Lucene search
K
PypaMost viewed

5624 matches found

PyPA
PyPA
•added 2022/02/03 2:15 p.m.•6 views

PYSEC-2022-118

Tensorflow is an Open Source Machine Learning Framework. The implementation of QuantizedMaxPool has an undefined behavior where user controlled inputs can trigger a reference binding to null pointer. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow...

6.5CVSS6.9AI score0.00783EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2022/02/03 2:15 p.m.•6 views

PYSEC-2022-61

Tensorflow is an Open Source Machine Learning Framework. The implementation of Bincount operations allows malicious users to cause denial of service by passing in arguments which would trigger a CHECK-fail. There are several conditions that the input arguments must satisfy. Some are not caught...

6.5CVSS6.7AI score0.00783EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2022/02/03 1:15 p.m.•6 views

PYSEC-2022-113

Tensorflow is an Open Source Machine Learning Framework. The implementation of MapStage is vulnerable a CHECK-fail if the key tensor is not a scalar. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as...

6.5CVSS7AI score0.00783EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2022/02/03 1:15 p.m.•6 views

PYSEC-2022-133

Tensorflow is an Open Source Machine Learning Framework. Multiple operations in TensorFlow can be used to trigger a denial of service via CHECK-fails i.e., assertion failures. This is similar to TFSA-2021-198 and has similar fixes. We have patched the reported issues in multiple GitHub commits. I...

6.5CVSS7AI score0.00458EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2022/02/03 1:15 p.m.•6 views

PYSEC-2022-59

Tensorflow is an Open Source Machine Learning Framework. The implementation of FractionalMaxPool can be made to crash a TensorFlow process via a division by 0. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow...

6.5CVSS6.9AI score0.00783EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2022/02/03 1:15 p.m.•6 views

PYSEC-2022-58

Tensorflow is an Open Source Machine Learning Framework. The implementation of MapStage is vulnerable a CHECK-fail if the key tensor is not a scalar. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as...

6.5CVSS7AI score0.00783EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2022/02/03 1:15 p.m.•6 views

PYSEC-2022-108

Tensorflow is an Open Source Machine Learning Framework. The implementation of UnravelIndex is vulnerable to a division by zero caused by an integer overflow bug. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlo...

6.5CVSS7.2AI score0.00783EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2022/02/03 1:15 p.m.•6 views

PYSEC-2022-114

Tensorflow is an Open Source Machine Learning Framework. The implementation of FractionalMaxPool can be made to crash a TensorFlow process via a division by 0. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow...

6.5CVSS6.9AI score0.00783EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2022/02/03 12:15 p.m.•6 views

PYSEC-2022-77

Tensorflow is an Open Source Machine Learning Framework. The implementation of AddManySparseToTensorsMap is vulnerable to an integer overflow which results in a CHECK-fail when building new TensorShape objects so, an assert failure based denial of service. We are missing some validation on the...

6.5CVSS7.1AI score0.008EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2022/02/03 12:15 p.m.•6 views

PYSEC-2022-55

Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for ConcatV2 can be used to trigger a denial of service attack via a segfault caused by a type confusion. The axis argument is translated into concatdim in the ConcatShapeHelper helper function. Then, a...

6.5CVSS6.8AI score0.00845EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2022/02/03 12:15 p.m.•6 views

PYSEC-2022-57

Tensorflow is an Open Source Machine Learning Framework. The implementation of StringNGrams can be used to trigger a denial of service attack by causing an out of memory condition after an integer overflow. We are missing a validation on padwitdh and that result in computing a negative value for...

6.5CVSS6.8AI score0.00821EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2022/02/03 12:15 p.m.•6 views

PYSEC-2022-110

Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for ConcatV2 can be used to trigger a denial of service attack via a segfault caused by a type confusion. The axis argument is translated into concatdim in the ConcatShapeHelper helper function. Then, a...

