Lucene search
K
PypaMost viewed

5624 matches found

PyPA
PyPA
•added 2021/11/05 9:15 p.m.•6 views

PYSEC-2021-621

TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for tf.ragged.cross can trigger a read outside of bounds of heap allocated array. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1,...

7.1CVSS7.2AI score0.00201EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/11/05 9:15 p.m.•6 views

PYSEC-2021-397

TensorFlow is an open source platform for machine learning. In affected versions during TensorFlow's Grappler optimizer phase, constant folding might attempt to deep copy a resource tensor. This results in a segfault, as these tensors are supposed to not change. The fix will be included in...

5.5CVSS6.9AI score0.00136EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/11/05 9:15 p.m.•6 views

PYSEC-2021-822

TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for DeserializeSparse can trigger a null pointer dereference. This is because the shape inference function assumes that the serializesparse tensor is a tensor with positive rank and having 3 ...

5.5CVSS7.1AI score0.00181EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/11/05 9:15 p.m.•6 views

PYSEC-2021-819

TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for tf.ragged.cross can trigger a read outside of bounds of heap allocated array. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1,...

7.1CVSS7.2AI score0.00201EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/11/05 9:15 p.m.•6 views

PYSEC-2021-818

TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for QuantizeV2 can trigger a read outside of bounds of heap allocated array. This occurs whenever axis is a negative value less than -1. In this case, we are accessing data before the start o...

7.1CVSS7AI score0.00201EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/11/05 8:15 p.m.•6 views

PYSEC-2021-389

TensorFlow is an open source platform for machine learning. In affected versions the Keras pooling layers can trigger a segfault if the size of the pool is 0 or if a dimension is negative. This is due to the TensorFlow's implementation of pooling operations where the values in the sliding window...

5.5CVSS6.9AI score0.0023EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2021/11/05 8:15 p.m.•6 views

PYSEC-2021-392

TensorFlow is an open source platform for machine learning. In affected versions if tf.image.resize is called with a large input argument then the TensorFlow process will crash due to a CHECK-failure caused by an overflow. The number of elements in the output tensor is too much for the int64t typ...

5.5CVSS7.2AI score0.0023EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2021/11/05 8:15 p.m.•6 views

PYSEC-2021-806

TensorFlow is an open source platform for machine learning. In affected versions if tf.tile is called with a large input argument then the TensorFlow process will crash due to a CHECK-failure caused by an overflow. The number of elements in the output tensor is too much for the int64t type and th...

5.5CVSS7.2AI score0.0023EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2021/11/05 8:15 p.m.•6 views

PYSEC-2021-391

TensorFlow is an open source platform for machine learning. In affected versions if tf.tile is called with a large input argument then the TensorFlow process will crash due to a CHECK-failure caused by an overflow. The number of elements in the output tensor is too much for the int64t type and th...

5.5CVSS7.2AI score0.0023EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2021/11/05 8:15 p.m.•6 views

PYSEC-2021-611

TensorFlow is an open source platform for machine learning. In affeced versions during execution, EinsumHelper::ParseEquation is supposed to set the flags in inputhasellipsis vector and outputhasellipsis boolean to indicate whether there is ellipsis in the corresponding inputs and output. However...

7.8CVSS7.1AI score0.00241EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/11/05 8:15 p.m.•6 views

PYSEC-2021-809

TensorFlow is an open source platform for machine learning. In affeced versions during execution, EinsumHelper::ParseEquation is supposed to set the flags in inputhasellipsis vector and outputhasellipsis boolean to indicate whether there is ellipsis in the corresponding inputs and output. However...

7.8CVSS7.1AI score0.00241EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/11/05 8:15 p.m.•6 views

PYSEC-2021-393

TensorFlow is an open source platform for machine learning. In affected versions if tf.summary.createfilewriter is called with non-scalar arguments code crashes due to a CHECK-fail. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow...

5.5CVSS7.1AI score0.0023EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2021/11/05 8:15 p.m.•6 views

PYSEC-2021-846

TensorFlow is an open source platform for machine learning. In affected versions the implementation of tf.math.segment operations results in a CHECK-fail related abort and denial of service if a segment id in segmentids is large. This is similar to CVE-2021-29584 and similar other reported...

