Lucene search
K
PypaMost viewed

5616 matches found

PyPA
PyPA
added 2021/09/20 10:15 p.m.7 views

PYSEC-2021-327

Apprise is an open source library which allows you to send a notification to almost all of the most popular notification services available. In affected versions users who use Apprise granting them access to the IFTTT plugin which just comes out of the box are subject to a denial of service attac...

7.5CVSS6.8AI score0.01831EPSS
Exploits1References3Affected Software1
PyPA
PyPA
added 2021/09/20 6:15 p.m.7 views

PYSEC-2021-325

Flask-RESTX pypi package flask-restx is a community driven fork of Flask-RESTPlus. Flask-RESTX before version 0.5.1 is vulnerable to ReDoS Regular Expression Denial of Service in emailregex. This is fixed in version 0.5.1...

7.5CVSS6.8AI score0.01804EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2021/09/17 8:15 p.m.7 views

PYSEC-2021-322

Wasmtime is an open source runtime for WebAssembly & WASI. Wasmtime before version 0.30.0 is affected by a type confusion vulnerability. As a Rust library the wasmtime crate clearly marks which functions are safe and which are unsafe, guaranteeing that if consumers never use unsafe then it should...

6.3CVSS7.3AI score0.00295EPSS
Exploits0References3Affected Software1
PyPA
PyPA
added 2021/09/10 11:15 p.m.7 views

PYSEC-2021-334

parlai is a framework for training and evaluating AI models on a variety of openly available dialogue datasets. In affected versions the package is vulnerable to YAML deserialization attack caused by unsafe loading which leads to Arbitary code execution. This security bug is patched by avoiding...

8.8CVSS7.5AI score0.01794EPSS
Exploits0References3Affected Software1
PyPA
PyPA
added 2021/09/10 2:15 a.m.7 views

PYSEC-2021-345

The rencode package through 1.0.6 for Python allows an infinite loop in typecode decoding such as via ;\x2f\x7f, enabling a remote attack that consumes CPU and memory...

7.5CVSS7AI score0.05566EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2021/09/08 8:15 p.m.7 views

PYSEC-2021-329

An issue was discovered in the routes middleware in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. By making API requests involving nonexistent controllers, an authenticated user may cause the API worker to consume increasing amounts of memory, resulting in API...

6.5CVSS6.8AI score0.0176EPSS
Exploits1References4Affected Software1
PyPA
PyPA
added 2021/08/16 6:15 p.m.7 views

PYSEC-2021-144

XML External Entities XXE in Quokka v0.4.0 allows remote attackers to execute arbitrary code via the component 'quokka/utils/atom.py'...

9.8CVSS8.2AI score0.02771EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/08/16 6:15 p.m.7 views

PYSEC-2021-339

Improper Authentication in Lin-CMS-Flask v0.1.1 allows remote attackers to launch brute force login attempts without restriction via the 'login' function in the component 'app/api/cms/user.py'...

9.8CVSS7AI score0.02026EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/08/16 8:15 a.m.7 views

PYSEC-2021-122

If remote logging is not used, the worker in the case of CeleryExecutor or the scheduler in the case of LocalExecutor runs a Flask logging server and is listening on a specific port and also binds on 0.0.0.0 by default. This logging server had no authentication and allows reading log files of DAG...

5.3CVSS7.3AI score0.04022EPSS
Exploits0References2Affected Software1
PyPA
PyPA
added 2021/08/12 11:15 p.m.7 views

PYSEC-2021-313

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a division by zero error in LSH implementation. We have patched the issue in GitHub commit 0575b640091680cfb70f4dd93e70658de43b94f9. The fix will be...

5.5CVSS7AI score0.00152EPSS
Exploits0References2Affected Software1
PyPA
PyPA
added 2021/08/12 11:15 p.m.7 views

PYSEC-2021-587

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a denial of service via a segmentation fault in tf.rawops.MaxPoolGrad caused by missing validation. The implementation misses some validation for the originput and origoutput tensor...

7.8CVSS6.8AI score0.00214EPSS
Exploits1References3Affected Software1
PyPA
PyPA
added 2021/08/12 11:15 p.m.7 views

PYSEC-2021-783

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to tf.rawops.SdcaOptimizerV2. The implementation does not check that the length of...

5.5CVSS6.9AI score0.00172EPSS
Exploits0References2Affected Software1
PyPA
PyPA
added 2021/08/12 11:15 p.m.7 views

PYSEC-2021-296

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a denial of service via a segmentation fault in tf.rawops.MaxPoolGrad caused by missing validation. The implementation misses some validation for the originput and origoutput tensor...

