Lucene search
K
PypaMost viewed

5624 matches found

PyPA
PyPA
•added 2021/11/05 9:15 p.m.•8 views

PYSEC-2021-407

TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for DeserializeSparse can trigger a null pointer dereference. This is because the shape inference function assumes that the serializesparse tensor is a tensor with positive rank and having 3 ...

5.5CVSS7.1AI score0.00181EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/11/05 9:15 p.m.•8 views

PYSEC-2021-635

TensorFlow is an open source platform for machine learning. In affected versions the implementation of SparseBinCount is vulnerable to a heap OOB access. This is because of missing validation between the elements of the values argument and the shape of the sparse output. The fix will be included ...

7.1CVSS6.9AI score0.00201EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/11/05 8:15 p.m.•8 views

PYSEC-2021-609

TensorFlow is an open source platform for machine learning. In affected versions if tf.image.resize is called with a large input argument then the TensorFlow process will crash due to a CHECK-failure caused by an overflow. The number of elements in the output tensor is too much for the int64t typ...

5.5CVSS7.2AI score0.0023EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2021/11/05 8:15 p.m.•8 views

PYSEC-2021-394

TensorFlow is an open source platform for machine learning. In affeced versions during execution, EinsumHelper::ParseEquation is supposed to set the flags in inputhasellipsis vector and outputhasellipsis boolean to indicate whether there is ellipsis in the corresponding inputs and output. However...

7.8CVSS7.1AI score0.00241EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/10/31 8:15 p.m.•8 views

PYSEC-2021-388

The parseXML function in Easy-XML 0.5.0 was discovered to have a XML External Entity XXE vulnerability which allows for an attacker to expose sensitive data or perform a denial of service DOS via a crafted external entity entered into the XML content as input...

9.1CVSS7.2AI score0.0129EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/10/19 6:15 p.m.•8 views

PYSEC-2021-376

python-tuf is a Python reference implementation of The Update Framework TUF. In both clients tuf/client and tuf/ngclient, there is a path traversal vulnerability that in the worst case can overwrite files ending in .json anywhere on the client system on a call to getonevalidtargetinfo. It occurs...

8.8CVSS7.1AI score0.01404EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2021/10/18 3:15 p.m.•8 views

PYSEC-2021-378

Apache Superset up to and including 1.3.0 when configured with ENABLETEMPLATEPROCESSING on disabled by default allowed SQL injection when a malicious authenticated user sends an http request with a custom URL...

8.8CVSS7.9AI score0.01709EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/10/06 1:15 p.m.•8 views

PYSEC-2021-423

An issue in Gate One 1.2.0 allows attackers to bypass to the verification check done by the origins list and connect to Gate One instances used by hosts not on the origins list...

5.3CVSS7AI score0.00764EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/10/05 6:15 p.m.•8 views

PYSEC-2021-881

The FTL Server tibftlserver and Docker images containing tibftlserver components of TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition, TIBCO ActiveSpaces - Developer Edition, TIBCO ActiveSpaces - Enterprise Edition, TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, TIBCO FT...

7.5CVSS7.2AI score0.00407EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/09/28 4:15 p.m.•8 views

PYSEC-2021-351

ESPHome is a system to control the ESP8266/ESP32. Anyone with webserver enabled and HTTP basic auth configured on version 2021.9.1 or older is vulnerable to an issue in which webserver allows over-the-air OTA updates without checking user defined basic auth username & password. This issue is...

7.5CVSS6.9AI score0.01175EPSS
Exploits0References4Affected Software1
PyPA
PyPA
•added 2021/09/27 1:15 p.m.•8 views

PYSEC-2021-356

nltk is vulnerable to Inefficient Regular Expression Complexity...

7.5CVSS7AI score0.01649EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2021/09/27 6:15 a.m.•8 views

PYSEC-2021-352

furlongm openvpn-monitor through 1.1.3 allows CSRF to disconnect an arbitrary client...

6.5CVSS7.1AI score0.00656EPSS
Exploits3References3Affected Software1
PyPA
PyPA
•added 2021/09/22 8:15 p.m.•8 views

PYSEC-2021-338

Leo Editor v6.2.1 was discovered to contain a regular expression denial of service ReDoS vulnerability in the component plugins/importers/dart.py...

7.5CVSS7.2AI score0.01193EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/09/20 10:15 p.m.•8 views

PYSEC-2021-327

Apprise is an open source library which allows you to send a notification to almost all of the most popular notification services available. In affected versions users who use Apprise granting them access to the IFTTT plugin which just comes out of the box are subject to a denial of service attac...

7.5CVSS6.8AI score0.01831EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2021/09/10 2:15 a.m.•8 views

PYSEC-2021-345

The rencode package through 1.0.6 for Python allows an infinite loop in typecode decoding such as via ;\x2f\x7f, enabling a remote attack that consumes CPU and memory...

7.5CVSS7AI score0.05566EPSS
Exploits0References5Affected Software1
PyPA
PyPA
•added 2021/08/16 6:15 p.m.•8 views

PYSEC-2021-340

Cross Site Scripting XSS in Lin-CMS-Flask v0.1.1 allows remote attackers to execute arbitrary code by entering scripts in the the 'Username' parameter of the in component 'app/api/cms/user.py'...

