AI Sec Watch

CVE-2024-0100 is a vulnerability in NVIDIA Triton Inference Server for Linux that allows a user to corrupt system files through the tracing API (a feature that tracks how the server runs). Successfully exploiting this vulnerability could cause denial of service (making the system unavailable) and data tampering (unauthorized changes to data).

CVE-2024-0088 is a vulnerability in NVIDIA Triton Inference Server for Linux where a network user can trigger improper memory access through shared memory APIs, potentially causing denial of service (making a service unavailable) or data tampering. The vulnerability stems from out-of-bounds write errors, meaning the software tries to write data to memory locations it shouldn't access.

CVE-2024-0087 is a vulnerability in NVIDIA Triton Inference Server for Linux that allows a user to set the logging location to any file they choose, and if that file already exists, logs get added to it. This could allow an attacker to execute code, crash the system, gain elevated permissions, steal information, or modify data.

llama-cpp-python (Python bindings for llama.cpp, a tool for running AI models locally) has a vulnerability where it loads chat templates from model files without proper security checks. When these templates are processed using Jinja2 (a templating engine), an attacker can inject malicious code through a specially crafted model file, leading to remote code execution (the ability to run arbitrary commands on the victim's computer).

SolidUI version 0.4.0 contains a bug where the file spaces_plugin/app.py has an unnecessary print statement that outputs an OpenAI key (a secret credential used to authenticate with OpenAI's services). This printed key could be captured in log files (records of system activity), potentially exposing the credential to unauthorized users.

Gradio (a framework for building web interfaces for machine learning models) before version 4.20 has a vulnerability on Windows where credentials can be unintentionally revealed. The issue stems from improper encoding or escaping of output (meaning the software doesn't properly clean or protect sensitive information before displaying it).

A vulnerability in sagemaker-python-sdk (a library for machine learning on Amazon SageMaker) allows OS command injection (running unauthorized system commands) if unsafe input is passed to the capture_dependencies function's requirements_path parameter, potentially letting attackers execute code remotely or disrupt service. The vulnerability affects versions before 2.214.3.

A vulnerability in the sagemaker-python-sdk library (used for machine learning on Amazon SageMaker) allows unsafe deserialization, where the NumpyDeserializer module can execute malicious code if it processes untrusted pickled data (serialized Python objects stored in a binary format). An attacker could exploit this to run arbitrary commands on a system or crash it.

CVE-2023-5675 is a security flaw in Quarkus (a Java framework for building applications) where authorization checks are bypassed for REST API endpoints whose methods are defined in abstract classes or modified by extensions using annotation processors, if certain security settings are enabled. This means unauthorized users could potentially access protected API endpoints that should require authentication or specific permissions.