Lucene search
+L

1165 matches found

CNVD
CNVD
added 2021/12/27 12:0 a.m.25 views

Pytorch-Lightning code issue vulnerability

Pytorch-Lightning is an open source lightweight PyTorch wrapper. Used for high-performance Ai research. pytorch-lightning suffers from a code issue vulnerability that stems from the software's tendency to deserialize untrustworthy data, which can be exploited by an attacker to cause code executio...

7.8CVSS4.8AI score0.00978EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2021/12/23 6:15 p.m.8 views

CVE-2021-4118

pytorch-lightning is vulnerable to Deserialization of Untrusted Data...

7.8CVSS7.2AI score0.00978EPSS
Exploits1References3
NVD
NVD
added 2021/12/23 6:15 p.m.22 views

CVE-2021-4118

pytorch-lightning is vulnerable to Deserialization of Untrusted Data...

7.8CVSS0.00978EPSS
Exploits1References2
OSV
OSV
added 2021/12/23 6:15 p.m.14 views

CVE-2021-4118

pytorch-lightning is vulnerable to Deserialization of Untrusted Data...

7.8CVSS7.5AI score
Exploits0References2
vulnersOsv
vulnersOsv
added 2021/12/23 6:15 p.m.3 views

anomalib (>=0.2.2 <=0.2.4), argos-trains (=0.1.0) +174 more potentially affected by CVE-2021-4118 via pytorch-lightning (>=0.10.0 <=1.5.9)

pytorch-lightning PYPI version =0.10.0, =0.2.2, =0.1.1, =0.3.2b20220222, =0.3.2b20220222, =0.0.1, =0.0.7, =3.0.0, =3.3.0 and more Source cves: CVE-2021-4118 Source advisory: OSV:PYSEC-2021-874...

7.8CVSS7AI score0.00978EPSS
Exploits1
PyPA
PyPA
added 2021/12/23 6:15 p.m.6 views

PYSEC-2021-874

pytorch-lightning is vulnerable to Deserialization of Untrusted Data...

7.8CVSS7AI score0.00978EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2021/12/23 6:15 p.m.14 views

Deserialization of untrusted data

pytorch-lightning is vulnerable to Deserialization of Untrusted Data...

6.8CVSS7.5AI score0.00978EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2021/12/23 6:15 p.m.24 views

PYSEC-2021-874

pytorch-lightning is vulnerable to Deserialization of Untrusted Data...

7.8CVSS2.7AI score0.00978EPSS
Exploits1References3
Cvelist
Cvelist
added 2021/12/23 5:15 p.m.24 views

CVE-2021-4118 Deserialization of Untrusted Data in pytorchlightning/pytorch-lightning

pytorch-lightning is vulnerable to Deserialization of Untrusted Data...

7.8CVSS7.8AI score0.00978EPSS
Exploits1References2
CVE
CVE
added 2021/12/23 5:15 p.m.90 views

CVE-2021-4118

CVE-2021-4118 affects pytorch-lightning and is described as a Deserialization of Untrusted Data vulnerability. The CVSS3 data in the records indicates a HIGH impact on confidentiality, integrity, and availability with a LOCAL attack vector, LOW attack complexity, no privileges required, and USER ...

7.8CVSS7.5AI score0.00978EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2021/12/23 12:0 a.m.4 views

PT-2021-23155 · Pypi · Pytorch-Lightning

Name of the Vulnerable Software and Affected Versions: pytorch-lightning affected versions not specified Description: The issue concerns the deserialization of untrusted data in pytorch-lightning. There is no information provided about the estimated number of potentially affected devices worldwid...

8.5CVSS7.1AI score0.00978EPSS
Exploits1References14
CNNVD
CNNVD
added 2021/12/23 12:0 a.m.3 views

Pytorch-Lightning 代码问题漏洞

Pytorch-Lightning is an open source lightweight PyTorch wrapper. Used for high-performance Ai research. pytorch-lightning suffers from a code issue vulnerability that stems from the software's tendency to deserialize untrustworthy data, which can be exploited by an attacker to cause code executio...

7.8CVSS6.3AI score0.00978EPSS
Exploits1References3
NVD
NVD
added 2021/12/08 11:15 p.m.18 views

CVE-2021-43811

Sockeye is an open-source sequence-to-sequence framework for Neural Machine Translation built on PyTorch. Sockeye uses YAML to store model and data configurations on disk. Versions below 2.3.24 use unsafe YAML loading, which can be made to execute arbitrary code embedded in config files. An...

7.8CVSS0.02415EPSS
Exploits0References3
OSV
OSV
added 2021/12/08 11:15 p.m.22 views

CVE-2021-43811

Sockeye is an open-source sequence-to-sequence framework for Neural Machine Translation built on PyTorch. Sockeye uses YAML to store model and data configurations on disk. Versions below 2.3.24 use unsafe YAML loading, which can be made to execute arbitrary code embedded in config files. An...

7.8CVSS7.7AI score
Exploits0References3
OSV
OSV
added 2021/12/08 11:15 p.m.20 views

PYSEC-2021-848

Sockeye is an open-source sequence-to-sequence framework for Neural Machine Translation built on PyTorch. Sockeye uses YAML to store model and data configurations on disk. Versions below 2.3.24 use unsafe YAML loading, which can be made to execute arbitrary code embedded in config files. An...

7.8CVSS4.5AI score0.02415EPSS
Exploits0References3
Cvelist
Cvelist
added 2021/12/08 11:5 p.m.42 views

CVE-2021-43811 Code injection via unsafe YAML loading

Sockeye is an open-source sequence-to-sequence framework for Neural Machine Translation built on PyTorch. Sockeye uses YAML to store model and data configurations on disk. Versions below 2.3.24 use unsafe YAML loading, which can be made to execute arbitrary code embedded in config files. An...

7.8CVSS7.9AI score0.02415EPSS
Exploits0References3
CVE
CVE
added 2021/12/08 11:5 p.m.81 views

CVE-2021-43811

Sockeye (PyTorch-based) vulnerable to code execution via unsafe YAML loading in model/data config files when using versions below 2.3.24; an attacker can inject malicious config, which executes locally when a user runs the model. The issue is fixed in 2.3.24. Practical impact is limited to users ...

7.8CVSS7.7AI score0.02415EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2021/07/12 11:15 a.m.7 views

AZL-41581 CVE-2021-22918 affecting package pytorch for versions less than 2.2.2-4

Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uvidnatoascii is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe, with the latter holding a pointer to the end of the buffer. This can lead to...

5.3CVSS6.7AI score0.23132EPSS
Exploits1References1
Huntr
Huntr
added 2021/02/23 12:0 a.m.17 views

Code Injection in jeikeilim/kindle

Description Kindle is an easy model build package for PyTorch. Building a deep learning model became so simple that almost all model can be made by copy and paste from other existing model codes, which is vulnerable to Arbitary Code Execution. Vulnerability Vulnerable to YAML deserialization atta...

2.2AI score
Exploits0References1
Huntr
Huntr
added 2021/01/06 12:0 a.m.16 views

in catalyst-team/catalyst

Description Catalyst is a PyTorch framework for Deep Learning research and development. It focuses on reproducibility, rapid experimentation, and codebase reuse so you can create something new rather than write another regular train loop. This package was vulnerable to Arbitrary code execution vi...

0.6AI score
Exploits0References1
Rows per page
Query Builder