CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Chainguard•added 2024/06/04 12:31 p.m.•36 views

GHSA-PQCV-QW2R-R859 vulnerabilities

Vulnerabilities for packages: mlflow...

7.3AI score

Wolfi•added 2024/06/04 12:31 p.m.•114 views

GHSA-PQCV-QW2R-R859 vulnerabilities

Vulnerabilities for packages: mlflow...

Wolfi•added 2024/06/04 12:31 p.m.•7 views

GHSA-43C4-9QGJ-X742 vulnerabilities

Vulnerabilities for packages: mlflow...

Wolfi•added 2024/06/04 12:31 p.m.•13 views

GHSA-76CG-CFHX-373F vulnerabilities

Vulnerabilities for packages: mlflow...

Wolfi•added 2024/06/04 12:31 p.m.•14 views

GHSA-7P8J-QV6X-F4G4 vulnerabilities

Vulnerabilities for packages: mlflow...

Wolfi•added 2024/06/04 12:31 p.m.•4 views

GHSA-X38X-G6GR-JQFF vulnerabilities

Vulnerabilities for packages: mlflow...

OSV•added 2024/06/04 12:31 p.m.•3 views

GHSA-7P8J-QV6X-F4G4 MLFlow unsafe deserialization

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.23.0 or newer, enabling a maliciously uploaded LightGBM scikit-learn model to run arbitrary code on an end user’s system when interacted with...

8.8CVSS6.1AI score0.00618EPSS

Wolfi•added 2024/06/04 12:31 p.m.•10 views

GHSA-GHV6-9R9J-WH4J vulnerabilities

Vulnerabilities for packages: mlflow...

OSV•added 2024/06/04 12:31 p.m.•0 views

GHSA-X38X-G6GR-JQFF MLFlow unsafe deserialization

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.24.0 or newer, enabling a maliciously uploaded pmdarima model to run arbitrary code on an end user’s system when interacted with...

8.8CVSS6.1AI score0.00618EPSS

vulnersOsv•added 2024/06/04 12:31 p.m.•5 views

a2 (>=0.1.0 <=0.3.17), agentos (>=0.0.5 <=0.0.7) +145 more potentially affected by CVE-2024-37052 via mlflow (>=1.20.0 <=2.14.1)

mlflow PYPI version =1.20.0, =0.1.0, =0.0.5, =0.1.2, =1.0.72, =0.0.1, =1.0.72.1, =0.2.5, =0.1.3, =0.1.0, =0.2.0, =0.3.5, =0.8.0, =1.0.0 and more Source cves: CVE-2024-37052 Source advisory: OSV:GHSA-76CG-CFHX-373F...

8.8CVSS7.2AI score0.00623EPSS

vulnersOsv•added 2024/06/04 12:31 p.m.•4 views

a2 (>=0.1.0 <=0.3.17), agentos (>=0.0.5 <=0.0.7) +169 more potentially affected by CVE-2024-37054 via mlflow (>=0.9.0 <=2.14.1)

mlflow PYPI version =0.9.0, =0.1.0, =0.0.5, =0.1.2, =1.0.23, =0.0.1, =1.0.41, =1.4.0, =0.2.5, =0.1.3, =3.0.0, =0.1.0, =0.2.0, =0.3.5, =0.3.8 and more Source cves: CVE-2024-37054 Source advisory: OSV:GHSA-GHV6-9R9J-WH4J...

8.8CVSS7.2AI score0.00697EPSS

Exploits5

vulnersOsv•added 2024/06/04 12:31 p.m.•5 views

a2 (>=0.1.0 <=0.3.17), agentos (>=0.0.5 <=0.0.7) +145 more potentially affected by CVE-2024-37053 via mlflow (>=1.20.0 <=2.14.1)

8.8CVSS7.2AI score0.00618EPSS

vulnersOsv•added 2024/06/04 12:31 p.m.•3 views

a2 (>=0.1.0 <=0.3.17), agentos (>=0.0.5 <=0.0.7) +132 more potentially affected by CVE-2024-37056 via mlflow (>=1.23.0 <=2.14.1)

mlflow PYPI version =1.23.0, =0.1.0, =0.0.5, =0.1.2, =1.0.72, =0.0.1, =1.0.72.1, =0.2.5, =0.1.3, =0.1.0, =0.2.0, =0.3.5, =0.8.0, =1.2.0, =1.9.30 and more Source cves: CVE-2024-37056 Source advisory: OSV:GHSA-7P8J-QV6X-F4G4...

8.8CVSS7.2AI score0.00618EPSS

vulnersOsv•added 2024/06/04 12:31 p.m.•3 views

a2 (>=0.1.0 <=0.3.17), agentos (>=0.0.5 <=0.0.7) +131 more potentially affected by CVE-2024-37055 via mlflow (>=1.24.0 <=2.14.1)

mlflow PYPI version =1.24.0, =0.1.0, =0.0.5, =1.0.72, =0.0.1, =1.0.72.1, =0.2.5, =0.1.3, =0.1.0, =0.2.0, =0.3.5, =0.8.0, =1.2.0, =1.9.30 and more Source cves: CVE-2024-37055 Source advisory: OSV:GHSA-X38X-G6GR-JQFF...

8.8CVSS7.2AI score0.00618EPSS

OSV•added 2024/06/04 12:31 p.m.•1 views

GHSA-76CG-CFHX-373F MLFlow unsafe deserialization

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling a maliciously uploaded scikit-learn model to run arbitrary code on an end user’s system when interacted with...

8.8CVSS7.4AI score0.00623EPSS

OSV•added 2024/06/04 12:31 p.m.•4 views

GHSA-43C4-9QGJ-X742 MLFlow unsafe deserialization

8.8CVSS6.1AI score0.00618EPSS