Lucene search
K
PypaMost viewed

4602 matches found

PyPA
PyPA
•added 2021/08/16 6:15 p.m.•6 views

PYSEC-2021-144

XML External Entities XXE in Quokka v0.4.0 allows remote attackers to execute arbitrary code via the component 'quokka/utils/atom.py'...

9.8CVSS8.2AI score0.02771EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/08/16 6:15 p.m.•6 views

PYSEC-2021-339

Improper Authentication in Lin-CMS-Flask v0.1.1 allows remote attackers to launch brute force login attempts without restriction via the 'login' function in the component 'app/api/cms/user.py'...

9.8CVSS7AI score0.02026EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/08/16 6:15 p.m.•6 views

PYSEC-2021-336

Unrestricted Upload of File with Dangerous Type in Django-Widgy v0.8.4 allows remote attackers to execute arbitrary code via the 'image' widget in the component 'Change Widgy Page'...

9.8CVSS8AI score0.0289EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/08/12 11:15 p.m.•6 views

PYSEC-2021-598

TensorFlow is an end-to-end open source platform for machine learning. In affected versions TFLite's expanddims.cc contains a vulnerability which allows reading one element outside of bounds of heap allocated data. If axis is a large negative value e.g., -100000, then after the first if it would...

5.5CVSS6.9AI score0.00172EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 11:15 p.m.•6 views

PYSEC-2021-305

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of division in TFLite is vulnerable to a division by 0 error. There is no check that the divisor tensor does not contain zero elements. We have patched the issue in GitHub commit...

5.5CVSS6.9AI score0.00154EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 11:15 p.m.•6 views

PYSEC-2021-784

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a denial of service via a CHECK-fail in tf.rawops.MapStage. The implementation does not check that the key input is a valid non-empty tensor. We have patched the issue in GitHub...

5.5CVSS6.8AI score0.00154EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 11:15 p.m.•6 views

PYSEC-2021-300

TensorFlow is an end-to-end open source platform for machine learning. In affected versions TensorFlow and Keras can be tricked to perform arbitrary code execution when deserializing a Keras model from YAML format. The implementation uses yaml.unsafeload which can perform arbitrary code execution...

9.3CVSS7.9AI score0.00451EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/08/12 11:15 p.m.•6 views

PYSEC-2021-295

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a denial of service via a CHECK-fail in tf.rawops.MapStage. The implementation does not check that the key input is a valid non-empty tensor. We have patched the issue in GitHub...

5.5CVSS6.8AI score0.00154EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 11:15 p.m.•6 views

PYSEC-2021-304

TensorFlow is an end-to-end open source platform for machine learning. In affected versions all TFLite operations that use quantization can be made to use unitialized values. For example. The issue stems from the fact that quantization.params is only valid if quantization.type is different that...

7.1CVSS6.9AI score0.0018EPSS
Exploits0References4Affected Software1
PyPA
PyPA
•added 2021/08/12 11:15 p.m.•6 views

PYSEC-2021-779

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause denial of service in applications serving models using tf.rawops.UnravelIndex by triggering a division by 0. The implementation does not check that the tensor subsumed by dims is not...

5.5CVSS6.8AI score0.00154EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 11:15 p.m.•6 views

PYSEC-2021-803

TensorFlow is an end-to-end open source platform for machine learning. In affected versions under certain conditions, Go code can trigger a segfault in string deallocation. For string tensors, C.TFTStringDealloc is called during garbage collection within a finalizer function. However, tensor...

5.5CVSS7.1AI score0.00172EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2021/08/12 11:15 p.m.•6 views

PYSEC-2021-290

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause denial of service in applications serving models using tf.rawops.UnravelIndex by triggering a division by 0. The implementation does not check that the tensor subsumed by dims is not...

5.5CVSS6.8AI score0.00154EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 10:15 p.m.•6 views

PYSEC-2021-584

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.Map and tf.rawops.OrderedMap operations. The implementation has a check in place to ensure that indices is in...

7.8CVSS7AI score0.00173EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 10:15 p.m.•6 views

PYSEC-2021-792

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of SVDF in TFLite is vulnerable to a null pointer error. The GetVariableInput function can return a null pointer but GetTensorData assumes that the argument is always a valid tensor...

7.8CVSS7AI score0.00173EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 10:15 p.m.•6 views

PYSEC-2021-580

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.UnicodeEncode. The implementation reads the first dimension of the inputsplits tensor before validating that th...

7.8CVSS6.9AI score0.00173EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 10:15 p.m.•6 views

PYSEC-2021-800

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a crash and denial of service. This is caused by the MLIR optimization of L2NormalizeReduceAxis...

7.8CVSS6.9AI score0.00165EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 10:15 p.m.•6 views

PYSEC-2021-288

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.RaggedTensorToVariant. The implementation has an incomplete validation of the splits values, missing the case...

