Lucene search
K
PypaMost viewed

5624 matches found

PyPA
PyPA
•added 2021/06/10 11:15 a.m.•7 views

PYSEC-2021-97

The thefuck aka The Fuck package before 3.31 for Python allows Path Traversal that leads to arbitrary file deletion via the "undo archive operation" feature...

9.1CVSS7.1AI score0.01847EPSS
Exploits0References4Affected Software1
PyPA
PyPA
•added 2021/06/09 12:15 p.m.•7 views

PYSEC-2021-126

A flaw was found in Ansible if an ansible user sets ANSIBLEASYNCDIR to a subdirectory of a world writable directory. When this occurs, there is a race condition on the managed machine. A malicious, non-privileged account on the remote machine can exploit the race condition to access the async...

6.5AI score
Exploits0References1Affected Software1
PyPA
PyPA
•added 2021/06/08 6:15 p.m.•7 views

PYSEC-2021-98

Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. Staff members could use the TemplateDetailView view to check the existence of arbitrary files. Additionally, if and only if the default admindocs templates have been...

4.9CVSS7AI score0.02737EPSS
Exploits0References4Affected Software1
PyPA
PyPA
•added 2021/06/08 6:15 p.m.•7 views

PYSEC-2021-99

In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4, URLValidator, validateipv4address, and validateipv46address do not prohibit leading zero characters in octal literals. This may allow a bypass of access control that is based on IP addresses. validateipv4address and...

7.5CVSS6.9AI score0.03058EPSS
Exploits0References4Affected Software1
PyPA
PyPA
•added 2021/06/06 3:15 p.m.•7 views

PYSEC-2021-95

The aaugustin websockets library before 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled with basicauthprotocolfactorycredentials=.... An attacker may be able to guess a password via a timing attack...

5.9CVSS7AI score0.02265EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/05/21 10:15 p.m.•7 views

PYSEC-2021-81

Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script...

9.9CVSS6.9AI score0.0204EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2021/05/21 10:15 p.m.•7 views

PYSEC-2021-82

Plone through 5.2.4 allows remote authenticated managers to conduct SSRF attacks via an event ical URL, to read one line of a file...

4.3CVSS6.8AI score0.00992EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2021/05/21 2:15 p.m.•7 views

PYSEC-2021-88

Zope is an open-source web application server. In Zope versions prior to 4.6 and 5.2, users can access untrusted modules indirectly through Python modules that are available for direct use. By default, only users with the Manager role can add or edit Zope Page Templates through the web, but sites...

8.8CVSS6.6AI score0.01843EPSS
Exploits1References5Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-662

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in QuantizedReshape by passing in invalid thresholds for the quantization. This is because the...

7.8CVSS7.4AI score0.00211EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-220

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.FusedBatchNorm is vulnerable to a heap buffer overflow. If the tensors are empty, the same implementation can trigger undefined behavior by dereferencing null pointers. The...

7.8CVSS7.3AI score0.00211EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-151

TensorFlow is an end-to-end open source platform for machine learning. If the splits argument of RaggedBincount does not specify a valid SparseTensorhttps://www.tensorflow.org/apidocs/python/tf/sparse/SparseTensor, then an attacker can trigger a heap buffer overflow. This will cause a read from...

7.8CVSS7.3AI score0.00211EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-209

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.SdcaOptimizer triggers undefined behavior due to dereferencing a null pointer. The...

5.5CVSS6.9AI score0.00189EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-249

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a heap buffer overflow in Eigen implementation of tf.rawops.BandedTriangularSolve. The...

7.8CVSS7.5AI score0.00287EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-183

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger an integer division by zero undefined behavior in tf.rawops.QuantizedBiasAdd. This is because the implementation of the Eigen...

7.8CVSS6.9AI score0.00201EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-712

TensorFlow is an end-to-end open source platform for machine learning. Optimized pooling implementations in TFLite fail to check that the stride arguments are not 0 before calling...

7.8CVSS6.9AI score0.00201EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-731

TensorFlow is an end-to-end open source platform for machine learning. The TFLite code for allocating TFLiteIntArrays is vulnerable to an integer overflow issuehttps://github.com/tensorflow/tensorflow/blob/4ceffae632721e52bf3501b736e4fe9d1221cdfa/tensorflow/lite/c/common.cL24-L27. An attacker can...

7.1CVSS7.4AI score0.0022EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-537

TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in SparseAdd results in allowing attackers to exploit undefined behavior dereferencing null pointers as well as write outside of bounds of heap allocated data. The...

7.8CVSS7.2AI score0.00234EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-462

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in tf.rawops.SparseConcat. This is because the...

5.5CVSS6.8AI score0.00189EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-669

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in tf.rawops.CTCGreedyDecoder. This is because the...

5.5CVSS6.8AI score0.00189EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-165

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in tf.rawops.QuantizedMul. This is because the...

5.5CVSS7AI score0.00189EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-238

TensorFlow is an end-to-end open source platform for machine learning. The TFLite implementation of concatenation is vulnerable to an integer overflow issuehttps://github.com/tensorflow/tensorflow/blob/7b7352a724b690b11bfaae2cd54bc3907daf6285/tensorflow/lite/kernels/concatenation.ccL70-L76. An...

7.1CVSS7.2AI score0.00192EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-710

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in caused by an integer overflow in constructing a new tensor shape. This is because the...

5.5CVSS7.2AI score0.00189EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-175

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a division by zero to occur in Conv2DBackpropFilter. This is because the...

5.5CVSS6.7AI score0.00189EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-486

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in tf.rawops.SparseSplit. This is because the...

7.8CVSS7.4AI score0.00211EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-200

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service by exploiting a CHECK-failure coming from the implementation of tf.rawops.RFFT. Eigen code operating on an empty matrix can trigger on an assertion and will cause program termination...

