Lucene search
K
PypaMost viewed

5612 matches found

PyPA
PyPA
•added 2022/03/17 10:15 p.m.•6 views

PYSEC-2022-166

In Paramiko before 2.10.1, a race condition between creation and chmod in the writeprivatekeyfile function could allow unauthorized information disclosure...

5.9CVSS6.6AI score0.0208EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2022/03/17 12:15 p.m.•6 views

PYSEC-2022-165

The package guake before 3.8.5 are vulnerable to Exposed Dangerous Method or Function due to the exposure of executecommand and executecommandbyuuid methods via the d-bus interface, which makes it possible for a malicious user to run an arbitrary command via the d-bus method. Note: Exploitation...

8CVSS7AI score0.01113EPSS
Exploits1References6Affected Software1
PyPA
PyPA
•added 2022/03/15 3:15 p.m.•6 views

PYSEC-2022-167

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository httpie/httpie prior to 3.1.0...

5.3CVSS6.7AI score0.01272EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2022/03/10 9:15 p.m.•6 views

PYSEC-2022-228

An Access Control vunerabiity exists in Gerapy v 0.9.7 via the spider parameter in projectconfigure function...

7AI score
Exploits6References2Affected Software1
PyPA
PyPA
•added 2022/03/04 8:15 p.m.•6 views

PYSEC-2022-31

The package weblate from 0 and before 4.11.1 are vulnerable to Remote Code Execution RCE via argument injection when using git or mercurial repositories. Authenticated users, can change the behavior of the application in an unintended way, leading to command execution...

8.8CVSS8AI score0.02927EPSS
Exploits0References4Affected Software1
PyPA
PyPA
•added 2022/03/03 9:15 p.m.•6 views

PYSEC-2022-160

Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version identifier. This ends up with a buffer using all the available memory. The attach...

7.5CVSS7AI score0.03608EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2022/02/25 9:15 a.m.•6 views

PYSEC-2022-29

It was discovered that the "Trigger DAG with config" screen was susceptible to XSS attacks via the origin query argument. This issue affects Apache Airflow versions 2.2.3 and below...

6.1CVSS6.5AI score0.02561EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2022/02/20 6:15 p.m.•6 views

PYSEC-2022-38

An issue was discovered in Cobbler before 3.3.1. Files in /etc/cobbler are world readable. Two of those files contain some sensitive information that can be exposed to a local user who has non-privileged access to the server. The users.digest file contains the sha2-512 digest of users in a Cobble...

7.1CVSS6.4AI score0.00306EPSS
Exploits0References4Affected Software1
PyPA
PyPA
•added 2022/02/19 12:15 a.m.•6 views

PYSEC-2022-37

An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function checkforinvalidimports can allow Cheetah code to import Python modules via the "from MODULE import" substring. Only lines beginning with import are blocked...

7.8CVSS7.3AI score0.00495EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2022/02/04 11:15 p.m.•6 views

PYSEC-2022-96

Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow is vulnerable to an integer overflow during cost estimation for crop and resize. Since the cropping parameters are user controlled, a malicious person can trigger undefined behavior...

9.8CVSS7.2AI score0.00888EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2022/02/04 11:15 p.m.•6 views

PYSEC-2022-86

Tensorflow is an Open Source Machine Learning Framework. The implementation of GetInitOp is vulnerable to a crash caused by dereferencing a null pointer. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, ...

6.5CVSS7AI score0.00783EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2022/02/04 11:15 p.m.•6 views

PYSEC-2022-84

Tensorflow is an Open Source Machine Learning Framework. The implementation of OpLevelCostEstimator::CalculateTensorSize is vulnerable to an integer overflow if an attacker can create an operation which would involve a tensor with large enough number of elements. The fix will be included in...