7.8CVSS7AI score0.00173EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 9:15 p.m.•6 views

PYSEC-2021-267

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of tf.rawops.QuantizeAndDequantizeV4Grad is vulnerable to an integer overflow issue caused by converting a signed integer value to an unsigned one and then allocating memory based on thi...

5.5CVSS7.2AI score0.00152EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 9:15 p.m.•6 views

PYSEC-2021-272

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for tf.rawops.ExperimentalDatasetToTFRecord and tf.rawops.DatasetToTFRecord can trigger heap buffer overflow and segmentation fault. The implementation assumes that all records in the...

7.8CVSS7.4AI score0.00182EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 9:15 p.m.•6 views

PYSEC-2021-761

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for tf.rawops.ExperimentalDatasetToTFRecord and tf.rawops.DatasetToTFRecord can trigger heap buffer overflow and segmentation fault. The implementation assumes that all records in the...

7.8CVSS7.4AI score0.00182EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 9:15 p.m.•6 views

PYSEC-2021-563

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for tf.rawops.ExperimentalDatasetToTFRecord and tf.rawops.DatasetToTFRecord can trigger heap buffer overflow and segmentation fault. The implementation assumes that all records in the...

7.8CVSS7.4AI score0.00182EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 9:15 p.m.•6 views

PYSEC-2021-569

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.RaggedTensorToSparse. The implementation has an incomplete validation of the splits values: it does not check...

7.8CVSS6.9AI score0.00167EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 9:15 p.m.•6 views

PYSEC-2021-762

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for tf.rawops.FractionalAvgPoolGrad can be tricked into accessing data outside of bounds of heap allocated buffers. The implementation does not validate that the input tensor is non-empt...

7.8CVSS7.4AI score0.00174EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 9:15 p.m.•6 views

PYSEC-2021-755

TensorFlow is an end-to-end open source platform for machine learning. In affected versions providing a negative element to numelements list argument of tf.rawops.TensorListReserve causes the runtime to abort the process due to reallocating a std::vector to have a negative number of elements. The...

5.5CVSS6.9AI score0.00152EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 9:15 p.m.•6 views

PYSEC-2021-564

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for tf.rawops.FractionalAvgPoolGrad can be tricked into accessing data outside of bounds of heap allocated buffers. The implementation does not validate that the input tensor is non-empt...

7.8CVSS7.4AI score0.00174EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 9:15 p.m.•6 views

PYSEC-2021-548

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of sparse reduction operations in TensorFlow can trigger accesses outside of bounds of heap allocated data. The implementation fails to validate that each reduction group does not overfl...

7.3CVSS7.2AI score0.00167EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 9:15 p.m.•6 views

PYSEC-2021-766

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a read from outside of bounds of heap allocated data by sending invalid arguments to tf.rawops.ResourceScatterUpdate. The implementation has an incomplete validation of the...

7.3CVSS7.2AI score0.00167EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 9:15 p.m.•6 views

PYSEC-2021-575

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can generate undefined behavior via a reference binding to nullptr in BoostedTreesCalculateBestGainsPerFeature and similar attack can occur in BoostedTreesCalculateBestFeatureSplitV2. The...

7.8CVSS6.9AI score0.00189EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2021/08/12 9:15 p.m.•6 views

PYSEC-2021-765

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a crash via a CHECK-fail in debug builds of TensorFlow using tf.rawops.ResourceGather or a read from outside the bounds of heap allocated data in the same API in a release build. Th...

7.3CVSS7.1AI score0.00167EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 7:15 p.m.•6 views

PYSEC-2021-750

TensorFlow is an end-to-end open source platform for machine learning. When restoring tensors via raw APIs, if the tensor name is not provided, TensorFlow can be tricked into dereferencing a null pointer. Alternatively, attackers can read memory outside the bounds of heap allocated data by...

8.4CVSS6.9AI score0.00173EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 7:15 p.m.•6 views

PYSEC-2021-749

TensorFlow is an end-to-end open source platform for machine learning. Sending invalid argument for rowpartitiontypes of tf.rawops.RaggedTensorToTensor API results in a null pointer dereference and undefined behavior. The implementation accesses the first element of a user supplied list of values...

7.8CVSS6.9AI score0.00167EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 7:15 p.m.•6 views

PYSEC-2021-560

TensorFlow is an end-to-end open source platform for machine learning. When a user does not supply arguments that determine a valid sparse tensor, tf.rawops.SparseTensorSliceDataset implementation can be made to dereference a null pointer. The implementation has some argument validation but fails...

7.7CVSS7.1AI score0.0016EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 6:15 p.m.•6 views

PYSEC-2021-764

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a crash via a floating point exception in tf.rawops.ResourceGather. The implementation computes the value of a value, batchsize, and then divides by it without checking that this...

5.5CVSS7AI score0.00152EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 6:15 p.m.•6 views

PYSEC-2021-275

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a crash via a floating point exception in tf.rawops.ResourceGather. The implementation computes the value of a value, batchsize, and then divides by it without checking that this...

