38 matches found
CVE-2024-9880
Removed by vendor...
CVE-2024-9880
...
Gradio 安全漏洞
Gradio, an open source Python library from Gradio Open Source, is a method for demonstrating machine learning models through a friendly web interface. A security vulnerability exists in version 98cbcae of Gradio, which stems from the improper handling of compressed files by the dataframe componen...
Code execution in pandasai
GenerateSDFPipeline in syntheticdataframe in PandasAI aka pandas-ai through 1.5.17 allows attackers to trigger the generation of arbitrary Python code that is executed by SDFCodeExecutor. An attacker can create a dataframe that provides an English language specification of this Python code. NOTE:...
GHSA-5G73-69P4-7GVX Code execution in pandasai
GenerateSDFPipeline in syntheticdataframe in PandasAI aka pandas-ai through 1.5.17 allows attackers to trigger the generation of arbitrary Python code that is executed by SDFCodeExecutor. An attacker can create a dataframe that provides an English language specification of this Python code. NOTE:...
CVE-2024-23752
GenerateSDFPipeline in syntheticdataframe in PandasAI aka pandas-ai through 1.5.17 allows attackers to trigger the generation of arbitrary Python code that is executed by SDFCodeExecutor. An attacker can create a dataframe that provides an English language specification of this Python code. NOTE:...
PT-2024-20058 · Pandasai · Pandasai
Name of the Vulnerable Software and Affected Versions: PandasAI aka pandas-ai versions 1.5.17 and earlier Description: The issue allows attackers to trigger the generation of arbitrary Python code that is executed by SDFCodeExecutor. An attacker can create a dataframe that provides an English...
Rust-WebSocket memory allocation based on untrusted length
Impact Untrusted websocket connections can cause an out-of-memory OOM process abort in a client or a server. The root cause of the issue is during dataframe parsing. Affected versions would allocate a buffer based on the declared dataframe size, which may come from an untrusted source. When...
GHSA-QRJV-RF5Q-QPXC Rust-WebSocket memory allocation based on untrusted length
Impact Untrusted websocket connections can cause an out-of-memory OOM process abort in a client or a server. The root cause of the issue is during dataframe parsing. Affected versions would allocate a buffer based on the declared dataframe size, which may come from an untrusted source. When...
CVE-2022-35922
Rust-WebSocket is a WebSocket RFC6455 library written in Rust. In versions prior to 0.26.5 untrusted websocket connections can cause an out-of-memory OOM process abort in a client or a server. The root cause of the issue is during dataframe parsing. Affected versions would allocate a buffer based...
Design/Logic Flaw
Rust-WebSocket is a WebSocket RFC6455 library written in Rust. In versions prior to 0.26.5 untrusted websocket connections can cause an out-of-memory OOM process abort in a client or a server. The root cause of the issue is during dataframe parsing. Affected versions would allocate a buffer based...
CVE-2022-35922 Memory allocation based on untrusted length in rust-websocket
Rust-WebSocket is a WebSocket RFC6455 library written in Rust. In versions prior to 0.26.5 untrusted websocket connections can cause an out-of-memory OOM process abort in a client or a server. The root cause of the issue is during dataframe parsing. Affected versions would allocate a buffer based...
RUSTSEC-2022-0035 Unbounded memory allocation based on untrusted length
Impact Untrusted websocket connections can cause an out-of-memory OOM process abort in a client or a server. The root cause of the issue is during dataframe parsing. Affected versions would allocate a buffer based on the declared dataframe size, which may come from an untrusted source. When...
Unbounded memory allocation based on untrusted length
Impact Untrusted websocket connections can cause an out-of-memory OOM process abort in a client or a server. The root cause of the issue is during dataframe parsing. Affected versions would allocate a buffer based on the declared dataframe size, which may come from an untrusted source. When...
abd-clam (>=0.10.0-dev0 <=0.12.1), adbc_core (=0.14.0) +285 more potentially affected by unknown CVE via arrow (>=0.16.0 <=5.5.0)
arrow CARGO version =0.16.0, =0.10.0-dev0, =0.6.0, =0.6.0, =0.2.0, =0.4.0, =0.3.0, =0.2.0, =2.0.0, =0.2.0, =0.1.0, =0.2.0 - arrow-graph-core =0.1.0 - arrow-graph-git =0.1.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-QGRP-8F3V-Q85P...
abd-clam (>=0.10.0-dev0 <=0.12.1), adbc_core (=0.14.0) +285 more potentially affected by unknown CVE via arrow (>=0.16.0 <=5.5.0)
arrow CARGO version =0.16.0, =0.10.0-dev0, =0.6.0, =0.6.0, =0.2.0, =0.4.0, =0.3.0, =0.2.0, =2.0.0, =0.2.0, =0.1.0, =0.2.0 - arrow-graph-core =0.1.0 - arrow-graph-git =0.1.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-H588-76VG-PRGJ...
Using Python to unearth a goldmine of threat intelligence from leaked chat logs
Dealing with a great amount of data can be time consuming, thus using Python can be very powerful to help analysts sort information and extract the most relevant data for their investigation. The open-source tools library, MSTICPy, for example, is a Python tool dedicated to threat intelligence. I...
Nfstream - A Flexible Network Data Analysis Framework
nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python...