Lucene search
K

234 matches found

Debian CVE
Debian CVE
added yesterday5 views

CVE-2026-14647

A weakness has been identified in onnx up to 1.21.x. This vulnerability affects the function convPoolShapeInferenceopset19 of the file onnx/defs/nn/old.cc of the component onnxruntime. This manipulation causes out-of-bounds read. It is possible to initiate the attack remotely. The exploit has bee...

5.3CVSS5.5AI score
Exploits0
EUVD
EUVD
added yesterday7 views

EUVD-2026-41691

A weakness has been identified in onnx up to 1.21.x. This vulnerability affects the function convPoolShapeInferenceopset19 of the file onnx/defs/nn/old.cc of the component onnxruntime. This manipulation causes out-of-bounds read. It is possible to initiate the attack remotely. The exploit has bee...

5.3CVSS5.5AI score
Exploits0References8
CVE
CVE
added yesterday12 views

CVE-2026-14647

ONNX Runtime (onnxruntime) up to 1.21.x is affected by CVE-2026-14647 due to a weakness in convPoolShapeInference_opset19 in ONNX’s old.cc (onnx/defs/nn). The root cause is an out-of-bounds read introduced in this path, enabling remote exploitation. Public exploits exist per the description. Reme...

5.3CVSS5.5AI score
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-11329

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability has been found in onnx onnx-mlir up to 0.5.0.0. Affected by this issue is the function generatehashkey of the file...

3.6CVSS4.7AI score0.00078EPSS
Exploits0References2
OSV
OSV
added 2026/06/08 12:0 a.m.9 views

UBUNTU-CVE-2026-11329

A vulnerability has been found in onnx onnx-mlir up to 0.5.0.0. Affected by this issue is the function generatehashkey of the file src/Runtime/python/torchonnxmlir/src/torchonnxmlir/backend.py of the component Placeholder Node Cache Handler. Such manipulation leads to use of weak hash. An attack...

3.6CVSS4.5AI score0.00078EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/06/06 12:43 p.m.13 views

CVE-2026-11329

A vulnerability has been found in onnx onnx-mlir up to 0.5.0.0. Affected by this issue is the function generatehashkey of the file src/Runtime/python/torchonnxmlir/src/torchonnxmlir/backend.py of the component Placeholder Node Cache Handler. Such manipulation leads to use of weak hash. An attack...

3.6CVSS4.6AI score0.00078EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:27 p.m.11 views

CVE-2026-40979

In Spring AI, having access to a shared environment can expose the ONNX model used by the application. Affected versions: Spring AI: 1.0.0 - 1.0.5 fixed in 1.0.6, 1.1.0 - 1.1.4 fixed in 1.1.5...

6.1CVSS5.4AI score0.00105EPSS
Exploits0References1
NVD
NVD
added 2026/06/05 1:16 p.m.15 views

CVE-2026-11329

A vulnerability has been found in onnx onnx-mlir up to 0.5.0.0. Affected by this issue is the function generatehashkey of the file src/Runtime/python/torchonnxmlir/src/torchonnxmlir/backend.py of the component Placeholder Node Cache Handler. Such manipulation leads to use of weak hash. An attack...

3.6CVSS0.00078EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/05 12:15 p.m.40 views

CVE-2026-11329 onnx onnx-mlir Placeholder Node Cache backend.py generate_hash_key weak hash

A vulnerability has been found in onnx onnx-mlir up to 0.5.0.0. Affected by this issue is the function generatehashkey of the file src/Runtime/python/torchonnxmlir/src/torchonnxmlir/backend.py of the component Placeholder Node Cache Handler. Such manipulation leads to use of weak hash. An attack...

3.6CVSS0.00078EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/05 12:15 p.m.11 views

EUVD-2026-34826

A vulnerability has been found in onnx onnx-mlir up to 0.5.0.0. Affected by this issue is the function generatehashkey of the file src/Runtime/python/torchonnxmlir/src/torchonnxmlir/backend.py of the component Placeholder Node Cache Handler. Such manipulation leads to use of weak hash. An attack...

