Lucene search
K
PypaMost viewed

4301 matches found

PyPA
PyPA
•added 2021/11/05 8:15 p.m.•4 views

PYSEC-2021-607

TensorFlow is an open source platform for machine learning. In affected versions TensorFlow allows tensor to have a large number of dimensions and each dimension can be as large as desired. However, the total number of elements in a tensor must fit within an int64t. If an overflow occurs,...

5.5CVSS7.1AI score0.00307EPSS
Exploits2References6Affected Software1
PyPA
PyPA
•added 2021/11/05 8:15 p.m.•4 views

PYSEC-2021-805

TensorFlow is an open source platform for machine learning. In affected versions TensorFlow allows tensor to have a large number of dimensions and each dimension can be as large as desired. However, the total number of elements in a tensor must fit within an int64t. If an overflow occurs,...

5.5CVSS7.1AI score0.00307EPSS
Exploits2References6Affected Software1
PyPA
PyPA
•added 2021/11/05 8:15 p.m.•4 views

PYSEC-2021-606

TensorFlow is an open source platform for machine learning. In affected versions the Keras pooling layers can trigger a segfault if the size of the pool is 0 or if a dimension is negative. This is due to the TensorFlow's implementation of pooling operations where the values in the sliding window...

5.5CVSS6.9AI score0.0023EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2021/11/05 8:15 p.m.•4 views

PYSEC-2021-806

TensorFlow is an open source platform for machine learning. In affected versions if tf.tile is called with a large input argument then the TensorFlow process will crash due to a CHECK-failure caused by an overflow. The number of elements in the output tensor is too much for the int64t type and th...

5.5CVSS7.2AI score0.0023EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2021/11/04 6:15 p.m.•4 views

PYSEC-2021-386

JupyterHub is an open source multi-user server for Jupyter notebooks. In affected versions users who have multiple JupyterLab tabs open in the same browser session, may see incomplete logout from the single-user server, as fresh credentials for the single-user server only, not the Hub reinstated...

7.5CVSS6.9AI score0.00778EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/10/18 3:15 p.m.•4 views

PYSEC-2021-378

Apache Superset up to and including 1.3.0 when configured with ENABLETEMPLATEPROCESSING on disabled by default allowed SQL injection when a malicious authenticated user sends an http request with a custom URL...

8.8CVSS7.9AI score0.01709EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/10/05 9:15 p.m.•4 views

PYSEC-2021-364

Scrapy-splash is a library which provides Scrapy and JavaScript integration. In affected versions users who use HttpAuthMiddleware i.e. the httpuser and httppass spider attributes for Splash authentication will have any non-Splash request expose your credentials to the request target. This includ...

7.5CVSS7.1AI score0.01077EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/10/04 10:15 a.m.•4 views

PYSEC-2021-429

SLO generator allows for loading of YAML files that if crafted in a specific format can allow for code execution within the context of the SLO Generator. We recommend upgrading SLO Generator past https://github.com/google/slo-generator/pull/173...

7.8CVSS7.6AI score0.0158EPSS
Exploits4References3Affected Software1
PyPA
PyPA
•added 2021/10/04 6:15 a.m.•4 views

PYSEC-2021-373

Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection...

9.8CVSS7.3AI score0.88482EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2021/09/20 5:15 p.m.•4 views

PYSEC-2021-333

sqlparse is a non-validating SQL parser module for Python. In sqlparse versions 0.4.0 and 0.4.1 there is a regular Expression Denial of Service in sqlparse vulnerability. The regular expression may cause exponential backtracking on strings containing many repetitions of '\r\n' in SQL comments. On...

7.5CVSS7.8AI score0.02134EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/09/16 3:15 p.m.•4 views

PYSEC-2021-328

mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mitmproxy 7.0.2 and below, a malicious client or server is able to perform HTTP request smuggling attacks through mitmproxy. This means that a malicious client/server could smuggle a request/response through mitmproxy as part of...

9.8CVSS6.9AI score0.01093EPSS
Exploits0References1Affected Software1
PyPA
PyPA
•added 2021/09/09 3:15 p.m.•4 views

PYSEC-2021-326

The variable import endpoint was not protected by authentication in Airflow =2.0.0, =2.0.0, 2.1.3...

9.8CVSS8.1AI score0.80938EPSS
Exploits2References3Affected Software1
PyPA
PyPA
•added 2021/08/31 4:15 p.m.•4 views

PYSEC-2021-424

Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users can access the name, avatar, topic and number of members of a room if they know the ID of the room. This vulnerability is limited to homeservers where the vulnerable...

3.5CVSS6.4AI score0.00892EPSS
Exploits0References5Affected Software1
PyPA
PyPA
•added 2021/08/27 7:15 p.m.•4 views

PYSEC-2021-343

Cross Site Scripting XSS in Mezzanine v4.3.1 allows remote attackers to execute arbitrary code via the 'Description' field of the component 'admin/blog/blogpost/add/'. This issue is different than CVE-2018-16632...

