All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
Gradio is a Python library for building AI demo applications, and versions before 3.13.1 accidentally exposed private SSH keys (security credentials that grant system access) when users enabled share links to let others access their apps. This meant anyone connecting to a shared Gradio app could steal the SSH key and access other users' Gradio demos or exploit them further depending on what data or capabilities the app had access to.
Fix: Update to version 3.13.1 or later. Gradio recommends updating to version 3.19.1 or later, where the FRP (Fast Reverse Proxy) solution has been properly tested.
NVD/CVE DatabaseCVE-2022-26076 is a vulnerability in Intel's oneAPI Deep Neural Network library (oneDNN, a software framework for machine learning tasks) before version 2022.1 that involves an uncontrolled search path element (a weakness where a program looks for files in directories it shouldn't trust, potentially allowing attackers to substitute malicious files). An authenticated user (someone with login access) could exploit this through local access to gain higher system privileges.
CVE-2023-23382 is a vulnerability in Azure Machine Learning Compute Instance that allows unauthorized access to sensitive information. The vulnerability is related to storing passwords in a recoverable format (CWE-257, meaning passwords are saved in a way that can be converted back to their original form), making it easier for attackers to steal credentials.
A WordPress plugin called 'GPT AI Power' before version 1.4.38 has a security flaw where logged-in users can modify any posts without proper authorization checks (nonce and privilege verification, which are security measures that confirm a user has permission to perform an action). This means someone with basic login access could change or delete content they shouldn't be able to touch.
ONNX (a machine learning model format library) versions before 1.13.0 contain a directory traversal vulnerability (a security flaw where an attacker can access files outside the intended folder by using paths like '../../../etc/passwd'). An attacker could exploit the external_data field in tensor proto (data structure in ONNX models) to read sensitive files from anywhere on a system.
This post announces a video tutorial about SSH Agent Hijacking, a technique (TTP, or tactic/technique/procedure) used in security testing where an attacker compromises the SSH Agent (a program that stores SSH keys, which authenticate users to remote systems). The tutorial is intended to help security professionals understand this attack method and develop ways to detect it on Linux and macOS systems.
Autolab, a web-based course management system for programming assignments, had a file disclosure vulnerability (a security flaw that lets unauthorized people read files they shouldn't access) in its remote handin feature. Attackers could submit assignments using file paths outside their intended directory and then view those files to see their contents.
Autolab is a web-based course management system that allows instructors to automatically grade programming assignments. A remote code execution vulnerability (RCE, where an attacker can run commands on a system they don't own) was found in its MOSS feature that could let instructors execute code on the server hosting Autolab.
This article describes how to capture and decrypt TLS traffic (the encryption protocol that secures web communication) on Windows using built-in tools like netsh and Wireshark. The technique works by setting an environment variable to log TLS session keys, capturing network traffic without installing extra software, and then using Wireshark to decrypt the captured data.
A security flaw in Firefox, Firefox ESR, and Thunderbird's DevTools allowed the 'Copy as curl' feature to create commands that weren't properly escaped for PowerShell (a command-line tool on Windows). If someone pasted these commands into PowerShell, an attacker could inject malicious commands that would execute on the user's computer. This only affected Windows users.
The EU AI Act requires technical standards to be written by European standardization organizations (CEN and CENELEC) that explain how companies can safely build high-risk AI systems. These standards follow a six-step approval process and, once published and approved by the European Commission, become 'harmonized and cited standards' that legally presume compliance with safety regulations if companies follow them. The drafting process is currently ongoing but behind schedule, with different standards at different completion stages.
TensorFlow, an open source platform for machine learning, has a bug in the MakeGrapplerFunctionItem function where providing inputs larger than or equal to the output sizes causes an out-of-bounds memory read (reading data from memory locations the program shouldn't access) or a crash. The issue has been patched and will be included in TensorFlow 2.11.0 as well as backported to earlier versions.
TensorFlow, an open source machine learning platform, has a bug in its MakeGrapplerFunctionItem function where providing input sizes that are greater than or equal to output sizes causes an out-of-bounds memory read (accessing memory locations outside the intended range) or a crash. This vulnerability affects how TensorFlow processes data when sizes are mismatched.
PyTorch versions before trunk/89695 have a vulnerability in the torch.jit.annotations.parse_type_line function that can allow arbitrary code execution (running attacker-controlled commands on a system) because it uses eval unsafely (eval is a function that executes code from text input without proper safety checks).
