aisecwatch.com
DashboardVulnerabilitiesNewsResearchArchiveStatsDatasetFor devs
Subscribe
aisecwatch.com

Real-time AI security monitoring. Tracking AI-related vulnerabilities, safety and security incidents, privacy risks, research developments, and policy changes.

Navigation

VulnerabilitiesNewsResearchDigest ArchiveNewsletter ArchiveSubscribeData SourcesStatisticsDatasetAPIIntegrationsWidgetRSS Feed

Maintained by

Truong (Jack) Luu

Information Systems Researcher

Browse All

All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.

to
Export CSV
6613 items

CVE-2021-41127: Rasa is an open source machine learning framework to automate text-and voice-based conversations. In affected versions a

highvulnerability
security
Oct 21, 2021
CVE-2021-41127

Rasa is a framework for building conversational AI systems, and versions before 2.8.10 have a vulnerability where a malicious model file (a compressed archive containing trained AI weights) can overwrite or replace important bot files. This happens because the software doesn't properly validate what's inside the model file before extracting it.

Fix: The vulnerability is fixed in Rasa 2.8.10. For users unable to update, ensure that users do not upload untrusted model files, and restrict CLI (command-line interface, a text-based way to control software) or API endpoint access (network connections that allow external programs to interact with Rasa) where a malicious actor could target a deployed Rasa instance.

NVD/CVE Database

CVE-2021-35617: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Coherence Container). Suppor

criticalvulnerability
security
Oct 20, 2021
CVE-2021-35617

A serious vulnerability (CVE-2021-35617) exists in Oracle WebLogic Server's Coherence Container component that allows attackers without authentication to take over the server by sending specially crafted messages over IIOP (a network protocol for distributed systems). The flaw affects versions 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0 and has a CVSS score (severity rating) of 9.8 out of 10, indicating it severely impacts security.

Offensive BPF: Understanding and using bpf_probe_write_user

infonews
security
Oct 20, 2021

This post explores how BPF (Berkeley Packet Filter, a technology that allows running custom programs inside the Linux kernel) can be used offensively, specifically focusing on the bpf_probe_write_user function (a helper that lets BPF programs modify user-space data during execution). The author documents their process of learning to write advanced BPF programs in C using libbpf to manipulate filenames, hide directories, and simulate ransomware attacks while also considering detection methods.

Offensive BPF: Sniffing Firefox traffic with bpftrace

infonews
security
Oct 14, 2021

This post describes how to use bpftrace (a tool for tracing system behavior) with uprobes (hooks into user-space functions) to intercept and read Firefox's encrypted traffic by hooking into the NSS library (Mozilla's Network Security Services, which Firefox uses for encryption). The author discovered that Firefox uses local NSS libraries rather than system-wide encryption libraries, and created a bpftrace script that hooks the PR_Write function to capture and display the data Firefox sends.

Video: Understanding Image Scaling Attacks

infonews
securityresearch

Video: What is Tabnabbing?

infonews
security
Oct 10, 2021

Tabnabbing is a web application security vulnerability that attackers can use to perform phishing attacks (tricking users into giving up sensitive information by impersonating legitimate websites). The video explains how tabnabbing works and how to defend against it, and notes that the vulnerability is relatively straightforward to prevent.

Offensive BPF: What's in the bpfcc-tools box?

infonews
security
Oct 9, 2021

This post explores bpfcc-tools, a collection of existing BPF (Berkeley Packet Filter, a technology that runs custom programs inside the Linux kernel) programs used for system performance monitoring and observability. The author explains that BPF tools are becoming increasingly common in production environments because they're useful for analyzing system behavior without requiring custom code.

Offensive BPF: Detection Ideas

infonews
security
Oct 7, 2021

This post discusses detection strategies for identifying malicious use of BPF (Berkeley Packet Filter, a technology that allows programs to run safely inside the Linux kernel), specifically focusing on bpftrace (a tool for tracing system events using BPF). The author is exploring how attackers might misuse BPF and what defensive approaches Blue Teams (security defenders) could use to catch such misuse.

