Lucene search
K
PypaMost viewed

7035 matches found

PyPA
PyPA
•added 2022/02/03 1:15 p.m.•7 views

PYSEC-2022-49

Tensorflow is an Open Source Machine Learning Framework. The estimator for the cost of some convolution operations can be made to execute a division by 0. The function fails to check that the stride argument is strictly positive. Hence, the fix is to add a check for the stride argument to ensure ...

6.5CVSS7.2AI score0.00783EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2022/02/03 1:15 p.m.•7 views

PYSEC-2022-104

Tensorflow is an Open Source Machine Learning Framework. The estimator for the cost of some convolution operations can be made to execute a division by 0. The function fails to check that the stride argument is strictly positive. Hence, the fix is to add a check for the stride argument to ensure ...

6.5CVSS7.2AI score0.00783EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2022/02/03 1:15 p.m.•7 views

PYSEC-2022-113

Tensorflow is an Open Source Machine Learning Framework. The implementation of MapStage is vulnerable a CHECK-fail if the key tensor is not a scalar. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as...

6.5CVSS7AI score0.00783EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2022/02/03 12:15 p.m.•7 views

PYSEC-2022-131

Tensorflow is an Open Source Machine Learning Framework. The implementations of SparseCwise ops are vulnerable to integer overflows. These can be used to trigger large allocations so, OOM based denial of service or CHECK-fails when building new TensorShape objects so, assert failures based denial...

6.5CVSS6.9AI score0.01097EPSS
Exploits1References5Affected Software1
PyPA
PyPA
•added 2022/02/03 12:15 p.m.•7 views

PYSEC-2022-76

Tensorflow is an Open Source Machine Learning Framework. The implementations of SparseCwise ops are vulnerable to integer overflows. These can be used to trigger large allocations so, OOM based denial of service or CHECK-fails when building new TensorShape objects so, assert failures based denial...

6.5CVSS6.9AI score0.01097EPSS
Exploits1References5Affected Software1
PyPA
PyPA
•added 2022/02/03 12:15 p.m.•7 views

PYSEC-2022-60

Tensorflow is an Open Source Machine Learning Framework. The implementation of SparseTensorSliceDataset has an undefined behavior: under certain condition it can be made to dereference a nullptr value. The 3 input arguments to SparseTensorSliceDataset represent a sparse tensor. However, there are...

7.6CVSS6.9AI score0.00746EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2022/02/03 11:15 a.m.•7 views

PYSEC-2022-51

Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for Dequantize is vulnerable to an integer overflow weakness. The axis argument can be -1 the default value for the optional argument or any other positive value at most the number of dimensions of the...

8.8CVSS7.6AI score0.00659EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2022/02/03 11:15 a.m.•7 views

PYSEC-2022-106

Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for Dequantize is vulnerable to an integer overflow weakness. The axis argument can be -1 the default value for the optional argument or any other positive value at most the number of dimensions of the...

8.8CVSS7.6AI score0.00659EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2022/01/31 9:15 p.m.•7 views

PYSEC-2022-24

Flask-AppBuilder is an application development framework, built on top of the Flask web framework. In affected versions there exists a user enumeration vulnerability. This vulnerability allows for a non authenticated user to enumerate existing accounts by timing the response time from the server...

5.3CVSS6.6AI score0.00953EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2022/01/28 10:15 p.m.•7 views

PYSEC-2022-21

Products.ATContentTypes are the core content types for Plone 2.1 - 4.3. Versions of Plone that are dependent on Products.ATContentTypes prior to version 3.0.6 are vulnerable to reflected cross site scripting and open redirect when an attacker can get a compromised version of the imageviewfullscre...

6.1CVSS5.9AI score0.00756EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2022/01/25 9:15 a.m.•7 views

PYSEC-2022-14

Improper Privilege Management in Conda loguru prior to 0.5.3...

4.3CVSS6.9AI score0.00758EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2022/01/18 11:15 p.m.•7 views

PYSEC-2022-43

OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions anyone with access to the chat environment can write messages disguised as another chat participant...

4.3CVSS6.9AI score0.00771EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2022/01/18 11:15 p.m.•7 views

PYSEC-2022-41

OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions The path parameter of the requested URL is not sanitized before being passed to the QT frontend. This path is used in all componen...