6.5CVSS7.2AI score0.00783EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2022/02/04 11:15 p.m.•6 views

PYSEC-2022-139

Tensorflow is an Open Source Machine Learning Framework. The implementation of OpLevelCostEstimator::CalculateTensorSize is vulnerable to an integer overflow if an attacker can create an operation which would involve a tensor with large enough number of elements. The fix will be included in...

6.5CVSS7.2AI score0.00783EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2022/02/04 11:15 p.m.•6 views

PYSEC-2022-127

Tensorflow is an Open Source Machine Learning Framework. In multiple places, TensorFlow uses tempfile.mktemp to create temporary files. While this is acceptable in testing, in utilities and libraries it is dangerous as a different process can create the file between the check for the filename in...

7.1CVSS6.9AI score0.0011EPSS
Exploits0References1Affected Software1
PyPA
PyPA
•added 2022/02/04 11:15 p.m.•6 views

PYSEC-2022-122

Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in TfLiteIntArrayCreate. The TfLiteIntArrayGetSizeInBytes returns an int instead of a sizet. An attacker can control model inputs such that computedsize overflows the...

8.8CVSS7.2AI score0.00811EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2022/02/04 11:15 p.m.•6 views

PYSEC-2022-90

Tensorflow is an Open Source Machine Learning Framework. The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a SavedModel such that IsSimplifiableReshape would trigger CHECK failures. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this...

6.5CVSS6.8AI score0.01151EPSS
Exploits1References5Affected Software1
PyPA
PyPA
•added 2022/02/04 11:15 p.m.•6 views

PYSEC-2022-135

Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, a TensorFlow process can encounter cases where a CHECK assertion is invalidated based on user controlled arguments, if the tensors have an invalid dtype and 0 elements or an invalid shape. This allows...

6.5CVSS6.8AI score0.00469EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2022/02/04 11:15 p.m.•6 views

PYSEC-2022-66

Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would trigger a division by zero in BiasAndClamp implementation. There is no check that the biassize is non zero. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on...

6.5CVSS7AI score0.00757EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2022/02/04 11:15 p.m.•6 views

PYSEC-2022-153

Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow can trigger a null pointer dereference. There are 2 places where this can occur, for the same malicious alteration of a SavedModel file fixing the first one would trigger the same...

6.5CVSS7AI score0.01097EPSS
Exploits1References5Affected Software1
PyPA
PyPA
•added 2022/02/04 11:15 p.m.•6 views

PYSEC-2022-88

Tensorflow is an Open Source Machine Learning Framework. The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a SavedModel such that SafeToRemoveIdentity would trigger CHECK failures. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this...

6.5CVSS6.8AI score0.00821EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2022/02/04 11:15 p.m.•6 views

PYSEC-2022-152

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a SavedModel such that Grappler optimizer would attempt to build a tensor using a reference dtype. This would result in a crash due to a CHECK-fail in the Tensor constructor as...

6.5CVSS6.8AI score0.00864EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2022/02/04 11:15 p.m.•6 views

PYSEC-2022-138

Tensorflow is an Open Source Machine Learning Framework. There is a typo in TensorFlow's SpecializeType which results in heap OOB read/write. Due to a typo, arg is initialized to the ith mutable argument in a loop where the loop index is j. Hence it is possible to assign to arg from outside the...

8.8CVSS7AI score0.00837EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2022/02/04 11:15 p.m.•6 views

PYSEC-2022-98

Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow can trigger a null pointer dereference. There are 2 places where this can occur, for the same malicious alteration of a SavedModel file fixing the first one would trigger the same...

6.5CVSS7AI score0.01097EPSS
Exploits1References5Affected Software1
PyPA
PyPA
•added 2022/02/04 11:15 p.m.•6 views

PYSEC-2022-93

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a use after free behavior when decoding PNG images. After png::CommonFreeDecode gets called, the values of decode.width and decode.height are in an unspecified state. The fix will be included in TensorFlow 2.8.0. ...

