All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
CVE-2024-24451 is a stack overflow (a type of buffer overflow where too much data is written to a memory region, crashing the program) in OpenAirInterface CN5G AMF (a 5G network component) up to version 2.0.0 that allows attackers to cause a Denial of Service (DoS, temporarily making a service unavailable) by repeatedly creating SCTP connections (a network protocol used in 5G) on the N2 interface.
OpenAirInterface CN5G AMF (a software component that handles mobile network connections) version 2.0.0 and earlier has a null dereference vulnerability (a crash caused by trying to use a pointer that points to nothing) in how it processes unsupported NGAP protocol messages (communication formats in 5G networks). An attacker with network access near the AMF can exploit this to cause a denial of service (making the service unavailable to legitimate users).
CVE-2024-24444 is a bug in OpenAirInterface CN5G AMF (a telecom network software) up to version 2.0.0 where file descriptors (references to open connections that the system uses) are not properly cleaned up when connections close. An attacker can repeatedly open and close SCTP connections (a network protocol used in telecom) to cause a Denial of Service attack, making the system unavailable.
CVE-2024-24442 is a NULL pointer dereference (a crash caused by code trying to access memory that doesn't exist) in OpenAirInterface CN5G AMF (a component used in 5G mobile networks) up to version 2.0.0 that allows attackers to cause a Denial of Service (DoS, making a service unavailable) by sending a specially crafted NGAP message (a control message used in 5G networks).
A vulnerability in the Linux kernel's AMD GPU driver (drm/amdkfd) was caused by mismatched DMA map and unmap directions during memory migration operations. The DMA core (the system that manages direct memory access between devices) was reporting warnings because the map direction didn't align with the unmap direction, which could lead to incorrect memory access behavior.
Gradio, an open-source Python package for building web applications around machine learning models, has a security flaw in its Access Control List (ACL, a system that controls which files users can access). Attackers can bypass this protection on Windows and macOS by changing the capitalization of file paths, since these operating systems treat uppercase and lowercase letters as the same in file names. This allows unauthorized access to sensitive files that should be blocked.
A vulnerability in Rasa (an open source machine learning framework) allows an attacker to achieve RCE (remote code execution, where an attacker runs commands on a system they don't own) by loading a malicious model if the HTTP API is enabled and authentication is not properly configured. The vulnerability only affects instances where the API is explicitly enabled (not the default) and lacks proper security controls.
The AI Scribe WordPress plugin (versions up to 2.3) has a vulnerability where it fails to check user permissions before allowing changes to plugin settings. This means that attackers with basic Subscriber-level access can modify the plugin's configuration without proper authorization.
The AI Scribe WordPress plugin (version 2.3 and earlier) has a SQL injection vulnerability (a flaw where attackers can insert malicious database commands) in its article builder feature that allows authenticated users with Contributor-level access to extract sensitive information from the website's database. The vulnerability exists because the plugin doesn't properly clean up user input before using it in database queries.
The AI Scribe WordPress plugin (versions up to 2.3) has a CSRF vulnerability (cross-site request forgery, where an attacker tricks a logged-in admin into unknowingly making changes to the site). Because the plugin fails to properly validate nonces (security tokens that prevent forged requests), an attacker can trick a site administrator into clicking a malicious link that changes the plugin's settings without the admin's knowledge.
Keras version 3.7.0 has a vulnerability where attackers can write arbitrary files (files placed anywhere on your system) to a user's machine by tricking the get_file function (a tool that downloads files) into downloading a malicious tar file (a compressed file format). This happens because the function doesn't properly verify that downloaded files are legitimate before using them.
LangChain4j-AIDeepin, a RAG (retrieval-augmented generation, where an AI pulls in external documents to answer questions) project, uses MD5 (a weak cryptographic hashing function) to hash files in versions before 3.5.0, which can cause file upload conflicts when different files produce the same hash value. This vulnerability has a CVSS score (a 0-10 rating of how severe a vulnerability is) of 6.9 and is classified as medium severity.
Microsoft 365 Copilot (a generative AI assistant built into Microsoft 365) had a security issue where generated images could be accessed without authentication (meaning anyone could view them without logging in). The issue has been fixed. The article also mentions that system prompts (the hidden instructions that guide an AI's behavior) for this tool have been updated over time, including changes to how it accesses enterprise search features.
