aisecwatch.com
DashboardVulnerabilitiesNewsResearchArchiveStatsDatasetFor devs
Subscribe
aisecwatch.com

Real-time AI security monitoring. Tracking AI-related vulnerabilities, safety and security incidents, privacy risks, research developments, and policy changes.

Navigation

VulnerabilitiesNewsResearchDigest ArchiveNewsletter ArchiveSubscribeData SourcesStatisticsDatasetAPIIntegrationsWidgetRSS Feed

Maintained by

Truong (Jack) Luu

Information Systems Researcher

AI & LLM Vulnerabilities

Security vulnerabilities, privacy incidents, safety concerns, and policy updates affecting LLMs and AI agents.

to
Export CSV
2170 items

CVE-2023-25671: TensorFlow is an open source platform for machine learning. There is out-of-bounds access due to mismatched integer type

highvulnerability
security
Mar 25, 2023
CVE-2023-25671

TensorFlow (an open source platform for machine learning) has a vulnerability called out-of-bounds access (a bug where code tries to read or write data outside the memory area it should access), caused by mismatched integer type sizes (using different number formats where the same one was expected). The issue can be fixed by updating to TensorFlow version 2.12.0 or 2.11.1.

Fix: A fix is included in TensorFlow version 2.12.0 and version 2.11.1.

NVD/CVE Database

CVE-2023-25670: TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 have a null point error

highvulnerability
security
Mar 25, 2023
CVE-2023-25670

TensorFlow (an open source machine learning platform) versions before 2.12.0 and 2.11.1 have a null pointer dereference (a crash caused by trying to access memory that doesn't exist) in a specific feature called QuantizedMatMulWithBiasAndDequantize when MKL (a math optimization library) is enabled. This bug can cause the software to crash or behave unexpectedly.

CVE-2023-25669: TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, if the stride and windo

highvulnerability
security
Mar 25, 2023
CVE-2023-25669

TensorFlow (an open source platform for machine learning) has a bug in the `tf.raw_ops.AvgPoolGrad` function where invalid input values can cause a floating point exception (a crash due to an illegal math operation). This affects TensorFlow versions before 2.12.0 and 2.11.1.

CVE-2023-25668: TensorFlow is an open source platform for machine learning. Attackers using Tensorflow prior to 2.12.0 or 2.11.1 can acc

criticalvulnerability
security
Mar 25, 2023
CVE-2023-25668

TensorFlow (an open-source machine learning platform) versions before 2.12.0 and 2.11.1 have a vulnerability that allows attackers to access heap memory (the part of a computer's memory used for dynamic storage) that shouldn't be accessible, potentially causing the program to crash or allowing remote code execution (running commands on a system remotely without authorization). This is caused by heap-based buffer overflow and out-of-bounds read errors (reading data from memory locations outside the intended boundaries).

CVE-2023-25667: TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, integer overflow occurs

mediumvulnerability
security
Mar 25, 2023
CVE-2023-25667

TensorFlow, an open source machine learning platform, had an integer overflow vulnerability (a bug where calculations exceed the maximum number a computer can store) in versions before 2.12.0 and 2.11.1. The bug occurred when processing video frames with certain dimensions, potentially affecting full HD screencasts with at least 346 frames.

CVE-2023-25666: TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, there is a floating poi

highvulnerability
security
Mar 25, 2023
CVE-2023-25666

TensorFlow, an open source machine learning platform, had a floating point exception (a math error that crashes a program) in its AudioSpectrogram component before versions 2.12.0 and 2.11.1. This bug could cause the software to crash when processing certain audio data.

CVE-2023-25665: TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when `SparseSparseMaxim

highvulnerability
security
Mar 25, 2023
CVE-2023-25665

TensorFlow (an open source platform for machine learning) versions before 2.12.0 and 2.11.1 have a bug where the SparseSparseMaximum function crashes with a null pointer error (when the program tries to access memory that doesn't exist) if given invalid sparse tensors (multi-dimensional arrays with mostly empty values) as inputs. This is a stability issue that can cause the program to fail.

CVE-2023-25664: TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, there is a heap buffer

highvulnerability
security
Mar 25, 2023
CVE-2023-25664

TensorFlow, an open source machine learning platform, had a heap buffer overflow vulnerability (a memory safety bug where data is written beyond allocated space) in a function called TAvgPoolGrad before versions 2.12.0 and 2.11.1. This vulnerability could potentially allow attackers to crash the software or execute code.

