All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
CVE-2024-5397 is a critical vulnerability in itsourcecode Online Student Enrollment System 1.0 that allows SQL injection (an attack where malicious code is inserted into database queries through user input). The flaw exists in the instructorSubjects.php file where the instructorId parameter is not properly protected, and an attacker can exploit it remotely with valid user credentials.
The Testimonial Carousel For Elementor WordPress plugin (versions up to 10.2.0) has a missing authorization check in the 'save_testimonials_option_callback' function, allowing unauthenticated attackers to modify data like OpenAI API keys without permission. This vulnerability is classified as CWE-862 (missing authorization, where a system doesn't verify that a user has permission to perform an action).
This overview discusses the European AI Act and the governance framework needed to implement it, focusing on the European Commission's responsibilities and the AI Office. Key tasks include establishing guidelines for classifying high-risk AI systems, defining what counts as significant modifications (changes that alter a system's risk level), and setting standards for transparency and enforcement across EU member states.
The AI ChatBot plugin for WordPress (up to version 5.3.4) has a security flaw where a function called openai_file_delete_callback lacks a capability check (verification that a user has permission to perform an action). This allows any authenticated user with subscriber-level access or higher to delete files from a connected OpenAI account without proper authorization.
The AI ChatBot plugin for WordPress (up to version 5.3.4) has a missing capability check (a missing authorization check that verifies user permissions) in its file upload function, allowing authenticated users with basic subscriber access to upload files to a connected OpenAI account without proper permission verification. This vulnerability affects all versions through 5.3.4 and could let low-privilege attackers modify data on the linked OpenAI account.
The AI ChatBot plugin for WordPress has a security flaw in versions up to 5.3.4 where a function lacks a capability check (a security control that verifies a user has permission to perform an action). This allows authenticated users with subscriber-level access or higher to view files stored in a connected OpenAI account without authorization.
A vulnerability in the Linux kernel's BPF (Berkeley Packet Filter, a technology for running safe programs in the kernel) subsystem occurs when a BPF program ends with a call to bpf_throw (a function that terminates execution), causing the instruction pointer to point just past the program's boundary. This breaks stack unwinding (the process of tracking where an error originated across function calls), potentially causing a panic (system crash). The fix makes the kernel treat instruction pointers at the program boundary (IP == ksym.end) as part of the program, allowing reliable stack unwinding in these cases.
A memory leak was found in the Linux kernel's SocketCAN driver for Microchip CAN BUS Analyzer Tool, where 20 USB coherent buffers (memory blocks allocated for direct USB communication) were allocated in the mcba_usb_start() function but never freed, causing memory to be wasted when the device disconnected. The issue occurred because the disconnect function simply stopped the USB requests without properly deallocating the coherent buffers.
A use-after-free vulnerability (UAF, a bug where code tries to access memory that has already been freed) was found in the Linux kernel's KVM (virtual machine software) SVM (a CPU virtualization technology) module in the svm_register_enc_region() function. The vulnerability occurred because a cache flush operation was happening after releasing a lock, allowing another part of the program to delete the region data before the flush completed.
MLflow (a tool for managing machine learning experiments) versions before 2.10.1 have a broken access control vulnerability where users with only EDIT permissions can delete artifacts (saved files or data from experiments) they shouldn't be able to delete. The bug happens because the system doesn't properly check permissions when users request to delete artifacts, even though the documentation says EDIT users should only be able to read and update, not delete.
The Tutor LMS plugin for WordPress (versions up to 2.7.0) has a time-based SQL injection vulnerability (a technique where attackers sneak malicious database commands into user input to extract data) in the 'question_id' parameter because the plugin doesn't properly clean user input or prepare its database queries. Attackers with Instructor-level permissions or higher can exploit this to extract sensitive information from the database.
The Tutor LMS WordPress plugin (up to version 2.7.0) has a security flaw called IDOR (insecure direct object reference, where an attacker can access resources by guessing or manipulating ID numbers) that lets users with Instructor-level permissions delete any course without proper permission checks in the 'tutor_course_delete' function. This happens because the code doesn't validate which courses a user is allowed to delete.