6.1CVSS6.9AI score0.0127EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/08/16 6:15 p.m.•8 views

PYSEC-2021-145

XML External Entities XXE in Quokka v0.4.0 allows remote attackers to execute arbitrary code via the component 'quokka/core/content/views.py'...

9.8CVSS8.2AI score0.02771EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/08/12 11:15 p.m.•8 views

PYSEC-2021-788

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the shape inference code for tf.rawops.Dequantize has a vulnerability that could trigger a denial of service via a segfault if an attacker provides invalid arguments. The shape inference implementation use...

5.5CVSS7.1AI score0.00148EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 11:15 p.m.•8 views

PYSEC-2021-600

TensorFlow is an end-to-end open source platform for machine learning. In affected versions TFLite's GatherNd implementation does not support negative indices but there are no checks for this situation. Hence, an attacker can read arbitrary data from the heap by carefully crafting a model with...

5.5CVSS6.9AI score0.00191EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2021/08/12 11:15 p.m.•8 views

PYSEC-2021-591

TensorFlow is an end-to-end open source platform for machine learning. In affected versions TensorFlow and Keras can be tricked to perform arbitrary code execution when deserializing a Keras model from YAML format. The implementation uses yaml.unsafeload which can perform arbitrary code execution...

9.3CVSS7.9AI score0.00451EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/08/12 11:15 p.m.•8 views

PYSEC-2021-796

TensorFlow is an end-to-end open source platform for machine learning. In affected versions TFLite's expanddims.cc contains a vulnerability which allows reading one element outside of bounds of heap allocated data. If axis is a large negative value e.g., -100000, then after the first if it would...

5.5CVSS6.9AI score0.00172EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 11:15 p.m.•8 views

PYSEC-2021-583

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to tf.rawops.UpperBound. The implementation does not validate the rank of sortedinput...

5.5CVSS6.9AI score0.00169EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 11:15 p.m.•8 views

PYSEC-2021-304

TensorFlow is an end-to-end open source platform for machine learning. In affected versions all TFLite operations that use quantization can be made to use unitialized values. For example. The issue stems from the fact that quantization.params is only valid if quantization.type is different that...

7.1CVSS6.9AI score0.0018EPSS
Exploits0References4Affected Software1
PyPA
PyPA
•added 2021/08/12 11:15 p.m.•8 views

PYSEC-2021-803

TensorFlow is an end-to-end open source platform for machine learning. In affected versions under certain conditions, Go code can trigger a segfault in string deallocation. For string tensors, C.TFTStringDealloc is called during garbage collection within a finalizer function. However, tensor...

5.5CVSS7.1AI score0.00172EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2021/08/12 11:15 p.m.•8 views

PYSEC-2021-300

TensorFlow is an end-to-end open source platform for machine learning. In affected versions TensorFlow and Keras can be tricked to perform arbitrary code execution when deserializing a Keras model from YAML format. The implementation uses yaml.unsafeload which can perform arbitrary code execution...

9.3CVSS7.9AI score0.00451EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/08/12 10:15 p.m.•8 views

PYSEC-2021-787

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.SparseFillEmptyRows. The shape inference implementation does not validate that the input arguments are not empt...

7.8CVSS6.9AI score0.00173EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 10:15 p.m.•8 views

PYSEC-2021-599

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the strided slice implementation in TFLite has a logic bug which can allow an attacker to trigger an infinite loop. This arises from newly introduced support for ellipsis in axis definition. An attacker ca...

5.5CVSS7AI score0.00173EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 10:15 p.m.•8 views

PYSEC-2021-601

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a crash and denial of service. The implementation unconditionally dereferences a pointer. We have...

7.8CVSS6.9AI score0.00165EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 10:15 p.m.•8 views

PYSEC-2021-778

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.UnicodeEncode. The implementation reads the first dimension of the inputsplits tensor before validating that th...

7.8CVSS6.9AI score0.00173EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 9:15 p.m.•8 views

PYSEC-2021-567

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a crash via a CHECK-fail in debug builds of TensorFlow using tf.rawops.ResourceGather or a read from outside the bounds of heap allocated data in the same API in a release build. Th...

7.3CVSS7.1AI score0.00167EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 9:15 p.m.•8 views

PYSEC-2021-568

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a read from outside of bounds of heap allocated data by sending invalid arguments to tf.rawops.ResourceScatterUpdate. The implementation has an incomplete validation of the...

7.3CVSS7.2AI score0.00167EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 9:15 p.m.•8 views

PYSEC-2021-571

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type tf.rawops.MatrixSetDiagV. The implementation has incomplete validation that the value of k is a...

7.8CVSS7.1AI score0.00167EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 9:15 p.m.•8 views

PYSEC-2021-558

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of tf.rawops.QuantizeAndDequantizeV4Grad is vulnerable to an integer overflow issue caused by converting a signed integer value to an unsigned one and then allocating memory based on thi...

