Lucene search
K
PypaMost viewed

5616 matches found

PyPA
PyPA
added 2021/12/17 7:15 p.m.5 views

PYSEC-2021-855

Incomplete string comparison in the numpy.core component in NumPy1.9.x, which allows attackers to fail the APIs via constructing specific string objects...

5.3CVSS6.9AI score0.01561EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/12/01 11:15 a.m.5 views

PYSEC-2021-438

django-helpdesk is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...

9.6CVSS6.7AI score0.01354EPSS
Exploits1References3Affected Software1
PyPA
PyPA
added 2021/11/23 9:15 p.m.5 views

PYSEC-2021-839

Aim is an open-source, self-hosted machine learning experiment tracking tool. Versions of Aim prior to 3.1.0 are vulnerable to a path traversal attack. By manipulating variables that reference files with “dot-dot-slash ../� sequences and its variations or by using absolute file paths, it may ...

8.6CVSS7.1AI score0.01846EPSS
Exploits1References5Affected Software1
PyPA
PyPA
added 2021/11/23 8:15 p.m.5 views

PYSEC-2021-850

In Django-wiki, versions 0.0.20 to 0.7.8 are vulnerable to Stored Cross-Site Scripting XSS in Notifications Section. An attacker who has access to edit pages can inject JavaScript payload in the title field. When a victim gets a notification regarding the changes made in the application, the...

5.4CVSS5.6AI score0.00583EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2021/11/19 12:15 p.m.5 views

PYSEC-2021-431

django-helpdesk is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...

8.8CVSS6.7AI score0.00778EPSS
Exploits1References3Affected Software1
PyPA
PyPA
added 2021/11/17 3:15 p.m.5 views

PYSEC-2021-435

Improper output neutralization for Logs. A specific Apache Superset HTTP endpoint allowed for an authenticated user to forge log entries or inject malicious content into logs...

6.5CVSS6.8AI score0.01761EPSS
Exploits0References3Affected Software1
PyPA
PyPA
added 2021/11/05 11:15 p.m.5 views

PYSEC-2021-832

TensorFlow is an open source platform for machine learning. In affected versions TensorFlow's Grappler optimizer has a use of unitialized variable. If the trainnodes vector obtained from the saved model that gets optimized does not contain a Dequeue node, then dequeuenode is left unitialized. The...

7.8CVSS7AI score0.0019EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/11/05 11:15 p.m.5 views

PYSEC-2021-631

TensorFlow is an open source platform for machine learning. In affected versions the implementation of SplitV can trigger a segfault is an attacker supplies negative arguments. This occurs whenever sizesplits contains more than one value and at least one value is negative. The fix will be include...

5.5CVSS6.9AI score0.00181EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/11/05 11:15 p.m.5 views

PYSEC-2021-827

TensorFlow is an open source platform for machine learning. In affected versions the async implementation of CollectiveReduceV2 suffers from a memory leak and a use after free. This occurs due to the asynchronous computation and the fact that objects that have been std::moved from are still...

7.8CVSS6.9AI score0.00204EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/11/05 11:15 p.m.5 views

PYSEC-2021-828

TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for the Cudnn operations in TensorFlow can be tricked into accessing invalid memory, via a heap buffer overflow. This occurs because the ranks of the input, inputh and inputc parameters are n...

7.8CVSS7.5AI score0.00214EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/11/05 11:15 p.m.5 views

PYSEC-2021-636

TensorFlow is an open source platform for machine learning. In affected versions the ImmutableConst operation in TensorFlow can be tricked into reading arbitrary memory contents. This is because the tstring TensorFlow string class has a special case for memory mapped strings but the operation...

6.6CVSS7.1AI score0.0023EPSS
Exploits1References3Affected Software1
PyPA
PyPA
added 2021/11/05 11:15 p.m.5 views

PYSEC-2021-413

TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for the Cudnn operations in TensorFlow can be tricked into accessing invalid memory, via a heap buffer overflow. This occurs because the ranks of the input, inputh and inputc parameters are n...

7.8CVSS7.5AI score0.00214EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/11/05 11:15 p.m.5 views

PYSEC-2021-834

TensorFlow is an open source platform for machine learning. In affected versions the ImmutableConst operation in TensorFlow can be tricked into reading arbitrary memory contents. This is because the tstring TensorFlow string class has a special case for memory mapped strings but the operation...

6.6CVSS7.1AI score0.0023EPSS
Exploits1References3Affected Software1
PyPA
PyPA
added 2021/11/05 11:15 p.m.5 views

PYSEC-2021-419

TensorFlow is an open source platform for machine learning. In affected versions the ImmutableConst operation in TensorFlow can be tricked into reading arbitrary memory contents. This is because the tstring TensorFlow string class has a special case for memory mapped strings but the operation...