A command injection vulnerability (a flaw that lets attackers run unauthorized commands) exists in the RunGptLLM class of the llama_index library version 0.9.47, which connects applications to language models. The vulnerability uses the eval function (a tool that executes text as code) unsafely, potentially allowing a malicious LLM provider to run arbitrary commands and take control of a user's machine.
A researcher examined browser remote debugging features as a potential method for stealing sensitive data like cookies, building on past work about cookie theft techniques. The post references Google's guidance on detecting browser data theft through Windows Event Logs and DPAPI (Data Protection API, a Windows system that encrypts sensitive information) calls, but focuses on exploring whether remote debugging could be used to bypass these detection methods.
CVE-2024-34440 is an unrestricted file upload vulnerability (a security flaw that lets users upload files without proper checks on file type) in the Jordy Meow AI Engine: ChatGPT Chatbot plugin affecting versions through 2.2.63. This vulnerability could potentially allow attackers to upload dangerous files to a system, but no severity score has been assigned yet.
CVE-2024-0100 is a vulnerability in NVIDIA Triton Inference Server for Linux that allows a user to corrupt system files through the tracing API (a feature that tracks how the server runs). Successfully exploiting this vulnerability could cause denial of service (making the system unavailable) and data tampering (unauthorized changes to data).
Fix: The source suggests that the Commission should adopt 'predetermined change management plans akin to those in medicine' to assess modifications to AI systems. These plans would be documents outlining anticipated changes (such as performance adjustments or shifts in intended use) and the methods for evaluating whether those changes substantially alter the system's risk level. The source also recommends that standard fine-tuning of foundation models (training adjustments to pre-existing AI models) should not be considered a significant modification unless safety layers are removed or other actions clearly increase risk.
EU AI Act UpdatesChatGPT's new memory feature, which lets the AI remember information across different chat sessions for a more personalized experience, can be exploited through indirect prompt injection (tricking an AI by hiding malicious instructions in its input). Attackers could manipulate ChatGPT into storing false information, biases, or unwanted instructions by injecting commands through connected apps like Google Drive, uploaded documents, or web browsing features.
Fix: A patch is available at https://plugins.trac.wordpress.org/changeset/3089461/chatbot/trunk/includes/openai/qcld-bot-openai.php. Users should update their AI ChatBot plugin to a version after 5.3.4.
NVD/CVE DatabaseFix: Make bpf_prog_ksym_find treat IP == ksym.end as part of the BPF program, so that is_bpf_text_address returns true when such a case occurs, allowing reliable unwinding when the final instruction ends up being a call instruction.
NVD/CVE DatabaseFix: All allocated buffers should be freed with usb_free_coherent() explicitly. The source notes that the same correct pattern for allocating and freeing coherent buffers is used in drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c.
NVD/CVE DatabaseThis post examines how attackers can insert hidden malicious code into machine learning models (a technique called backdooring) through supply chain attacks, specifically targeting Keras models (a popular framework for building AI systems). The authors demonstrate this attack and then explore tools that can detect when a model has been compromised in this way.
Fix: Do the cache flush of converted pages in svm_register_enc_region() before dropping kvm->lock (release the lock only after the flush is complete, not before). This ensures the region and its page array cannot be freed by another task while the flush is still in progress.
NVD/CVE DatabaseFix: Update mlflow to version 2.10.1 or later.
NVD/CVE DatabaseMLflow version 2.11.0 has a path traversal vulnerability (a security flaw where an attacker can access files outside intended directories) that bypasses a previous fix. An attacker can use a '#' character in artifact URLs to skip validation and read sensitive files like SSH keys and cloud credentials from the server's filesystem. The vulnerability exists because the application doesn't properly validate the fragment portion (the part after '#') of URLs before converting them to filesystem paths.
Fix: This issue was fixed in version 0.10.13 of the llama_index library. Users should upgrade to version 0.10.13 or later.
NVD/CVE DatabaseLearnPress, a WordPress plugin for learning management systems, has a vulnerability (CVE-2024-4397) in versions up to 4.2.6.5 where the 'save_post_materials' function doesn't properly check file types before uploading. This means instructors and higher-level users could upload malicious files to the server, potentially leading to RCE (remote code execution, where attackers run arbitrary commands on a system they don't own).