7.6CVSS7AI score0.00725EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2022/02/04 11:15 p.m.•6 views

PYSEC-2022-74

Tensorflow is an Open Source Machine Learning Framework. An attacker can trigger denial of service via assertion failure by altering a SavedModel on disk such that AttrDefs of some operation are duplicated. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on...

6.5CVSS6.9AI score0.00469EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2022/02/04 11:15 p.m.•6 views

PYSEC-2022-71

Tensorflow is an Open Source Machine Learning Framework. The implementation of Range suffers from integer overflows. These can trigger undefined behavior or, in some scenarios, extremely large allocations. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on...

8.8CVSS7AI score0.00578EPSS
Exploits0References4Affected Software1
PyPA
PyPA
•added 2022/02/04 11:15 p.m.•6 views

PYSEC-2022-150

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a SavedModel such that assertions in function.cc would be falsified and crash the Python interpreter. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this comm...

6.5CVSS6.8AI score0.008EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2022/02/03 3:15 p.m.•6 views

PYSEC-2022-64

Tensorflow is an Open Source Machine Learning Framework. The implementation of SparseCountSparseOutput is vulnerable to a heap overflow. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also...

8.8CVSS7.1AI score0.00788EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2022/02/03 2:15 p.m.•6 views

PYSEC-2022-116

Tensorflow is an Open Source Machine Learning Framework. The implementation of Bincount operations allows malicious users to cause denial of service by passing in arguments which would trigger a CHECK-fail. There are several conditions that the input arguments must satisfy. Some are not caught...

6.5CVSS6.7AI score0.00783EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2022/02/03 2:15 p.m.•6 views

PYSEC-2022-61

Tensorflow is an Open Source Machine Learning Framework. The implementation of Bincount operations allows malicious users to cause denial of service by passing in arguments which would trigger a CHECK-fail. There are several conditions that the input arguments must satisfy. Some are not caught...

6.5CVSS6.7AI score0.00783EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2022/02/03 1:15 p.m.•6 views

PYSEC-2022-113

Tensorflow is an Open Source Machine Learning Framework. The implementation of MapStage is vulnerable a CHECK-fail if the key tensor is not a scalar. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as...

6.5CVSS7AI score0.00783EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2022/02/03 1:15 p.m.•6 views

PYSEC-2022-59

Tensorflow is an Open Source Machine Learning Framework. The implementation of FractionalMaxPool can be made to crash a TensorFlow process via a division by 0. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow...

6.5CVSS6.9AI score0.00783EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2022/02/03 1:15 p.m.•6 views

PYSEC-2022-133

Tensorflow is an Open Source Machine Learning Framework. Multiple operations in TensorFlow can be used to trigger a denial of service via CHECK-fails i.e., assertion failures. This is similar to TFSA-2021-198 and has similar fixes. We have patched the reported issues in multiple GitHub commits. I...

6.5CVSS7AI score0.00458EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2022/02/03 1:15 p.m.•6 views

PYSEC-2022-58

Tensorflow is an Open Source Machine Learning Framework. The implementation of MapStage is vulnerable a CHECK-fail if the key tensor is not a scalar. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as...

6.5CVSS7AI score0.00783EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2022/02/03 1:15 p.m.•6 views

PYSEC-2022-108

Tensorflow is an Open Source Machine Learning Framework. The implementation of UnravelIndex is vulnerable to a division by zero caused by an integer overflow bug. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlo...

6.5CVSS7.2AI score0.00783EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2022/02/03 12:15 p.m.•6 views

PYSEC-2022-77

Tensorflow is an Open Source Machine Learning Framework. The implementation of AddManySparseToTensorsMap is vulnerable to an integer overflow which results in a CHECK-fail when building new TensorShape objects so, an assert failure based denial of service. We are missing some validation on the...

6.5CVSS7.1AI score0.008EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2022/02/03 12:15 p.m.•6 views

PYSEC-2022-55

Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for ConcatV2 can be used to trigger a denial of service attack via a segfault caused by a type confusion. The axis argument is translated into concatdim in the ConcatShapeHelper helper function. Then, a...