6.6CVSS7.1AI score0.0023EPSS
Exploits1References3Affected Software1
PyPA
PyPA
added 2021/11/05 11:15 p.m.5 views

PYSEC-2021-408

TensorFlow is an open source platform for machine learning. In affected versions the shape inference function for Transpose is vulnerable to a heap buffer overflow. This occurs whenever perm contains negative elements. The shape inference function does not validate that the indices in perm are al...

7.8CVSS7.3AI score0.00156EPSS
Exploits0References2Affected Software1
PyPA
PyPA
added 2021/11/05 10:15 p.m.5 views

PYSEC-2021-399

TensorFlow is an open source platform for machine learning. In affected versions the implementation of ParallelConcat misses some input validation and can produce a division by 0. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow...

5.5CVSS6.9AI score0.00136EPSS
Exploits0References2Affected Software1
PyPA
PyPA
added 2021/11/05 10:15 p.m.5 views

PYSEC-2021-843

TensorFlow is an open source platform for machine learning. In affected versions several TensorFlow operations are missing validation for the shapes of the tensor arguments involved in the call. Depending on the API, this can result in undefined behavior and segfault or CHECK-fail related crashes...

7.8CVSS7.1AI score0.00174EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added 2021/11/05 10:15 p.m.5 views

PYSEC-2021-627

TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for AllToAll can be made to execute a division by 0. This occurs whenever the splitcount argument is 0. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on...

5.5CVSS7.4AI score0.00128EPSS
Exploits0References2Affected Software1
PyPA
PyPA
added 2021/11/05 10:15 p.m.5 views

PYSEC-2021-395

TensorFlow is an open source platform for machine learning. In affected versions while calculating the size of the output within the tf.range kernel, there is a conditional statement of type int64 = condition ? int64 : double. Due to C++ implicit conversion rules, both branches of the condition...

5.5CVSS6.8AI score0.00202EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2021/11/05 10:15 p.m.5 views

PYSEC-2021-815

TensorFlow is an open source platform for machine learning. In affected versions the code for boosted trees in TensorFlow is still missing validation. As a result, attackers can trigger denial of service via dereferencing nullptrs or via CHECK-failures as well as abuse undefined behavior binding...

8.8CVSS7.1AI score0.00168EPSS
Exploits0References2Affected Software1
PyPA
PyPA
added 2021/11/05 10:15 p.m.5 views

PYSEC-2021-816

TensorFlow is an open source platform for machine learning. In affected versions the implementations for convolution operators trigger a division by 0 if passed empty filter tensor arguments. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1,...

5.5CVSS6.9AI score0.00136EPSS
Exploits0References2Affected Software1
PyPA
PyPA
added 2021/11/05 10:15 p.m.5 views

PYSEC-2021-401

TensorFlow is an open source platform for machine learning. In affected versions the implementations for convolution operators trigger a division by 0 if passed empty filter tensor arguments. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1,...

5.5CVSS6.9AI score0.00136EPSS
Exploits0References2Affected Software1
PyPA
PyPA
added 2021/11/05 10:15 p.m.5 views

PYSEC-2021-814

TensorFlow is an open source platform for machine learning. In affected versions the implementation of ParallelConcat misses some input validation and can produce a division by 0. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow...

5.5CVSS6.9AI score0.00136EPSS
Exploits0References2Affected Software1
PyPA
PyPA
added 2021/11/05 10:15 p.m.5 views

PYSEC-2021-616

TensorFlow is an open source platform for machine learning. In affected versions the implementation of ParallelConcat misses some input validation and can produce a division by 0. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow...

5.5CVSS6.9AI score0.00136EPSS
Exploits0References2Affected Software1
PyPA
PyPA
added 2021/11/05 9:15 p.m.5 views

PYSEC-2021-404

TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for tf.ragged.cross can trigger a read outside of bounds of heap allocated array. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1,...

7.1CVSS7.2AI score0.00201EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/11/05 9:15 p.m.5 views

PYSEC-2021-811

TensorFlow is an open source platform for machine learning. In affected versions an attacker can trigger undefined behavior, integer overflows, segfaults and CHECK-fail crashes if they can change saved checkpoints from outside of TensorFlow. This is because the checkpoints loading infrastructure ...