7.8CVSS6.8AI score0.00214EPSS
Exploits1References3Affected Software1
PyPA
PyPA
added 2021/08/12 11:15 p.m.7 views

PYSEC-2021-774

TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in tf.rawops.QuantizeV2, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap allocated arrays. Th...

7.8CVSS7AI score0.00173EPSS
Exploits0References2Affected Software1
PyPA
PyPA
added 2021/08/12 11:15 p.m.7 views

PYSEC-2021-596

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of division in TFLite is vulnerable to a division by 0 error. There is no check that the divisor tensor does not contain zero elements. We have patched the issue in GitHub commit...

5.5CVSS6.9AI score0.00154EPSS
Exploits0References2Affected Software1
PyPA
PyPA
added 2021/08/12 11:15 p.m.7 views

PYSEC-2021-285

TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in tf.rawops.QuantizeV2, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap allocated arrays. Th...

7.8CVSS7AI score0.00173EPSS
Exploits0References2Affected Software1
PyPA
PyPA
added 2021/08/12 11:15 p.m.7 views

PYSEC-2021-595

TensorFlow is an end-to-end open source platform for machine learning. In affected versions all TFLite operations that use quantization can be made to use unitialized values. For example. The issue stems from the fact that quantization.params is only valid if quantization.type is different that...

7.1CVSS6.9AI score0.0018EPSS
Exploits0References4Affected Software1
PyPA
PyPA
added 2021/08/12 11:15 p.m.7 views

PYSEC-2021-304

TensorFlow is an end-to-end open source platform for machine learning. In affected versions all TFLite operations that use quantization can be made to use unitialized values. For example. The issue stems from the fact that quantization.params is only valid if quantization.type is different that...

7.1CVSS6.9AI score0.0018EPSS
Exploits0References4Affected Software1
PyPA
PyPA
added 2021/08/12 11:15 p.m.7 views

PYSEC-2021-604

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a division by zero error in LSH implementation. We have patched the issue in GitHub commit 0575b640091680cfb70f4dd93e70658de43b94f9. The fix will be...

5.5CVSS7AI score0.00152EPSS
Exploits0References2Affected Software1
PyPA
PyPA
added 2021/08/12 11:15 p.m.7 views

PYSEC-2021-295

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a denial of service via a CHECK-fail in tf.rawops.MapStage. The implementation does not check that the key input is a valid non-empty tensor. We have patched the issue in GitHub...

5.5CVSS6.8AI score0.00154EPSS
Exploits0References2Affected Software1
PyPA
PyPA
added 2021/08/12 11:15 p.m.7 views

PYSEC-2021-803

TensorFlow is an end-to-end open source platform for machine learning. In affected versions under certain conditions, Go code can trigger a segfault in string deallocation. For string tensors, C.TFTStringDealloc is called during garbage collection within a finalizer function. However, tensor...

5.5CVSS7.1AI score0.00172EPSS
Exploits0References3Affected Software1
PyPA
PyPA
added 2021/08/12 11:15 p.m.7 views

PYSEC-2021-300

TensorFlow is an end-to-end open source platform for machine learning. In affected versions TensorFlow and Keras can be tricked to perform arbitrary code execution when deserializing a Keras model from YAML format. The implementation uses yaml.unsafeload which can perform arbitrary code execution...

9.3CVSS7.9AI score0.00451EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/08/12 11:15 p.m.7 views

PYSEC-2021-598

TensorFlow is an end-to-end open source platform for machine learning. In affected versions TFLite's expanddims.cc contains a vulnerability which allows reading one element outside of bounds of heap allocated data. If axis is a large negative value e.g., -100000, then after the first if it would...

5.5CVSS6.9AI score0.00172EPSS
Exploits0References2Affected Software1
PyPA
PyPA
added 2021/08/12 11:15 p.m.7 views

PYSEC-2021-790

TensorFlow is an end-to-end open source platform for machine learning. In affected versions it is possible to nest a tf.mapfn within another tf.mapfn call. However, if the input tensor is a RaggedTensor and there is no function signature provided, code assumes the output is a fully specified tens...

7.8CVSS7.2AI score0.00181EPSS
Exploits0References2Affected Software1
PyPA
PyPA
added 2021/08/12 10:15 p.m.7 views

PYSEC-2021-593

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of fully connected layers in TFLite is vulnerable to a division by zero error. We have patched the issue in GitHub commit 718721986aa137691ee23f03638867151f74935f. The fix will be includ...