6.5CVSS6.8AI score0.00845EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2022/02/03 12:15 p.m.•6 views

PYSEC-2022-57

Tensorflow is an Open Source Machine Learning Framework. The implementation of StringNGrams can be used to trigger a denial of service attack by causing an out of memory condition after an integer overflow. We are missing a validation on padwitdh and that result in computing a negative value for...

6.5CVSS6.8AI score0.00821EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2022/02/03 12:15 p.m.•6 views

PYSEC-2022-110

Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for ConcatV2 can be used to trigger a denial of service attack via a segfault caused by a type confusion. The axis argument is translated into concatdim in the ConcatShapeHelper helper function. Then, a...

6.5CVSS6.8AI score0.00845EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2022/02/03 11:15 a.m.•6 views

PYSEC-2022-109

Tensorflow is an Open Source Machine Learning Framework. The implementation of FractionalAvgPoolGrad does not consider cases where the input tensors are invalid allowing an attacker to read from outside of bounds of heap. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this...

8.1CVSS6.9AI score0.00815EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2022/02/03 11:15 a.m.•6 views

PYSEC-2022-51

Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for Dequantize is vulnerable to an integer overflow weakness. The axis argument can be -1 the default value for the optional argument or any other positive value at most the number of dimensions of the...

8.8CVSS7.6AI score0.00659EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2022/02/03 11:15 a.m.•6 views

PYSEC-2022-106

Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for Dequantize is vulnerable to an integer overflow weakness. The axis argument can be -1 the default value for the optional argument or any other positive value at most the number of dimensions of the...

8.8CVSS7.6AI score0.00659EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2022/02/03 2:15 a.m.•6 views

PYSEC-2022-20

An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2. Passing certain inputs to multipart forms could result in an infinite loop when parsing files...

7.5CVSS7AI score0.49246EPSS
Exploits0References4Affected Software1
PyPA
PyPA
•added 2022/02/01 2:15 p.m.•6 views

PYSEC-2022-36

Apache Superset up to and including 1.3.2 allowed for registered database connections password leak for authenticated users. This information could be accessed in a non-trivial way. Users should upgrade to Apache Superset 1.4.0 or higher...

6.5CVSS6.7AI score0.07863EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2022/01/28 10:15 p.m.•6 views

PYSEC-2022-21

Products.ATContentTypes are the core content types for Plone 2.1 - 4.3. Versions of Plone that are dependent on Products.ATContentTypes prior to version 3.0.6 are vulnerable to reflected cross site scripting and open redirect when an attacker can get a compromised version of the imageviewfullscre...

6.1CVSS5.9AI score0.00735EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2022/01/28 10:15 p.m.•6 views

PYSEC-2022-18

Cross-site Scripting XSS - Reflected in Pypi calibreweb prior to 0.6.16...

8.5CVSS6.3AI score0.00853EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2022/01/26 2:15 p.m.•6 views

PYSEC-2022-48

Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend upgrading to...

6.5CVSS6.9AI score0.0266EPSS
Exploits0References4Affected Software1
PyPA
PyPA
•added 2022/01/19 10:15 p.m.•6 views

PYSEC-2022-12

IPython Interactive Python is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Affected versions are subject to an arbitrary code execution vulnerability achieved by not properly managing cross user temporary...

8.8CVSS9.6AI score0.00657EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2022/01/18 11:15 p.m.•6 views

PYSEC-2022-45

OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. The website mode of the onionshare allows to use a hardened CSP, which will block any scripts and external resources. It is not possible to configure...

5.3CVSS6.8AI score0.01248EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2022/01/18 10:15 p.m.•6 views

PYSEC-2022-44

OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions an adversary with a primitive that allows for filesystem access from the context of the Onionshare process can access sensitive...

6.5CVSS6.6AI score0.01129EPSS
Exploits0References2Affected Software1
Total number of security vulnerabilities5000