Vulnerabilities > Lfprojects
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-12-20 | CVE-2023-6977 | Unspecified vulnerability in Lfprojects Mlflow This vulnerability enables malicious users to read sensitive files on the server. | 7.5 |
2023-12-19 | CVE-2023-6940 | Unspecified vulnerability in Lfprojects Mlflow with only one user interaction(download a malicious config), attackers can gain full command execution on the victim system. | 8.8 |
2023-12-18 | CVE-2023-6909 | Unspecified vulnerability in Lfprojects Mlflow Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2. | 7.5 |
2023-12-15 | CVE-2023-6831 | Path Traversal vulnerability in Lfprojects Mlflow Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2. | 8.1 |
2023-12-13 | CVE-2023-6753 | Unspecified vulnerability in Lfprojects Mlflow Path Traversal in GitHub repository mlflow/mlflow prior to 2.9.2. | 8.8 |
2023-12-12 | CVE-2023-6709 | Unspecified vulnerability in Lfprojects Mlflow Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository mlflow/mlflow prior to 2.9.2. | 8.8 |
2023-12-07 | CVE-2023-6568 | Cross-site Scripting vulnerability in Lfprojects Mlflow A reflected Cross-Site Scripting (XSS) vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the Content-Type header in POST requests. | 6.1 |
2023-12-05 | CVE-2023-43472 | Unspecified vulnerability in Lfprojects Mlflow An issue in MLFlow versions 2.8.1 and before allows a remote attacker to obtain sensitive information via a crafted request to REST API. | 7.5 |
2023-11-16 | CVE-2023-6014 | Unspecified vulnerability in Lfprojects Mlflow An attacker is able to arbitrarily create an account in MLflow bypassing any authentication requirment. | 9.8 |
2023-11-16 | CVE-2023-6015 | Unspecified vulnerability in Lfprojects Mlflow MLflow allowed arbitrary files to be PUT onto the server. | 7.5 |