aisecwatch.com
DashboardVulnerabilitiesNewsResearchArchiveStatsDatasetFor devs
Subscribe
aisecwatch.com

Real-time AI security monitoring. Tracking AI-related vulnerabilities, safety and security incidents, privacy risks, research developments, and policy changes.

Navigation

VulnerabilitiesNewsResearchDigest ArchiveNewsletter ArchiveSubscribeData SourcesStatisticsDatasetAPIIntegrationsWidgetRSS Feed

Maintained by

Truong (Jack) Luu

Information Systems Researcher

Browse All

All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.

to
Export CSV
6561 items

CVE-2024-29018: Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distribut

mediumvulnerability
security
Mar 20, 2024
CVE-2024-29018

Moby (the container framework underlying Docker) has a bug in how it handles DNS requests from internal networks (networks isolated from external communication). When a container on an internal network needs to resolve a domain name, Moby forwards the request through the host's network namespace instead of the container's own network, which can leak data to external servers that an attacker controls. Docker Desktop is not affected by this issue.

Fix: Moby releases 26.0.0, 25.0.4, and 23.0.11 are patched to prevent forwarding any DNS requests from internal networks. As a workaround, run containers intended to be solely attached to internal networks with a custom upstream address, which will force all upstream DNS queries to be resolved from the container's network namespace.

NVD/CVE Database

CVE-2023-49785: NextChat, also known as ChatGPT-Next-Web, is a cross-platform chat user interface for use with ChatGPT. Versions 2.11.2

criticalvulnerability
security
Mar 12, 2024
CVE-2023-49785EPSS: 92.6%

NextChat (also called ChatGPT-Next-Web) version 2.11.2 and earlier has two security flaws: SSRF (server-side request forgery, where attackers trick the server into making unwanted requests) and XSS (cross-site scripting, where attackers inject malicious code into web pages). These flaws let attackers read internal server data, make changes to it, hide their location by routing traffic through the app, or attack other targets on the internet.

CVE-2024-2363: ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in AOL AIM Triton 1.0.4. It has been declared as problematic.

mediumvulnerability
security
Mar 10, 2024
CVE-2024-2363

A vulnerability was found in AOL AIM Triton 1.0.4 that allows remote attackers to cause a denial of service (making a service unavailable by overloading it) by manipulating the CSeq argument in the Invite Handler component. The vulnerability is now public knowledge and only affects this outdated, unsupported software version.

CVE-2024-27565: A Server-Side Request Forgery (SSRF) in weixin.php of ChatGPT-wechat-personal commit a0857f6 allows attackers to force t

criticalvulnerability
security
Mar 5, 2024
CVE-2024-27565

CVE-2024-27565 is a server-side request forgery (SSRF, a flaw that allows attackers to trick a server into making unwanted requests to other systems) vulnerability found in the weixin.php file of ChatGPT-wechat-personal at commit a0857f6. This vulnerability lets attackers force the application to make arbitrary requests on their behalf. The vulnerability has a CVSS 4.0 severity rating (a moderate score on a 0-10 scale measuring how serious a security flaw is).

ASCII Smuggler - Improvements

infonews
security
Mar 4, 2024

ASCII Smuggler is a tool that hides text within regular content using Unicode characters, and this update adds new features like optional rendering of Unicode Tags (special markers that show where hidden text begins and ends), URL decoding of input, flexible output modes to either highlight or isolate hidden text, and improved mobile compatibility with a better user interface.

CVE-2024-28088: LangChain through 0.1.10 allows ../ directory traversal by an actor who is able to control the final part of the path pa

highvulnerability
security
Mar 4, 2024
CVE-2024-28088EPSS: 10.7%

Who Am I? Conditional Prompt Injection Attacks with Microsoft Copilot

mediumnews
securityresearch

CVE-2024-2057: A vulnerability was found in LangChain langchain_community 0.0.26. It has been classified as critical. Affected is the f

mediumvulnerability
security
Mar 1, 2024
CVE-2024-2057

A critical vulnerability was found in LangChain's langchain_community library version 0.0.26 in the TFIDFRetriever component (a tool that retrieves relevant documents for AI systems). The flaw allows server-side request forgery (SSRF, where an attacker tricks a server into making unwanted network requests on their behalf), and it can be exploited remotely.

