All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
CVE-2024-0088 is a vulnerability in NVIDIA Triton Inference Server for Linux where a network user can trigger improper memory access through shared memory APIs, potentially causing denial of service (making a service unavailable) or data tampering. The vulnerability stems from out-of-bounds write errors, meaning the software tries to write data to memory locations it shouldn't access.
CVE-2024-0087 is a vulnerability in NVIDIA Triton Inference Server for Linux that allows a user to set the logging location to any file they choose, and if that file already exists, logs get added to it. This could allow an attacker to execute code, crash the system, gain elevated permissions, steal information, or modify data.
CVE-2024-1598 is a buffer overflow vulnerability (a memory safety bug where data overwrites adjacent memory) in Phoenix SecureCore for Intel Gemini Lake processors, specifically in how the system handles UEFI variables (low-level firmware settings). The vulnerability affects versions 4.1.0.1 through 4.1.0.566, but a patched version exists.
llama-cpp-python (Python bindings for llama.cpp, a tool for running AI models locally) has a vulnerability where it loads chat templates from model files without proper security checks. When these templates are processed using Jinja2 (a templating engine), an attacker can inject malicious code through a specially crafted model file, leading to remote code execution (the ability to run arbitrary commands on the victim's computer).
CVE-2023-33119 is a memory corruption vulnerability that occurs when loading a virtual machine (VM, a simulated computer running inside another computer) from a signed VM image that is not coherent in the processor cache (the fast memory where a processor stores copies of data). The vulnerability is related to a TOCTOU race condition (a timing flaw where data can change between when it is checked and when it is used).
SolidUI version 0.4.0 contains a bug where the file spaces_plugin/app.py has an unnecessary print statement that outputs an OpenAI key (a secret credential used to authenticate with OpenAI's services). This printed key could be captured in log files (records of system activity), potentially exposing the credential to unauthorized users.
Gradio (a framework for building web interfaces for machine learning models) before version 4.20 has a vulnerability on Windows where credentials can be unintentionally revealed. The issue stems from improper encoding or escaping of output (meaning the software doesn't properly clean or protect sensitive information before displaying it).
A vulnerability in sagemaker-python-sdk (a library for machine learning on Amazon SageMaker) allows OS command injection (running unauthorized system commands) if unsafe input is passed to the capture_dependencies function's requirements_path parameter, potentially letting attackers execute code remotely or disrupt service. The vulnerability affects versions before 2.214.3.
A vulnerability in the sagemaker-python-sdk library (used for machine learning on Amazon SageMaker) allows unsafe deserialization, where the NumpyDeserializer module can execute malicious code if it processes untrusted pickled data (serialized Python objects stored in a binary format). An attacker could exploit this to run arbitrary commands on a system or crash it.
A vulnerability in the Linux kernel's WireGuard (a VPN protocol implementation) netlink interface was fixed by changing how the code accesses device information. Instead of getting the device through a peer object (which could be NULL or invalid), the code now retrieves it from a context object, which is safer and faster.
A bug in the Linux kernel's ARM architecture code caused system crashes when the kernel tried to flush cache memory (clear temporary copies of data stored near the CPU) for reserved memory addresses that weren't mapped by the kernel. The problem occurred because an earlier change made pfn_valid() (a function that checks if a physical memory address is valid) too permissive, allowing it to accept reserved memory without proper verification.
CVE-2024-1726 is a flaw in RESTEasy Reactive (a framework for building web services in Quarkus) where security checks happen after the request data is processed, wasting resources. An attacker who knows the paths to POST, PUT, or PATCH endpoints can exploit this to cause a denial of service (DoS, making a service unavailable by overwhelming it with requests).
CVE-2023-5675 is a security flaw in Quarkus (a Java framework for building applications) where authorization checks are bypassed for REST API endpoints whose methods are defined in abstract classes or modified by extensions using annotation processors, if certain security settings are enabled. This means unauthorized users could potentially access protected API endpoints that should require authentication or specific permissions.
PyTorch versions before 2.2.0 contain an out-of-bounds read vulnerability (a bug where code tries to read data from memory outside its allowed range) in the flatbuffer_loader component, which is used for loading machine learning models on mobile devices. This vulnerability could potentially allow attackers to read sensitive information from memory or cause the program to crash.
PyTorch versions before v2.2.0 contain a use-after-free vulnerability (a memory bug where code tries to access data that has already been freed) in the mobile interpreter component. This vulnerability was identified in the torch/csrc/jit/mobile/interpreter.cpp file.
PyTorch versions before v2.2.0 contain a heap buffer overflow vulnerability (a type of memory safety bug where a program writes data beyond allocated memory limits) in its runtime component that allows attackers to crash the software through specially crafted input. This is a Denial of Service attack, meaning the goal is to make the software unusable rather than steal data.
CVE-2024-3660 is a code injection vulnerability (a flaw that lets attackers insert and run harmful code) in TensorFlow's Keras framework (a machine learning library) affecting versions before 2.13. Attackers can exploit this to execute arbitrary code (run commands they choose) with the same permissions as the application using a vulnerable model.
MLflow (a machine learning platform) has a vulnerability where its URI parsing function incorrectly classifies certain file paths as non-local, allowing attackers to read sensitive files they shouldn't access. By crafting malicious model versions with specially crafted parameters, attackers can bypass security checks and read arbitrary files from the system.
LangChain's LocalFileStore feature has a path traversal vulnerability (a security flaw where attackers can access files outside the intended directory by using special path sequences like '../'). An attacker can exploit this to read or write any files on the system, potentially stealing data or executing malicious code. The problem stems from the mset and mget methods not properly filtering user input before handling file paths.
BentoML (a framework for building AI applications) contains an insecure deserialization vulnerability that lets attackers run arbitrary commands on servers by sending specially crafted requests. When the framework deserializes (converts stored data back into usable objects) a malicious object, it automatically executes hidden OS commands, giving attackers control of the server.
Fix: Update to Phoenix SecureCore for Intel Gemini Lake version 4.1.0.567 or later.
NVD/CVE DatabaseFix: Update Gradio to version 4.20 or later.
NVD/CVE DatabaseFix: Upgrade to version 2.214.3 or later. Alternatively, users unable to upgrade should not override the "requirements_path" parameter of the capture_dependencies function and instead use the default value.
NVD/CVE DatabaseFix: Upgrade to sagemaker-python-sdk version 2.218.0 or later. If unable to upgrade, do not process pickled numpy object arrays from untrusted sources or data that could have been modified by others. Only use pickled numpy object arrays from sources you trust.
NVD/CVE DatabaseFix: Access the device through ctx->wg (the context object) instead of peer->device, and compare ctx->wg->peer_allowedips.seq with ctx->allowedips_seq to keep both references based in the same context object.
NVD/CVE DatabaseFix: Check if the PG_reserved flag (a marker indicating the memory page is reserved) was set before attempting to flush the cache for the address.
NVD/CVE DatabaseFix: Upgrade to PyTorch version 2.2.0 or later. A patch is available at https://github.com/pytorch/pytorch/commit/7c35874ad664e74c8e4252d67521f3986eadb0e6.
NVD/CVE DatabaseFix: Update PyTorch to version v2.2.0 or later. A patch is available at https://github.com/pytorch/pytorch/commit/9c7071b0e324f9fb68ab881283d6b8d388a4bcd2.
NVD/CVE DatabaseFix: Upgrade to PyTorch v2.2.0 or later. A patch is available at https://github.com/pytorch/pytorch/commit/b5c3a17c2c207ebefcb85043f0cf94be9b2fef81.
NVD/CVE Database