All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
TensorFlow, an open source platform for machine learning, had an out of bounds read vulnerability (a bug where code tries to access memory it shouldn't) in a component called GRUBlockCellGrad before versions 2.12.0 and 2.11.1. This vulnerability could potentially allow attackers to read sensitive data or crash the system.
Fix: Update TensorFlow to version 2.12.0 or version 2.11.1, which include the fix for this vulnerability.
NVD/CVE DatabaseCVE-2023-1177 is a path traversal vulnerability (a flaw where an attacker can access files outside the intended directory by using special characters like '..') in MLflow versions before 2.2.1. This weakness allows attackers to potentially read or access files they shouldn't be able to reach on the system.
CVE-2023-1176 is an absolute path traversal vulnerability (a bug where an attacker can access files anywhere on a system by using file paths that start from the root directory) found in MLflow, an open-source platform for managing machine learning experiments, affecting versions before 2.2.2. The vulnerability was discovered and reported through the huntr.dev bug bounty program.
Streamlit, software that converts data scripts into web applications, had a cross-site scripting vulnerability (XSS, where an attacker injects malicious code that runs in a user's browser) in versions 0.63.0 through 0.80.0. An attacker could craft a malicious URL containing JavaScript code, trick a user into clicking it, and the Streamlit server would execute that code in the victim's browser.
The Replyable WordPress plugin before version 2.2.10 has a security flaw where it doesn't check the class names that users submit when creating objects in a specific action, and it also lacks CSRF protection (cross-site request forgery, where an attacker tricks a user into performing actions without their knowledge). This allows authenticated users, even those with basic subscriber permissions, to perform object injection attacks (exploiting how the plugin creates objects to run unintended code).
Yolo is a tool that uses ChatGPT API (OpenAI's language model accessed through code) to translate natural language questions into shell commands (the text-based interface for controlling a computer) that can be executed automatically. The tool helps users who forget command syntax by converting plain English requests into proper bash, zsh, or PowerShell commands, with a safety feature that shows the command before running it unless the user enables automatic execution.
LiteDB, a lightweight database library for .NET, has a vulnerability in versions before 5.0.13 where it can deserialize (convert data from a format like JSON back into usable objects) untrusted data. If an attacker sends specially crafted JSON to an application using LiteDB, the library may load unsafe objects by using a special `_type` field that tells it what class to create, potentially allowing malicious code execution.
Gradio is a Python library for building AI demo applications, and versions before 3.13.1 accidentally exposed private SSH keys (security credentials that grant system access) when users enabled share links to let others access their apps. This meant anyone connecting to a shared Gradio app could steal the SSH key and access other users' Gradio demos or exploit them further depending on what data or capabilities the app had access to.
CVE-2022-26076 is a vulnerability in Intel's oneAPI Deep Neural Network library (oneDNN, a software framework for machine learning tasks) before version 2022.1 that involves an uncontrolled search path element (a weakness where a program looks for files in directories it shouldn't trust, potentially allowing attackers to substitute malicious files). An authenticated user (someone with login access) could exploit this through local access to gain higher system privileges.
CVE-2023-23382 is a vulnerability in Azure Machine Learning Compute Instance that allows unauthorized access to sensitive information. The vulnerability is related to storing passwords in a recoverable format (CWE-257, meaning passwords are saved in a way that can be converted back to their original form), making it easier for attackers to steal credentials.
A WordPress plugin called 'GPT AI Power' before version 1.4.38 has a security flaw where logged-in users can modify any posts without proper authorization checks (nonce and privilege verification, which are security measures that confirm a user has permission to perform an action). This means someone with basic login access could change or delete content they shouldn't be able to touch.
ONNX (a machine learning model format library) versions before 1.13.0 contain a directory traversal vulnerability (a security flaw where an attacker can access files outside the intended folder by using paths like '../../../etc/passwd'). An attacker could exploit the external_data field in tensor proto (data structure in ONNX models) to read sensitive files from anywhere on a system.
This post announces a video tutorial about SSH Agent Hijacking, a technique (TTP, or tactic/technique/procedure) used in security testing where an attacker compromises the SSH Agent (a program that stores SSH keys, which authenticate users to remote systems). The tutorial is intended to help security professionals understand this attack method and develop ways to detect it on Linux and macOS systems.
Autolab, a web-based course management system for programming assignments, had a file disclosure vulnerability (a security flaw that lets unauthorized people read files they shouldn't access) in its remote handin feature. Attackers could submit assignments using file paths outside their intended directory and then view those files to see their contents.