CVE-2023-25663: TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when `ctx->step_contain

highvulnerability
security
Mar 25, 2023
CVE-2023-25663

TensorFlow, an open source machine learning platform, had a vulnerability in versions before 2.12.0 and 2.11.1 where a null pointer dereference (a crash caused by trying to use a memory location that doesn't exist) could occur in the Lookup function when a certain pointer was null. This weakness is classified as CWE-476 (NULL Pointer Dereference).

CVE-2023-25662: TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 are vulnerable to intege

highvulnerability
security
Mar 25, 2023
CVE-2023-25662

TensorFlow, an open source machine learning platform, has a vulnerability in versions before 2.12.0 and 2.11.1 involving integer overflow (a math error where a number gets too large and wraps around) in the EditDistance function. This bug could potentially cause unexpected behavior or crashes in machine learning programs using affected versions.

CVE-2023-25660: TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when the parameter `sum

highvulnerability
security
Mar 25, 2023
CVE-2023-25660

TensorFlow, an open source platform for machine learning, has a bug in its `tf.raw_ops.Print` function that causes a seg fault (a crash where the program tries to access memory it shouldn't) when the `summarize` parameter is set to zero. The bug happens because the code tries to use a nullptr (a reference to nothing instead of valid data).

CVE-2023-25659: TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, if the parameter `indic

highvulnerability
security
Mar 25, 2023
CVE-2023-25659

TensorFlow, an open source machine learning platform, had a vulnerability where mismatched parameters in the `DynamicStitch` function could cause a stack OOB read (out-of-bounds read, where a program accesses memory it shouldn't). This flaw affected versions before 2.12.0 and 2.11.1.

CVE-2023-25658: TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, an out of bounds read i

highvulnerability
security
Mar 25, 2023
CVE-2023-25658

TensorFlow, an open source platform for machine learning, had an out of bounds read vulnerability (a bug where code tries to access memory it shouldn't) in a component called GRUBlockCellGrad before versions 2.12.0 and 2.11.1. This vulnerability could potentially allow attackers to read sensitive data or crash the system.

CVE-2023-1177: Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1.

criticalvulnerability
security
Mar 24, 2023
CVE-2023-1177EPSS: 93.3%

CVE-2023-1177 is a path traversal vulnerability (a flaw where an attacker can access files outside the intended directory by using special characters like '..') in MLflow versions before 2.2.1. This weakness allows attackers to potentially read or access files they shouldn't be able to reach on the system.

CVE-2023-1176: Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.2.2.

lowvulnerability
security
Mar 24, 2023
CVE-2023-1176

CVE-2023-1176 is an absolute path traversal vulnerability (a bug where an attacker can access files anywhere on a system by using file paths that start from the root directory) found in MLflow, an open-source platform for managing machine learning experiments, affecting versions before 2.2.2. The vulnerability was discovered and reported through the huntr.dev bug bounty program.

CVE-2023-27494: Streamlit, software for turning data scripts into web applications, had a cross-site scripting (XSS) vulnerability in ve

mediumvulnerability
security
Mar 16, 2023
CVE-2023-27494

Streamlit, software that converts data scripts into web applications, had a cross-site scripting vulnerability (XSS, where an attacker injects malicious code that runs in a user's browser) in versions 0.63.0 through 0.80.0. An attacker could craft a malicious URL containing JavaScript code, trick a user into clicking it, and the Streamlit server would execute that code in the victim's browser.

CVE-2022-23535: LiteDB is a small, fast and lightweight .NET NoSQL embedded database. Versions prior to 5.0.13 are subject to Deserializ

highvulnerability
security
Feb 24, 2023
CVE-2022-23535

LiteDB, a lightweight database library for .NET, has a vulnerability in versions before 5.0.13 where it can deserialize (convert data from a format like JSON back into usable objects) untrusted data. If an attacker sends specially crafted JSON to an application using LiteDB, the library may load unsafe objects by using a special `_type` field that tells it what class to create, potentially allowing malicious code execution.

