Lucene search
K
PypaMost viewed

5624 matches found

PyPA
PyPA
added 2022/01/25 2:15 p.m.9 views

PYSEC-2022-16

Jupyter Server Proxy is a Jupyter notebook server extension to proxy web services. Versions of Jupyter Server Proxy prior to 3.2.1 are vulnerable to Server-Side Request Forgery SSRF. Any user deploying Jupyter Server or Notebook with jupyter-proxy-server extension enabled is affected. A lack of...

7.1CVSS6.8AI score0.01096EPSS
Exploits0References3Affected Software1
PyPA
PyPA
added 2021/11/26 8:15 p.m.9 views

PYSEC-2021-866

This affects all versions of package html-to-csv. When there is a formula embedded in a HTML page, it gets accepted without any validation and the same would be pushed while converting it into a CSV file. Through this a malicious actor can embed or generate a malicious link or execute commands vi...

9.8CVSS7.1AI score0.01205EPSS
Exploits1References3Affected Software1
PyPA
PyPA
added 2021/11/23 12:15 a.m.9 views

PYSEC-2021-863

The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority CA to the root CAs instead of overriding it on Unix systems. TLS handshakes will thus succeed if the peer can be verified either from the user-supplied CA or the system’s default trust-store...

8.8CVSS6.6AI score0.00375EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2021/11/23 12:15 a.m.9 views

PYSEC-2021-861

Connections initialized by the AWS IoT Device SDK v2 for Java versions prior to 1.3.3, Python versions prior to 1.5.18, C++ versions prior to 1.12.7 and Node.js versions prior to 1.5.1 did not verify server certificate hostname during TLS handshake when overriding Certificate Authorities CA in...

8.8CVSS6.7AI score0.00398EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2021/11/12 10:15 p.m.9 views

PYSEC-2021-840

A dependency confusion vulnerability was reported in the Antilles open-source software prior to version 1.0.1 that could allow for remote code execution during installation due to a package listed in requirements.txt not existing in the public package index PyPi. MITRE classifies this weakness as...

8.8CVSS8AI score0.01971EPSS
Exploits0References1Affected Software1
PyPA
PyPA
added 2021/11/09 10:15 p.m.9 views

PYSEC-2021-426

The verify function in the Stark Bank Python ECDSA library ecdsa-python 2.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages...

9.8CVSS7.1AI score0.01198EPSS
Exploits1References3Affected Software1
PyPA
PyPA
added 2021/11/05 11:15 p.m.9 views

PYSEC-2021-629

TensorFlow is an open source platform for machine learning. In affected versions the async implementation of CollectiveReduceV2 suffers from a memory leak and a use after free. This occurs due to the asynchronous computation and the fact that objects that have been std::moved from are still...

7.8CVSS6.9AI score0.00204EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/11/05 11:15 p.m.9 views

PYSEC-2021-820

TensorFlow is an open source platform for machine learning. In affected versions the code behind tf.function API can be made to deadlock when two tf.function decorated Python functions are mutually recursive. This occurs due to using a non-reentrant Lock Python object. Loading any model which...

5.5CVSS7AI score0.00235EPSS
Exploits0References2Affected Software1
PyPA
PyPA
added 2021/11/05 10:15 p.m.9 views

PYSEC-2021-612

TensorFlow is an open source platform for machine learning. In affected versions while calculating the size of the output within the tf.range kernel, there is a conditional statement of type int64 = condition ? int64 : double. Due to C++ implicit conversion rules, both branches of the condition...

5.5CVSS6.8AI score0.00202EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2021/11/05 9:15 p.m.9 views

PYSEC-2021-415

TensorFlow is an open source platform for machine learning. In affected versions the implementation of FusedBatchNorm kernels is vulnerable to a heap OOB access. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow...

7.1CVSS7AI score0.00201EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/11/05 9:15 p.m.9 views

PYSEC-2021-813

TensorFlow is an open source platform for machine learning. In affected versions the shape inference functions for the QuantizeAndDequantizeV operations can trigger a read outside of bounds of heap allocated array. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit ...

7.1CVSS6.9AI score0.00148EPSS
Exploits0References2Affected Software1
PyPA
PyPA
added 2021/11/05 8:15 p.m.9 views

PYSEC-2021-844

TensorFlow is an open source platform for machine learning. In affected versions the implementation of tf.math.segment operations results in a CHECK-fail related abort and denial of service if a segment id in segmentids is large. This is similar to CVE-2021-29584 and similar other reported...