3.6CVSS4.5AI score0.00078EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/06/05 12:15 p.m.8 views

CVE-2026-11329 onnx onnx-mlir Placeholder Node Cache backend.py generate_hash_key weak hash

A vulnerability has been found in onnx onnx-mlir up to 0.5.0.0. Affected by this issue is the function generatehashkey of the file src/Runtime/python/torchonnxmlir/src/torchonnxmlir/backend.py of the component Placeholder Node Cache Handler. Such manipulation leads to use of weak hash. An attack...

3.6CVSS4.5AI score0.00078EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/06/05 12:15 p.m.6 views

CVE-2026-11329

A vulnerability has been found in onnx onnx-mlir up to 0.5.0.0. Affected by this issue is the function generatehashkey of the file src/Runtime/python/torchonnxmlir/src/torchonnxmlir/backend.py of the component Placeholder Node Cache Handler. Such manipulation leads to use of weak hash. An attack...

3.6CVSS4.5AI score0.00078EPSS
Exploits0References8Affected Software1
CVE
CVE
added 2026/06/05 12:15 p.m.31 views

CVE-2026-11329

Technical details are not publicly available in the provided documents. Monitor for updates from official sources for affected products, versions, impact, and remediation.

3.6CVSS4.6AI score0.00078EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.15 views

PT-2026-46946

Name of the Vulnerable Software and Affected Versions onnx onnx-mlir versions prior to 0.5.0.0 Description The Placeholder Node Cache Handler component contains an issue within the generate hash key function located in the src/Runtime/python/torch onnxmlir/src/torch onnxmlir/backend.py file. This...

3.6CVSS4.7AI score0.00078EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.15 views

Ubuntu 24.04 LTS : ONNX vulnerability (USN-8307-1)

The remote Ubuntu 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8307-1 advisory. It was discovered that ONNX did not properly validate paths when extracting tar archives during model downloads. An attacker could possibly use this issue to...

8.8CVSS7.5AI score0.01168EPSS
Exploits1References2
Ubuntu
Ubuntu
added 2026/05/26 5:51 p.m.18 views

USN-8307-1: ONNX vulnerability

It was discovered that ONNX did not properly validate paths when extracting tar archives during model downloads. An attacker could possibly use this issue to overwrite arbitrary files on the system...

8.8CVSS6AI score0.01168EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 3:7 p.m.13 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a TOCTOU vulnerability in ONNX [GHSA-q56x-g2fj-4rj6]

Summary IBM Watson Speech Services Cartridge is vulnerable to a TOCTOU vulnerability in ONNX, due to multiple issues in the saveexternaldata method which introduce an arbitrary file read/write on any system GHSA-q56x-g2fj-4rj6. ONNX is used in our speech runtimes. This vulnerabilitiy has been...

5.8AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 3:2 p.m.8 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an Improper Input Validation in ONNX [CVE-2026-34445, CVE-2026-34446, CVE-2026-34447]

Summary IBM Watson Speech Services Cartridge is vulnerable to an Improper Input Validation in ONNX due to an issue with the ExternalDataInfo class in ONNX using Python's setattr function to load metadata like file paths or data lengths directly from an ONNX model file, which fails to properly...

8.6CVSS5.8AI score0.00288EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 3:0 p.m.7 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a path traversal vulnerability in ONNX [CVE-2026-27489]

Summary BM Watson Speech Services Cartridge is vulnerable to a path traversal vulnerability in ONNX due to an issue in symlink that allows the package to read arbitrary files outside model or user-provided directory CVE-2026-27489. ONNX is used in our speech runtimes. This vulnerabilitiy has been...

8.7CVSS5.8AI score0.00593EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 2:56 p.m.9 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a security control bypass in ONNX [CVE-2026-28500]

Summary IBM Watson Speech Services Cartridge is vulnerable to a security control bypass in onnx.hub.load due to improper logic in the repository trust verification mechanismCVE-2026-28500. ONNX is used in our speech runtimes. This vulnerabilitiy has been addressed. Please read the details for...

9.1CVSS5.6AI score0.00318EPSS
Exploits0Affected Software1
Rows per page
Query Builder