Lucene search
+L

59 matches found

redhatcve
redhatcve
added last week9 views

CVE-2026-44512

A flaw was found in Open Neural Network Exchange ONNX, an open standard for machine learning interoperability. This vulnerability allows a remote attacker to cause an unrecoverable denial of service DoS by providing a specially crafted untrusted model. The flaw occurs when the...

6.5CVSS6.1AI score0.00191EPSS
Exploits1References7
osv
osv
added 2026/07/08 8:16 p.m.4 views

DEBIAN-CVE-2026-44512

Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. From 1.9.0 before 1.22.0, onnx.versionconverter.convertversion can dereference a null pointer in Upsample67::adaptupsample67 in onnx/versionconverter/adapters/upsample67.h when processing an untrusted mod...

5.5CVSS6.1AI score0.00191EPSS
Exploits1References1
osv
osv
added 2026/07/08 8:16 p.m.3 views

UBUNTU-CVE-2026-44512

Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. From 1.9.0 before 1.22.0, onnx.versionconverter.convertversion can dereference a null pointer in Upsample67::adaptupsample67 in onnx/versionconverter/adapters/upsample67.h when processing an untrusted mod...

5.5CVSS6.1AI score0.00191EPSS
Exploits1References6
ptsecurity
ptsecurity
added 2026/07/04 12:0 a.m.15 views

PT-2026-55726

Name of the Vulnerable Software and Affected Versions onnx versions prior to 1.22.0 Description A weakness in the onnxruntime component allows for a remote out-of-bounds read. This occurs within the convPoolShapeInference opset19 function located in the onnx/defs/nn/old.cc file. Recommendations...

5.3CVSS6AI score0.00253EPSS
Exploits0References12
cnnvd
cnnvd
added 2026/06/05 12:0 a.m.11 views

ONNX-MLIR 安全漏洞

ONNX-MLIR is an open-source compiler tool developed by Open Neural Network Exchange that converts ONNX graphs into efficient code. Versions of ONNX-MLIR prior to 0.5.0.0 contained security vulnerabilities. These vulnerabilities stemmed from the use of a weak hash function in the generatehashkey...

3.6CVSS4.9AI score0.00078EPSS
Exploits0References7
ibm
ibm
added 2026/05/01 12:1 p.m.6 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses onnx-1.20.1-cp311-cp311-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl which is vulnerable to CVE-2026-28500.

Summary IBM Maximo Application Suite - Monitor Component uses onnx-1.20.1-cp311-cp311-manylinux227x8664.manylinux228x8664.whl which is vulnerable to CVE-2026-28500. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-28500 DESCRIPTION: Open Neural...

9.1CVSS5.7AI score0.00318EPSS
Exploits0Affected Software1
euvd
euvd
added 2026/04/28 7:31 a.m.9 views

EUVD-2026-26012

In Spring AI, having access to a shared environment can expose the ONNX model used by the application. Affected versions: Spring AI: 1.0.0 - 1.0.5 fixed in 1.0.6, 1.1.0 - 1.1.4 fixed in 1.1.5...

6.1CVSS5.2AI score0.00105EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/04/28 7:31 a.m.5 views

CVE-2026-40979

In Spring AI, having access to a shared environment can expose the ONNX model used by the application. Affected versions: Spring AI: 1.0.0 - 1.0.5 fixed in 1.0.6, 1.1.0 - 1.1.4 fixed in 1.1.5...

6.1CVSS5.2AI score0.00105EPSS
Exploits0References2Affected Software1
cnnvd
cnnvd
added 2026/04/28 12:0 a.m.10 views

VMware Spring AI 安全漏洞

VMware Spring AI is a development framework by the American company VMware, which integrates artificial intelligence and large language model capabilities into the Spring ecosystem. Versions 1.0.0 to 1.0.5, as well as 1.1.0 to 1.1.4 of VMware Spring AI, have security vulnerabilities. These...