5.5CVSS7.1AI score0.00205EPSS
Exploits2References4Affected Software1
PyPA
PyPA
•added 2021/11/05 8:15 p.m.•6 views

PYSEC-2021-808

TensorFlow is an open source platform for machine learning. In affected versions if tf.summary.createfilewriter is called with non-scalar arguments code crashes due to a CHECK-fail. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow...

5.5CVSS7.1AI score0.0023EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2021/11/05 8:15 p.m.•6 views

PYSEC-2021-807

TensorFlow is an open source platform for machine learning. In affected versions if tf.image.resize is called with a large input argument then the TensorFlow process will crash due to a CHECK-failure caused by an overflow. The number of elements in the output tensor is too much for the int64t typ...

5.5CVSS7.2AI score0.0023EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2021/11/05 8:15 p.m.•6 views

PYSEC-2021-619

TensorFlow is an open source platform for machine learning. In affected versions the shape inference functions for SparseCountSparseOutput can trigger a read outside of bounds of heap allocated array. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow...

7.1CVSS6.9AI score0.00148EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/11/05 8:15 p.m.•6 views

PYSEC-2021-817

TensorFlow is an open source platform for machine learning. In affected versions the shape inference functions for SparseCountSparseOutput can trigger a read outside of bounds of heap allocated array. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow...

7.1CVSS6.9AI score0.00148EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/11/05 8:15 p.m.•6 views

PYSEC-2021-607

TensorFlow is an open source platform for machine learning. In affected versions TensorFlow allows tensor to have a large number of dimensions and each dimension can be as large as desired. However, the total number of elements in a tensor must fit within an int64t. If an overflow occurs,...

5.5CVSS7.1AI score0.00307EPSS
Exploits2References6Affected Software1
PyPA
PyPA
•added 2021/11/05 8:15 p.m.•6 views

PYSEC-2021-610

TensorFlow is an open source platform for machine learning. In affected versions if tf.summary.createfilewriter is called with non-scalar arguments code crashes due to a CHECK-fail. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow...

5.5CVSS7.1AI score0.0023EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2021/10/20 9:15 p.m.•6 views

PYSEC-2021-421

Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files containing serialized Python objects via directory traversal, leading to code execution...

7.8CVSS9.1AI score0.00716EPSS
Exploits1References5Affected Software1
PyPA
PyPA
•added 2021/10/18 3:15 p.m.•6 views

PYSEC-2021-377

Apache Superset up to and including 1.1 does not sanitize titles correctly on the Explore page. This allows an attacker with Explore access to save a chart with a malicious title, injecting html including scripts into the page...

5.4CVSS6.9AI score0.01602EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/10/18 3:15 p.m.•6 views

PYSEC-2021-378

Apache Superset up to and including 1.3.0 when configured with ENABLETEMPLATEPROCESSING on disabled by default allowed SQL injection when a malicious authenticated user sends an http request with a custom URL...

8.8CVSS7.9AI score0.01709EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/10/15 3:15 p.m.•6 views

PYSEC-2021-380

Ops CLI version 2.0.4 and earlier is affected by a Deserialization of Untrusted Data vulnerability to achieve arbitrary code execution when the checkoutrepo function is called on a maliciously crafted file. An attacker can leverage this to execute arbitrary code on the victim machine...

10CVSS8.2AI score0.09219EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/10/14 4:15 p.m.•6 views

PYSEC-2021-372

OMERO.web provides a web based client and plugin infrastructure. In versions prior to 5.11.0, a variety of templates do not perform proper sanitization through HTML escaping. Due to the lack of sanitization and use of jQuery.html, there are a whole host of cross-site scripting possibilities with...

9.8CVSS6AI score0.01006EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2021/10/14 4:15 p.m.•6 views

PYSEC-2021-379

OMERO.web provides a web based client and plugin infrastructure. In versions prior to 5.11.0, a variety of templates do not perform proper sanitization through HTML escaping. Due to the lack of sanitization and use of jQuery.html, there are a whole host of cross-site scripting possibilities with...