8.7CVSS6.8AI score0.00789EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2022/01/18 10:15 p.m.•7 views

PYSEC-2022-39

OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. Affected versions of the desktop application were found to be vulnerable to denial of service via an undisclosed vulnerability in the QT image parsing...

7.5CVSS6.9AI score0.00787EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2022/01/12 1:15 p.m.•7 views

PYSEC-2022-7

Django CMS 3.7.3 does not validate the plugintype parameter while generating error messages for an invalid plugin type, resulting in a Cross Site Scripting XSS vulnerability. The vulnerability allows an attacker to execute arbitrary JavaScript code in the web browser of the affected user...

5.4CVSS6.5AI score0.00617EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2022/01/10 2:12 p.m.•7 views

PYSEC-2022-8

pathgetbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path...

6.5CVSS7AI score0.02556EPSS
Exploits0References4Affected Software1
PyPA
PyPA
•added 2022/01/01 12:15 a.m.•7 views

PYSEC-2022-43148

Open Asset Import Library aka assimp 5.1.0 and 5.1.1 has a heap-based buffer overflow in m3dsafestr called from m3dload and Assimp::M3DWrapper::M3DWrapper...

5.5CVSS7.5AI score0.00942EPSS
Exploits1References5Affected Software1
PyPA
PyPA
•added 2022/01/01 12:15 a.m.•7 views

PYSEC-2022-25

UltraJSON aka ujson through 5.1.0 has a stack-based buffer overflow in BufferAppendIndentUnchecked called from encode. Exploitation can, for example, use a large amount of indentation...

5.5CVSS7.5AI score0.0155EPSS
Exploits1References5Affected Software1
PyPA
PyPA
•added 2021/12/25 12:15 p.m.•7 views

PYSEC-2021-869

archivy is vulnerable to Cross-Site Request Forgery CSRF...

4.3CVSS7AI score0.00382EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2021/12/15 8:15 p.m.•7 views

PYSEC-2021-873

Gradio is an open source framework for building interactive machine learning models and demos. In versions prior to 2.5.0 there is a vulnerability that affects anyone who creates and publicly shares Gradio interfaces. File paths are not restricted and users who receive a Gradio link can access an...

7.7CVSS6.6AI score0.03794EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/12/08 12:15 a.m.•7 views

PYSEC-2021-439

In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths...

7.5CVSS6.9AI score0.02295EPSS
Exploits0References5Affected Software1
PyPA
PyPA
•added 2021/11/23 12:15 a.m.•7 views

PYSEC-2021-862

Connections initialized by the AWS IoT Device SDK v2 for Java versions prior to 1.4.2, Python versions prior to 1.6.1, C++ versions prior to 1.12.7 and Node.js versions prior to 1.5.3 did not verify server certificate hostname during TLS handshake when overriding Certificate Authorities CA in the...

8.8CVSS6.8AI score0.00375EPSS
Exploits0References6Affected Software1
PyPA
PyPA
•added 2021/11/05 11:15 p.m.•7 views

PYSEC-2021-419

TensorFlow is an open source platform for machine learning. In affected versions the ImmutableConst operation in TensorFlow can be tricked into reading arbitrary memory contents. This is because the tstring TensorFlow string class has a special case for memory mapped strings but the operation...

6.6CVSS7.1AI score0.0023EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2021/11/05 11:15 p.m.•7 views

PYSEC-2021-414

TensorFlow is an open source platform for machine learning. In affected versions the implementation of SplitV can trigger a segfault is an attacker supplies negative arguments. This occurs whenever sizesplits contains more than one value and at least one value is negative. The fix will be include...

5.5CVSS6.9AI score0.00181EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/11/05 11:15 p.m.•7 views

PYSEC-2021-631

TensorFlow is an open source platform for machine learning. In affected versions the implementation of SplitV can trigger a segfault is an attacker supplies negative arguments. This occurs whenever sizesplits contains more than one value and at least one value is negative. The fix will be include...

