Lucene search
+L

1165 matches found

CNNVD
CNNVD
added 2023/09/28 12:0 a.m.8 views

PyTorch Code Issues Vulnerabilities

PyTorch is a Python package open-sourced by PyTorch. A code issue vulnerability exists in PyTorch Serve versions 0.1.0 through 0.8.1 that stems from a lack of input validation...

10CVSS7AI score0.35256EPSS
Exploits6References6
Github Security Blog
Github Security Blog
added 2023/08/30 8:47 p.m.25 views

Actions expression injection in `filter-test-configs` (`GHSL-2023-181`)

The pytorch/pytorch filter-test-configs workflow is vulnerable to an expression injection in Actions, allowing an attacker to potentially leak secrets and alter the repository using the workflow. Details The filter-test-configs workflow is using the raw github.event.workflowrun.headbranch value...

7.6AI score
Exploits0References2Affected Software1
OSV
OSV
added 2023/08/30 8:47 p.m.11 views

GHSA-HW6R-G8GJ-2987 Actions expression injection in `filter-test-configs` (`GHSL-2023-181`)

The pytorch/pytorch filter-test-configs workflow is vulnerable to an expression injection in Actions, allowing an attacker to potentially leak secrets and alter the repository using the workflow. Details The filter-test-configs workflow is using the raw github.event.workflowrun.headbranch value...

7.7AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/08/30 12:0 a.m.4 views

PT-2023-33030 · Facebook · Pytorch

Name of the Vulnerable Software and Affected Versions: pytorch/pytorch affected versions not specified Description: The filter-test-configs workflow in pytorch/pytorch is vulnerable to an expression injection in Actions. This allows an attacker to potentially leak secrets and alter the repository...

7.8AI score
Exploits0References3
vulnersOsv
vulnersOsv
added 2023/08/01 1:15 a.m.6 views

a2 (>=0.1.0 <=0.3.17), abnativ (>=1.1.0 <=1.2.9) +333 more potentially affected by CVE-2023-4033 via mlflow (>=0.8.2 <=2.5.0)

mlflow PYPI version =0.8.2, =0.1.0, =1.1.0, =0.0.5, =0.1.0, =0.1.0, =1.7.0, =1.7.0, =1.8.0, =1.7.0, =1.7.0, =0.1.1, =0.1.5 - anovos =1.1.0 and more Source cves: CVE-2023-4033 Source advisory: OSV:PYSEC-2023-280...

8.8CVSS7.1AI score0.01195EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/28 7:47 p.m.36 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary code execution in PyTorch [CVE-2022-45907]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary code execution in PyTorch, a flaw in the orch.jit.annotations.parsetypeline function. CVE-2022-45907. PyTorch is included as part of our speech service runtimes. This vulnerabilitiy has been...

9.8CVSS9.6AI score0.01192EPSS
Exploits1Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/05/20 2:5 p.m.6 views

Malicious code in pygame-pytorch (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c104a6d866e764da7907147cd7def349f360987498156433ef1e11bf4ac2263c The OpenSSF Package Analysis project identified 'pygame-pytorch' @ 3.4.19 pypi as malicious. It is considered malicious because: - The package...

6.9AI score
Exploits0
OSV
OSV
added 2023/05/20 2:5 p.m.17 views

MAL-2023-1391 Malicious code in pygame-pytorch (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c104a6d866e764da7907147cd7def349f360987498156433ef1e11bf4ac2263c The OpenSSF Package Analysis project identified 'pygame-pytorch' @ 3.4.19 pypi as malicious. It is considered malicious because: - The package...

7.1AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/05/20 2:5 p.m.5 views

Malicious code in pytorch-pandas (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 21d9172520d87343cf043969211d79bebee861c010da78f947a6464d138a78eb The OpenSSF Package Analysis project identified 'pytorch-pandas' @ 14.19.3 pypi as malicious. It is considered malicious because: - The package...

6.9AI score
Exploits0
OSV
OSV
added 2023/05/20 2:5 p.m.8 views

MAL-2023-1396 Malicious code in pytorch-pandas (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 21d9172520d87343cf043969211d79bebee861c010da78f947a6464d138a78eb The OpenSSF Package Analysis project identified 'pytorch-pandas' @ 14.19.3 pypi as malicious. It is considered malicious because: - The package...

