545 matches found
CVE-2024-36321
CVE-2024-36321 : The AMD AIM-T Manageability Service is affected by an unquoted search path vulnerability that can allow a local attacker to escalate privileges and potentially achieve arbitrary code execution. Affected software is AMD AIM-T Manageability Service; root cause is an unquoted path i...
CVE-2024-36321
Unquoted search path within AIM-T Manageability Service can allow a local attacker to escalate privileges, potentially resulting in arbitrary code execution...
PT-2025-20932 · Unknown · Aim-T Manageability Service
Name of the Vulnerable Software and Affected Versions: AIM-T Manageability Service affected versions not specified Description: The issue is related to an unquoted search path within the AIM-T Manageability Service, which can be exploited by a local attacker to escalate privileges. This could...
CVE-2024-24292
A Prototype Pollution issue in Aliconnect /sdk v.0.0.6 allows an attacker to execute arbitrary code via the aim function in the aim.js component...
CVE-2024-24292
A Prototype Pollution issue in Aliconnect /sdk v.0.0.6 allows an attacker to execute arbitrary code via the aim function in the aim.js component...
CVE-2024-24292
A Prototype Pollution issue in Aliconnect /sdk v.0.0.6 allows an attacker to execute arbitrary code via the aim function in the aim.js component...
CVE-2024-24292
A Prototype Pollution issue in Aliconnect /sdk v.0.0.6 allows an attacker to execute arbitrary code via the aim function in the aim.js component...
PT-2025-13570 · Unknown · Aliconnect /Sdk
Name of the Vulnerable Software and Affected Versions: Aliconnect /sdk version 0.0.6 Description: A Prototype Pollution issue allows an attacker to execute arbitrary code via the aim function in the aim.js component. This issue enables attackers to potentially compromise systems by injecting...
CVE-2024-6483
A vulnerability in the runs/delete-batch endpoint of aimhubio/aim version 3.19.3 allows for arbitrary file or directory deletion through path traversal. The endpoint does not mitigate path traversal when handling user-specified run-names, which are used to specify log/metadata files for deletion...
CVE-2025-0189
In version 3.25.0 of aimhubio/aim, the tracking server is vulnerable to a denial of service attack. The server overrides the maximum size for websocket messages, allowing very large images to be tracked. This causes the server to become unresponsive to other requests while processing the large...
CVE-2024-12778
A vulnerability in aimhubio/aim version 3.25.0 allows for a denial of service DoS attack. The issue arises when a large number of tracked metrics are retrieved simultaneously from the Aim web API, causing the web server to become unresponsive. The root cause is the lack of a limit on the number o...
CVE-2024-8061
In version 3.23.0 of aimhubio/aim, certain methods that request data from external servers do not have set timeouts, causing the server to wait indefinitely for a response. This can lead to a denial of service, as the tracking server does not respond to other requests while waiting. The issue...
CVE-2024-8101
A stored cross-site scripting XSS vulnerability exists in the Text Explorer component of aimhubio/aim version 3.23.0. The vulnerability arises due to the use of dangerouslySetInnerHTML without proper sanitization, allowing arbitrary JavaScript execution when rendering tracked texts. This can be...
ado-sfttrainer (>=1.0.1 <=1.8.0), aim-mlflow (>=0.1.0 <=0.2.1) +27 more potentially affected by CVE-2025-0190 via aim (>=3.17.4 <=4.0.3)
aim PYPI version =3.17.4, =1.0.1, =0.1.0, =0.1.0, =0.0.1, =4.46.1, =0.0.1, =0.0.3, =0.0.1, =1.1.5, =0.1.1, =0.22.0, =0.0.1, =0.0.1, =2.0.1, =2.0.7 and more Source cves: CVE-2025-0190 Source advisory: SNYK:PYTHON-AIM-9510937...
ado-sfttrainer (>=1.0.1 <=1.8.0), aim-mlflow (>=0.1.0 <=0.2.1) +27 more potentially affected by CVE-2025-0189 via aim (>=3.17.4 <=4.0.3)
aim PYPI version =3.17.4, =1.0.1, =0.1.0, =0.1.0, =0.0.1, =4.46.1, =0.0.1, =0.0.3, =0.0.1, =1.1.5, =0.1.1, =0.22.0, =0.0.1, =0.0.1, =2.0.1, =2.0.7 and more Source cves: CVE-2025-0189 Source advisory: SNYK:PYTHON-AIM-9510938...
dsipts (>=1.1.5 <=1.1.19), llm-toys (=0.1.1) +2 more potentially affected by CVE-2025-0189 via aim (>=3.17.4 <=3.20.1)
aim PYPI version =3.17.4, =1.1.5, =0.0.20, =0.1.0, =0.5.6 Source cves: CVE-2025-0189 Source advisory: OSV:GHSA-J5QJ-RG5J-J7C2...
dsipts (>=1.1.5 <=1.1.19), llm-toys (=0.1.1) +2 more potentially affected by CVE-2025-0190 via aim (>=3.17.4 <=3.20.1)
aim PYPI version =3.17.4, =1.1.5, =0.0.20, =0.1.0, =0.5.6 Source cves: CVE-2025-0190 Source advisory: OSV:GHSA-FM93-G6XP-35XQ...
Aim Excessive Data Query Operations in a Large Data Table vulnerability
In version 3.25.0 of aimhubio/aim, a denial of service vulnerability exists. By tracking a large number of Text objects and then querying them simultaneously through the web API, the Aim web server becomes unresponsive to other requests for an extended period while processing and returning these...
GHSA-FM93-G6XP-35XQ Aim Excessive Data Query Operations in a Large Data Table vulnerability
In version 3.25.0 of aimhubio/aim, a denial of service vulnerability exists. By tracking a large number of Text objects and then querying them simultaneously through the web API, the Aim web server becomes unresponsive to other requests for an extended period while processing and returning these...
ado-sfttrainer (>=1.0.1 <=1.8.0), aim-mlflow (>=0.1.0 <=0.2.1) +27 more potentially affected by CVE-2024-8769 via aim (>=3.17.4 <=4.0.3)
aim PYPI version =3.17.4, =1.0.1, =0.1.0, =0.1.0, =0.0.1, =4.46.1, =0.0.1, =0.0.3, =0.0.1, =1.1.5, =0.1.1, =0.22.0, =0.0.1, =0.0.1, =2.0.1, =2.0.7 and more Source cves: CVE-2024-8769 Source advisory: SNYK:PYTHON-AIM-9510955...