5.5CVSS7.1AI score0.00205EPSS
Exploits2References4Affected Software1
PyPA
PyPA
added 2021/10/11 1:15 a.m.9 views

PYSEC-2021-369

The Unicorn framework before 0.36.1 for Django allows XSS via a component. NOTE: this issue exists because of an incomplete fix for CVE-2021-42053...

6.1CVSS6.2AI score0.02524EPSS
Exploits4References3Affected Software1
PyPA
PyPA
added 2021/10/06 6:15 p.m.9 views

PYSEC-2021-365

Vyper is a Pythonic Smart Contract Language for the EVM. In affected versions when performing a function call inside a literal struct, there is a memory corruption issue that occurs because of an incorrect pointer to the the top of the stack. This issue has been resolved in version 0.3.0...

8.8CVSS6.9AI score0.01039EPSS
Exploits0References2Affected Software1
PyPA
PyPA
added 2021/10/05 11:15 p.m.9 views

PYSEC-2021-366

Vyper is a Pythonic Smart Contract Language for the EVM. In affected versions external functions did not properly validate the bounds of decimal arguments. The can lead to logic errors. This issue has been resolved in version 0.3.0...

4.3CVSS6.8AI score0.00777EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/09/29 2:15 p.m.9 views

PYSEC-2021-355

“Shuup” application in versions 0.4.2 to 2.10.8 is affected by the “Formula Injection” vulnerability. A customer can inject payloads in the name input field in the billing address while buying a product. When a store administrator accesses the reports page to export the data as an Excel file and...

8.8CVSS6.8AI score0.01051EPSS
Exploits0References3Affected Software1
PyPA
PyPA
added 2021/09/10 7:15 p.m.9 views

PYSEC-2021-319

An issue was discovered in views/list.py in GNU Mailman Postorius before 1.3.5. An attacker logged into any account can send a crafted POST request to unsubscribe any user from a mailing list, also revealing whether that address was subscribed in the first place...

5.5CVSS6.9AI score0.01176EPSS
Exploits1References7Affected Software1
PyPA
PyPA
added 2021/09/03 2:15 a.m.9 views

PYSEC-2021-342

A Hardcoded JWT Secret Key in metadata.py in AdaptiveScale LXDUI through 2.1.3 allows attackers to gain admin access to the host system...

10CVSS7.1AI score0.01702EPSS
Exploits0References2Affected Software1
PyPA
PyPA
added 2021/08/23 10:15 p.m.9 views

PYSEC-2021-882

Exiv2 0.27.99.0 has a global buffer over-read in Exiv2::Internal::Nikon1MakerNote::print0x0088 in nikonmnint.cpp which can result in an information leak...

8.1CVSS7AI score0.01848EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added 2021/08/19 10:15 p.m.9 views

PYSEC-2021-885

A stack exhaustion issue in the printIFDStructure function of Exiv2 0.27 allows remote attackers to cause a denial of service DOS via a crafted file...

6.5CVSS6.8AI score0.01432EPSS
Exploits1References3Affected Software1
PyPA
PyPA
added 2021/08/16 6:15 p.m.9 views

PYSEC-2021-341

Incorrect Access Control in Lin-CMS-Flask v0.1.1 allows remote attackers to obtain sensitive information and/or gain privileges due to the application not invalidating a user's authentication token upon logout, which allows for replaying packets...

9.8CVSS7.1AI score0.02277EPSS
Exploits1References1Affected Software1
PyPA
PyPA
added 2021/08/16 8:15 a.m.9 views

PYSEC-2021-117

This affects the package bikeshed before 3.0.0. This can occur when an untrusted source file containing include, include-code or include-raw block is processed. The contents of arbitrary files could be disclosed in the HTML output...

7.5CVSS6.9AI score0.01106EPSS
Exploits1References3Affected Software1
PyPA
PyPA
added 2021/08/12 11:15 p.m.9 views

PYSEC-2021-291

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause denial of service in applications serving models using tf.rawops.NonMaxSuppressionV5 by triggering a division by 0. The implementation uses a user controlled argument to resize a...

