Lucene search
K

9 matches found

Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.12 views

PT-2026-40121

Name of the Vulnerable Software and Affected Versions Horovod versions prior to 0.28.2 Description The KVStore HTTP server component, used for distributed task coordination, lacks authentication and authorization controls. This allows a remote attacker to write arbitrary data using HTTP PUT...

9.8CVSS6.1AI score0.00687EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-7121

Malicious code in bioql PyPI...

9.8CVSS9.3AI score0.01021EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/03/22 12:12 p.m.5 views

CVE-2024-10190

Horovod versions up to and including v0.28.1 are vulnerable to unauthenticated remote code execution. The vulnerability is due to improper handling of base64-encoded data in the ElasticRendezvousHandler, a subclass of KVStoreHandler. Specifically, the putvalue method in ElasticRendezvousHandler...

9.8CVSS8.3AI score0.01021EPSS
Exploits1References1
vulnersOsv
vulnersOsv
added 2025/03/20 12:32 p.m.8 views

deephyper (>=0.1.10 <=0.1.11), l2hmc (>=0.1.0 <=0.13.0) +12 more potentially affected by CVE-2024-10190 via horovod (>=0.19.5 <=0.28.1)

horovod PYPI version =0.19.5, =0.1.10, =0.1.0, =0.1.1, =0.0.0a0, =0.0.3, =0.0.1.0, =0.1.0, =0.1.2, =0.1.8 - zetascale =0.7.1 Source cves: CVE-2024-10190 Source advisory: SNYK:PYTHON-HOROVOD-9510936...

9.8CVSS7.2AI score0.01021EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2025/03/20 12:32 p.m.11 views

Horovod Vulnerable to Command Injection

Horovod versions up to and including v0.28.1 are vulnerable to unauthenticated remote code execution. The vulnerability is due to improper handling of base64-encoded data in the ElasticRendezvousHandler, a subclass of KVStoreHandler. Specifically, the putvalue method in ElasticRendezvousHandler...

9.8CVSS8.3AI score0.01021EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/03/20 10:9 a.m.8 views

CVE-2024-10190 Unauthenticated Remote Code Execution in ElasticRendezvousHandler in horovod/horovod

Horovod versions up to and including v0.28.1 are vulnerable to unauthenticated remote code execution. The vulnerability is due to improper handling of base64-encoded data in the ElasticRendezvousHandler, a subclass of KVStoreHandler. Specifically, the putvalue method in ElasticRendezvousHandler...

9.8CVSS9.9AI score0.01021EPSS
Exploits1References1
CVE
CVE
added 2025/03/20 10:9 a.m.42 views

CVE-2024-10190

Horovod CVE-2024-10190 affects v0.28.1 and earlier. The vulnerability is due to ElasticRendezvousHandler.do_PUT/_put_value decoding base64 data and ultimately calling cloudpickle.loads, enabling an unauthenticated attacker to supply a malicious pickle object via a PUT request and achieve arbitrar...

9.8CVSS9.9AI score0.01021EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2025/03/20 10:9 a.m.16 views

CVE-2024-10190 Unauthenticated Remote Code Execution in ElasticRendezvousHandler in horovod/horovod

Horovod versions up to and including v0.28.1 are vulnerable to unauthenticated remote code execution. The vulnerability is due to improper handling of base64-encoded data in the ElasticRendezvousHandler, a subclass of KVStoreHandler. Specifically, the putvalue method in ElasticRendezvousHandler...

9.8CVSS0.01021EPSS
Exploits1References1
CNVD
CNVD
added 2024/11/26 12:0 a.m.6 views

Horovod Remote Code Execution Vulnerability

Horovod is an open source distributed deep learning training framework designed to improve the training efficiency and scalability of large-scale deep learning models. Horovod suffers from a remote code execution vulnerability that can be exploited by an attacker to execute arbitrary code on a...

9.8CVSS8.7AI score0.00846EPSS
Exploits2References1
Rows per page
Query Builder