aisecwatch.com
DashboardVulnerabilitiesNewsResearchArchiveStatsDatasetFor devs
Subscribe
aisecwatch.com

Real-time AI security monitoring. Tracking AI-related vulnerabilities, safety and security incidents, privacy risks, research developments, and policy changes.

Navigation

VulnerabilitiesNewsResearchDigest ArchiveNewsletter ArchiveSubscribeData SourcesStatisticsDatasetAPIIntegrationsWidgetRSS Feed

Maintained by

Truong (Jack) Luu

Information Systems Researcher

Browse All

All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.

to
Export CSV
6587 items

CVE-2023-25672: TensorFlow is an open source platform for machine learning. The function `tf.raw_ops.LookupTableImportV2` cannot handle

highvulnerability
security
Mar 25, 2023
CVE-2023-25672

TensorFlow, an open source platform for machine learning, has a bug in the `tf.raw_ops.LookupTableImportV2` function where it cannot properly handle scalar values (single values, not arrays) in the `values` parameter, causing an NPE (null pointer exception, when the program tries to use a value that doesn't exist). This is a type of vulnerability called NULL Pointer Dereference (CWE-476).

Fix: A fix is included in TensorFlow version 2.12.0 and version 2.11.1. Users can also reference the patch at https://github.com/tensorflow/tensorflow/commit/980b22536abcbbe1b4a5642fc940af33d8c19b69.

NVD/CVE Database

CVE-2023-25671: TensorFlow is an open source platform for machine learning. There is out-of-bounds access due to mismatched integer type

highvulnerability
security
Mar 25, 2023
CVE-2023-25671

TensorFlow (an open source platform for machine learning) has a vulnerability called out-of-bounds access (a bug where code tries to read or write data outside the memory area it should access), caused by mismatched integer type sizes (using different number formats where the same one was expected). The issue can be fixed by updating to TensorFlow version 2.12.0 or 2.11.1.

CVE-2023-25670: TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 have a null point error

highvulnerability
security
Mar 25, 2023
CVE-2023-25670

TensorFlow (an open source machine learning platform) versions before 2.12.0 and 2.11.1 have a null pointer dereference (a crash caused by trying to access memory that doesn't exist) in a specific feature called QuantizedMatMulWithBiasAndDequantize when MKL (a math optimization library) is enabled. This bug can cause the software to crash or behave unexpectedly.

CVE-2023-25669: TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, if the stride and windo

highvulnerability
security
Mar 25, 2023
CVE-2023-25669

TensorFlow (an open source platform for machine learning) has a bug in the `tf.raw_ops.AvgPoolGrad` function where invalid input values can cause a floating point exception (a crash due to an illegal math operation). This affects TensorFlow versions before 2.12.0 and 2.11.1.

CVE-2023-25668: TensorFlow is an open source platform for machine learning. Attackers using Tensorflow prior to 2.12.0 or 2.11.1 can acc

criticalvulnerability
security
Mar 25, 2023
CVE-2023-25668

TensorFlow (an open-source machine learning platform) versions before 2.12.0 and 2.11.1 have a vulnerability that allows attackers to access heap memory (the part of a computer's memory used for dynamic storage) that shouldn't be accessible, potentially causing the program to crash or allowing remote code execution (running commands on a system remotely without authorization). This is caused by heap-based buffer overflow and out-of-bounds read errors (reading data from memory locations outside the intended boundaries).

CVE-2023-25667: TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, integer overflow occurs

mediumvulnerability
security
Mar 25, 2023
CVE-2023-25667

TensorFlow, an open source machine learning platform, had an integer overflow vulnerability (a bug where calculations exceed the maximum number a computer can store) in versions before 2.12.0 and 2.11.1. The bug occurred when processing video frames with certain dimensions, potentially affecting full HD screencasts with at least 346 frames.

CVE-2023-25666: TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, there is a floating poi

highvulnerability
security
Mar 25, 2023
CVE-2023-25666

TensorFlow, an open source machine learning platform, had a floating point exception (a math error that crashes a program) in its AudioSpectrogram component before versions 2.12.0 and 2.11.1. This bug could cause the software to crash when processing certain audio data.