6.1CVSS5.8AI score0.00105EPSS
Exploits0References1
mscve
mscve
added 2026/04/09 8:2 a.m.5 views

ONNX: Malicious ONNX models can crash servers by exploiting unprotected object settings.

...

8.6CVSS5.7AI score0.00288EPSS
Exploits0
nessus
nessus
added 2026/04/03 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-34445

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. Prior to version 1.21.0, the ExternalDataInfo class in ONNX was usi...

8.6CVSS5.3AI score0.00288EPSS
Exploits0References3
susecve
susecve
added 2026/04/02 11:26 p.m.4 views

SUSE CVE-2026-34445

Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. Prior to version 1.21.0, the ExternalDataInfo class in ONNX was using Python's setattr function to load metadata like file paths or data lengths directly from an ONNX model file. It didn't check if the...

8.6CVSS5.7AI score0.00288EPSS
Exploits0References3
redhatcve
redhatcve
added 2026/04/02 9:32 p.m.10 views

CVE-2026-34446

A flaw was found in Open Neural Network Exchange ONNX, an open standard for machine learning interoperability. The onnx.load function, which is used to load machine learning models, does not correctly handle hardlinks. This vulnerability could allow an attacker to create a specially crafted ONNX...

5.5CVSS5.8AI score0.00176EPSS
Exploits0References5
euvd
euvd
added 2026/04/01 9:14 p.m.5 views

EUVD-2026-17989

ONNX: External Data Symlink Traversal...

5.5CVSS5.8AI score0.00248EPSS
Exploits1References2
osv
osv
added 2026/04/01 9:13 p.m.1 views

GHSA-CMW6-HCPP-C6JP ONNX: Arbitrary File Read via ExternalData Hardlink Bypass in ONNX load

Summary The issue is in onnx.load — the code checks for symlinks to prevent path traversal, but completely misses hardlinks, which is the problem, since a hardlink looks exactly like a regular file on the filesystem. The Real Problem The validator in onnx/checker.cc only calls issymlink and never...

4.7CVSS5.9AI score0.00176EPSS
Exploits0References4
redhatcve
redhatcve
added 2026/04/01 7:15 p.m.8 views

CVE-2026-34445

A flaw was found in Open Neural Network Exchange ONNX. An attacker could exploit a vulnerability in how ONNX processes model metadata, specifically within the ExternalDataInfo class. By crafting a malicious ONNX model, an attacker could overwrite internal object properties, leading to a denial of...

8.6CVSS5.8AI score0.00288EPSS
Exploits0References6
redhatcve
redhatcve
added 2026/04/01 6:50 p.m.5 views

CVE-2026-27489

A flaw was found in Open Neural Network Exchange ONNX, an open standard for machine learning interoperability. This path traversal vulnerability, exploitable via a symbolic link symlink, allows an attacker to read arbitrary files located outside of the intended model or user-provided directories...

8.7CVSS5.9AI score0.00593EPSS
Exploits1References5
pypa
pypa
added 2026/04/01 6:16 p.m.12 views

PYSEC-2026-104

Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. Prior to version 1.21.0, there is a symlink traversal vulnerability in external data loading allows reading files outside the model directory. This issue has been patched in version 1.21.0...

5.5CVSS5.7AI score0.00248EPSS
Exploits1References1Affected Software1
osv
osv
added 2026/04/01 6:16 p.m.7 views

PYSEC-2026-104

Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. Prior to version 1.21.0, there is a symlink traversal vulnerability in external data loading allows reading files outside the model directory. This issue has been patched in version 1.21.0...

5.5CVSS5.7AI score0.00248EPSS
Exploits1References1
osv
osv
added 2026/04/01 6:16 p.m.9 views

DEBIAN-CVE-2026-27489

Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. Prior to version 1.21.0, a path traversal vulnerability via symlink allows to read arbitrary files outside model or user-provided directory. This issue has been patched in version 1.21.0...

7.5CVSS5.5AI score0.00593EPSS
Exploits1References1
Rows per page
Query Builder