CVE-2023-30620 Arbitrary File Write when Extracting a Remotely retrieved Tarball in mindsdb/mindsdb

mindsdb is a Machine Learning platform to help developers build AI solutions. In affected versions an unsafe extraction is being performed using tarfile.extractall from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended location. Sometimes, the...

CVE-2023-30620

The CVE-2023-30620 issue affects MindsDB where an unsafe extraction using tarfile.extractall() on a remotely retrieved tarball can write extracted files to unintended locations (TarSlip/ZipSlip-like). Affected MindsDB versions allowed remote tarball extraction without path validation, enabling ar...

Using LLMs to Create Bioweapons

Im not sure there are good ways to build guardrails to prevent this sort of thing: There is growing concern regarding the potential misuse of molecular machine learning models for harmful purposes. Specifically, the dual-use application of models for predicting cytotoxicity18 to create new poison...

GVision - A Reverse Image Search App That Use Google Cloud Vision API To Detect Landmarks And Web Entities From Images, Helping You Gather Valuable Information Quickly And Easily

GVision is a reverse image search app that use Google Cloud Vision API to detect landmarks and web entities from images, helping you gather valuable information quickly and easily. About Google Cloud Vision API Google Cloud Vision API is a machine learning-powered image analysis service that...

FreeBSD : py-tflite -- buffer overflow vulnerability (326b2f3e-6fc7-4661-955d-a772760db9cf)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 326b2f3e-6fc7-4661-955d-a772760db9cf advisory. - TensorFlow is an open source platform for machine learning. The reference kernel of the CONV3DTRANSPO...

FreeBSD : py-tflite -- denial of service vulnerability (d82bcd2b-5cd6-421c-8179-b3ff0231029f)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the d82bcd2b-5cd6-421c-8179-b3ff0231029f advisory. - TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attack...

FreeBSD : py-tensorflow -- denial of service vulnerability (ae132c6c-d716-11ed-956f-7054d21a9e2a)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the ae132c6c-d716-11ed-956f-7054d21a9e2a advisory. - TensorFlow is an open source platform for machine learning. The implementation of...

CVE-2023-28312

Azure Machine Learning Information Disclosure Vulnerability...

CVE-2023-28312

Azure Machine Learning Information Disclosure Vulnerability...

Information disclosure

Azure Machine Learning Information Disclosure Vulnerability...

CVE-2023-28312 Azure Machine Learning Information Disclosure Vulnerability

...

CVE-2023-28312

CVE-2023-28312 affects Azure Machine Learning. It is an information-disclosure vulnerability in the Azure Machine Learning component that can allow an attacker located in the same secured network (attack vector: adjacent) to access system logs or sensitive data. The CVSSv3.1 base score is 6.5 (ME...

CVE-2023-28312 Azure Machine Learning Information Disclosure Vulnerability

...

Azure Machine Learning Information Disclosure Vulnerability

...

Microsoft Azure Machine Learning Service DSIMountAgent Missing Authentication Information Disclosure Vulnerability

This vulnerability allows network-adjacent attackers to disclose sensitive information on Microsoft Azure. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DSIMountAgent service, which listens on TCP port 46802 by default. The issue results from th...

Vulnerabilities fixed in Microsoft Azure

Microsoft has fixed vulnerabilities in the Azure components Service Connector and Machine Learning. A malicious party could exploit the vulnerabilities to bypass internal firewall rules, or to gain access to logging data. The malicious party must be authenticated with the appropriate...

PT-2023-2416 · Microsoft · Azure Machine Learning

Name of the Vulnerable Software and Affected Versions: Azure Machine Learning affected versions not specified Description: The issue is related to a lack of protection for service data in Azure Machine Learning, which could allow a remote attacker to gain unauthorized access to protected...

Microsoft Azure Machine Learning 安全漏洞

Microsoft Azure is a suite of open, enterprise-grade cloud computing platforms from the U.S.-based Microsoft Corporation Microsoft. A security vulnerability exists in Microsoft Azure Machine Learning. No information about this vulnerability is available at this time, so stay tuned to CNNVD or...

Design/Logic Flaw

MindsDB is an open source machine learning platform. An unsafe extraction is being performed using shutil.unpackarchive from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended location. This vulnerability is sometimes called a TarSlip or a ZipSlip...

CVE-2022-23522 Arbitrary File Write when Extracting Tarballs retrieved from a remote location using in mindsdb

MindsDB is an open source machine learning platform. An unsafe extraction is being performed using shutil.unpackarchive from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended location. This vulnerability is sometimes called a TarSlip or a ZipSlip...