CVE-2023-25665: TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when `SparseSparseMaxim

highvulnerability
security
Mar 25, 2023
CVE-2023-25665

TensorFlow (an open source platform for machine learning) versions before 2.12.0 and 2.11.1 have a bug where the SparseSparseMaximum function crashes with a null pointer error (when the program tries to access memory that doesn't exist) if given invalid sparse tensors (multi-dimensional arrays with mostly empty values) as inputs. This is a stability issue that can cause the program to fail.

CVE-2023-25664: TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, there is a heap buffer

highvulnerability
security
Mar 25, 2023
CVE-2023-25664

TensorFlow, an open source machine learning platform, had a heap buffer overflow vulnerability (a memory safety bug where data is written beyond allocated space) in a function called TAvgPoolGrad before versions 2.12.0 and 2.11.1. This vulnerability could potentially allow attackers to crash the software or execute code.

CVE-2023-25663: TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when `ctx->step_contain

highvulnerability
security
Mar 25, 2023
CVE-2023-25663

TensorFlow, an open source machine learning platform, had a vulnerability in versions before 2.12.0 and 2.11.1 where a null pointer dereference (a crash caused by trying to use a memory location that doesn't exist) could occur in the Lookup function when a certain pointer was null. This weakness is classified as CWE-476 (NULL Pointer Dereference).

CVE-2023-25662: TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 are vulnerable to intege

highvulnerability
security
Mar 25, 2023
CVE-2023-25662

TensorFlow, an open source machine learning platform, has a vulnerability in versions before 2.12.0 and 2.11.1 involving integer overflow (a math error where a number gets too large and wraps around) in the EditDistance function. This bug could potentially cause unexpected behavior or crashes in machine learning programs using affected versions.

CVE-2023-25660: TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when the parameter `sum

highvulnerability
security
Mar 25, 2023
CVE-2023-25660

TensorFlow, an open source platform for machine learning, has a bug in its `tf.raw_ops.Print` function that causes a seg fault (a crash where the program tries to access memory it shouldn't) when the `summarize` parameter is set to zero. The bug happens because the code tries to use a nullptr (a reference to nothing instead of valid data).

CVE-2023-25659: TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, if the parameter `indic

highvulnerability
security
Mar 25, 2023
CVE-2023-25659

TensorFlow, an open source machine learning platform, had a vulnerability where mismatched parameters in the `DynamicStitch` function could cause a stack OOB read (out-of-bounds read, where a program accesses memory it shouldn't). This flaw affected versions before 2.12.0 and 2.11.1.

CVE-2023-25658: TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, an out of bounds read i

highvulnerability
security
Mar 25, 2023
CVE-2023-25658

TensorFlow, an open source platform for machine learning, had an out of bounds read vulnerability (a bug where code tries to access memory it shouldn't) in a component called GRUBlockCellGrad before versions 2.12.0 and 2.11.1. This vulnerability could potentially allow attackers to read sensitive data or crash the system.

CVE-2023-1177: Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1.

criticalvulnerability
security
Mar 24, 2023
CVE-2023-1177EPSS: 93.3%

CVE-2023-1177 is a path traversal vulnerability (a flaw where an attacker can access files outside the intended directory by using special characters like '..') in MLflow versions before 2.2.1. This weakness allows attackers to potentially read or access files they shouldn't be able to reach on the system.

CVE-2023-1176: Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.2.2.

lowvulnerability
security
Mar 24, 2023
CVE-2023-1176

CVE-2023-1176 is an absolute path traversal vulnerability (a bug where an attacker can access files anywhere on a system by using file paths that start from the root directory) found in MLflow, an open-source platform for managing machine learning experiments, affecting versions before 2.2.2. The vulnerability was discovered and reported through the huntr.dev bug bounty program.

CVE-2023-27494: Streamlit, software for turning data scripts into web applications, had a cross-site scripting (XSS) vulnerability in ve

mediumvulnerability
security
Mar 16, 2023
CVE-2023-27494

Streamlit, software that converts data scripts into web applications, had a cross-site scripting vulnerability (XSS, where an attacker injects malicious code that runs in a user's browser) in versions 0.63.0 through 0.80.0. An attacker could craft a malicious URL containing JavaScript code, trick a user into clicking it, and the Streamlit server would execute that code in the victim's browser.

