Lucene search
K

147 matches found

Vulnrichment
Vulnrichment
added 2026/02/02 8:14 p.m.5 views

CVE-2026-1778 TLS disabled by default in select aws/sagemaker-python-sdk configurations

Amazon SageMaker Python SDK before v3.1.1 or v2.256.0 disables TLS certificate verification for HTTPS connections made by the service when a Triton Python model is imported, incorrectly allowing for requests with invalid and self-signed certificates to succeed...

8.2CVSS5.4AI score0.00244EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/02 8:14 p.m.32 views

CVE-2026-1778 TLS disabled by default in select aws/sagemaker-python-sdk configurations

Amazon SageMaker Python SDK before v3.1.1 or v2.256.0 disables TLS certificate verification for HTTPS connections made by the service when a Triton Python model is imported, incorrectly allowing for requests with invalid and self-signed certificates to succeed...

8.2CVSS0.00244EPSS
Exploits0References4
OSV
OSV
added 2026/02/02 8:14 p.m.6 views

CVE-2026-1778 TLS disabled by default in select aws/sagemaker-python-sdk configurations

Amazon SageMaker Python SDK before v3.1.1 or v2.256.0 disables TLS certificate verification for HTTPS connections made by the service when a Triton Python model is imported, incorrectly allowing for requests with invalid and self-signed certificates to succeed...

8.2CVSS6AI score0.00244EPSS
Exploits0References6
OSV
OSV
added 2026/02/02 8:10 p.m.4 views

CVE-2026-1777 Cleartext transmission of sensitive materials in aws/sagemaker-python-sdk

The Amazon SageMaker Python SDK before v3.2.0 and v2.256.0 includes the ModelBuilder HMAC signing key in the cleartext response elements of the DescribeTrainingJob function. A third party with permissions to both call this API and permissions to modify objects in the Training Jobs S3 output...

8.5CVSS6.1AI score0.00455EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/02/02 8:10 p.m.7 views

CVE-2026-1777

The Amazon SageMaker Python SDK before v3.2.0 and v2.256.0 includes the ModelBuilder HMAC signing key in the cleartext response elements of the DescribeTrainingJob function. A third party with permissions to both call this API and permissions to modify objects in the Training Jobs S3 output...

8.5CVSS5.6AI score0.00455EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/02 8:10 p.m.26 views

CVE-2026-1777 Cleartext transmission of sensitive materials in aws/sagemaker-python-sdk

The Amazon SageMaker Python SDK before v3.2.0 and v2.256.0 includes the ModelBuilder HMAC signing key in the cleartext response elements of the DescribeTrainingJob function. A third party with permissions to both call this API and permissions to modify objects in the Training Jobs S3 output...

8.5CVSS0.00455EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/02 12:0 a.m.7 views

Amazon SageMaker Python SDK 安全漏洞

Amazon SageMaker Python SDK is a development toolkit provided by Amazon, Inc., for building, training, and deploying machine learning models. Versions of the Amazon SageMaker Python SDK prior to v3.1.1 and v2.256.0 contained security vulnerabilities. These vulnerabilities stemmed from the disabli...

8.2CVSS5.8AI score0.00244EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/02 12:0 a.m.11 views

Amazon SageMaker Python SDK 安全漏洞

Amazon SageMaker Python SDK is a development toolkit provided by Amazon, Inc., for building, training, and deploying machine learning models. Versions of the Amazon SageMaker Python SDK prior to v3.2.0 and v2.256.0 contained security vulnerabilities. These vulnerabilities stemmed from the plainte...

8.5CVSS6AI score0.00455EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/02 12:0 a.m.13 views

PT-2026-6479

Summary SageMaker Python SDK is an open source library for training and deploying machine learning models on Amazon SageMaker. An issue where the HMAC secret key is stored in environment variables and disclosed via the DescribeTrainingJob API has been identified. Impact - Function and Payload...

8.5CVSS6.4AI score0.00455EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/02/02 12:0 a.m.9 views

PT-2026-5709

Name of the Vulnerable Software and Affected Versions Amazon SageMaker Python SDK versions prior to 3.1.1 Amazon SageMaker Python SDK versions prior to 2.256.0 Description The SageMaker Python SDK has an issue where TLS certificate verification is disabled for HTTPS connections when importing a...

8.2CVSS6.6AI score0.00244EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/02/02 12:0 a.m.13 views

PT-2026-5708

Name of the Vulnerable Software and Affected Versions Amazon SageMaker Python SDK versions prior to 3.2.0 Amazon SageMaker Python SDK versions prior to 2.256.0 Description The Amazon SageMaker Python SDK contains the ModelBuilder HMAC signing key in cleartext within the response elements of the...

8.5CVSS5.6AI score0.00455EPSS
Exploits0References15
RedhatCVE
RedhatCVE
added 2026/01/09 8:35 a.m.5 views

CVE-2024-34073

sagemaker-python-sdk is a library for training and deploying machine learning models on Amazon SageMaker. In affected versions the capturedependencies function in sagemaker.serve.saveretrive.version100.save.utils module allows for potentially unsafe Operating System OS Command Injection if...

7.8CVSS7.9AI score0.01143EPSS
Exploits0References1
Huntr
Huntr
added 2025/12/08 9:27 a.m.8 views

MLflow SageMaker Command Injection Vulnerability

Description The vulnerability exists in /mlflow/sagemaker/init.py at lines 161-167, where user-supplied container image names are directly interpolated into shell commands without proper sanitization before being passed to os.system. Vulnerable Code Path : CLI Input --container parameter ↓...

8.8CVSS7.5AI score0.01456EPSS
Exploits1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-43982

Malicious code in bioql PyPI...

9.8CVSS9.5AI score0.0261EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-1498

Malicious code in bioql PyPI...

7.8CVSS7.5AI score0.01143EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-1835

Malicious code in bioql PyPI...

7.8CVSS7.5AI score0.00408EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2025-6837

Malicious code in bioql PyPI...

5.9CVSS5.8AI score0.00247EPSS
Exploits0References3
Snyk
Snyk
added 2025/09/17 10:41 p.m.4 views

Out-of-bounds Write

Overview nvidia-pytriton is a PyTriton - Flask/FastAPI-like interface to simplify Triton's deployment in Python environments. Affected versions of this package are vulnerable to Out-of-bounds Write via the HTTP and Sagemaker request handler. An attacker could cause an out-of-bounds write through ...

8.7CVSS7.1AI score0.00355EPSS
Exploits0References2
OSV
OSV
added 2025/09/07 4:39 p.m.2 views

MAL-2025-191680 Malicious code in amzn-sagemaker-studio (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a557d275cca7627fa4d3e2c72f0fc9b78fc5ac70aa87a0ab586f1abf9f8777a6 Package exfiltrates the environment variables during the import --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaig...

6.9AI score
Exploits0References1
OSV
OSV
added 2025/08/14 6:52 p.m.3 views

MAL-2025-32622 Malicious code in sagemaker_examples (npm)

The package sagemakerexamples was found to contain malicious code...

7.2AI score
Exploits0
Rows per page
Query Builder