9.8CVSS6AI score0.01006EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2021/10/07 2:15 p.m.•6 views

PYSEC-2021-878

The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain :sensitive information. NOTE: the vendor has disputed this as described in https://github.com/mkdocs/mkdocs/issues/2601. and https://github.com/nisdn/CVE-2021-40978/issues/1...

7.5CVSS7AI score0.14759EPSS
Exploits2References6Affected Software1
PyPA
PyPA
•added 2021/10/07 6:15 a.m.•6 views

PYSEC-2021-357

The Unicorn framework through 0.35.3 for Django allows XSS via component.name...

5.4CVSS6.2AI score0.02524EPSS
Exploits4References2Affected Software1
PyPA
PyPA
•added 2021/10/06 6:15 p.m.•6 views

PYSEC-2021-363

Scrapy is a high-level web crawling and scraping framework for Python. If you use HttpAuthMiddleware i.e. the httpuser and httppass spider attributes for HTTP authentication, all requests will expose your credentials to the request target. This includes requests generated by Scrapy components, su...

6.5CVSS7.1AI score0.01196EPSS
Exploits0References4Affected Software1
PyPA
PyPA
•added 2021/10/04 10:15 a.m.•6 views

PYSEC-2021-429

SLO generator allows for loading of YAML files that if crafted in a specific format can allow for code execution within the context of the SLO Generator. We recommend upgrading SLO Generator past https://github.com/google/slo-generator/pull/173...

7.8CVSS7.6AI score0.0158EPSS
Exploits4References3Affected Software1
PyPA
PyPA
•added 2021/10/04 6:15 a.m.•6 views

PYSEC-2021-375

Cobbler before 3.3.0 allows authorization bypass for modification of settings...

7.5CVSS7AI score0.01307EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2021/09/30 8:15 a.m.•6 views

PYSEC-2021-350

In Shuup, versions 1.6.0 through 2.10.8 are vulnerable to reflected Cross-Site Scripting XSS that allows execution of arbitrary javascript code on a victim browser. This vulnerability exists due to the error page contents not escaped...

6.1CVSS6.5AI score0.00924EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2021/09/20 5:15 p.m.•6 views

PYSEC-2021-333

sqlparse is a non-validating SQL parser module for Python. In sqlparse versions 0.4.0 and 0.4.1 there is a regular Expression Denial of Service in sqlparse vulnerability. The regular expression may cause exponential backtracking on strings containing many repetitions of '\r\n' in SQL comments. On...

7.5CVSS7.8AI score0.02134EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/09/17 8:15 p.m.•6 views

PYSEC-2021-320

Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.19.0 and before version 0.30.0 there was a use-after-free bug when passing externrefs from the host to guest Wasm content. To trigger the bug, you have to explicitly pass multiple externrefs from the host to a...

6.3CVSS7.1AI score0.00297EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2021/09/09 3:15 p.m.•6 views

PYSEC-2021-326

The variable import endpoint was not protected by authentication in Airflow =2.0.0, =2.0.0, 2.1.3...

9.8CVSS8.1AI score0.80938EPSS
Exploits2References3Affected Software1
PyPA
PyPA
•added 2021/09/08 3:15 p.m.•6 views

PYSEC-2021-346

An issue was discovered in SaltStack Salt before 3003.3. The salt minion installer will accept and use a minion config file at C:\salt\conf if that file is in place before the installer is run. This allows for a malicious actor to subvert the proper behaviour of the given minion software...

6.4CVSS6.9AI score0.00346EPSS
Exploits0References5Affected Software1
PyPA
PyPA
•added 2021/09/03 4:15 p.m.•6 views

PYSEC-2021-317

The package pillow from 0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service ReDoS via the getrgb function...

7.5CVSS7AI score0.03154EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2021/08/31 6:15 p.m.•6 views

PYSEC-2021-361

An issue was discovered in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. Authenticated attackers can reconfigure dnsmasq via a crafted extradhcpopts value...

