions an unsafe extraction is being performed using tarfile.extractall from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended location. Sometimes, the...
CVE-2023-30620 Arbitrary File Write when Extracting a Remotely retrieved Tarball in mindsdb/mindsdb
mindsdb is a Machine Learning platform to help developers build AI solutions. In affected versions an unsafe extraction is being performed using tarfile.extractall from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended location. Sometimes, the...
CVE-2023-30620
The CVE-2023-30620 issue affects MindsDB where an unsafe extraction using tarfile.extractall() on a remotely retrieved tarball can write extracted files to unintended locations (TarSlip/ZipSlip-like). Affected MindsDB versions allowed remote tarball extraction without path validation, enabling ar...
CVE-2023-30620 Arbitrary File Write when Extracting a Remotely retrieved Tarball in mindsdb/mindsdb
mindsdb is a Machine Learning platform to help developers build AI solutions. In affected versions an unsafe extraction is being performed using tarfile.extractall from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended location. Sometimes, the...
AppFW (WAF) Learning not working anymore
The learning for WAF features is not working anymore, no new data is learned. Even after cleaning the AppFW learning data CLI command 'reset appfw learningdata', WAF learning is not working as no new data is learned...
WordPress The School Management – Education & Learning Management Plugin <= 4.1 is vulnerable to SQL Injection
Software The School Management – Education & Learning Management Type Plugin Vulnerable versions = 4.1 Fixed in 4.2 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2022-47430 Patch priority Low CVSS severity Low 6.7 Developer Claim ownership PSID 25a7149a9ecc Credits minhtuanact...
Using LLMs to Create Bioweapons
Im not sure there are good ways to build guardrails to prevent this sort of thing: There is growing concern regarding the potential misuse of molecular machine learning models for harmful purposes. Specifically, the dual-use application of models for predicting cytotoxicity18 to create new poison...
Swatting-as-a-Service is a growing and complicated problem to solve
One Telegram channel has been found to be behind a great deal of swatting incidents in the US. Using the anonymity provided by Telegram, caller ID spoofing, and voices generated by Artificial Intelligence AI, a person or group of persons calling themselves Torswats is suspected to be behind dozen...
CVE-2023-28984
A Use After Free vulnerability in the Layer 2 Address Learning Manager l2alm of Juniper Networks Junos OS on QFX Series allows an adjacent attacker to cause the Packet Forwarding Engine to crash and restart, leading to a Denial of Service DoS. The PFE may crash when a lot of MAC learning and agin...
CVE-2023-28984 Junos OS: QFX Series: The PFE may crash when a lot of MAC addresses are being learned and aged
A Use After Free vulnerability in the Layer 2 Address Learning Manager l2alm of Juniper Networks Junos OS on QFX Series allows an adjacent attacker to cause the Packet Forwarding Engine to crash and restart, leading to a Denial of Service DoS. The PFE may crash when a lot of MAC learning and agin...