5.5CVSS6.9AI score0.00181EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/11/05 11:15 p.m.•7 views

PYSEC-2021-827

TensorFlow is an open source platform for machine learning. In affected versions the async implementation of CollectiveReduceV2 suffers from a memory leak and a use after free. This occurs due to the asynchronous computation and the fact that objects that have been std::moved from are still...

7.8CVSS6.9AI score0.00204EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/11/05 11:15 p.m.•7 views

PYSEC-2021-832

TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's Grappler optimizer has a use of unitialized variable. If the trainnodes vector obtained from the saved model that gets optimized does not contain a Dequeue node, then dequeuenode is left unitialized. The...

7.8CVSS7AI score0.0019EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/11/05 10:15 p.m.•7 views

PYSEC-2021-815

TensorFlow is an open source platform for machine learning. In affected versions the code for boosted trees in TensorFlow is still missing validation. As a result, attackers can trigger denial of service via dereferencing nullptrs or via CHECK-failures as well as abuse undefined behavior binding...

8.8CVSS7.1AI score0.00168EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/11/05 10:15 p.m.•7 views

PYSEC-2021-843

TensorFlow is an open source platform for machine learning. In affected versions several TensorFlow operations are missing validation for the shapes of the tensor arguments involved in the call. Depending on the API, this can result in undefined behavior and segfault or CHECK-fail related crashes...

7.8CVSS7.1AI score0.00174EPSS
Exploits0References7Affected Software1
PyPA
PyPA
•added 2021/11/05 10:15 p.m.•7 views

PYSEC-2021-395

TensorFlow is an open source platform for machine learning. In affected versions while calculating the size of the output within the tf.range kernel, there is a conditional statement of type int64 = condition ? int64 : double. Due to C++ implicit conversion rules, both branches of the condition...

5.5CVSS6.8AI score0.00202EPSS
Exploits0References5Affected Software1
PyPA
PyPA
•added 2021/11/05 10:15 p.m.•7 views

PYSEC-2021-400

TensorFlow is an open source platform for machine learning. In affected versions the code for boosted trees in TensorFlow is still missing validation. As a result, attackers can trigger denial of service via dereferencing nullptrs or via CHECK-failures as well as abuse undefined behavior binding...

8.8CVSS7.1AI score0.00168EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/11/05 10:15 p.m.•7 views

PYSEC-2021-399

TensorFlow is an open source platform for machine learning. In affected versions the implementation of ParallelConcat misses some input validation and can produce a division by 0. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow...

5.5CVSS6.9AI score0.00136EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/11/05 10:15 p.m.•7 views

PYSEC-2021-845

TensorFlow is an open source platform for machine learning. In affected versions several TensorFlow operations are missing validation for the shapes of the tensor arguments involved in the call. Depending on the API, this can result in undefined behavior and segfault or CHECK-fail related crashes...

7.8CVSS7.1AI score0.00174EPSS
Exploits0References7Affected Software1
PyPA
PyPA
•added 2021/11/05 9:15 p.m.•7 views

PYSEC-2021-819

TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for tf.ragged.cross can trigger a read outside of bounds of heap allocated array. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1,...

7.1CVSS7.2AI score0.00201EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/11/05 9:15 p.m.•7 views

PYSEC-2021-824

TensorFlow is an open source platform for machine learning. In affected versions the process of building the control flow graph for a TensorFlow model is vulnerable to a null pointer exception when nodes that should be paired are not. This occurs because the code assumes that the first node in th...

5.5CVSS7.1AI score0.00181EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/11/05 9:15 p.m.•7 views

PYSEC-2021-831

TensorFlow is an open source platform for machine learning. In affected versions the implementation of SparseFillEmptyRows can be made to trigger a heap OOB access. This occurs whenever the size of indices does not match the size of values. The fix will be included in TensorFlow 2.7.0. We will al...

7.1CVSS6.9AI score0.00201EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/11/05 9:15 p.m.•7 views

PYSEC-2021-418

TensorFlow is an open source platform for machine learning. In affected versions the implementation of SparseBinCount is vulnerable to a heap OOB access. This is because of missing validation between the elements of the values argument and the shape of the sparse output. The fix will be included ...