5.5CVSS6.7AI score0.00175EPSS
Exploits0References3Affected Software1
PyPA
PyPA
added 2021/08/12 10:15 p.m.9 views

PYSEC-2021-797

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the strided slice implementation in TFLite has a logic bug which can allow an attacker to trigger an infinite loop. This arises from newly introduced support for ellipsis in axis definition. An attacker ca...

5.5CVSS7AI score0.00173EPSS
Exploits0References2Affected Software1
PyPA
PyPA
added 2021/08/12 10:15 p.m.9 views

PYSEC-2021-777

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.RaggedTensorToVariant. The implementation has an incomplete validation of the splits values, missing the case...

7.8CVSS7AI score0.00173EPSS
Exploits0References2Affected Software1
PyPA
PyPA
added 2021/08/12 9:15 p.m.9 views

PYSEC-2021-577

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to BoostedTreesSparseCalculateBestFeatureSplit. The implementation needs to validate that...

7.3CVSS6.9AI score0.00167EPSS
Exploits0References2Affected Software1
PyPA
PyPA
added 2021/08/12 9:15 p.m.9 views

PYSEC-2021-772

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause a denial of service in boostedtreescreatequantilestreamresource by using negative arguments. The implementation does not validate that numstreams only contains non-negative numbers. I...

5.5CVSS6.8AI score0.00154EPSS
Exploits0References2Affected Software1
PyPA
PyPA
added 2021/08/12 9:15 p.m.9 views

PYSEC-2021-574

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause a denial of service in boostedtreescreatequantilestreamresource by using negative arguments. The implementation does not validate that numstreams only contains non-negative numbers. I...

5.5CVSS6.8AI score0.00154EPSS
Exploits0References2Affected Software1
PyPA
PyPA
added 2021/08/12 9:15 p.m.9 views

PYSEC-2021-559

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of tf.rawops.StringNGrams is vulnerable to an integer overflow issue caused by converting a signed integer value to an unsigned one and then allocating memory based on this value. The...

5.5CVSS7.2AI score0.00154EPSS
Exploits0References2Affected Software1
PyPA
PyPA
added 2021/08/12 9:15 p.m.9 views

PYSEC-2021-769

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type tf.rawops.MatrixSetDiagV. The implementation has incomplete validation that the value of k is a...

7.8CVSS7.1AI score0.00167EPSS
Exploits0References2Affected Software1
PyPA
PyPA
added 2021/08/12 7:15 p.m.9 views

PYSEC-2021-261

TensorFlow is an end-to-end open source platform for machine learning. When restoring tensors via raw APIs, if the tensor name is not provided, TensorFlow can be tricked into dereferencing a null pointer. Alternatively, attackers can read memory outside the bounds of heap allocated data by...

8.4CVSS6.9AI score0.00173EPSS
Exploits0References2Affected Software1
PyPA
PyPA
added 2021/08/12 6:15 p.m.9 views

PYSEC-2021-264

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of tf.rawops.ResourceScatterDiv is vulnerable to a division by 0 error. The implementation uses a common class for all binary operations but fails to treat the division by 0 case...

5.5CVSS7AI score0.00154EPSS
Exploits0References2Affected Software1
PyPA
PyPA
added 2021/08/09 9:15 p.m.9 views

PYSEC-2021-119

23andMe Yamale before 3.0.8 allows remote attackers to execute arbitrary code via a crafted schema file. The schema parser uses eval as part of its processing, and tries to protect from malicious expressions by limiting the builtins that are passed to the eval. When processing the schema, each li...

9.3CVSS8AI score0.0249EPSS
Exploits0References3Affected Software1
PyPA
PyPA
added 2021/07/02 10:15 a.m.9 views

PYSEC-2021-109

Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.orderby SQL injection if orderby is untrusted input from a client of a web application...

9.8CVSS8AI score0.44369EPSS
Exploits1References5Affected Software1
PyPA
PyPA
added 2021/05/21 10:15 p.m.9 views

PYSEC-2021-79

Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService before 2.6.2, as used in Plone through 5.2.4 and other products, allow Reflected XSS...

6.1CVSS7AI score0.00773EPSS
Exploits0References3Affected Software1
PyPA
PyPA
added 2021/05/14 8:15 p.m.9 views

PYSEC-2021-157

TensorFlow is an end-to-end open source platform for machine learning. Missing validation between arguments to tf.rawops.Conv3DBackprop operations can result in heap buffer overflows. This is because the...