6.5CVSS6.8AI score0.00845EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2022/02/03 12:15 p.m.•6 views

PYSEC-2022-132

Tensorflow is an Open Source Machine Learning Framework. The implementation of AddManySparseToTensorsMap is vulnerable to an integer overflow which results in a CHECK-fail when building new TensorShape objects so, an assert failure based denial of service. We are missing some validation on the...

6.5CVSS7.1AI score0.008EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2022/02/03 2:15 a.m.•6 views

PYSEC-2022-20

An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2. Passing certain inputs to multipart forms could result in an infinite loop when parsing files...

7.5CVSS7AI score0.49246EPSS
Exploits0References4Affected Software1
PyPA
PyPA
•added 2022/02/01 2:15 p.m.•6 views

PYSEC-2022-36

Apache Superset up to and including 1.3.2 allowed for registered database connections password leak for authenticated users. This information could be accessed in a non-trivial way. Users should upgrade to Apache Superset 1.4.0 or higher...

6.5CVSS6.7AI score0.07863EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2022/01/28 10:15 p.m.•6 views

PYSEC-2022-18

Cross-site Scripting XSS - Reflected in Pypi calibreweb prior to 0.6.16...

8.5CVSS6.3AI score0.00853EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2022/01/26 2:15 p.m.•6 views

PYSEC-2022-48

Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend upgrading to...

6.5CVSS6.9AI score0.0266EPSS
Exploits0References4Affected Software1
PyPA
PyPA
•added 2022/01/19 10:15 p.m.•6 views

PYSEC-2022-12

IPython Interactive Python is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Affected versions are subject to an arbitrary code execution vulnerability achieved by not properly managing cross user temporary...

8.8CVSS9.6AI score0.00657EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2022/01/18 11:15 p.m.•6 views

PYSEC-2022-45

OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. The website mode of the onionshare allows to use a hardened CSP, which will block any scripts and external resources. It is not possible to configure...

5.3CVSS6.8AI score0.01248EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2022/01/18 10:15 p.m.•6 views

PYSEC-2022-44

OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions an adversary with a primitive that allows for filesystem access from the context of the Onionshare process can access sensitive...

6.5CVSS6.6AI score0.01129EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2022/01/18 3:15 p.m.•6 views

PYSEC-2022-43181

In Ericsson CodeChecker through 6.18.0, a Stored Cross-site scripting XSS vulnerability in the comments component of the reports viewer allows remote attackers to inject arbitrary web script or HTML via the POST JSON data of the /CodeCheckerService API...

6.1CVSS6.5AI score0.01626EPSS
Exploits1References5
PyPA
PyPA
•added 2022/01/10 9:15 p.m.•6 views

PYSEC-2022-6

pipenv is a Python development workflow tool. Starting with version 2018.10.9 and prior to version 2022.1.8, a flaw in pipenv's parsing of requirements files allows an attacker to insert a specially crafted string inside a comment anywhere within a requirements.txt file, which will cause victims...

9.3CVSS7.8AI score0.03897EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2022/01/10 2:12 p.m.•6 views

PYSEC-2022-9

pathgetbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path...

6.5CVSS7.2AI score0.01957EPSS
Exploits0References4Affected Software1
PyPA
PyPA
•added 2022/01/10 2:12 p.m.•6 views

PYSEC-2022-10

PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method...

9.8CVSS7.1AI score0.03399EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2022/01/05 12:15 a.m.•6 views

PYSEC-2022-3

Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1 allows directory traversal if crafted filenames are directly passed to it...

5.3CVSS7AI score0.02388EPSS
Exploits0References4Affected Software1
PyPA
PyPA
•added 2022/01/04 3:15 p.m.•6 views

PYSEC-2022-5

nltk is vulnerable to Inefficient Regular Expression Complexity...

7.5CVSS7AI score0.01461EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2021/12/27 7:15 p.m.•6 views

PYSEC-2021-867

Gerapy is a distributed crawler management framework. Gerapy prior to version 0.9.8 is vulnerable to remote code execution, and this issue is patched in version 0.9.8...