AI Act Implementation: Timelines & Next steps

inforegulatory
policy
Feb 28, 2024

The EU AI Act is a regulatory framework that requires companies to comply with rules for different types of AI systems on specific timelines, starting with prohibitions on the riskiest AI uses within 6 months and expanding to cover high-risk AI systems (such as those used in law enforcement, hiring, or education) by 24 months after the law takes effect. The article outlines key compliance deadlines, secondary laws the EU Commission might create to clarify the rules, and guidance documents to help organizations understand how to follow the AI Act.

CVE-2024-25723: ZenML Server in the ZenML machine learning package before 0.46.7 for Python allows remote privilege escalation because t

highvulnerability
security
Feb 27, 2024
CVE-2024-25723EPSS: 86.8%

CVE-2021-46921: In the Linux kernel, the following vulnerability has been resolved: locking/qrwlock: Fix ordering in queued_write_lock_

mediumvulnerability
security
Feb 27, 2024
CVE-2021-46921

A vulnerability in the Linux kernel's queued read-write lock mechanism allowed a race condition where a reader could modify a value while a writer thought it had acquired the lock. The problem occurred because the writer's lock acquisition wasn't properly ordered with respect to the atomic compare-and-exchange operation (cmpxchg, a CPU instruction that compares and swaps values atomically), creating a window where reads could see stale data before the write lock was truly secured.

High-level summary of the AI Act

inforegulatory
policy
Feb 27, 2024

The EU AI Act classifies AI systems by risk level, from prohibited (like social scoring systems that manipulate behavior) to minimal risk (unregulated). High-risk AI systems, such as those used in critical decisions affecting people's lives, face strict regulations requiring developers to provide documentation, conduct testing, and monitor for problems. General-purpose AI (large language models that can do many tasks) have lighter requirements unless they present systemic risk, in which case developers must test them against adversarial attacks (attempts to trick or break them) and report serious incidents.

CVE-2024-27444: langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-

criticalvulnerability
security
Feb 26, 2024
CVE-2024-27444

CVE-2024-27444 is a vulnerability in LangChain Experimental (a Python library for building AI applications) before version 0.1.8 that allows attackers to bypass a previous security fix and run arbitrary code (malicious commands they choose) by using Python's special attributes like __import__ and __globals__, which were not blocked by the pal_chain/base.py security checks.

CVE-2024-27133: Insufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dataset. This issue leads

highvulnerability
security
Feb 23, 2024
CVE-2024-27133

MLflow, a machine learning platform, has a vulnerability where it doesn't properly clean user input from dataset tables, allowing XSS (cross-site scripting, where attackers inject malicious code into web pages). When someone runs a recipe using an untrusted dataset in Jupyter Notebook, this can lead to RCE (remote code execution, where an attacker can run commands on the user's computer).

CVE-2024-27132: Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe. This issue leads to a client-side RC

highvulnerability
security
Feb 23, 2024
CVE-2024-27132

MLflow has a vulnerability (CVE-2024-27132) where template variables are not properly sanitized, allowing XSS (cross-site scripting, where malicious code runs in a user's browser) when running an untrusted recipe in Jupyter Notebook. This can lead to client-side RCE (remote code execution, where an attacker can run commands on the user's computer) through insufficient input cleaning.

CVE-2024-27319: Versions of the package onnx before and including 1.15.0 are vulnerable to Out-of-bounds Read as the ONNX_ASSERT and ONN

mediumvulnerability
security
Feb 23, 2024
CVE-2024-27319

ONNX (a machine learning model format library) versions 1.15.0 and earlier have an out-of-bounds read vulnerability (accessing memory outside intended boundaries) caused by an off-by-one error in the ONNX_ASSERT and ONNX_ASSERTM functions, which handle string copying. This flaw could allow attackers to read sensitive data from memory.

CVE-2024-27318: Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as the external_data fiel

highvulnerability
security
Feb 23, 2024
CVE-2024-27318

ONNX (a machine learning model format) versions 1.15.0 and earlier contain a directory traversal vulnerability (a security flaw where an attacker can access files outside the intended directory) in the external_data field of tensor proto (a data structure component). This vulnerability bypasses a previous security patch, allowing attackers to potentially access files they shouldn't be able to reach.