CVE-2022-4265: The Replyable WordPress plugin before 2.2.10 does not validate the class name submitted by the request when instantiatin

highvulnerability
security
Mar 6, 2023
CVE-2022-4265

The Replyable WordPress plugin before version 2.2.10 has a security flaw where it doesn't check the class names that users submit when creating objects in a specific action, and it also lacks CSRF protection (cross-site request forgery, where an attacker tricks a user into performing actions without their knowledge). This allows authenticated users, even those with basic subscriber permissions, to perform object injection attacks (exploiting how the plugin creates objects to run unintended code).

Yolo: Natural Language to Shell Commands with ChatGPT API

infonews
industry
Mar 5, 2023

Yolo is a tool that uses ChatGPT API (OpenAI's language model accessed through code) to translate natural language questions into shell commands (the text-based interface for controlling a computer) that can be executed automatically. The tool helps users who forget command syntax by converting plain English requests into proper bash, zsh, or PowerShell commands, with a safety feature that shows the command before running it unless the user enables automatic execution.

CVE-2022-23535: LiteDB is a small, fast and lightweight .NET NoSQL embedded database. Versions prior to 5.0.13 are subject to Deserializ

highvulnerability
security
Feb 24, 2023
CVE-2022-23535

LiteDB, a lightweight database library for .NET, has a vulnerability in versions before 5.0.13 where it can deserialize (convert data from a format like JSON back into usable objects) untrusted data. If an attacker sends specially crafted JSON to an application using LiteDB, the library may load unsafe objects by using a special `_type` field that tells it what class to create, potentially allowing malicious code execution.

Previous291 / 330Next

Fix: A fix is included in TensorFlow version 2.12.0 and version 2.11.1.

NVD/CVE Database

Fix: Update to TensorFlow version 2.12.0 or version 2.11.1, which include fixes for this vulnerability.

NVD/CVE Database

Fix: Update to TensorFlow version 2.12.0 or version 2.11.1, which include a fix for this issue.

NVD/CVE Database

Fix: The fix will be included in TensorFlow version 2.12.0 and will also be cherry-picked (selectively applied) to TensorFlow version 2.11.1.

NVD/CVE Database

Fix: Update to TensorFlow version 2.12.0 or version 2.11.1, which include the fix for this vulnerability.

NVD/CVE Database

Fix: Update TensorFlow to version 2.12.0 or version 2.11.1, which include the fix for this vulnerability.

NVD/CVE Database

Fix: Update to TensorFlow version 2.12.0 or version 2.11.1, which include a fix for this vulnerability.

NVD/CVE Database

Fix: Update TensorFlow to version 2.12.0 or 2.11.1, which include the fix for this vulnerability.

NVD/CVE Database

Fix: Update to TensorFlow version 2.12.0 or 2.11.1, which include the fix for this vulnerability. The patch is available at https://github.com/tensorflow/tensorflow/commit/239139d2ae6a81ae9ba499ad78b56d9b2931538a.

NVD/CVE Database

Fix: Update TensorFlow to version 2.12.0 or version 2.11.1, both of which include a fix for this vulnerability.

NVD/CVE Database

Fix: A fix is included in TensorFlow version 2.12.0 and version 2.11.1. Users should update to one of these versions or later.

NVD/CVE Database

Fix: Update TensorFlow to version 2.12.0 or version 2.11.1, which include the fix for this vulnerability.

NVD/CVE Database

Fix: Update TensorFlow to version 2.12.0 or version 2.11.1, which include the fix for this vulnerability.

NVD/CVE Database

Fix: Update MLflow to version 2.2.1 or later. A patch is available at https://github.com/mlflow/mlflow/pull/7891/commits/7162a50c654792c21f3e4a160eb1a0e6a34f6e6e

NVD/CVE Database

Fix: Fixed in version 2.2.2. A patch is available at https://github.com/mlflow/mlflow/commit/63ef72aa4334a6473ce7f889573c92fcae0b3c0d.

NVD/CVE Database

Fix: Update to version 0.81.0, which contains a patch for this vulnerability.

NVD/CVE Database

Fix: Update the Replyable WordPress plugin to version 2.2.10 or later.

NVD/CVE Database
Embrace The Red

Fix: Update LiteDB to version 5.0.13 or later. The source notes this version includes basic fixes to prevent the issue, though it is not completely guaranteed when using `Object` type. A future major version will add an allow-list to control which assemblies (code libraries) can be loaded. For immediate protection, consult the vendor advisory for additional workarounds.

NVD/CVE Database