7.1CVSS6.9AI score0.00201EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/11/05 9:15 p.m.•7 views

PYSEC-2021-830

TensorFlow is an open source platform for machine learning. In affected versions the implementation of FusedBatchNorm kernels is vulnerable to a heap OOB access. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow...

7.1CVSS7AI score0.00201EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/11/05 9:15 p.m.•7 views

PYSEC-2021-628

TensorFlow is an open source platform for machine learning. In affected versions the code for sparse matrix multiplication is vulnerable to undefined behavior via binding a reference to nullptr. This occurs whenever the dimensions of a or b are 0 or less. In the case on one of these is 0, an empt...

7.8CVSS7.2AI score0.00204EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/11/05 9:15 p.m.•7 views

PYSEC-2021-621

TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for tf.ragged.cross can trigger a read outside of bounds of heap allocated array. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1,...

7.1CVSS7.2AI score0.00201EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/11/05 9:15 p.m.•7 views

PYSEC-2021-818

TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for QuantizeV2 can trigger a read outside of bounds of heap allocated array. This occurs whenever axis is a negative value less than -1. In this case, we are accessing data before the start o...

7.1CVSS7AI score0.00201EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/11/05 9:15 p.m.•7 views

PYSEC-2021-403

TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for QuantizeV2 can trigger a read outside of bounds of heap allocated array. This occurs whenever axis is a negative value less than -1. In this case, we are accessing data before the start o...

7.1CVSS7AI score0.00201EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/11/05 9:15 p.m.•7 views

PYSEC-2021-822

TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for DeserializeSparse can trigger a null pointer dereference. This is because the shape inference function assumes that the serializesparse tensor is a tensor with positive rank and having 3 ...

5.5CVSS7.1AI score0.00181EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/11/05 8:15 p.m.•7 views

PYSEC-2021-804

TensorFlow is an open source platform for machine learning. In affected versions the Keras pooling layers can trigger a segfault if the size of the pool is 0 or if a dimension is negative. This is due to the TensorFlow's implementation of pooling operations where the values in the sliding window...

5.5CVSS6.9AI score0.0023EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2021/11/05 8:15 p.m.•7 views

PYSEC-2021-610

TensorFlow is an open source platform for machine learning. In affected versions if tf.summary.createfilewriter is called with non-scalar arguments code crashes due to a CHECK-fail. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow...

5.5CVSS7.1AI score0.0023EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2021/11/05 8:15 p.m.•7 views

PYSEC-2021-393

TensorFlow is an open source platform for machine learning. In affected versions if tf.summary.createfilewriter is called with non-scalar arguments code crashes due to a CHECK-fail. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow...

5.5CVSS7.1AI score0.0023EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2021/11/05 8:15 p.m.•7 views

PYSEC-2021-606

TensorFlow is an open source platform for machine learning. In affected versions the Keras pooling layers can trigger a segfault if the size of the pool is 0 or if a dimension is negative. This is due to the TensorFlow's implementation of pooling operations where the values in the sliding window...

5.5CVSS6.9AI score0.0023EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2021/11/05 8:15 p.m.•7 views

PYSEC-2021-389

TensorFlow is an open source platform for machine learning. In affected versions the Keras pooling layers can trigger a segfault if the size of the pool is 0 or if a dimension is negative. This is due to the TensorFlow's implementation of pooling operations where the values in the sliding window...

5.5CVSS6.9AI score0.0023EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2021/11/05 8:15 p.m.•7 views

PYSEC-2021-805

TensorFlow is an open source platform for machine learning. In affected versions TensorFlow allows tensor to have a large number of dimensions and each dimension can be as large as desired. However, the total number of elements in a tensor must fit within an int64t. If an overflow occurs,...

5.5CVSS7.1AI score0.00307EPSS
Exploits2References6Affected Software1
PyPA
PyPA
•added 2021/11/05 8:15 p.m.•7 views

PYSEC-2021-806

TensorFlow is an open source platform for machine learning. In affected versions if tf.tile is called with a large input argument then the TensorFlow process will crash due to a CHECK-failure caused by an overflow. The number of elements in the output tensor is too much for the int64t type and th...

5.5CVSS7.2AI score0.0023EPSS
Exploits1References3Affected Software1
Total number of security vulnerabilities5000