CVE-2023-52454: In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: Fix a kernel panic when host sends an in

mediumvulnerability
security
Feb 23, 2024
CVE-2023-52454

A bug in the Linux kernel's NVMe over TCP (nvmet-tcp, a protocol for storage communication) can cause a kernel panic (system crash) when a host computer sends an H2CData command with an invalid DATAL (data length) value. The crash happens in the nvmet_tcp_build_pdu_iovec() function, which processes incoming network packets.

Google Gemini: Planting Instructions For Delayed Automatic Tool Invocation

mediumnews
securitysafety

CVE-2023-30767: Improper buffer restrictions in Intel(R) Optimization for TensorFlow before version 2.13.0 may allow an authenticated us

mediumvulnerability
security
Feb 14, 2024
CVE-2023-30767

CVE-2023-30767 is a vulnerability in Intel's Optimization for TensorFlow before version 2.13.0 caused by improper buffer restrictions (inadequate checks on how much data can be written to a memory area). An authenticated user with local access to a system could exploit this flaw to gain higher privilege levels than they should have.

Previous283 / 329Next

Fix: According to the source: "Users may avoid exposing the application to the public internet or, if exposing the application to the internet, ensure it is an isolated network with no access to any other internal resources." The source also notes that as of publication, no patch is available.

NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
Embrace The Red

LangChain versions up to 0.1.10 have a path traversal vulnerability (a flaw where an attacker can use ../ sequences to access files outside the intended directory) that allows someone controlling part of a file path to load configurations from anywhere instead of just the intended GitHub repository, potentially exposing API keys or enabling remote code execution (running malicious commands on a system). This bug affects how the load_chain function handles file paths.

Fix: A patch is available in langchain-core version 0.1.29 and later. Update to this version or newer to fix the vulnerability.

NVD/CVE Database
Mar 3, 2024

Attackers can create conditional prompt injection attacks (tricking an AI by hiding malicious instructions in its input that activate only for specific users) against Microsoft Copilot by leveraging user identity information like names and job titles that the AI includes in its context. A researcher demonstrated this by sending an email with hidden instructions that made Copilot behave differently depending on which person opened it, showing that LLM applications become more vulnerable as attackers learn to target specific users rather than all users equally.

Embrace The Red

Fix: Upgrading to version 0.0.27 addresses this issue.

NVD/CVE Database
EU AI Act Updates

ZenML Server in the ZenML machine learning package before version 0.46.7 has a remote privilege escalation vulnerability (CVE-2024-25723), meaning an attacker can gain higher-level access to the system from a distance. The flaw exists in a REST API endpoint (a web-based interface for requests) that activates user accounts, because it only requires a valid username and new password to change account settings, without proper access controls checking who should be allowed to do this.

Fix: Update ZenML to version 0.46.7 or use one of the patched versions: 0.44.4, 0.43.1, or 0.42.2.

NVD/CVE Database

Fix: Switching the cmpxchg to use acquire semantics (memory ordering guarantees that prevent certain CPU operations from being reordered) addresses the issue. After this change, the atomic_cond_read can be switched to use relaxed semantics (a faster version without strict ordering guarantees), as the cmpxchg now provides the necessary ordering.

NVD/CVE Database
EU AI Act Updates

Fix: Update to LangChain version 0.1.8 or later. A patch is available at https://github.com/langchain-ai/langchain/commit/de9a6cdf163ed00adaf2e559203ed0a9ca2f1de7.

NVD/CVE Database

Fix: A patch is available at https://github.com/mlflow/mlflow/pull/10893

NVD/CVE Database
NVD/CVE Database
NVD/CVE Database
NVD/CVE Database

Fix: Fix the bug by raising a fatal error if DATAL isn't coherent with the packet size. Additionally, the PDU (protocol data unit, the structure holding network data) length should never exceed the MAXH2CDATA parameter that was communicated to the host in nvmet_tcp_handle_icreq().

NVD/CVE Database
Feb 23, 2024

A researcher discovered a vulnerability in Google Gemini where attackers can hide instructions in emails that trick the AI into automatically calling external tools (called Extensions) without the user's knowledge. When a user asks the AI to analyze a malicious email, the AI follows the hidden instructions and invokes the tool, which is a form of request forgery (making unauthorized requests on behalf of the user).

Embrace The Red

Fix: Update Intel Optimization for TensorFlow to version 2.13.0 or later.

NVD/CVE Database