Autolab is a web-based course management system that allows instructors to automatically grade programming assignments. A remote code execution vulnerability (RCE, where an attacker can run commands on a system they don't own) was found in its MOSS feature that could let instructors execute code on the server hosting Autolab.
This article describes how to capture and decrypt TLS traffic (the encryption protocol that secures web communication) on Windows using built-in tools like netsh and Wireshark. The technique works by setting an environment variable to log TLS session keys, capturing network traffic without installing extra software, and then using Wireshark to decrypt the captured data.
A security flaw in Firefox, Firefox ESR, and Thunderbird's DevTools allowed the 'Copy as curl' feature to create commands that weren't properly escaped for PowerShell (a command-line tool on Windows). If someone pasted these commands into PowerShell, an attacker could inject malicious commands that would execute on the user's computer. This only affected Windows users.
The EU AI Act requires technical standards to be written by European standardization organizations (CEN and CENELEC) that explain how companies can safely build high-risk AI systems. These standards follow a six-step approval process and, once published and approved by the European Commission, become 'harmonized and cited standards' that legally presume compliance with safety regulations if companies follow them. The drafting process is currently ongoing but behind schedule, with different standards at different completion stages.
TensorFlow, an open source platform for machine learning, has a bug in the MakeGrapplerFunctionItem function where providing inputs larger than or equal to the output sizes causes an out-of-bounds memory read (reading data from memory locations the program shouldn't access) or a crash. The issue has been patched and will be included in TensorFlow 2.11.0 as well as backported to earlier versions.
TensorFlow, an open source machine learning platform, has a bug in its MakeGrapplerFunctionItem function where providing input sizes that are greater than or equal to output sizes causes an out-of-bounds memory read (accessing memory locations outside the intended range) or a crash. This vulnerability affects how TensorFlow processes data when sizes are mismatched.
Fix: Update MLflow to version 2.2.1 or later. A patch is available at https://github.com/mlflow/mlflow/pull/7891/commits/7162a50c654792c21f3e4a160eb1a0e6a34f6e6e
NVD/CVE DatabaseFix: Fixed in version 2.2.2. A patch is available at https://github.com/mlflow/mlflow/commit/63ef72aa4334a6473ce7f889573c92fcae0b3c0d.
NVD/CVE DatabaseFix: Update to version 0.81.0, which contains a patch for this vulnerability.
NVD/CVE DatabaseFix: Update the Replyable WordPress plugin to version 2.2.10 or later.
NVD/CVE DatabaseFix: Update LiteDB to version 5.0.13 or later. The source notes this version includes basic fixes to prevent the issue, though it is not completely guaranteed when using `Object` type. A future major version will add an allow-list to control which assemblies (code libraries) can be loaded. For immediate protection, consult the vendor advisory for additional workarounds.
NVD/CVE DatabaseFix: Update to version 3.13.1 or later. Gradio recommends updating to version 3.19.1 or later, where the FRP (Fast Reverse Proxy) solution has been properly tested.
NVD/CVE DatabaseFix: Update the plugin to version 1.4.38 or later.
NVD/CVE DatabaseFix: Update to ONNX version 1.13.0 or later.
NVD/CVE DatabaseFix: The vulnerability has been patched in version 2.10.0. As a workaround, ensure that the remote handin path field is empty (Edit Assessment > Advanced > Remote handin path), do not run Autolab as `root` (a user with full system permissions), and do not run it as any user with write access to `/` (the root directory). Alternatively, disable the remote handin feature by replacing the body of `local_submit` in `app/controllers/assessment/handin.rb` with `render(plain: "Feature disabled", status: :bad_request) && return`.
NVD/CVE DatabaseFix: The vulnerability has been patched in version 2.10.0. Alternatively, as a workaround, disable the MOSS feature by replacing the body of `run_moss` in `app/controllers/courses_controller.rb` with `render(plain: "Feature disabled", status: :bad_request) && return`.
NVD/CVE DatabaseFix: The fix is available in GitHub commit a65411a1d69edfb16b25907ffb8f73556ce36bb7. Users should update to TensorFlow 2.11.0, or for earlier versions, update to 2.8.4, 2.9.3, or 2.10.1 where the patch has been backported.
NVD/CVE DatabaseFix: The issue has been patched in GitHub commit a65411a1d69edfb16b25907ffb8f73556ce36bb7. The fix is included in TensorFlow 2.11.0, and will also be included in TensorFlow 2.8.4, 2.9.3, and 2.10.1.
NVD/CVE Database