6.1CVSS6.9AI score0.01119EPSS
Exploits2References2Affected Software1
PyPA
PyPA
•added 2021/08/25 6:15 p.m.•4 views

PYSEC-2021-315

nbgitpuller is a Jupyter server extension to sync a git repository one-way to a local path. Due to unsanitized input, visiting maliciously crafted links could result in arbitrary code execution in the user environment. This has been resolved in version 0.10.2 and all users are advised to upgrade...

9.6CVSS7.5AI score0.0173EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2021/08/23 10:15 p.m.•4 views

PYSEC-2021-883

An invalid memory access in the decode function in iptc.cpp of Exiv2 0.27.99.0 allows attackers to cause a denial of service DOS via a crafted tif file...

6.5CVSS6.7AI score0.01332EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2021/08/23 1:15 a.m.•4 views

PYSEC-2021-121

An XML external entity XXE injection in PyWPS before 4.5.0 allows an attacker to view files on the application server filesystem by assigning a path to the entity. OWSLib 0.24.1 may also be affected...

7.5CVSS7.3AI score0.01524EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2021/08/18 6:15 p.m.•4 views

PYSEC-2021-120

Webrecorder pywb before 2.6.0 allows XSS because it does not ensure that Jinja2 templates are autoescaped...

6.1CVSS6.4AI score0.00699EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2021/08/16 6:15 p.m.•4 views

PYSEC-2021-143

Cross Site Scripting XSS in Quokka v0.4.0 allows remote attackers to execute arbitrary code via the 'Username' parameter in the component 'quokka/admin/actions.py'...

6.1CVSS7AI score0.01312EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/08/16 6:15 p.m.•4 views

PYSEC-2021-339

Improper Authentication in Lin-CMS-Flask v0.1.1 allows remote attackers to launch brute force login attempts without restriction via the 'login' function in the component 'app/api/cms/user.py'...

9.8CVSS7AI score0.02026EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/08/13 9:15 p.m.•4 views

PYSEC-2021-344

OneFuzz is an open source self-hosted Fuzzing-As-A-Service platform. Starting with OneFuzz 2.12.0 or greater, an incomplete authorization check allows an authenticated user from any Azure Active Directory tenant to make authorized API calls to a vulnerable OneFuzz instance. To be vulnerable, a...

10CVSS7.4AI score0.02415EPSS
Exploits0References5Affected Software1
PyPA
PyPA
•added 2021/08/13 12:15 a.m.•4 views

PYSEC-2021-801

TensorFlow is an end-to-end open source platform for machine learning. In affected versions when running shape functions, some functions such as MutableHashTableShape produce extra output information in the form of a ShapeAndType struct. The shapes embedded in this struct are owned by an inferenc...

6.6CVSS6.9AI score0.00163EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/13 12:15 a.m.•4 views

PYSEC-2021-603

TensorFlow is an end-to-end open source platform for machine learning. In affected versions when running shape functions, some functions such as MutableHashTableShape produce extra output information in the form of a ShapeAndType struct. The shapes embedded in this struct are owned by an inferenc...

6.6CVSS6.9AI score0.00163EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/13 12:15 a.m.•4 views

PYSEC-2021-312

TensorFlow is an end-to-end open source platform for machine learning. In affected versions when running shape functions, some functions such as MutableHashTableShape produce extra output information in the form of a ShapeAndType struct. The shapes embedded in this struct are owned by an inferenc...

6.6CVSS6.9AI score0.00163EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 11:15 p.m.•4 views

PYSEC-2021-597

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementations of pooling in TFLite are vulnerable to division by 0 errors as there are no checks for divisors not being 0. We have patched the issue in GitHub commit...

5.5CVSS6.9AI score0.00138EPSS
Exploits0References1Affected Software1
PyPA
PyPA
•added 2021/08/12 11:15 p.m.•4 views

PYSEC-2021-292

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to tf.rawops.UpperBound. The implementation does not validate the rank of sortedinput...

5.5CVSS6.9AI score0.00169EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 11:15 p.m.•4 views

PYSEC-2021-781

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to tf.rawops.UpperBound. The implementation does not validate the rank of sortedinput...

5.5CVSS6.9AI score0.00169EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 11:15 p.m.•4 views

PYSEC-2021-576

TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in tf.rawops.QuantizeV2, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap allocated arrays. Th...

7.8CVSS7AI score0.00173EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 11:15 p.m.•4 views

PYSEC-2021-586

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a denial of service via a CHECK-fail in tf.rawops.MapStage. The implementation does not check that the key input is a valid non-empty tensor. We have patched the issue in GitHub...

5.5CVSS6.8AI score0.00154EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 11:15 p.m.•4 views

PYSEC-2021-299

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the shape inference code for tf.rawops.Dequantize has a vulnerability that could trigger a denial of service via a segfault if an attacker provides invalid arguments. The shape inference implementation use...

5.5CVSS7.1AI score0.00148EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 11:15 p.m.•4 views

PYSEC-2021-776

TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in MKL implementation of requantization, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap...

7.8CVSS7AI score0.00185EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2021/08/12 11:15 p.m.•4 views

PYSEC-2021-780

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause denial of service in applications serving models using tf.rawops.NonMaxSuppressionV5 by triggering a division by 0. The implementation uses a user controlled argument to resize a...

