Gradio Command Injection Vulnerability

Gradio is an open source Python library that is a way to demonstrate machine learning models through a friendly web interface. Gradio suffers from a command injection vulnerability that stems from the application exposing sensitive information to unauthorized participants...

Vulnerabilities fixed in Microsoft Azure

Microsoft has fixed vulnerabilities in several Azure components. A malicious party could exploit the vulnerabilities to grant themselves elevated privileges, gain access to sensitive data, or to impersonate another user via a cross-site scripting attack. Such an attack can lead to execution of...

GHSA-M5PC-86X8-WCXG Exposure of Sensitive Information in mltable

Azure Machine Learning Compute Instance for SDK Users Information Disclosure Vulnerability...

Exposure of Sensitive Information in mltable

Azure Machine Learning Compute Instance for SDK Users Information Disclosure Vulnerability...

CVE-2023-35625

Azure Machine Learning Compute Instance for SDK Users Information Disclosure Vulnerability...

CVE-2023-35625

Azure Machine Learning Compute Instance for SDK Users Information Disclosure Vulnerability...

CVE-2023-35625

Azure Machine Learning Compute Instance for SDK Users Information Disclosure Vulnerability...

Information disclosure

Azure Machine Learning Compute Instance for SDK Users Information Disclosure Vulnerability...

CVE-2023-35625 Azure Machine Learning Compute Instance for SDK Users Information Disclosure Vulnerability

...

CVE-2023-35625

Azure Machine Learning Compute Instance for SDK Users (CVE-2023-35625) is an information disclosure vulnerability with a CVSS v3.1 base score of 4.7 (Local attack, High confidentiality impact; others not impacted). Affected component is the Azure Machine Learning Compute Instance for SDK Users. R...

Security Bulletin: Mutiple Vulnerabilties in Open Source packages affecting IBM Watson Machine Learning Accelerator on Cloud Pak for Data

Summary IBM Watson Machine Learning Accelerator on Cloud Pak for Data is vulnerable to several open source vulnerabilites. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2022-1996 DESCRIPTION: go-restful could allow a remote attacker to...

Security Bulletin: Watson Machine Learning Accelerator on Cloud Pak for Data Version is affected by multiple vulnerabilties

Summary Mutiple open source vulnerabilties affects Watson Machine Learning Accelerator on Cloud Pak for Data Version 2.3.3 and have been addressed in version 2.3.4. Vulnerability Details CVEID:CVE-2021-23566 DESCRIPTION: Nanoid could allow a local attacker to obtain sensitive information, caused ...

Azure Machine Learning Compute Instance for SDK Users Information Disclosure Vulnerability

...

a2 (>=0.1.0 <=0.3.17), abnativ (>=1.1.0 <=1.2.9) +337 more potentially affected by CVE-2023-6709 via mlflow (>=0.8.2 <=2.9.1)

mlflow PYPI version =0.8.2, =0.1.0, =1.1.0, =0.0.5, =0.1.0, =0.1.0, =1.7.0, =1.7.0, =1.8.0, =1.7.0, =1.7.0, =0.1.1, =0.1.5 - anovos =1.1.0 - apache-submarine =0.6.0 and more Source cves: CVE-2023-6709 Source advisory: OSV:PYSEC-2023-281...

Microsoft Azure Machine Learning Security Vulnerability

Microsoft Azure is a suite of open, enterprise-grade cloud computing platforms from the U.S.-based Microsoft Corporation Microsoft. A security vulnerability exists in Microsoft Azure Machine Learning. An attacker exploiting the vulnerability could gain access to sensitive information...

Security Bulletin: Multiple vulnerabilities in JQuery Java Script Library Affects IBM Watson Machine Learning Accelerator on Cloud Pak for Data

Summary Vulnerablities in jquery affects IBM Watson Machine Learning Accelerator on Cloud Pak for Data. These are addressed. Vulnerability Details CVEID:CVE-2019-11358 DESCRIPTION: jQuery, as used in Drupal core, is vulnerable to cross-site scripting, caused by improper validation of user-supplie...

Security Bulletin: IBM Watson Machine Learning Accelerator on Cloud Pak for Data is vunerable to libsass and node-sass vulnerabilities

Summary IBM Watson Machine Learning Accelerator on Cloud Pak for Data is vunerable to the dependencies in the opensource library libsass-3.5.5 and opennms-opennms-source-25.1.1-1 . These are fixed. Vulnerability Details CVEID:CVE-2018-11696 DESCRIPTION: LibSaas is vulnerable to a denial of servic...

U.S., U.K., and Global Partners Release Secure AI System Development Guidelines

The U.K. and U.S., along with international partners from 16 other countries, have released new guidelines for the development of secure artificial intelligence AI systems. "The approach prioritizes ownership of security outcomes for customers, embraces radical transparency and accountability, an...

Apache Submarine Deserialization Vulnerability

Apache Submarine is a cloud-native machine learning platform from the Apache USA Foundation. Apache Submarine suffers from a deserialization vulnerability that stems from unsafe deserialization processing by snakeyaml when receiving serialized data submitted by a user, which can be exploited by a...

H2O Security Breach

H2O is an in-memory platform for distributed, scalable machine learning. H2O suffers from a security vulnerability that stems from allowing an attacker to execute remote code via the POJO model import function...