5.5CVSS6.9AI score0.00152EPSS
Exploits0References2Affected Software1
PyPA
PyPA
added 2021/08/12 10:15 p.m.7 views

PYSEC-2021-293

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.Map and tf.rawops.OrderedMap operations. The implementation has a check in place to ensure that indices is in...

7.8CVSS7AI score0.00173EPSS
Exploits0References2Affected Software1
PyPA
PyPA
added 2021/08/12 10:15 p.m.7 views

PYSEC-2021-288

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.RaggedTensorToVariant. The implementation has an incomplete validation of the splits values, missing the case...

7.8CVSS7AI score0.00173EPSS
Exploits0References2Affected Software1
PyPA
PyPA
added 2021/08/12 10:15 p.m.7 views

PYSEC-2021-580

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.UnicodeEncode. The implementation reads the first dimension of the inputsplits tensor before validating that th...

7.8CVSS6.9AI score0.00173EPSS
Exploits0References2Affected Software1
PyPA
PyPA
added 2021/08/12 10:15 p.m.7 views

PYSEC-2021-763

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for tf.rawops.BoostedTreesCreateEnsemble can result in a use after free error if an attacker supplies specially crafted arguments. The implementation uses a reference counted resource an...

7.8CVSS7.1AI score0.00173EPSS
Exploits0References2Affected Software1
PyPA
PyPA
added 2021/08/12 9:15 p.m.7 views

PYSEC-2021-575

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can generate undefined behavior via a reference binding to nullptr in BoostedTreesCalculateBestGainsPerFeature and similar attack can occur in BoostedTreesCalculateBestFeatureSplitV2. The...

7.8CVSS6.9AI score0.00189EPSS
Exploits0References3Affected Software1
PyPA
PyPA
added 2021/08/12 9:15 p.m.7 views

PYSEC-2021-755

TensorFlow is an end-to-end open source platform for machine learning. In affected versions providing a negative element to numelements list argument of tf.rawops.TensorListReserve causes the runtime to abort the process due to reallocating a std::vector to have a negative number of elements. The...

5.5CVSS6.9AI score0.00152EPSS
Exploits0References2Affected Software1
PyPA
PyPA
added 2021/08/12 9:15 p.m.7 views

PYSEC-2021-563

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for tf.rawops.ExperimentalDatasetToTFRecord and tf.rawops.DatasetToTFRecord can trigger heap buffer overflow and segmentation fault. The implementation assumes that all records in the...

7.8CVSS7.4AI score0.00182EPSS
Exploits0References2Affected Software1
PyPA
PyPA
added 2021/08/12 9:15 p.m.7 views

PYSEC-2021-554

TensorFlow is an end-to-end open source platform for machine learning. In affected versions if the arguments to tf.rawops.RaggedGather don't determine a valid ragged tensor code can trigger a read from outside of bounds of heap allocated buffers. The implementation directly reads the first...

7.3CVSS7.1AI score0.00167EPSS
Exploits0References2Affected Software1
PyPA
PyPA
added 2021/08/12 9:15 p.m.7 views

PYSEC-2021-272

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for tf.rawops.ExperimentalDatasetToTFRecord and tf.rawops.DatasetToTFRecord can trigger heap buffer overflow and segmentation fault. The implementation assumes that all records in the...

7.8CVSS7.4AI score0.00182EPSS
Exploits0References2Affected Software1
PyPA
PyPA
added 2021/08/12 9:15 p.m.7 views

PYSEC-2021-564

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for tf.rawops.FractionalAvgPoolGrad can be tricked into accessing data outside of bounds of heap allocated buffers. The implementation does not validate that the input tensor is non-empt...

7.8CVSS7.4AI score0.00174EPSS
Exploits0References2Affected Software1
PyPA
PyPA
added 2021/08/12 9:15 p.m.7 views

PYSEC-2021-757

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of tf.rawops.StringNGrams is vulnerable to an integer overflow issue caused by converting a signed integer value to an unsigned one and then allocating memory based on this value. The...

5.5CVSS7.2AI score0.00154EPSS
Exploits0References2Affected Software1
PyPA
PyPA
added 2021/08/12 7:15 p.m.7 views

PYSEC-2021-560

TensorFlow is an end-to-end open source platform for machine learning. When a user does not supply arguments that determine a valid sparse tensor, tf.rawops.SparseTensorSliceDataset implementation can be made to dereference a null pointer. The implementation has some argument validation but fails...

7.7CVSS7.1AI score0.0016EPSS
Exploits0References2Affected Software1
PyPA
PyPA
added 2021/08/12 7:15 p.m.7 views

PYSEC-2021-260

TensorFlow is an end-to-end open source platform for machine learning. Sending invalid argument for rowpartitiontypes of tf.rawops.RaggedTensorToTensor API results in a null pointer dereference and undefined behavior. The implementation accesses the first element of a user supplied list of values...