7.8CVSS7.2AI score0.00224EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/05/14 8:15 p.m.9 views

PYSEC-2021-693

TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in tf.rawops.SparseDenseCwiseMul, an attacker can trigger denial of service via CHECK-fails or accesses to outside the bounds of heap allocated data. Since the...

5.5CVSS7AI score0.00189EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/05/14 8:15 p.m.9 views

PYSEC-2021-658

TensorFlow is an end-to-end open source platform for machine learning. An attacker can force accesses outside the bounds of heap allocated arrays by passing in invalid tensor values to tf.rawops.RaggedCross. This is because the...

7.1CVSS6.8AI score0.00198EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/05/14 8:15 p.m.9 views

PYSEC-2021-727

TensorFlow is an end-to-end open source platform for machine learning. The TFLite implementation of concatenation is vulnerable to an integer overflow issuehttps://github.com/tensorflow/tensorflow/blob/7b7352a724b690b11bfaae2cd54bc3907daf6285/tensorflow/lite/kernels/concatenation.ccL70-L76. An...

7.1CVSS7.2AI score0.00192EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/05/14 8:15 p.m.9 views

PYSEC-2021-239

TensorFlow is an end-to-end open source platform for machine learning. The implementation of the DepthwiseConv TFLite operator is vulnerable to a division by zero...

5.5CVSS6.9AI score0.00189EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/05/14 8:15 p.m.9 views

PYSEC-2021-511

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.FusedBatchNorm is vulnerable to a heap buffer overflow. If the tensors are empty, the same implementation can trigger undefined behavior by dereferencing null pointers. The...

7.8CVSS7.3AI score0.00211EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/05/14 8:15 p.m.9 views

PYSEC-2021-472

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in tf.rawops.QuantizeAndDequantizeV4Grad. This is because the...

5.5CVSS6.7AI score0.0031EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/05/14 8:15 p.m.9 views

PYSEC-2021-745

TensorFlow is an end-to-end open source platform for machine learning. Passing invalid arguments e.g., discovered via fuzzing to tf.rawops.SparseCountSparseOutput results in segfault. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow...

5.5CVSS7AI score0.00194EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/05/14 8:15 p.m.9 views

PYSEC-2021-185

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a runtime division by zero error and denial of service in tf.rawops.QuantizedBatchNormWithGlobalNormalization. This is because the...

5.5CVSS6.8AI score0.00189EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/05/14 8:15 p.m.9 views

PYSEC-2021-465

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in QuantizedResizeBilinear by passing in invalid thresholds for the quantization. This is because the...

7.8CVSS7.4AI score0.00211EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/05/14 8:15 p.m.9 views

PYSEC-2021-232

TensorFlow is an end-to-end open source platform for machine learning. The implementation of the DepthToSpace TFLite operator is vulnerable to a division by zero...

7.8CVSS6.9AI score0.00201EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/05/14 8:15 p.m.9 views

PYSEC-2021-663

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in QuantizedResizeBilinear by passing in invalid thresholds for the quantization. This is because the...

7.8CVSS7.4AI score0.00211EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/05/14 8:15 p.m.9 views

PYSEC-2021-689

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service by exploiting a CHECK-failure coming from the implementation of tf.rawops.RFFT. Eigen code operating on an empty matrix can trigger on an assertion and will cause program termination...

5.5CVSS7.1AI score0.00189EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/05/14 8:15 p.m.9 views

PYSEC-2021-443

TensorFlow is an end-to-end open source platform for machine learning. The implementation of MatrixDiag operationshttps://github.com/tensorflow/tensorflow/blob/4c4f420e68f1cfaf8f4b6e8e3eb857e9e4c3ff33/tensorflow/core/kernels/linalg/matrixdiagop.ccL195-L197 does not validate that the tensor...

7.8CVSS7AI score0.00201EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/05/14 8:15 p.m.9 views

PYSEC-2021-696

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.MaxPoolGradWithArgmax can cause reads outside of bounds of heap allocated data if attacker supplies specially crafted inputs. The...

7.1CVSS7AI score0.00154EPSS
Exploits0References2Affected Software1
Total number of security vulnerabilities5000