EUVD-2024-2188

Malicious code in bioql PyPI...

MindSpore 缓冲区错误漏洞

MindSpore is a new open source deep learning training/inference framework open sourced by MindSpore. It can be used in mobile, edge and cloud scenarios. A buffer error vulnerability exists in MindSpore version 2.5.0 that stems from a memory corruption...

CVE-2024-37902 Path thraversal in DeepJavaLibrary

DeepJavaLibraryDJL is an Engine-Agnostic Deep Learning Framework in Java. DJL versions 0.1.0 through 0.27.0 do not prevent absolute path archived artifacts from inserting archived files directly into the system, overwriting system files. This is fixed in DJL 0.28.0 and patched in DJL Large Model...

CVE-2024-37902

Summary: CVE-2024-37902 affects the Java DeepJavaLibrary (DJL) up to version 0.27.0. The root cause is an absolute-path handling flaw in archived artifacts that can insert files directly into the system and overwrite system files. The issue is fixed in DJL v0.28.0 and also patched in the DJL Larg...

Deep Java Library Security Vulnerability

Deep Java Library is an open source, high-level, engine-independent deep learning Java framework from Deep Java Library Open Source. A security vulnerability exists in Deep Java Library that stems from improper validation of file paths during tar file extraction...