13 matches found
GHSA-CMW6-HCPP-C6JP vulnerabilities
Vulnerabilities for packages: py3-onnx...
GHSA-538C-55JV-C5G9 vulnerabilities
Vulnerabilities for packages: py3-onnx...
GHSA-P433-9WV8-28XJ vulnerabilities
Vulnerabilities for packages: py3-onnx...
UNIX Symbolic Link (Symlink) Following
Overview onnx is an Open Neural Network Exchange Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following via the onnx.load function. An attacker can access arbitrary files on the filesystem by supplying a malicious model that leverages hardlinks to bypass security...
Fedora 39 : onnx (2024-270e3b5e9b)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-270e3b5e9b advisory. Security fix for CVE-2024-27318 and CVE-2024-27319 Tenable has extracted the preceding description block directly from the Fedora security advisory...
PYSEC-2024-222
Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as the externaldata field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory. The vulnerability occurs as a bypass for the patch adde...
CVE-2024-27319
Versions of the package onnx before and including 1.15.0 are vulnerable to Out-of-bounds Read as the ONNXASSERT and ONNXASSERTM functions have an off by one string copy...
CVE-2024-27318
Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as the externaldata field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory. The vulnerability occurs as a bypass for the patch adde...
CVE-2022-25882
Versions of the package onnx before 1.13.0 are vulnerable to Directory Traversal as the externaldata field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory, for example "../../../etc/passwd"...
CVE-2022-25882
Versions of the package onnx before 1.13.0 are vulnerable to Directory Traversal as the externaldata field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory, for example "../../../etc/passwd"...
CVE-2022-25882
Versions of the package onnx before 1.13.0 are vulnerable to Directory Traversal as the externaldata field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory, for example "../../../etc/passwd"...
CVE-2022-25882
Versions of the package onnx before 1.13.0 are vulnerable to Directory Traversal as the externaldata field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory, for example "../../../etc/passwd"...
acuity (=6.18.0), acuitypro (=6.18.0) +80 more potentially affected by CVE-2022-25882 via onnx (>=1.10.1 <=1.12.0)
onnx PYPI version =1.10.1, =0.0.0, =0.0.157, =1.44.0, =1.44.0, =1.44.0, =1.44.0, =1.44.0, =1.44.0, =1.44.0, =0.5.8, =0.1.0, =0.3.0 and more Source cves: CVE-2022-25882 Source advisory: SNYK:PYTHON-ONNX-2395479...