cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-24294,https://securityvulnerability.io/vulnerability/CVE-2022-24294,ReDoS in Apache MXNet RTC Module,A regular expression used in Apache MXNet (incubating) is vulnerable to a potential denial-of-service by excessive resource consumption. The bug could be exploited when loading a model in Apache MXNet that has a specially crafted operator name that would cause the regular expression evaluation to use excessive resources to attempt a match. This issue affects Apache MXNet versions prior to 1.9.1.,Apache,Apache Mxnet,7.5,HIGH,0.0010999999940395355,false,,false,false,false,,,false,false,,2022-07-24T17:45:12.000Z,0
CVE-2018-1281,https://securityvulnerability.io/vulnerability/CVE-2018-1281,,"The clustered setup of Apache MXNet allows users to specify which IP address and port the scheduler will listen on via the DMLC_PS_ROOT_URI and DMLC_PS_ROOT_PORT env variables. In versions older than 1.0.0, however, the MXNet framework will listen on 0.0.0.0 rather than user specified DMLC_PS_ROOT_URI once a scheduler node is initialized. This exposes the instance running MXNet to any attackers reachable via the interface they didn't expect to be listening on. For example: If a user wants to run a clustered setup locally, they may specify to run on 127.0.0.1. But since MXNet will listen on 0.0.0.0, it makes the port accessible on all network interfaces.",Apache,Apache Mxnet,6.5,MEDIUM,0.0005300000193528831,false,,false,false,false,,,false,false,,2018-06-08T19:29:00.000Z,0