9.8CVSS7.7AI score0.55331EPSS
Exploits7References4Affected Software1
PyPA
PyPA
•added 2021/12/25 12:15 p.m.•6 views

PYSEC-2021-869

archivy is vulnerable to Cross-Site Request Forgery CSRF...

4.3CVSS7AI score0.00382EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2021/12/17 9:15 p.m.•6 views

PYSEC-2021-880

Null pointer reference in CMSConservativeincrementobj in RaRe-Technologies bounter version 1.01 and 1.10, allows attackers to conduct Denial of Service attacks by inputting a huge width of hash bucket...

7.5CVSS6.9AI score0.01037EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2021/12/17 9:15 p.m.•6 views

PYSEC-2021-870

Incomplete string comparison vulnerability exits in cvxopt.org cvxop = 1.2.6 in APIs cvxopt.cholmod.diag, cvxopt.cholmod.getfactor, cvxopt.cholmod.solve, cvxopt.cholmod.spsolve, which allows attackers to conduct Denial of Service attacks by construct fake Capsule objects...

7.5CVSS6.9AI score0.01184EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2021/12/17 8:15 p.m.•6 views

PYSEC-2021-857

Buffer overflow in the arrayfrompyobj function of fortranobject.c in NumPy 1.19, which allows attackers to conduct a Denial of Service attacks by carefully constructing an array with negative values...

5.5CVSS7.2AI score0.00368EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/12/17 8:15 p.m.•6 views

PYSEC-2021-856

Null Pointer Dereference vulnerability exists in numpy.sort in NumPy and 1.19 in the PyArrayDescrNew function due to missing return-value validation, which allows attackers to conduct DoS attacks by repetitively creating sort arrays...

5.3CVSS6.9AI score0.01154EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/12/15 8:15 p.m.•6 views

PYSEC-2021-873

Gradio is an open source framework for building interactive machine learning models and demos. In versions prior to 2.5.0 there is a vulnerability that affects anyone who creates and publicly shares Gradio interfaces. File paths are not restricted and users who receive a Gradio link can access an...

7.7CVSS6.6AI score0.03794EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/12/01 2:15 p.m.•6 views

PYSEC-2021-841

In CKAN, versions 2.9.0 to 2.9.3 are affected by a stored XSS vulnerability via SVG file upload of users’ profile picture. This allows low privileged application users to store malicious scripts in their profile picture. These scripts are executed in a victim’s browser when they open the maliciou...

5.4CVSS6.2AI score0.00493EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/11/23 8:15 p.m.•6 views

PYSEC-2021-850

In Django-wiki, versions 0.0.20 to 0.7.8 are vulnerable to Stored Cross-Site Scripting XSS in Notifications Section. An attacker who has access to edit pages can inject JavaScript payload in the title field. When a victim gets a notification regarding the changes made in the application, the...

5.4CVSS5.6AI score0.00583EPSS
Exploits0References5Affected Software1
PyPA
PyPA
•added 2021/11/05 11:15 p.m.•6 views

PYSEC-2021-625

TensorFlow is an open source platform for machine learning. In affected versions the shape inference function for Transpose is vulnerable to a heap buffer overflow. This occurs whenever perm contains negative elements. The shape inference function does not validate that the indices in perm are al...

7.8CVSS7.3AI score0.00156EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/11/05 11:15 p.m.•6 views

PYSEC-2021-634

TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's Grappler optimizer has a use of unitialized variable. If the trainnodes vector obtained from the saved model that gets optimized does not contain a Dequeue node, then dequeuenode is left unitialized. The...

7.8CVSS7AI score0.0019EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/11/05 11:15 p.m.•6 views

PYSEC-2021-414

TensorFlow is an open source platform for machine learning. In affected versions the implementation of SplitV can trigger a segfault is an attacker supplies negative arguments. This occurs whenever sizesplits contains more than one value and at least one value is negative. The fix will be include...

