24 matches found
EUVD-2024-0034
Malicious code in bioql PyPI...
aistrainer (>=0.0.1 <=0.0.13), aivoifu (>=0.2.8 <=0.2.9) +21 more potentially affected by unknown CVE via deepspeed (>=0.10.2 <=0.15.1)
deepspeed PYPI version =0.10.2, =0.0.1, =0.2.8, =0.2.0, =0.0.1, =1.0.0, =0.0.1, =0.1.0, =0.4.1 and more Source cves: unknown CVE Source advisory: SNYK:PYTHON-DEEPSPEED-8320951...
Command Injection
Overview deepspeed is a DeepSpeed library Affected versions of this package are vulnerable to Command Injection when multiple instances where subprocess.run and subprocess.checkoutput, are called with unsanitized input and shell=True. An attacker would need to supply specially crafted input to...
Microsoft DeepSpeed Remote Code Execution Vulnerability
Microsoft DeepSpeed is an easy-to-use deep learning optimization software suite from Microsoft that delivers unprecedented scale and speed for DL training and inference. A remote code execution vulnerability exists in Microsoft DeepSpeed, which can be exploited by an attacker to execute arbitrary...
Vulnerabilities fixed in Microsoft Developer Tools
Microsoft has fixed vulnerabilities in several Developer Tools. A malicious person could exploit the vulnerabilities to cause a Denial-of-Service, grant themselves elevated privileges or execute arbitrary code with the victim's privileges. Successful exploitation requires the malicious party to...
aistrainer (>=0.0.1 <=0.0.11), aivoifu (>=0.2.8 <=0.2.9) +20 more potentially affected by CVE-2024-43497 via deepspeed (>=0.10.2 <=0.15.0)
deepspeed PYPI version =0.10.2, =0.0.1, =0.2.8, =0.2.0, =0.0.1, =1.0.0, =0.0.1, =0.1.0, =0.4.1 and more Source cves: CVE-2024-43497 Source advisory: SNYK:PYTHON-DEEPSPEED-8230423...
Arbitrary Command Injection
Overview deepspeed is a DeepSpeed library Affected versions of this package are vulnerable to Arbitrary Command Injection through the execution of unauthorized commands or code. An attacker can execute arbitrary code on the system by sending crafted inputs to the affected function. Remediation...
GHSA-8CP5-3RF8-8GFH DeepSpeed Remote Code Execution Vulnerability
DeepSpeed Remote Code Execution Vulnerability...
DeepSpeed Remote Code Execution Vulnerability
DeepSpeed Remote Code Execution Vulnerability...
aistrainer (>=0.0.1 <=0.0.11), aivoifu (>=0.2.8 <=0.2.9) +20 more potentially affected by CVE-2024-43497 via deepspeed (>=0.10.2 <=0.15.0)
deepspeed PYPI version =0.10.2, =0.0.1, =0.2.8, =0.2.0, =0.0.1, =1.0.0, =0.0.1, =0.1.0, =0.4.1 and more Source cves: CVE-2024-43497 Source advisory: OSV:GHSA-8CP5-3RF8-8GFH...
CVE-2024-43497
DeepSpeed Remote Code Execution Vulnerability...
CVE-2024-43497
DeepSpeed Remote Code Execution Vulnerability...
aistrainer (>=0.0.1 <=0.0.11), aivoifu (>=0.2.8 <=0.2.9) +20 more potentially affected by CVE-2024-43497 via deepspeed (>=0.10.2 <=0.15.0)
deepspeed PYPI version =0.10.2, =0.0.1, =0.2.8, =0.2.0, =0.0.1, =1.0.0, =0.0.1, =0.1.0, =0.4.1 and more Source cves: CVE-2024-43497 Source advisory: OSV:PYSEC-2024-109...
PYSEC-2024-109
DeepSpeed Remote Code Execution Vulnerability...
PYSEC-2024-109
DeepSpeed Remote Code Execution Vulnerability...
CVE-2024-43497 DeepSpeed Remote Code Execution Vulnerability
...
CVE-2024-43497
CVE-2024-43497 covers a DeepSpeed remote code execution vulnerability. Connected sources indicate Microsoft DeepSpeed is affected (including DeepSpeed versions before 0.15.1 per Nessus plugin), enabling arbitrary code execution under exploitable conditions. Public references describe the issue as...
CVE-2024-43497 DeepSpeed Remote Code Execution Vulnerability
...
DeepSpeed Remote Code Execution Vulnerability
...
Microsoft DeepSpeed 命令注入漏洞
Microsoft DeepSpeed is an easy-to-use deep learning optimization software suite from Microsoft that delivers unprecedented scale and speed for DL training and inference. A remote code execution vulnerability exists in Microsoft DeepSpeed, which can be exploited by an attacker to execute arbitrary...