7.1AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/05/20 2:0 p.m.5 views

Malicious code in pytorch-pygame (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 9b4d07e646a51314cbd80fbeca6a94710d46a4d72598742c1ba79008e84d2822 The OpenSSF Package Analysis project identified 'pytorch-pygame' @ 0.6.19 pypi as malicious. It is considered malicious because: - The package...

6.9AI score
Exploits0
OSV
OSV
added 2023/05/20 2:0 p.m.38 views

MAL-2023-1397 Malicious code in pytorch-pygame (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 9b4d07e646a51314cbd80fbeca6a94710d46a4d72598742c1ba79008e84d2822 The OpenSSF Package Analysis project identified 'pytorch-pygame' @ 0.6.19 pypi as malicious. It is considered malicious because: - The package...

7.1AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/17 7:0 p.m.43 views

Security Bulletin: PyTorch is vulnerable to CVE-2022-45907 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses PyTorch which is vulnerable to CVE-2022-21271. Vulnerability Details CVEID:CVE-2022-45907 DESCRIPTION: PyTorch could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the...

9.8CVSS6.3AI score0.02789EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/04/20 12:0 a.m.35 views

CBL Mariner 2.0 Security Update: pytorch (CVE-2022-25882)

The version of pytorch installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-25882 advisory. - Versions of the package onnx before 1.13.0 are vulnerable to Directory Traversal as the externaldata field ...

7.5CVSS6.4AI score0.01608EPSS
Exploits1References2
CBLMariner
CBLMariner
added 2023/04/16 12:49 a.m.20 views

CVE-2022-25882 affecting package pytorch for versions less than 2.0.0-1

CVE-2022-25882 affecting package pytorch for versions less than 2.0.0-1. An upgraded version of the package is available that resolves this issue...

7.5CVSS7.7AI score0.01608EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2023/03/24 10:1 p.m.4 views

a2 (>=0.1.0 <=0.3.17), abnativ (>=1.1.0 <=1.2.9) +318 more potentially affected by CVE-2023-1177 via mlflow (>=0.8.2 <=2.22.5)

mlflow PYPI version =0.8.2, =0.1.0, =1.1.0, =0.0.5, =0.1.0, =0.1.0, =1.7.0, =1.7.0, =1.8.0, =1.7.0, =1.7.0, =0.1.1, =0.1.5 - anovos =1.1.0 and more Source cves: CVE-2023-1177 Source advisory: OSV:GHSA-XG73-94FP-G449...

9.8CVSS7.2AI score0.69468EPSS
Exploits2
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/08 7:34 p.m.65 views

Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak.

Summary Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak. Angular is part of the .NET RHEL infrastructure CVE-2021-4231. Apache UIMA is used by IBM Robotic Process Automation as part of Watson NLP CVE-2022-32287. SnakeYaml is used by IBM Robotic Process...

9.8CVSS8.8AI score0.99615EPSS
Exploits11Affected Software1
OSV
OSV
added 2023/02/10 8:24 p.m.12 views

MAL-2023-2135 Malicious code in pytorrch (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 0a84c67aa31019373608b435abcc2b7e711922cd739b58ad641f63ad27c9e8f9 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

6.9AI score
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/10 9:38 a.m.51 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance may be vulnerable to arbitrary code execution due to [CVE-2022-45907]

Summary PyTorch is used by IBM App Connect Enterprise Certified Container for mapping assistance. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance may be vulnerable to arbitrary code execution. This bulletin provides patch information to addres...

9.8CVSS9.7AI score0.01192EPSS
Exploits1Affected Software1
OSV
OSV
added 2023/01/26 9:15 p.m.11 views

AZL-25854 CVE-2022-25882 affecting package pytorch for versions less than 2.0.0-1

Versions of the package onnx before 1.13.0 are vulnerable to Directory Traversal as the externaldata field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory, for example "../../../etc/passwd"...

7.5CVSS6.5AI score0.01608EPSS
Exploits1References1
Rows per page
Query Builder