6 matches found
Azure Linux 3.0 Security Update: pytorch (CVE-2024-5187)
The version of pytorch installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-5187 advisory. - A vulnerability in the downloadmodelwithtestdata function of the onnx/onnx framework, version 1.16.0, allows...
Security Bulletin: Vulnerability in Open Neural Network Exchange (ONNX) affects IBM watsonx Assistant for IBM Cloud Pak for Data
Summary A potential vulnerability in Open Neural Network Exchange ONNX has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-5187 DESCRIPTION: Open...
CVE-2024-5187 affecting package pytorch for versions less than 2.2.2-3
CVE-2024-5187 affecting package pytorch for versions less than 2.2.2-3. A patched version of the package is available...
Fedora: Security Advisory (FEDORA-2024-d9c7181a19)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
acetone-nnet (>=0.1.0 <=0.4.0.dev1), acuity (=6.18.0) +173 more potentially affected by CVE-2024-5187 +1 more via onnx (>=0.2.0 <=1.16.1)
onnx PYPI version =0.2.0, =0.1.0, =0.0.0, =0.0.157, =1.3.0, =0.3.1, =1.3.0, =0.0.9, =0.2.19, =0.0.1, =0.1.0, =0.1.4 - autodistill-yolonas =0.1.1 and more Source cves: CVE-2024-5187, CVE-2025-51480 Source advisory: OSV:GHSA-6RQ9-53C3-F7VJ...
CVE-2024-5187
A vulnerability in the downloadmodelwithtestdata function of the onnx/onnx framework, version 1.16.0, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability enables attackers to overwrite any file on the system,...