CVE-2024-56137 is a remote command execution vulnerability (a flaw that lets attackers run system commands from a distance) in MaxKB, an open source knowledge base system that uses RAG (retrieval-augmented generation, where an AI pulls in external documents to answer questions). Before version 1.9.0, privileged users could execute operating system commands through custom scripts, but this weakness has been patched in the newer version.
free-one-api, a tool that lets users access large language model reverse engineering libraries (code or techniques to understand how AI models work) through OpenAI's API format, uses MD5 (a password hashing algorithm, or mathematical function to scramble passwords) to protect user passwords in versions 1.0.1 and earlier. MD5 is cryptographically broken (mathematically compromised and no longer secure), making it vulnerable to collision attacks (where attackers can forge different inputs that produce the same hash) and easy to crack with modern computers, putting user credentials at risk.
Firecrawl, a web scraper that extracts webpage content for large language models, had a server-side request forgery vulnerability (SSRF, a flaw where an attacker tricks a server into making unwanted requests to internal networks) in versions before 1.1.1 that could expose local network resources. The cloud service was patched on December 27th, 2024, and the open-source version was patched on December 29th, 2024, with no user data exposed.
A bug in the Linux kernel's NVMe (a fast storage protocol) driver could cause incorrect memory cleanup when the system fails to allocate enough memory for a descriptor table (a list telling the hardware where data is located). The bug doesn't usually cause visible problems because most systems allocate memory in large chunks, but it represents a memory management error that could cause issues in specific scenarios.
A vulnerability in the Linux kernel's BPF (Berkeley Packet Filter, a framework for running sandboxed programs in the kernel) verifier was causing it to incorrectly assume that raw tracepoint arguments (data passed to certain kernel monitoring hooks) could never be NULL, leading the verifier to delete necessary NULL checks and potentially crash the kernel. The fix marks these arguments as PTR_MAYBE_NULL (pointers that might be null) and adds special handling to allow safe operations on them, including enabling PROBE_MEM marking (a safer memory access mode) when loading from these pointers.
Fix: The fix sets the DMA map direction to BIDIRECTIONAL to align with the DMA unmap setting. This simplifies the DMA direction setting and ensures proper synchronization of the migration operation without requiring explicit dma_sync_single_for_*() calls.
NVD/CVE DatabaseFix: This issue has been addressed in release version 5.6.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
NVD/CVE DatabaseFix: Upgrade to Rasa version 3.6.21 or later. Users unable to upgrade should ensure that they require authentication and that only trusted users are given access.
NVD/CVE DatabaseA WordPress plugin called 'The Post Saint' (used to generate AI text and images) has a security flaw in versions up to 1.3.1 where it fails to check user permissions and validate file types when uploading files. This allows attackers with basic user accounts to upload malicious files that could let them execute arbitrary code (RCE, running unauthorized commands) on the website.
A security researcher demonstrated at Black Hat Europe how prompt injection (tricking an AI by hiding instructions in its input) can be used to create a Command and Control system (C2, a central server that remotely directs compromised systems) that remotely controls multiple ChatGPT instances. An attacker could compromise ChatGPT instances and force them to follow updated instructions from this central C2 system, potentially impacting all aspects of the CIA security triad (confidentiality, integrity, and availability of data).
Fix: Update to version 3.5.0 or later. According to the source, 'This issue is fixed in 3.5.0.'
NVD/CVE DatabaseFix: The vulnerability has been fixed in v1.9.0.
NVD/CVE DatabaseFix: All open-source Firecrawl users should upgrade to v1.1.1. For the unpatched playwright services, users should configure a secure proxy by setting the `PROXY_SERVER` environment variable and ensure the proxy is configured to block all traffic to link-local IP addresses (see documentation for setup instructions).
NVD/CVE DatabaseFix: Mark raw_tp arguments as PTR_MAYBE_NULL and special case the dereference and pointer arithmetic to permit it. Enable PROBE_MEM marking when loads occur into trusted pointers with PTR_MAYBE_NULL. Do not apply this adjustment when ref_obj_id > 0, as acquired objects don't need such adjustment. Update the tp_btf_nullable selftest to reflect the new verifier behavior that no longer causes errors when directly dereferencing a raw tracepoint argument marked as __nullable.
NVD/CVE Database