CVE-2021-42054: ACCEL-PPP 1.12.0 has an out-of-bounds read in triton_context_schedule if the client exits after authentication.

highvulnerability
security
Oct 7, 2021
CVE-2021-42054

ACCEL-PPP version 1.12.0 contains an out-of-bounds read vulnerability (CWE-125, a bug where software tries to access memory beyond its allowed range) in a function called triton_context_schedule that triggers when a client disconnects after successfully authenticating. This flaw has a CVSS severity score of 4.0, indicating moderate severity.

Offensive BPF: Using bpftrace to host backdoors

infonews
security
Oct 6, 2021

This post describes how to use bpftrace (a tool for tracing Linux kernel events) to create a backdoor that executes commands when it receives a specific secret message on any port. The author explains how to use enter and exit trace points (hooks into when functions start and finish) to capture data from network reads, then compare that data against a trigger message to run malicious commands.

Offensive BPF: Malicious bpftrace 🤯

infonews
security
Oct 5, 2021

This post explores how bpftrace, a tool for running BPF programs (eBPF, extended Berkeley Packet Filter, which lets programs monitor and modify system behavior at a low kernel level), could potentially be misused to create backdoors by observing network traffic and triggering malicious actions. The author is studying this offensive technique to better understand security threats and help defenders recognize such attacks.

Offensive BPF! Getting started.

infonews
security
Sep 30, 2021

eBPF (extended Berkeley Packet Filtering, a technology that lets users run small programs inside the Linux kernel without modifying kernel source code) is gaining attention for offensive security uses because it can hook into system calls, manipulate data, and even run on network hardware. The article introduces eBPF's structure (programs, maps, and events) and explains how attackers could potentially exploit its flexibility and power to hook into system functions, modify data, and spawn processes.

CVE-2021-39207: parlai is a framework for training and evaluating AI models on a variety of openly available dialogue datasets. In affec

highvulnerability
security
Sep 10, 2021
CVE-2021-39207

ParlAI, a framework for training AI models on dialogue datasets, has a vulnerability where it unsafely loads YAML files (a data format), allowing attackers to execute arbitrary code on affected systems. The vulnerability occurs because the framework uses an unsafe YAML loader that can be tricked into running malicious code hidden in data files.

Video: Web Application Security Fundamentals

infonews
security
Sep 6, 2021

This is a 25-minute educational video covering the foundational concepts needed to understand web application security. It explains the basic building blocks of web applications, such as HTML, HTTP, JavaScript, and cookies, as well as core security concepts like the Same-Origin Policy (a rule that prevents websites from accessing each other's data without permission). The video prepares viewers to understand common security vulnerabilities like XSS (cross-site scripting, where attackers inject malicious code into web pages), CSRF (cross-site request forgery, where attackers trick users into performing unwanted actions), and SQLi (SQL injection, where attackers insert malicious database commands into input fields).

Backdoor users on Linux with uid=0

infonews
security
Aug 30, 2021

On Linux systems, users with uid=0 (user identifier zero) have root privileges, which bypass all security checks. An attacker can create a new account or modify an existing one to have uid=0 by editing the /etc/passwd file or using commands like 'usermod -u 0', giving them complete system control.

Using Microsoft Counterfit to create adversarial examples for Husky AI

infonews
securityresearch

CVE-2021-37690: TensorFlow is an end-to-end open source platform for machine learning. In affected versions when running shape functions

mediumvulnerability
security
Aug 13, 2021
CVE-2021-37690

TensorFlow, an open-source machine learning platform, had a bug where certain shape functions created temporary data structures (ShapeAndType structs) that were deleted too quickly, causing crashes (segfaults, or sudden program failures) if other code tried to access them. The issue was that while normal output shapes were being protected by copying them to safer ownership, the code wasn't doing the same protection for shapes and types together.