5.5CVSS7.2AI score0.00152EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 9:15 p.m.•8 views

PYSEC-2021-280

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type tf.rawops.MatrixSetDiagV. The implementation has incomplete validation that the value of k is a...

7.8CVSS7.1AI score0.00167EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 9:15 p.m.•8 views

PYSEC-2021-557

TensorFlow is an end-to-end open source platform for machine learning. In affected versions providing a negative element to numelements list argument of tf.rawops.TensorListReserve causes the runtime to abort the process due to reallocating a std::vector to have a negative number of elements. The...

5.5CVSS6.9AI score0.00152EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 9:15 p.m.•8 views

PYSEC-2021-283

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause a denial of service in boostedtreescreatequantilestreamresource by using negative arguments. The implementation does not validate that numstreams only contains non-negative numbers. I...

5.5CVSS6.8AI score0.00154EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 9:15 p.m.•8 views

PYSEC-2021-272

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for tf.rawops.ExperimentalDatasetToTFRecord and tf.rawops.DatasetToTFRecord can trigger heap buffer overflow and segmentation fault. The implementation assumes that all records in the...

7.8CVSS7.4AI score0.00182EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 9:15 p.m.•8 views

PYSEC-2021-775

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to BoostedTreesSparseCalculateBestFeatureSplit. The implementation needs to validate that...

7.3CVSS6.9AI score0.00167EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 9:15 p.m.•8 views

PYSEC-2021-575

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can generate undefined behavior via a reference binding to nullptr in BoostedTreesCalculateBestGainsPerFeature and similar attack can occur in BoostedTreesCalculateBestFeatureSplitV2. The...

7.8CVSS6.9AI score0.00189EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2021/08/12 7:15 p.m.•8 views

PYSEC-2021-271

TensorFlow is an end-to-end open source platform for machine learning. The code for tf.rawops.UncompressElement can be made to trigger a null pointer dereference. The implementation obtains a pointer to a CompressedElement from a Variant tensor and then proceeds to dereference it for decompressin...

7.7CVSS7.1AI score0.0016EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 7:15 p.m.•8 views

PYSEC-2021-552

TensorFlow is an end-to-end open source platform for machine learning. When restoring tensors via raw APIs, if the tensor name is not provided, TensorFlow can be tricked into dereferencing a null pointer. Alternatively, attackers can read memory outside the bounds of heap allocated data by...

8.4CVSS6.9AI score0.00173EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 7:15 p.m.•8 views

PYSEC-2021-754

TensorFlow is an end-to-end open source platform for machine learning. If a user does not provide a valid padding value to tf.rawops.MatrixDiagPartOp, then the code triggers a null pointer dereference if input is empty or produces invalid behavior, ignoring all values after the first. The...

7.7CVSS7.2AI score0.0016EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 7:15 p.m.•8 views

PYSEC-2021-259

TensorFlow is an end-to-end open source platform for machine learning. It is possible to trigger a null pointer dereference in TensorFlow by passing an invalid input to tf.rawops.CompressElement. The implementation was accessing the size of a buffer obtained from the return of a separate function...

7.7CVSS7.1AI score0.0016EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 6:15 p.m.•8 views

PYSEC-2021-282

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause a floating point exception by calling inplace operations with crafted arguments that would result in a division by 0. The implementation has a logic error: it should skip processing i...

5.5CVSS7.2AI score0.00154EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 6:15 p.m.•9 views

PYSEC-2021-753

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of tf.rawops.ResourceScatterDiv is vulnerable to a division by 0 error. The implementation uses a common class for all binary operations but fails to treat the division by 0 case...

5.5CVSS7AI score0.00154EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 6:15 p.m.•8 views

PYSEC-2021-262

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of tf.rawops.SparseReshape can be made to trigger an integral division by 0 exception. The implementation calls the reshaping functor whenever there is at least an index in the input but...

5.5CVSS7.1AI score0.00152EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 6:15 p.m.•8 views

PYSEC-2021-751

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of tf.rawops.SparseReshape can be made to trigger an integral division by 0 exception. The implementation calls the reshaping functor whenever there is at least an index in the input but...

5.5CVSS7.1AI score0.00152EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 6:15 p.m.•8 views

PYSEC-2021-764

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a crash via a floating point exception in tf.rawops.ResourceGather. The implementation computes the value of a value, batchsize, and then divides by it without checking that this...

5.5CVSS7AI score0.00152EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/02 10:15 p.m.•8 views

PYSEC-2021-370

Zope is an open-source web application server. Zope versions prior to versions 4.6.3 and 5.3 have a remote code execution security issue. In order to be affected, one must use Python 3 for one's Zope deployment, run Zope 4 below version 4.6.3 or Zope 5 below version 5.3, and have the optional...

7.5CVSS8.1AI score0.02277EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/07/30 10:15 p.m.•8 views

PYSEC-2021-875

The module AccessControl defines security policies for Python code used in restricted code within Zope applications. Restricted code is any code that resides in Zope's object database, such as the contents of Script Python objects. The policies defined in AccessControl severely restrict access to...

7.2CVSS8AI score0.02032EPSS
Exploits0References3Affected Software1
Total number of security vulnerabilities5000