5.5CVSS7.1AI score0.00189EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-644

TensorFlow is an end-to-end open source platform for machine learning. In eager mode default in TF 2.0 and later, session operations are invalid. However, users could still call the raw ops associated with them and trigger a null pointer dereference. The...

7.8CVSS6.8AI score0.00201EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-706

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.FractionalMaxPoolGrad triggers an undefined behavior if one of the input tensors is empty. The code is also vulnerable to a denial of service attack as a CHECK condition becomes false and aborts...

5.5CVSS7AI score0.00189EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-478

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a runtime division by zero error and denial of service in tf.rawops.FractionalAvgPool. This is because the...

5.5CVSS6.8AI score0.00189EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-672

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger an integer division by zero undefined behavior in tf.rawops.QuantizedBiasAdd. This is because the implementation of the Eigen...

7.8CVSS6.9AI score0.00201EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-475

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a segfault and denial of service via accessing data outside of bounds in tf.rawops.QuantizedBatchNormWithGlobalNormalization. This is because the...

5.5CVSS6.9AI score0.00189EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-648

TensorFlow is an end-to-end open source platform for machine learning. The tf.rawops.Conv3DBackprop operations fail to validate that the input tensors are not empty. In turn, this would result in a division by 0. This is because the...

5.5CVSS6.8AI score0.00189EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-701

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.ReverseSequence allows for stack overflow and/or CHECK-fail based denial of service. The...

5.5CVSS7.4AI score0.00198EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-463

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in QuantizedMul by passing in invalid thresholds for the quantization. This is because the...

7.8CVSS7.4AI score0.00211EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-243

TensorFlow is an end-to-end open source platform for machine learning. A specially crafted TFLite model could trigger an OOB read on heap in the TFLite implementation of...

7.8CVSS6.8AI score0.00215EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-707

TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in tf.rawops.CTCBeamSearchDecoder, an attacker can trigger denial of service via segmentation faults. The...

5.5CVSS6.7AI score0.00189EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-221

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in caused by an integer overflow in constructing a new tensor shape. This is because the...

5.5CVSS7.2AI score0.00189EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-741

TensorFlow is an end-to-end open source platform for machine learning. The implementation of ParseAttrValuehttps://github.com/tensorflow/tensorflow/blob/c22d88d6ff33031aa113e48aa3fc9aa74ed79595/tensorflow/core/framework/attrvalueutil.ccL397-L453 can be tricked into stack overflow due to recursion...

5.5CVSS7.2AI score0.00204EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-229

TensorFlow is an end-to-end open source platform for machine learning. The fix for CVE-2020-15209https://vulners.com/cve/CVE-2020-15209 missed the case when the target shape of Reshape operator is given by the elements of a 1-D tensor. As such, the fix for the...

7.8CVSS6.9AI score0.008EPSS
Exploits2References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-173

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in QuantizedReshape by passing in invalid thresholds for the quantization. This is because the...

7.8CVSS7.4AI score0.00211EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-515

TensorFlow is an end-to-end open source platform for machine learning. The Prepare step of the SpaceToDepth TFLite operator does not check for 0 before divisionhttps://github.com/tensorflow/tensorflow/blob/5f7975d09eac0f10ed8a17dbb6f5964977725adc/tensorflow/lite/kernels/spacetodepth.ccL63-L67. An...

7.8CVSS6.9AI score0.00201EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-214

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.AvgPool3DGrad is vulnerable to a heap buffer overflow. The...

7.8CVSS7.3AI score0.00211EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-158

TensorFlow is an end-to-end open source platform for machine learning. Specifying a negative dense shape in tf.rawops.SparseCountSparseOutput results in a segmentation fault being thrown out from the standard library as std::vector invariants are broken. This is because the...

5.5CVSS6.9AI score0.00189EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-513

TensorFlow is an end-to-end open source platform for machine learning. The TFLite computation for size of output after padding, ComputeOutSizehttps://github.com/tensorflow/tensorflow/blob/0c9692ae7b1671c983569e5d3de5565843d500cf/tensorflow/lite/kernels/padding.hL43-L55, does not check that the...

7.8CVSS6.9AI score0.00201EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-181

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in tf.rawops.QuantizeAndDequantizeV4Grad. This is because the...

5.5CVSS6.7AI score0.0031EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-182

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in converting sparse tensors to CSR Sparse matrices. This is because the...

5.5CVSS6.9AI score0.00189EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-520

TensorFlow is an end-to-end open source platform for machine learning. The fix for CVE-2020-15209https://vulners.com/cve/CVE-2020-15209 missed the case when the target shape of Reshape operator is given by the elements of a 1-D tensor. As such, the fix for the...

7.8CVSS6.9AI score0.008EPSS
Exploits2References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-152

TensorFlow is an end-to-end open source platform for machine learning. The implementation of MatrixDiag operationshttps://github.com/tensorflow/tensorflow/blob/4c4f420e68f1cfaf8f4b6e8e3eb857e9e4c3ff33/tensorflow/core/kernels/linalg/matrixdiagop.ccL195-L197 does not validate that the tensor...

7.8CVSS7AI score0.00201EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-178

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a dereference of a null pointer in tf.rawops.StringNGrams. This is because the...

5.5CVSS6.9AI score0.00189EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-690

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a null pointer dereference in the implementation of tf.rawops.EditDistance. This is because the...

5.5CVSS7AI score0.00189EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•7 views

PYSEC-2021-702

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.MaxPool3DGradGrad is vulnerable to a heap buffer overflow. The...

7.8CVSS7.3AI score0.00211EPSS
Exploits1References2Affected Software1
Total number of security vulnerabilities5000