5.5CVSS7AI score0.00152EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/07/30 10:15 p.m.•6 views

PYSEC-2021-875

The module AccessControl defines security policies for Python code used in restricted code within Zope applications. Restricted code is any code that resides in Zope's object database, such as the contents of Script Python objects. The policies defined in AccessControl severely restrict access to...

7.2CVSS8AI score0.02032EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2021/07/29 6:15 p.m.•6 views

PYSEC-2021-115

The package glances before 3.2.1 are vulnerable to XML External Entity XXE Injection via the use of Fault to parse untrusted XML data, which is known to be vulnerable to XML attacks...

9.8CVSS7.3AI score0.01639EPSS
Exploits1References6Affected Software1
PyPA
PyPA
•added 2021/06/30 1:15 a.m.•6 views

PYSEC-2021-110

In Plone 5.0 through 5.2.4, Editors are vulnerable to XSS in the folder contents view, if a Contributor has created a folder with a SCRIPT tag in the description field...

5.4CVSS6.3AI score0.00536EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2021/06/21 8:15 p.m.•6 views

PYSEC-2021-427

A Regular Expression Denial of Service ReDOS vulnerability was discovered in Mpmath v1.0.0 when the mpmathify function is called...

7.5CVSS7AI score0.041EPSS
Exploits1References8Affected Software1
PyPA
PyPA
•added 2021/06/10 11:15 a.m.•6 views

PYSEC-2021-97

The thefuck aka The Fuck package before 3.31 for Python allows Path Traversal that leads to arbitrary file deletion via the "undo archive operation" feature...

9.1CVSS7.1AI score0.01847EPSS
Exploits0References4Affected Software1
PyPA
PyPA
•added 2021/06/09 12:15 p.m.•6 views

PYSEC-2021-126

A flaw was found in Ansible if an ansible user sets ANSIBLEASYNCDIR to a subdirectory of a world writable directory. When this occurs, there is a race condition on the managed machine. A malicious, non-privileged account on the remote machine can exploit the race condition to access the async...

6.5AI score
Exploits0References1Affected Software1
PyPA
PyPA
•added 2021/06/07 10:15 p.m.•6 views

PYSEC-2021-89

Datasette is an open source multi-tool for exploring and publishing data. The ?trace=1 debugging feature in Datasette does not correctly escape generated HTML, resulting in a reflected cross-site scripting vulnerability. This vulnerability is particularly relevant if your Datasette installation...

7.2CVSS6.6AI score0.0096EPSS
Exploits0References6Affected Software1
PyPA
PyPA
•added 2021/06/02 4:15 p.m.•6 views

PYSEC-2021-92

An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not properly check that the block advance was non-zero, potentially leading to an infinite loop on load...

7.5CVSS7AI score0.02453EPSS
Exploits0References4Affected Software1
PyPA
PyPA
•added 2021/06/02 4:15 p.m.•6 views

PYSEC-2021-93

An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in EPSImageFile has to deal with any combination of \r and \n as line endings. It used an accidentally quadratic method of accumulating lines while looking for a line ending. A malicious EPS file could...

7.5CVSS6.9AI score0.02293EPSS
Exploits0References4Affected Software1
PyPA
PyPA
•added 2021/05/21 10:15 p.m.•6 views

PYSEC-2021-81

Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script...

9.9CVSS6.9AI score0.0204EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2021/05/21 10:15 p.m.•6 views

PYSEC-2021-82

Plone through 5.2.4 allows remote authenticated managers to conduct SSRF attacks via an event ical URL, to read one line of a file...

4.3CVSS6.8AI score0.00992EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2021/05/21 10:15 p.m.•6 views

PYSEC-2021-84

Plone through 5.2.4 allows stored XSS attacks by a Contributor by uploading an SVG or HTML document...

5.4CVSS6.1AI score0.0069EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2021/05/21 10:15 p.m.•6 views

PYSEC-2021-80

Plone through 5.2.4 allows XSS via a full name that is mishandled during rendering of the ownership tab of a content item...

5.4CVSS6.2AI score0.0065EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2021/05/21 10:15 p.m.•6 views

PYSEC-2021-85

Plone through 5.2.4 allows XSS via the inlinediff methods in Products.CMFDiffTool...

5.4CVSS6.2AI score0.00687EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2021/05/21 2:15 p.m.•6 views

PYSEC-2021-88

Zope is an open-source web application server. In Zope versions prior to 4.6 and 5.2, users can access untrusted modules indirectly through Python modules that are available for direct use. By default, only users with the Manager role can add or edit Zope Page Templates through the web, but sites...

8.8CVSS6.6AI score0.01843EPSS
Exploits1References5Affected Software1
PyPA
PyPA
•added 2021/05/14 8:15 p.m.•6 views

PYSEC-2021-675

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a runtime division by zero error and denial of service in tf.rawops.QuantizedBatchNormWithGlobalNormalization. This is because the...

5.5CVSS6.8AI score0.00189EPSS
Exploits1References2Affected Software1
Total number of security vulnerabilities4602