1269 matches found
CVE-2025-61622
Deserialization of untrusted data in python in pyfory versions 0.12.0 through 0.12.2, or the legacy pyfury versions from 0.1.0 through 0.10.3: allows arbitrary code execution. An application is vulnerable if it reads pyfory serialized data from untrusted sources. An attacker can craft a data stre...
CVE-2025-61622
Deserialization of untrusted data in python in pyfory versions 0.12.0 through 0.12.2, or the legacy pyfury versions from 0.1.0 through 0.10.3: allows arbitrary code execution. An application is vulnerable if it reads pyfory serialized data from untrusted sources. An attacker can craft a data stre...
CVE-2025-61622
CVE-2025-61622 describes a deserialization vulnerability in Apache Pyfory (and legacy PyFury) where untrusted data can trigger a pickle.loads path during deserialization, enabling remote code execution. Affected: Pyfory versions 0.12.0–0.12.2 and legacy PyFury 0.1.0–0.10.3. The issue arises from ...
CVE-2025-61622 Apache Fory, Apache Fory: Python RCE via unguarded pickle fallback serializer in pyfory
Deserialization of untrusted data in python in pyfory versions 0.12.0 through 0.12.2, or the legacy pyfury versions from 0.1.0 through 0.10.3: allows arbitrary code execution. An application is vulnerable if it reads pyfory serialized data from untrusted sources. An attacker can craft a data stre...
CVE-2025-61622 Apache Fory, Apache Fory: Python RCE via unguarded pickle fallback serializer in pyfory
Deserialization of untrusted data in python in pyfory versions 0.12.0 through 0.12.2, or the legacy pyfury versions from 0.1.0 through 0.10.3: allows arbitrary code execution. An application is vulnerable if it reads pyfory serialized data from untrusted sources. An attacker can craft a data stre...
PT-2025-40119
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak issue was identified within the Linux kernel’s block I/O queue management blk-mq subsystem. Specifically, the issue occurs during the registration of hardware contexts 'hct...
[SECURITY] [DLA 4305-2] firefox-esr regression update
------------------------------------------------------------------------- Debian LTS Advisory DLA-4305-2 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort September 29, 2025 https://wiki.debian.org/LTS -...
PT-2025-44121
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The driver did not handle allocation failures of netdev alloc skb ip align. A failure in allocation could lead to a NULL pointer dereference when attempting to access skb-protocol. The...
Linux Distros Unpatched Vulnerability : CVE-2025-46153
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PyTorch before 3.7.0 has a bernoullip decompose function in decompositions.py even though it lacks full consistency with the eager CPU implementation, negativel...
[SECURITY] [DSA 6003-2] firefox-esr update
------------------------------------------------------------------------- Debian Security Advisory DSA-6003-2 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 28, 2025 https://www.debian.org/security/faq -...
BIT-PIP-2025-8869 Fallback tar extraction in pip doesn't check symbolic links point to extraction directory
When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn't implement PEP 706. Note that upgrading pip to a "fixed" version for this vulnerability doesn't fix all known vulnerabilities that are remediated by using a Python versi...
PYSEC-2025-202
PyTorch before 3.7.0 has a bernoullip decompose function in decompositions.py even though it lacks full consistency with the eager CPU implementation, negatively affecting nn.Dropout1d, nn.Dropout2d, and nn.Dropout3d for fallbackrandom=True...
CVE-2025-46153
PyTorch before 3.7.0 has a bernoullip decompose function in decompositions.py even though it lacks full consistency with the eager CPU implementation, negatively affecting nn.Dropout1d, nn.Dropout2d, and nn.Dropout3d for fallbackrandom=True...
CVE-2025-46153
PyTorch before 3.7.0 has a bernoullip decompose function in decompositions.py even though it lacks full consistency with the eager CPU implementation, negatively affecting nn.Dropout1d, nn.Dropout2d, and nn.Dropout3d for fallbackrandom=True...
DEBIAN-CVE-2025-46153
PyTorch before 3.7.0 has a bernoullip decompose function in decompositions.py even though it lacks full consistency with the eager CPU implementation, negatively affecting nn.Dropout1d, nn.Dropout2d, and nn.Dropout3d for fallbackrandom=True...
PYSEC-2025-202
PyTorch before 3.7.0 has a bernoullip decompose function in decompositions.py even though it lacks full consistency with the eager CPU implementation, negatively affecting nn.Dropout1d, nn.Dropout2d, and nn.Dropout3d for fallbackrandom=True...
UBUNTU-CVE-2025-46153
PyTorch before 3.7.0 has a bernoullip decompose function in decompositions.py even though it lacks full consistency with the eager CPU implementation, negatively affecting nn.Dropout1d, nn.Dropout2d, and nn.Dropout3d for fallbackrandom=True...
CVE-2025-46153
PyTorch before 3.7.0 has a bernoullip decompose function in decompositions.py even though it lacks full consistency with the eager CPU implementation, negatively affecting nn.Dropout1d, nn.Dropout2d, and nn.Dropout3d for fallbackrandom=True...
PT-2025-39383
Name of the Vulnerable Software and Affected Versions PyTorch versions prior to 3.7.0 Description The software contains an inconsistency in the bernoulli p decompose function within decompositions.py. This function does not fully align with the eager CPU implementation, which impacts the...
CVE-2025-46153
PyTorch before 3.7.0 has a bernoullip decompose function in decompositions.py even though it lacks full consistency with the eager CPU implementation, negatively affecting nn.Dropout1d, nn.Dropout2d, and nn.Dropout3d for fallbackrandom=True...