125 matches found
EUVD-2019-0308
Malware in sbrugna...
EUVD-2024-38188
Malicious code in bioql PyPI...
Gradient Inversion Attacks on Parameter-Efficient Fine-Tuning
Federated learning FL allows multiple data-owners to collaboratively train machine learning models by exchanging local gradients, while keeping their private data on-device. To simultaneously enhance privacy and training efficiency, recently parameter-efficient fine-tuning PEFT of large-scale...
DeeCLIP: a Robust and Generalizable Transformer-Based Framework for Detecting AI-Generated Images
This paper introduces DeeCLIP, a novel framework for detecting AI-generated images using CLIP-ViT and fusion learning. Despite significant advancements in generative models capable of creating highly photorealistic images, existing detection methods often struggle to generalize across different...
CVE-2024-39686
Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the datadir variable is used directly in a command executed with subprocess.runcmd, shell=True in the bertgen function, which leads to arbitrary command execution. This affects fishaudio/Bert-VITS2 2.3 and earlier...
CVE-2024-39688 fishaudio/Bert-VITS2 Limited File Write in webui_preprocess.py generate_config function
Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the datadir variable is concatenated with other folders and used to open a new file in the generateconfig function, which leads to a limited file write. The issue allows for writing /config/config.json file in arbitra...
CVE-2024-39685
Bert-VITS2 (fishaudio) vulnerability CVE-2024-39685 affects version 2.3 and earlier of the Bert-VITS2 backbone. The root cause is that user input to the data_dir variable is used directly in a subprocess.run(cmd, shell=True) call within the resample function, enabling arbitrary command execution....
CVE-2024-39685 fishaudio/Bert-VITS2 Command Injection in webui_preprocess.py resample function
Bert-VITS2 is the VITS2 Backbone with multilingual bert. User input supplied to the datadir variable is used directly in a command executed with subprocess.runcmd, shell=True in the resample function, which leads to arbitrary command execution. This affects fishaudio/Bert-VITS2 2.3 and earlier...
Malicious code in backbone-input-view (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-1804 Malicious code in backbone-input-view (npm)
--- -= Per source details. Do not edit below this line.=-...
Important: Red Hat Security Advisory: Red Hat AMQ Streams 2.2.2 release and security update
Red Hat AMQ Streams 2.2.2 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
Important: Red Hat Security Advisory: Red Hat AMQ Streams 2.5.1 release and security update
Red Hat AMQ Streams 2.5.1 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
Important: Red Hat Security Advisory: Red Hat AMQ Streams 2.5.0 release and security update
Red Hat AMQ Streams 2.5.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
Lazarus Group exploits ManageEngine vulnerability to deploy QuiteRAT
Cisco Talos discovered the North Korean state-sponsored actor Lazarus Group targeting internet backbone infrastructure and healthcare entities in Europe and the United States. This is the third documented campaign attributed to this actor in less than a year, with the actor reusing the same...
Moderate: Red Hat Security Advisory: Red Hat AMQ Streams 2.2.1 release and security update
Red Hat AMQ Streams 2.2.1 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
Moderate: Red Hat Security Advisory: Red Hat AMQ Streams 2.3.0 release and security update
Red Hat AMQ Streams 2.3.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
Important: Red Hat Security Advisory: Red Hat AMQ Streams 2.2.0 release and security update
Red Hat AMQ Streams 2.2.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
Malicious code in backbone-typescripts-accessor-generator (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3840c75337cd1b91f11c859547a44c49050af6f3caf764fac6335dd47ab75829 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-1448 Malicious code in backbone-typescripts-accessor-generator (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3840c75337cd1b91f11c859547a44c49050af6f3caf764fac6335dd47ab75829 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in grunt-backbone-typescript-accessor-generator (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 115b154824bd13959e78a37c9aedd1573687c0ae5c3e7cc352e68c9a751984c3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...