CVE-2023-25823: Gradio is an open-source Python library to build machine learning and data science demos and web applications. Versions

mediumvulnerability
security
Feb 23, 2023
CVE-2023-25823

Gradio is a Python library for building AI demo applications, and versions before 3.13.1 accidentally exposed private SSH keys (security credentials that grant system access) when users enabled share links to let others access their apps. This meant anyone connecting to a shared Gradio app could steal the SSH key and access other users' Gradio demos or exploit them further depending on what data or capabilities the app had access to.

CVE-2022-26076: Uncontrolled search path element in the Intel(R) oneAPI Deep Neural Network (oneDNN) before version 2022.1 may allow an

mediumvulnerability
security
Feb 16, 2023
CVE-2022-26076

CVE-2022-26076 is a vulnerability in Intel's oneAPI Deep Neural Network library (oneDNN, a software framework for machine learning tasks) before version 2022.1 that involves an uncontrolled search path element (a weakness where a program looks for files in directories it shouldn't trust, potentially allowing attackers to substitute malicious files). An authenticated user (someone with login access) could exploit this through local access to gain higher system privileges.

CVE-2023-23382: Azure Machine Learning Compute Instance Information Disclosure Vulnerability

mediumvulnerability
security
Feb 14, 2023
CVE-2023-23382

CVE-2023-23382 is a vulnerability in Azure Machine Learning Compute Instance that allows unauthorized access to sensitive information. The vulnerability is related to storing passwords in a recoverable format (CWE-257, meaning passwords are saved in a way that can be converted back to their original form), making it easier for attackers to steal credentials.

Previous86 / 109Next

Fix: Update to TensorFlow version 2.12.0 or version 2.11.1, which include fixes for this vulnerability.

NVD/CVE Database

Fix: Update to TensorFlow version 2.12.0 or version 2.11.1, which include a fix for this issue.

NVD/CVE Database

Fix: The fix will be included in TensorFlow version 2.12.0 and will also be cherry-picked (selectively applied) to TensorFlow version 2.11.1.

NVD/CVE Database

Fix: Update to TensorFlow version 2.12.0 or version 2.11.1, which include the fix for this vulnerability.

NVD/CVE Database

Fix: Update TensorFlow to version 2.12.0 or version 2.11.1, which include the fix for this vulnerability.

NVD/CVE Database

Fix: Update to TensorFlow version 2.12.0 or version 2.11.1, which include a fix for this vulnerability.

NVD/CVE Database

Fix: Update TensorFlow to version 2.12.0 or 2.11.1, which include the fix for this vulnerability.

NVD/CVE Database

Fix: Update to TensorFlow version 2.12.0 or 2.11.1, which include the fix for this vulnerability. The patch is available at https://github.com/tensorflow/tensorflow/commit/239139d2ae6a81ae9ba499ad78b56d9b2931538a.

NVD/CVE Database

Fix: Update TensorFlow to version 2.12.0 or version 2.11.1, both of which include a fix for this vulnerability.

NVD/CVE Database

Fix: A fix is included in TensorFlow version 2.12.0 and version 2.11.1. Users should update to one of these versions or later.

NVD/CVE Database

Fix: Update TensorFlow to version 2.12.0 or version 2.11.1, which include the fix for this vulnerability.

NVD/CVE Database

Fix: Update TensorFlow to version 2.12.0 or version 2.11.1, which include the fix for this vulnerability.

NVD/CVE Database

Fix: Update MLflow to version 2.2.1 or later. A patch is available at https://github.com/mlflow/mlflow/pull/7891/commits/7162a50c654792c21f3e4a160eb1a0e6a34f6e6e

NVD/CVE Database

Fix: Fixed in version 2.2.2. A patch is available at https://github.com/mlflow/mlflow/commit/63ef72aa4334a6473ce7f889573c92fcae0b3c0d.

NVD/CVE Database

Fix: Update to version 0.81.0, which contains a patch for this vulnerability.

NVD/CVE Database

Fix: Update LiteDB to version 5.0.13 or later. The source notes this version includes basic fixes to prevent the issue, though it is not completely guaranteed when using `Object` type. A future major version will add an allow-list to control which assemblies (code libraries) can be loaded. For immediate protection, consult the vendor advisory for additional workarounds.

NVD/CVE Database

Fix: Update to version 3.13.1 or later. Gradio recommends updating to version 3.19.1 or later, where the FRP (Fast Reverse Proxy) solution has been properly tested.

NVD/CVE Database
NVD/CVE Database
NVD/CVE Database