Attackers are using a new phishing technique that exploits OAuth2 Device Authorization Grant (a protocol that lets devices log in by directing users to a website to authorize access) to trick users into granting them access to data, especially as organizations adopt passwordless authentication methods like hardware tokens. The attack begins when an attacker initiates a device code flow by sending a request to a service provider's device code endpoint, such as Microsoft's Azure AD (active directory, a system that manages user identities and permissions).
The article discusses security risks with Azure's AAD (Azure Active Directory, Microsoft's cloud identity service) when MFA (multi-factor authentication, an extra security check beyond passwords) is misconfigured. A common mistake is enforcing MFA only at the federated identity provider (an external service that handles logins) while leaving ROPC (Resource Owner Password Credentials, a method where users send passwords directly to get access tokens) enabled in AAD itself, which allows attackers to bypass MFA protections after gaining initial access.
TensorFlow, an open source platform for machine learning, has a bug where converting character data to boolean values can cause crashes because the conversion is undefined unless the character is exactly 0 or 1. This issue affects the process of printing tensors (multi-dimensional arrays of data used in machine learning).
TensorFlow (an open source machine learning platform) has a vulnerability where invalid input to a specific function causes a segfault (a crash where the program tries to access memory it shouldn't). The bug occurs when `tf.raw_ops.CompositeTensorVariantToComponents` receives an `encoded` parameter that is not a valid `CompositeTensorVariant` tensor (a data structure for machine learning computations).
TensorFlow, an open-source machine learning platform, has a vulnerability where passing a `token` input that is not UTF-8 encoded (a character encoding standard) causes the `tf.raw_ops.PyFunc` function to crash with a CHECK fail (a safety check that stops execution when something is wrong). This is a type of improper input validation weakness, meaning the function doesn't properly check whether its input is in the correct format before processing it.
Fix: Update the plugin to version 1.4.38 or later.
NVD/CVE DatabaseFix: Update to ONNX version 1.13.0 or later.
NVD/CVE DatabaseFix: The vulnerability has been patched in version 2.10.0. As a workaround, ensure that the remote handin path field is empty (Edit Assessment > Advanced > Remote handin path), do not run Autolab as `root` (a user with full system permissions), and do not run it as any user with write access to `/` (the root directory). Alternatively, disable the remote handin feature by replacing the body of `local_submit` in `app/controllers/assessment/handin.rb` with `render(plain: "Feature disabled", status: :bad_request) && return`.
NVD/CVE DatabaseFix: The vulnerability has been patched in version 2.10.0. Alternatively, as a workaround, disable the MOSS feature by replacing the body of `run_moss` in `app/controllers/courses_controller.rb` with `render(plain: "Feature disabled", status: :bad_request) && return`.
NVD/CVE DatabaseFix: The fix is available in GitHub commit a65411a1d69edfb16b25907ffb8f73556ce36bb7. Users should update to TensorFlow 2.11.0, or for earlier versions, update to 2.8.4, 2.9.3, or 2.10.1 where the patch has been backported.
NVD/CVE DatabaseFix: The issue has been patched in GitHub commit a65411a1d69edfb16b25907ffb8f73556ce36bb7. The fix is included in TensorFlow 2.11.0, and will also be included in TensorFlow 2.8.4, 2.9.3, and 2.10.1.
NVD/CVE DatabaseThis post demonstrates that ChatGPT can be prompted to roleplay as a Microsoft SQL Server (a database management system) and respond with realistic database commands and results, including creating databases, tables, inserting data, and writing stored procedures (reusable blocks of SQL code). The author shows that ChatGPT can understand user intent well enough to execute complex database operations like UPSERTs (operations that update existing records or insert new ones if they don't exist), even when given incomplete information.
Fix: The issue has been patched in GitHub commit `1be74370327`. The fix will be included in TensorFlow 2.11.0, and will also be applied to TensorFlow 2.10.1, TensorFlow 2.9.3, and TensorFlow 2.8.4.
NVD/CVE DatabaseFix: The issue has been patched in GitHub commits bf594d08d377dc6a3354d9fdb494b32d45f91971 and 660ce5a89eb6766834bdc303d2ab3902aef99d3d. The fix will be included in TensorFlow 2.11, and will also be backported to TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4.
NVD/CVE DatabaseFix: The issue has been patched in GitHub commit 9f03a9d3bafe902c1e6beb105b2f24172f238645. The fix is included in TensorFlow 2.11, and will also be patched in TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4.
NVD/CVE Database