5.5CVSS6.9AI score0.00181EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/11/05 11:15 p.m.•6 views

PYSEC-2021-827

TensorFlow is an open source platform for machine learning. In affected versions the async implementation of CollectiveReduceV2 suffers from a memory leak and a use after free. This occurs due to the asynchronous computation and the fact that objects that have been std::moved from are still...

7.8CVSS6.9AI score0.00204EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/11/05 11:15 p.m.•6 views

PYSEC-2021-832

TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's Grappler optimizer has a use of unitialized variable. If the trainnodes vector obtained from the saved model that gets optimized does not contain a Dequeue node, then dequeuenode is left unitialized. The...

7.8CVSS7AI score0.0019EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/11/05 11:15 p.m.•6 views

PYSEC-2021-419

TensorFlow is an open source platform for machine learning. In affected versions the ImmutableConst operation in TensorFlow can be tricked into reading arbitrary memory contents. This is because the tstring TensorFlow string class has a special case for memory mapped strings but the operation...

6.6CVSS7.1AI score0.0023EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2021/11/05 10:15 p.m.•6 views

PYSEC-2021-847

TensorFlow is an open source platform for machine learning. In affected versions several TensorFlow operations are missing validation for the shapes of the tensor arguments involved in the call. Depending on the API, this can result in undefined behavior and segfault or CHECK-fail related crashes...

7.8CVSS7.1AI score0.00174EPSS
Exploits0References7Affected Software1
PyPA
PyPA
•added 2021/11/05 10:15 p.m.•6 views

PYSEC-2021-810

TensorFlow is an open source platform for machine learning. In affected versions while calculating the size of the output within the tf.range kernel, there is a conditional statement of type int64 = condition ? int64 : double. Due to C++ implicit conversion rules, both branches of the condition...

5.5CVSS6.8AI score0.00202EPSS
Exploits0References5Affected Software1
PyPA
PyPA
•added 2021/11/05 10:15 p.m.•6 views

PYSEC-2021-816

TensorFlow is an open source platform for machine learning. In affected versions the implementations for convolution operators trigger a division by 0 if passed empty filter tensor arguments. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1,...

5.5CVSS6.9AI score0.00136EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/11/05 10:15 p.m.•6 views

PYSEC-2021-618

TensorFlow is an open source platform for machine learning. In affected versions the implementations for convolution operators trigger a division by 0 if passed empty filter tensor arguments. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1,...

5.5CVSS6.9AI score0.00136EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/11/05 10:15 p.m.•6 views

PYSEC-2021-401

TensorFlow is an open source platform for machine learning. In affected versions the implementations for convolution operators trigger a division by 0 if passed empty filter tensor arguments. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1,...

5.5CVSS6.9AI score0.00136EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/11/05 10:15 p.m.•6 views

PYSEC-2021-815

TensorFlow is an open source platform for machine learning. In affected versions the code for boosted trees in TensorFlow is still missing validation. As a result, attackers can trigger denial of service via dereferencing nullptrs or via CHECK-failures as well as abuse undefined behavior binding...

8.8CVSS7.1AI score0.00168EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/11/05 9:15 p.m.•6 views

PYSEC-2021-812

TensorFlow is an open source platform for machine learning. In affected versions during TensorFlow's Grappler optimizer phase, constant folding might attempt to deep copy a resource tensor. This results in a segfault, as these tensors are supposed to not change. The fix will be included in...

5.5CVSS6.9AI score0.00136EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/11/05 9:15 p.m.•6 views

PYSEC-2021-826

TensorFlow is an open source platform for machine learning. In affected versions the code for sparse matrix multiplication is vulnerable to undefined behavior via binding a reference to nullptr. This occurs whenever the dimensions of a or b are 0 or less. In the case on one of these is 0, an empt...

7.8CVSS7.2AI score0.00204EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/11/05 9:15 p.m.•6 views

PYSEC-2021-623

TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for tf.ragged.cross has an undefined behavior due to binding a reference to nullptr. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1,...

7.8CVSS7.2AI score0.0021EPSS
Exploits1References2Affected Software1
Total number of security vulnerabilities5000