Vulnerabilities > Lfprojects
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-11 | CVE-2024-22194 | Predictable Seed in Pseudo-Random Number Generator (PRNG) vulnerability in Lfprojects Case Python Utilities and CDO Local Uuid Utility cdo-local-uuid project provides a specialized UUID-generating function that can, on user request, cause a program to generate deterministic UUIDs. | 2.8 |
| 2023-12-20 | CVE-2023-6974 | Server-Side Request Forgery (SSRF) vulnerability in Lfprojects Mlflow A malicious user could use this issue to access internal HTTP(s) servers and in the worst case (ie: aws instance) it could be abuse to get a remote code execution on the victim machine. | 9.8 |
| 2023-12-20 | CVE-2023-6975 | Path Traversal: '..filename' vulnerability in Lfprojects Mlflow A malicious user could use this issue to get command execution on the vulnerable machine and get access to data & models information. | 9.8 |
| 2023-12-20 | CVE-2023-6976 | Unrestricted Upload of File with Dangerous Type vulnerability in Lfprojects Mlflow This vulnerability is capable of writing arbitrary files into arbitrary locations on the remote filesystem in the context of the server process. | 8.8 |
| 2023-12-20 | CVE-2023-6977 | Path Traversal: '..filename' vulnerability in Lfprojects Mlflow This vulnerability enables malicious users to read sensitive files on the server. | 7.5 |
| 2023-12-19 | CVE-2023-6940 | Command Injection vulnerability in Lfprojects Mlflow with only one user interaction(download a malicious config), attackers can gain full command execution on the victim system. | 8.8 |
| 2023-12-18 | CVE-2023-6909 | Path Traversal: '..filename' vulnerability in Lfprojects Mlflow Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2. | 7.5 |
| 2023-12-15 | CVE-2023-6831 | Path Traversal vulnerability in Lfprojects Mlflow Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2. | 8.1 |
| 2023-12-13 | CVE-2023-6753 | Path Traversal vulnerability in Lfprojects Mlflow Path Traversal in GitHub repository mlflow/mlflow prior to 2.9.2. | 8.8 |
| 2023-12-12 | CVE-2023-6709 | Unspecified vulnerability in Lfprojects Mlflow Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository mlflow/mlflow prior to 2.9.2. | 8.8 |