Mxnet Apache Mxnet

Do you want an email whenever new security vulnerabilities are reported in Apache Mxnet?

By the Year

In 2024 there have been 0 vulnerabilities in Apache Mxnet . Mxnet did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2024 0 0.00
2023 0 0.00
2022 1 7.50
2021 0 0.00
2020 0 0.00
2019 0 0.00
2018 1 6.50

It may take a day or so for new Mxnet vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Apache Mxnet Security Vulnerabilities

A regular expression used in Apache MXNet (incubating) is vulnerable to a potential denial-of-service by excessive resource consumption

CVE-2022-24294 7.5 - High - July 24, 2022

A regular expression used in Apache MXNet (incubating) is vulnerable to a potential denial-of-service by excessive resource consumption. The bug could be exploited when loading a model in Apache MXNet that has a specially crafted operator name that would cause the regular expression evaluation to use excessive resources to attempt a match. This issue affects Apache MXNet versions prior to 1.9.1.

The clustered setup of Apache MXNet

CVE-2018-1281 6.5 - Medium - June 08, 2018

The clustered setup of Apache MXNet allows users to specify which IP address and port the scheduler will listen on via the DMLC_PS_ROOT_URI and DMLC_PS_ROOT_PORT env variables. In versions older than 1.0.0, however, the MXNet framework will listen on 0.0.0.0 rather than user specified DMLC_PS_ROOT_URI once a scheduler node is initialized. This exposes the instance running MXNet to any attackers reachable via the interface they didn't expect to be listening on. For example: If a user wants to run a clustered setup locally, they may specify to run on 127.0.0.1. But since MXNet will listen on 0.0.0.0, it makes the port accessible on all network interfaces.

Information Disclosure

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Apache Mxnet or by Apache? Click the Watch button to subscribe.

Apache
Vendor

Apache Mxnet
Product

subscribe