7.8CVSS6.9AI score0.00183EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2021/11/05 9:15 p.m.5 views

PYSEC-2021-614

TensorFlow is an open source platform for machine learning. In affected versions during TensorFlow's Grappler optimizer phase, constant folding might attempt to deep copy a resource tensor. This results in a segfault, as these tensors are supposed to not change. The fix will be included in...

5.5CVSS6.9AI score0.00136EPSS
Exploits0References2Affected Software1
PyPA
PyPA
added 2021/11/05 9:15 p.m.5 views

PYSEC-2021-821

TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for tf.ragged.cross has an undefined behavior due to binding a reference to nullptr. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1,...

7.8CVSS7.2AI score0.0021EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/11/05 9:15 p.m.5 views

PYSEC-2021-819

TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for tf.ragged.cross can trigger a read outside of bounds of heap allocated array. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1,...

7.1CVSS7.2AI score0.00201EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/11/05 9:15 p.m.5 views

PYSEC-2021-831

TensorFlow is an open source platform for machine learning. In affected versions the implementation of SparseFillEmptyRows can be made to trigger a heap OOB access. This occurs whenever the size of indices does not match the size of values. The fix will be included in TensorFlow 2.7.0. We will al...

7.1CVSS6.9AI score0.00201EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/11/05 9:15 p.m.5 views

PYSEC-2021-824

TensorFlow is an open source platform for machine learning. In affected versions the process of building the control flow graph for a TensorFlow model is vulnerable to a null pointer exception when nodes that should be paired are not. This occurs because the code assumes that the first node in th...

5.5CVSS7.1AI score0.00181EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/11/05 9:15 p.m.5 views

PYSEC-2021-396

TensorFlow is an open source platform for machine learning. In affected versions an attacker can trigger undefined behavior, integer overflows, segfaults and CHECK-fail crashes if they can change saved checkpoints from outside of TensorFlow. This is because the checkpoints loading infrastructure ...

7.8CVSS6.9AI score0.00183EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2021/11/05 9:15 p.m.5 views

PYSEC-2021-615

TensorFlow is an open source platform for machine learning. In affected versions the shape inference functions for the QuantizeAndDequantizeV operations can trigger a read outside of bounds of heap allocated array. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit ...

7.1CVSS6.9AI score0.00148EPSS
Exploits0References2Affected Software1
PyPA
PyPA
added 2021/11/05 9:15 p.m.5 views

PYSEC-2021-818

TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for QuantizeV2 can trigger a read outside of bounds of heap allocated array. This occurs whenever axis is a negative value less than -1. In this case, we are accessing data before the start o...

7.1CVSS7AI score0.00201EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/11/05 8:15 p.m.5 views

PYSEC-2021-390

TensorFlow is an open source platform for machine learning. In affected versions TensorFlow allows tensor to have a large number of dimensions and each dimension can be as large as desired. However, the total number of elements in a tensor must fit within an int64t. If an overflow occurs,...

5.5CVSS7.1AI score0.00307EPSS
Exploits2References6Affected Software1
PyPA
PyPA
added 2021/11/05 8:15 p.m.5 views

PYSEC-2021-846

TensorFlow is an open source platform for machine learning. In affected versions the implementation of tf.math.segment operations results in a CHECK-fail related abort and denial of service if a segment id in segmentids is large. This is similar to CVE-2021-29584 and similar other reported...

5.5CVSS7.1AI score0.00205EPSS
Exploits2References4Affected Software1
PyPA
PyPA
added 2021/11/05 8:15 p.m.5 views

PYSEC-2021-606

TensorFlow is an open source platform for machine learning. In affected versions the Keras pooling layers can trigger a segfault if the size of the pool is 0 or if a dimension is negative. This is due to the TensorFlow's implementation of pooling operations where the values in the sliding window...

5.5CVSS6.9AI score0.0023EPSS
Exploits1References3Affected Software1
PyPA
PyPA
added 2021/11/05 8:15 p.m.5 views

PYSEC-2021-389

TensorFlow is an open source platform for machine learning. In affected versions the Keras pooling layers can trigger a segfault if the size of the pool is 0 or if a dimension is negative. This is due to the TensorFlow's implementation of pooling operations where the values in the sliding window...

5.5CVSS6.9AI score0.0023EPSS
Exploits1References3Affected Software1
PyPA
PyPA
added 2021/11/05 8:15 p.m.5 views

PYSEC-2021-610

TensorFlow is an open source platform for machine learning. In affected versions if tf.summary.createfilewriter is called with non-scalar arguments code crashes due to a CHECK-fail. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow...

