Number withdrawn

ZenML is an extensible open source MLOps framework for creating portable, production-ready machine learning pipelines. This CVE number has been withdrawn...

Mitigating SSRF Vulnerabilities Impacting Azure Machine Learning

Summary On May 9, 2024, Microsoft successfully addressed multiple vulnerabilities within the Azure Machine Learning AML service, which were initially discovered by security research firms Wiz and Tenable. These vulnerabilities, which included Server-Side Request Forgeries SSRF and a path traversa...

The vulnerability of the ML lifecycle management platform, which stems from the lack of measures taken to protect the website structure, allows attackers to carry out cross-site scripting attacks.

The vulnerability of the MLflow model lifecycle management platform exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a remote attacker to perform cross-site scripting attacks...

New Attack Technique 'Sleepy Pickle' Targets Machine Learning Models

The security risks posed by the Pickle format have once again come to the fore with the discovery of a new "hybrid machine learning ML model exploitation technique" dubbed Sleepy Pickle. The attack method, per Trail of Bits, weaponizes the ubiquitous format used to package and distribute machine...

Unpacking 2024's SaaS Threat Predictions

Early in 2024, Wing Security released its State of SaaS Security report, offering surprising insights into emerging threats and best practices in the SaaS domain. Now, halfway through the year, several SaaS threat predictions from the report have already proven accurate. Fortunately, SaaS Securit...

The vulnerability of the library for optimizing machine learning models, Intel Neural Compressor, related to errors in processing input data, allows attackers to exploit it to gain increased privileges.

The vulnerability of the Intel Neural Compressor library for optimizing machine learning models is related to errors in processing input data. Exploiting this vulnerability can allow attackers to enhance their privileges remotely...

AI Company Hugging Face Detects Unauthorized Access to Its Spaces Platform

Artificial Intelligence AI company Hugging Face on Friday disclosed that it detected unauthorized access to its Spaces platform earlier this week. "We have suspicions that a subset of Spaces' secrets could have been accessed without authorization," it said in an advisory. Spaces offers a way for...

GitLab: IDOR Exposes All Machine Learning Models

The vulnerability allows an attacker to access any Machine Learning Model Registry in GitLab, including private models, by guessing the incremental model IDs. The attacker can also access different versions of the models. This vulnerability was present in GitLab versions 15.11 and 16.2...

PT-2024-24129 · Open Quantum Safe · Liboqs

Name of the Vulnerable Software and Affected Versions: Open Quantum Safe liboqs version 10.0 Description: An issue in Open Quantum Safe liboqs allows a remote attacker to escalate privileges via the crypto sign signature parameter in the /pqcrystals-dilithium-standard ml-dsa-44-ipd avx2/sign.c...

编号撤回

wandb is a tool for visualizing and tracking machine learning experiments. This CVE number has been withdrawn...

CVE-2024-34359

CVE-2024-34359 affects llama-cpp-python (Python bindings for llama.cpp). The vulnerability arises when init loads a model’s chat template from the gguf metadata and constructs self.chat_handler via llama_chat_format.Jinja2ChatFormatter.to_chat_handler(), using a sandbox-less Jinja2 Environment. R...

编号撤回

Gradio is an open source Python library that is a way to demonstrate machine learning models through a friendly web interface. This CVE number has been withdrawn...

CVE-2024-34072 Deserialization of Untrusted Data in sagemaker-python-sdk

sagemaker-python-sdk is a library for training and deploying machine learning models on Amazon SageMaker. The sagemaker.basedeserializers.NumpyDeserializer module before v2.218.0 allows potentially unsafe deserialization when untrusted data is passed as pickled object arrays. This consequently ma...

Bitcoin Forensic Analysis Uncovers Money Laundering Clusters and Criminal Proceeds

A forensic analysis of a graph dataset containing transactions on the Bitcoin blockchain has revealed clusters associated with illicit activity and money laundering, including detecting criminal proceeds sent to a crypto exchange and previously unknown wallets belonging to a Russian darknet marke...

Google Prevented 2.28 Million Malicious Apps from Reaching Play Store in 2023

Google on Monday revealed that almost 200,000 app submissions to its Play Store for Android were either rejected or remediated to address issues with access to sensitive data such as location or SMS messages over the past year. The tech giant also said it blocked 333,000 bad accounts from the app...

Mlflow Path Traversal Vulnerability

Mlflow is an open source platform for the machine learning lifecycle. Mlflow suffers from a path traversal vulnerability that stems from improper handling of URL parameters. An attacker can use this vulnerability to gain access to a file or directory...

AI Copilot: Launching Innovation Rockets, But Beware of the Darkness Ahead

Imagine a world where the software that powers your favorite apps, secures your online transactions, and keeps your digital life could be outsmarted and taken over by a cleverly disguised piece of code. This isn't a plot from the latest cyber-thriller; it's actually been a reality for years now...

Qualys Endpoint Detection & Response Validated by Top Independent Testing Labs

Qualys is proud to announce that our Endpoint Detection & Response solution has earned top certifications from two of the most respected independent anti-virus testing organizations - SE Labs and AV-Test. These prestigious validations underscore Qualys mission to deliver best-in-class malware...

Security Bulletin: Multiple vulnerabilities in IBM Business Automation Workflow Machine Learning Server are addressed with 23.0.2-IF002

Summary In addition to updates to operating system level packages, IBM Business Automation Workflow Machine Learning Server 23.0.2-IF002 addresses the following vulnerabilities. Vulnerability Details CVEID:CVE-2024-24762 DESCRIPTION: FastAPI is vulnerable to a denial of service, caused by a regul...

Exploit for Server-Side Request Forgery in Anyscale Ray

PoC for a remote command execution vulnerability in Ray framew...