CVE-2021-37692: TensorFlow is an end-to-end open source platform for machine learning. In affected versions under certain conditions, Go

mediumvulnerability
security
Aug 12, 2021
CVE-2021-37692

TensorFlow (an open source machine learning platform) had a bug where Go code could crash the program during memory cleanup of string tensors if encoding failed. The problem occurred because the cleanup process assumed encoding always succeeded, but didn't check whether it actually did.

CVE-2021-37691: TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLi

mediumvulnerability
security
Aug 12, 2021
CVE-2021-37691

TensorFlow, an open-source machine learning platform, has a vulnerability where an attacker can create a specially crafted TFLite model (a lightweight version of TensorFlow for mobile and embedded devices) that causes a division by zero error (a crash that happens when code tries to divide a number by zero) in its LSH projection feature. This flaw affects multiple versions of TensorFlow.

CVE-2021-37687: TensorFlow is an end-to-end open source platform for machine learning. In affected versions TFLite's [`GatherNd` impleme

mediumvulnerability
security
Aug 12, 2021
CVE-2021-37687

TensorFlow Lite (TFLite, a lightweight version of TensorFlow for mobile and embedded devices) has a vulnerability in its `GatherNd` and `Gather` operations that fail to check for negative indices. An attacker can exploit this by creating a specially designed model with negative values to read sensitive data from the heap (temporary memory storage), potentially exposing private information.

Previous306 / 331Next
NVD/CVE Database
Embrace The Red
Embrace The Red
Oct 12, 2021

Adversaries can hide a smaller image within a larger one so that it becomes visible when a computer resizes the image using insecure interpolation (a method of calculating pixel values between known points). The video demonstrates this attack technique and explains how to prevent it from happening.

Fix: The source mentions that mitigation is discussed in the video but does not explicitly state the mitigation steps in the text provided. N/A -- no specific mitigation described in source.

Embrace The Red
Embrace The Red
Embrace The Red
Embrace The Red
NVD/CVE Database
Embrace The Red
Embrace The Red
Embrace The Red

Fix: Update ParlAI to version v1.1.0 or above. If upgrading is not possible, change the Loader to SafeLoader as a workaround. See commit 507d066ef432ea27d3e201da08009872a2f37725 for details.

NVD/CVE Database
Embrace The Red
Embrace The Red
Aug 16, 2021

This post describes Microsoft Counterfit, a tool for testing machine learning models against adversarial attacks (subtle modifications to input data designed to fool AI systems). The author demonstrates how to set up Counterfit, create a custom target for a husky image classifier, and use the tool's built-in attack modules to test the model's robustness.

Embrace The Red

Fix: The issue was patched in GitHub commit ee119d4a498979525046fba1c3dd3f13a039fbb1 and fixed by applying the same cloning logic to output shapes and types. The fix is included in TensorFlow 2.6.0, and was also backported (added to earlier versions) in TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4.

NVD/CVE Database

Fix: The fix defers calling the finalizer function (the cleanup code) until after the tensor is fully created, and changes how memory is deallocated for string tensors to be based on bytes actually written rather than assuming encoding succeeded. This was patched in GitHub commit 8721ba96e5760c229217b594f6d2ba332beedf22 and will be included in TensorFlow 2.6.0 and will be backported to TensorFlow 2.5.1.

NVD/CVE Database

Fix: The issue has been patched in GitHub commit 0575b640091680cfb70f4dd93e70658de43b94f9. The fix will be included in TensorFlow 2.6.0 and will also be backported (applied to older versions) to TensorFlow 2.5.1, 2.4.3, and 2.3.4.

NVD/CVE Database

Fix: The issue was patched in GitHub commits bb6a0383ed553c286f87ca88c207f6774d5c4a8f and eb921122119a6b6e470ee98b89e65d721663179d. The fix is included in TensorFlow 2.6.0 and will be backported to TensorFlow 2.5.1, 2.4.3, and 2.3.4.

NVD/CVE Database