5.5CVSS7.1AI score0.0023EPSS
Exploits1References3Affected Software1
PyPA
PyPA
added 2021/11/05 8:15 p.m.5 views

PYSEC-2021-402

TensorFlow is an open source platform for machine learning. In affected versions the shape inference functions for SparseCountSparseOutput can trigger a read outside of bounds of heap allocated array. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow...

7.1CVSS6.9AI score0.00148EPSS
Exploits0References2Affected Software1
PyPA
PyPA
added 2021/11/04 6:15 p.m.5 views

PYSEC-2021-386

JupyterHub is an open source multi-user server for Jupyter notebooks. In affected versions users who have multiple JupyterLab tabs open in the same browser session, may see incomplete logout from the single-user server, as fresh credentials for the single-user server only, not the Hub reinstated...

7.5CVSS6.9AI score0.00778EPSS
Exploits0References2Affected Software1
PyPA
PyPA
added 2021/10/26 11:15 a.m.5 views

PYSEC-2021-871

An issue was discovered in the Dask distributed package before 2021.10.0 for Python. Single machine Dask clusters started with dask.distributed.LocalCluster or dask.distributed.Client which defaults to using LocalCluster would mistakenly configure their respective Dask workers to listen on extern...

9.8CVSS7.6AI score0.02876EPSS
Exploits0References3Affected Software1
PyPA
PyPA
added 2021/10/21 6:15 p.m.5 views

PYSEC-2021-382

qutebrowser is an open source keyboard-focused browser with a minimal GUI. Starting with qutebrowser v1.7.0, the Windows installer for qutebrowser registers a qutebrowserurl: URL handler. With certain applications, opening a specially crafted qutebrowserurl:... URL can lead to execution of...

8.8CVSS8AI score0.01448EPSS
Exploits0References2Affected Software1
PyPA
PyPA
added 2021/10/14 4:15 p.m.5 views

PYSEC-2021-379

OMERO.web provides a web based client and plugin infrastructure. In versions prior to 5.11.0, a variety of templates do not perform proper sanitization through HTML escaping. Due to the lack of sanitization and use of jQuery.html, there are a whole host of cross-site scripting possibilities with...

9.8CVSS6AI score0.01006EPSS
Exploits0References3Affected Software1
PyPA
PyPA
added 2021/10/07 2:15 p.m.5 views

PYSEC-2021-878

The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain :sensitive information. NOTE: the vendor has disputed this as described in https://github.com/mkdocs/mkdocs/issues/2601. and https://github.com/nisdn/CVE-2021-40978/issues/1...

7.5CVSS7AI score0.14759EPSS
Exploits2References6Affected Software1
PyPA
PyPA
added 2021/09/20 5:15 p.m.5 views

PYSEC-2021-333

sqlparse is a non-validating SQL parser module for Python. In sqlparse versions 0.4.0 and 0.4.1 there is a regular Expression Denial of Service in sqlparse vulnerability. The regular expression may cause exponential backtracking on strings containing many repetitions of '\r\n' in SQL comments. On...

7.5CVSS7.8AI score0.02134EPSS
Exploits0References2Affected Software1
PyPA
PyPA
added 2021/09/16 3:15 p.m.5 views

PYSEC-2021-328

mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mitmproxy 7.0.2 and below, a malicious client or server is able to perform HTTP request smuggling attacks through mitmproxy. This means that a malicious client/server could smuggle a request/response through mitmproxy as part of...

9.8CVSS6.9AI score0.01093EPSS
Exploits0References1Affected Software1
PyPA
PyPA
added 2021/09/10 10:15 p.m.5 views

PYSEC-2021-330

Due to use of unsafe YAML deserialization logic, an attacker with the ability to modify local YAML configuration files could provide malicious input, resulting in remote code execution or similar risks. This issue affects ParlAI prior to v1.1.0...

9.8CVSS8AI score0.17353EPSS
Exploits4References4Affected Software1
PyPA
PyPA
added 2021/09/09 3:15 p.m.5 views

PYSEC-2021-326

The variable import endpoint was not protected by authentication in Airflow =2.0.0, =2.0.0, 2.1.3...

9.8CVSS8.1AI score0.80938EPSS
Exploits2References3Affected Software1
PyPA
PyPA
added 2021/09/08 6:15 p.m.5 views

PYSEC-2021-359

Flask-AppBuilder is an application development framework, built on top of Flask. In affected versions if using Flask-AppBuilder OAuth, an attacker can share a carefully crafted URL with a trusted domain for an application built with Flask-AppBuilder, this URL can redirect a user to a malicious...

7.2CVSS6.8AI score0.007EPSS
Exploits0References2Affected Software1
Total number of security vulnerabilities5000