5.5CVSS6.7AI score0.00175EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2021/08/12 11:15 p.m.•4 views

PYSEC-2021-301

TensorFlow is an end-to-end open source platform for machine learning. In affected versions it is possible to nest a tf.mapfn within another tf.mapfn call. However, if the input tensor is a RaggedTensor and there is no function signature provided, code assumes the output is a fully specified tens...

7.8CVSS7.2AI score0.00181EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 11:15 p.m.•4 views

PYSEC-2021-789

TensorFlow is an end-to-end open source platform for machine learning. In affected versions TensorFlow and Keras can be tricked to perform arbitrary code execution when deserializing a Keras model from YAML format. The implementation uses yaml.unsafeload which can perform arbitrary code execution...

9.3CVSS7.9AI score0.00451EPSS
Exploits1References2Affected Software1
PyPA
PyPA
•added 2021/08/12 11:15 p.m.•4 views

PYSEC-2021-306

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementations of pooling in TFLite are vulnerable to division by 0 errors as there are no checks for divisors not being 0. We have patched the issue in GitHub commit...

5.5CVSS6.9AI score0.00138EPSS
Exploits0References1Affected Software1
PyPA
PyPA
•added 2021/08/12 11:15 p.m.•4 views

PYSEC-2021-785

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a denial of service via a segmentation fault in tf.rawops.MaxPoolGrad caused by missing validation. The implementation misses some validation for the originput and origoutput tensor...

7.8CVSS6.8AI score0.00214EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2021/08/12 11:15 p.m.•4 views

PYSEC-2021-605

TensorFlow is an end-to-end open source platform for machine learning. In affected versions under certain conditions, Go code can trigger a segfault in string deallocation. For string tensors, C.TFTStringDealloc is called during garbage collection within a finalizer function. However, tensor...

5.5CVSS7.1AI score0.00172EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2021/08/12 11:15 p.m.•4 views

PYSEC-2021-802

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a division by zero error in LSH implementation. We have patched the issue in GitHub commit 0575b640091680cfb70f4dd93e70658de43b94f9. The fix will be...

5.5CVSS7AI score0.00152EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 11:15 p.m.•4 views

PYSEC-2021-287

TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation in MKL implementation of requantization, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap...

7.8CVSS7AI score0.00185EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2021/08/12 10:15 p.m.•4 views

PYSEC-2021-782

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.Map and tf.rawops.OrderedMap operations. The implementation has a check in place to ensure that indices is in...

7.8CVSS7AI score0.00173EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 10:15 p.m.•4 views

PYSEC-2021-308

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the strided slice implementation in TFLite has a logic bug which can allow an attacker to trigger an infinite loop. This arises from newly introduced support for ellipsis in axis definition. An attacker ca...

5.5CVSS7AI score0.00173EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 10:15 p.m.•4 views

PYSEC-2021-302

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of fully connected layers in TFLite is vulnerable to a division by zero error. We have patched the issue in GitHub commit 718721986aa137691ee23f03638867151f74935f. The fix will be includ...

5.5CVSS6.9AI score0.00152EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 10:15 p.m.•4 views

PYSEC-2021-289

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.UnicodeEncode. The implementation reads the first dimension of the inputsplits tensor before validating that th...

7.8CVSS6.9AI score0.00173EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 10:15 p.m.•4 views

PYSEC-2021-303

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of SVDF in TFLite is vulnerable to a null pointer error. The GetVariableInput function can return a null pointer but GetTensorData assumes that the argument is always a valid tensor...

7.8CVSS7AI score0.00173EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 10:15 p.m.•4 views

PYSEC-2021-588

TensorFlow is an end-to-end open source platform for machine learning. In affected versions most implementations of convolution operators in TensorFlow are affected by a division by 0 vulnerability where an attacker can trigger a denial of service via a crash. The shape inference implementation i...

5.5CVSS6.8AI score0.0016EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 10:15 p.m.•4 views

PYSEC-2021-589

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.SparseFillEmptyRows. The shape inference implementation does not validate that the input arguments are not empt...

7.8CVSS6.9AI score0.00173EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 10:15 p.m.•4 views

PYSEC-2021-791

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of fully connected layers in TFLite is vulnerable to a division by zero error. We have patched the issue in GitHub commit 718721986aa137691ee23f03638867151f74935f. The fix will be includ...

5.5CVSS6.9AI score0.00152EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 10:15 p.m.•4 views

PYSEC-2021-799

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a crash and denial of service. The implementation unconditionally dereferences a pointer. We have...

7.8CVSS6.9AI score0.00165EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 10:15 p.m.•4 views

PYSEC-2021-602

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a crash and denial of service. This is caused by the MLIR optimization of L2NormalizeReduceAxis...

7.8CVSS6.9AI score0.00165EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2021/08/12 10:15 p.m.•4 views

PYSEC-2021-274

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for tf.rawops.BoostedTreesCreateEnsemble can result in a use after free error if an attacker supplies specially crafted arguments. The implementation uses a reference counted resource an...

7.8CVSS7.1AI score0.00173EPSS
Exploits0References2Affected Software1
Total number of security vulnerabilities4301