6.5CVSS6.9AI score0.0189EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2021/08/27 7:15 p.m.•6 views

PYSEC-2021-343

Cross Site Scripting XSS in Mezzanine v4.3.1 allows remote attackers to execute arbitrary code via the 'Description' field of the component 'admin/blog/blogpost/add/'. This issue is different than CVE-2018-16632...

6.1CVSS6.9AI score0.01119EPSS
Exploits2References2Affected Software1
PyPA
PyPA
•added 2021/08/27 7:15 p.m.•6 views

PYSEC-2021-348

Command Injection in Simiki v1.6.2.1 and prior allows remote attackers to execute arbitrary system commands via line 64 of the component 'simiki/blob/master/simiki/config.py'...

10CVSS8.1AI score0.04325EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/08/23 1:15 a.m.•6 views

PYSEC-2021-121

An XML external entity XXE injection in PyWPS before 4.5.0 allows an attacker to view files on the application server filesystem by assigning a path to the entity. OWSLib 0.24.1 may also be affected...

7.5CVSS7.3AI score0.01524EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2021/08/19 10:15 p.m.•6 views

PYSEC-2021-879

An uncontrolled memory allocation in DataBufdatasubBox.length-sizeofbox function of Exiv2 0.27 allows attackers to cause a denial of service DOS via a crafted input...

6.5CVSS6.7AI score0.01664EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2021/08/16 6:15 p.m.•6 views

PYSEC-2021-336

Unrestricted Upload of File with Dangerous Type in Django-Widgy v0.8.4 allows remote attackers to execute arbitrary code via the 'image' widget in the component 'Change Widgy Page'...

9.8CVSS8AI score0.0289EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/08/16 8:15 a.m.•6 views

PYSEC-2021-116

This affects the package bikeshed before 3.0.0. This can occur when an untrusted source file containing Inline Tag Command metadata is processed. When an arbitrary OS command is executed, the command output would be included in the HTML output...

7.8CVSS7.2AI score0.00789EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2021/08/13 12:15 a.m.•6 views

PYSEC-2021-312

TensorFlow is an end-to-end open source platform for machine learning. In affected versions when running shape functions, some functions such as MutableHashTableShape produce extra output information in the form of a ShapeAndType struct. The shapes embedded in this struct are owned by an inferenc...

6.6CVSS6.9AI score0.00163EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 11:15 p.m.•6 views

PYSEC-2021-305

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of division in TFLite is vulnerable to a division by 0 error. There is no check that the divisor tensor does not contain zero elements. We have patched the issue in GitHub commit...

5.5CVSS6.9AI score0.00154EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 11:15 p.m.•6 views

PYSEC-2021-306

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementations of pooling in TFLite are vulnerable to division by 0 errors as there are no checks for divisors not being 0. We have patched the issue in GitHub commit...

5.5CVSS6.9AI score0.00138EPSS
Exploits0References1Affected Software1
PyPA
PyPA
•added 2021/08/12 11:15 p.m.•6 views

PYSEC-2021-784

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a denial of service via a CHECK-fail in tf.rawops.MapStage. The implementation does not check that the key input is a valid non-empty tensor. We have patched the issue in GitHub...

5.5CVSS6.8AI score0.00154EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 11:15 p.m.•6 views

PYSEC-2021-779

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause denial of service in applications serving models using tf.rawops.UnravelIndex by triggering a division by 0. The implementation does not check that the tensor subsumed by dims is not...

5.5CVSS6.8AI score0.00154EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 11:15 p.m.•6 views

PYSEC-2021-294

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to tf.rawops.SdcaOptimizerV2. The implementation does not check that the length of...

5.5CVSS6.9AI score0.00172EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 11:15 p.m.•6 views

PYSEC-2021-290

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause denial of service in applications serving models using tf.rawops.UnravelIndex by triggering a division by 0. The implementation does not check that the tensor subsumed by dims is not...

5.5CVSS6.8AI score0.00154EPSS
Exploits0References2Affected Software1
Total number of security vulnerabilities5000