7.8CVSS6.9AI score0.00167EPSS
Exploits0References2Affected Software1
PyPA
PyPA
added 2021/08/12 7:15 p.m.7 views

PYSEC-2021-550

TensorFlow is an end-to-end open source platform for machine learning. It is possible to trigger a null pointer dereference in TensorFlow by passing an invalid input to tf.rawops.CompressElement. The implementation was accessing the size of a buffer obtained from the return of a separate function...

7.7CVSS7.1AI score0.0016EPSS
Exploits0References2Affected Software1
PyPA
PyPA
added 2021/08/12 6:15 p.m.7 views

PYSEC-2021-573

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause a floating point exception by calling inplace operations with crafted arguments that would result in a division by 0. The implementation has a logic error: it should skip processing i...

5.5CVSS7.2AI score0.00154EPSS
Exploits0References2Affected Software1
PyPA
PyPA
added 2021/08/12 6:15 p.m.7 views

PYSEC-2021-771

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause a floating point exception by calling inplace operations with crafted arguments that would result in a division by 0. The implementation has a logic error: it should skip processing i...

5.5CVSS7.2AI score0.00154EPSS
Exploits0References2Affected Software1
PyPA
PyPA
added 2021/08/12 6:15 p.m.7 views

PYSEC-2021-764

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a crash via a floating point exception in tf.rawops.ResourceGather. The implementation computes the value of a value, batchsize, and then divides by it without checking that this...

5.5CVSS7AI score0.00152EPSS
Exploits0References2Affected Software1
PyPA
PyPA
added 2021/08/12 6:15 p.m.7 views

PYSEC-2021-549

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of tf.rawops.SparseDenseCwiseDiv is vulnerable to a division by 0 error. The implementation uses a common class for all binary operations but fails to treat the division by 0 case...

5.5CVSS7AI score0.00152EPSS
Exploits0References2Affected Software1
PyPA
PyPA
added 2021/07/30 10:15 p.m.7 views

PYSEC-2021-875

The module AccessControl defines security policies for Python code used in restricted code within Zope applications. Restricted code is any code that resides in Zope's object database, such as the contents of Script Python objects. The policies defined in AccessControl severely restrict access to...

7.2CVSS8AI score0.02032EPSS
Exploits0References3Affected Software1
PyPA
PyPA
added 2021/06/30 1:15 a.m.7 views

PYSEC-2021-110

In Plone 5.0 through 5.2.4, Editors are vulnerable to XSS in the folder contents view, if a Contributor has created a folder with a SCRIPT tag in the description field...

5.4CVSS6.3AI score0.00536EPSS
Exploits0References3Affected Software1
PyPA
PyPA
added 2021/06/21 8:15 p.m.7 views

PYSEC-2021-427

A Regular Expression Denial of Service ReDOS vulnerability was discovered in Mpmath v1.0.0 when the mpmathify function is called...

7.5CVSS7AI score0.041EPSS
Exploits1References8Affected Software1
PyPA
PyPA
added 2021/06/09 12:15 p.m.7 views

PYSEC-2021-126

A flaw was found in Ansible if an ansible user sets ANSIBLEASYNCDIR to a subdirectory of a world writable directory. When this occurs, there is a race condition on the managed machine. A malicious, non-privileged account on the remote machine can exploit the race condition to access the async...

6.5AI score
Exploits0References1Affected Software1
PyPA
PyPA
added 2021/06/08 6:15 p.m.7 views

PYSEC-2021-98

Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. Staff members could use the TemplateDetailView view to check the existence of arbitrary files. Additionally, if and only if the default admindocs templates have been...

4.9CVSS7AI score0.02737EPSS
Exploits0References4Affected Software1
PyPA
PyPA
added 2021/06/08 6:15 p.m.7 views

PYSEC-2021-99

In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4, URLValidator, validateipv4address, and validateipv46address do not prohibit leading zero characters in octal literals. This may allow a bypass of access control that is based on IP addresses. validateipv4address and...

7.5CVSS6.9AI score0.03058EPSS
Exploits0References4Affected Software1
PyPA
PyPA
added 2021/06/06 3:15 p.m.7 views

PYSEC-2021-95

The aaugustin websockets library before 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled with basicauthprotocolfactorycredentials=.... An attacker may be able to guess a password via a timing attack...

5.9CVSS7AI score0.02265EPSS
Exploits0References2Affected Software1
Total number of security vulnerabilities5000