Lucene search
K

7044 matches found

PyPA
PyPA
•added 2020/10/21 9:15 p.m.•12 views

PYSEC-2020-295

In Tensorflow before version 2.4.0, an attacker can pass an invalid axis value to tf.quantization.quantizeanddequantize. This results in accessing a dimension outside the rank of the input tensor in the C++ kernel implementation. However, dimsize only does a DCHECK to validate the argument and th...

7.5CVSS6.8AI score0.00886EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2020/10/21 9:15 p.m.•9 views

PYSEC-2020-138

In Tensorflow before version 2.4.0, an attacker can pass an invalid axis value to tf.quantization.quantizeanddequantize. This results in accessing a dimension outside the rank of the input tensor in the C++ kernel implementation. However, dimsize only does a DCHECK to validate the argument and th...

7.5CVSS6.8AI score0.00886EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2020/10/21 9:15 p.m.•10 views

PYSEC-2020-330

In Tensorflow before version 2.4.0, an attacker can pass an invalid axis value to tf.quantization.quantizeanddequantize. This results in accessing a dimension outside the rank of the input tensor in the C++ kernel implementation. However, dimsize only does a DCHECK to validate the argument and th...

7.5CVSS6.8AI score0.00886EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2020/10/19 5:15 p.m.•7 views

PYSEC-2020-238

AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS due to unsafe interpolation of the session GET parameter. This allows a remote attacker to execute an XSS attack on the domain Synapse is hosted on, by supplying the victim user with a malicious URL to the...

6.1CVSS6.6AI score0.01931EPSS
Exploits0References4Affected Software1
PyPA
PyPA
•added 2020/10/19 1:15 p.m.•10 views

PYSEC-2020-142

A mis-handling of invalid unicode characters in the Java implementation of Tink versions prior to 1.5 allows an attacker to change the ID part of a ciphertext, which result in the creation of a second ciphertext that can decrypt to the same plaintext. This can be a problem with encrypting...

5.3CVSS6.8AI score0.00457EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2020/10/17 8:15 p.m.•11 views

PYSEC-2020-59

DISPUTED TAXII libtaxii through 1.1.117, as used in EclecticIQ OpenTAXII through 0.2.0 and other products, allows SSRF via an initial http:// substring to the parse method, even when the nonetwork setting is used for the XML parser. NOTE: the vendor points out that the parse method "wraps the lxm...

9.8CVSS7AI score0.02277EPSS
Exploits2References4Affected Software1
PyPA
PyPA
•added 2020/10/16 6:15 a.m.•9 views

PYSEC-2020-225

An issue was discovered in OpenStack blazar-dashboard before 1.3.1, 2.0.0, and 3.0.0. A user allowed to access the Blazar dashboard in Horizon may trigger code execution on the Horizon host as the user the Horizon service runs under because the Python eval function is used. This may result in...

9.9CVSS7.6AI score0.03258EPSS
Exploits0References9Affected Software1
PyPA
PyPA
•added 2020/10/13 6:15 p.m.•8 views

PYSEC-2020-110

In the Channelmgnt plug-in for Sopel a Python IRC bot before version 1.0.3, malicious users are able to op/voice and take over a channel. This is an ACL bypass vulnerability. This plugin is bundled with MirahezeBot-Plugins with versions from 9.0.0 and less than 9.0.2 affected. Version 9.0.2...

7.7CVSS6.9AI score0.01142EPSS
Exploits0References6Affected Software1
PyPA
PyPA
•added 2020/10/06 7:15 p.m.•10 views

PYSEC-2020-158

In xmpp-http-upload before version 0.4.0, when the GET method is attacked, attackers can read files which have a .data suffix and which are accompanied by a JSON file with the .meta suffix. This can lead to Information Disclosure and in some shared-hosting scenarios also to circumvention of...

4CVSS6.8AI score0.01489EPSS
Exploits0References4Affected Software1
PyPA
PyPA
•added 2020/10/05 2:15 p.m.•7 views

PYSEC-2020-220

A flaw was found in Ansible Base when using the awsssm connection plugin as garbage collector is not happening after playbook run is completed. Files would remain in the bucket exposing the data. This issue affects directly data confidentiality...

5.5CVSS6.6AI score0.00319EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2020/10/05 1:15 p.m.•7 views

PYSEC-2020-221

A flaw was found in Ansible Base when using the awsssm connection plugin as there is no namespace separation for file transfers. Files are written directly to the root bucket, making possible to have collisions when running multiple ansible processes. This issue affects mainly the service...

7.1CVSS6.7AI score0.00298EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2020/09/30 9:15 p.m.•8 views

PYSEC-2020-223

In the course of work on the open source project it was discovered that authenticated users running queries against Hive and Presto database engines could access information via a number of templated fields including the contents of query description metadata database, the hashed version of the...

8.1CVSS6.8AI score0.02001EPSS
Exploits0References2Affected Software1
PyPA
PyPA
•added 2020/09/30 8:15 p.m.•11 views

PYSEC-2020-263

A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. When using the browseable API viewer, Django REST Framework fails to properly escape certain strings that can come from user input. This allows a user who can control those strings to inject malicious...

6.1CVSS6.5AI score0.01286EPSS
Exploits0References3Affected Software1
PyPA
PyPA
•added 2020/09/30 6:15 p.m.•8 views

PYSEC-2020-148

urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest. NOTE: this is similar to CVE-2020-26116...

7.2CVSS9.3AI score0.0642EPSS
Exploits1References5Affected Software1
PyPA
PyPA
•added 2020/09/25 7:15 p.m.•7 views

PYSEC-2020-133

In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b a...

6.5CVSS6.9AI score0.00729EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2020/09/25 7:15 p.m.•7 views

PYSEC-2020-276

In Tensorflow version 2.3.0, the SparseCountSparseOutput and RaggedCountSparseOutput implementations don't validate that the weights tensor has the same shape as the data. The check exists for DenseCountSparseOutput, where both tensors are fully specified. In the sparse and ragged count weights a...

9.9CVSS7AI score0.00902EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2020/09/25 7:15 p.m.•6 views

PYSEC-2020-291

In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indice...

5.8CVSS7AI score0.00905EPSS
Exploits1References9Affected Software1
PyPA
PyPA
•added 2020/09/25 7:15 p.m.•5 views

PYSEC-2020-136

In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a denial of service by causing an out of memory allocation in the implementation of segment sum. Since code uses the last element of the tensor holding them to determine the dimensionality of output tensor,...

4.3CVSS6.7AI score0.00632EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2020/09/25 7:15 p.m.•7 views

PYSEC-2020-316

In Tensorflow before version 2.3.1, the RaggedCountSparseOutput implementation does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the values in the splits tensor generate a valid partitioning of the values tensor. Hence, the code is...

6.8CVSS7.4AI score0.00563EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2020/09/25 7:15 p.m.•7 views

PYSEC-2020-328

In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a denial of service by causing an out of memory allocation in the implementation of segment sum. Since code uses the last element of the tensor holding them to determine the dimensionality of output tensor,...

4.3CVSS6.7AI score0.00632EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2020/09/25 7:15 p.m.•8 views

PYSEC-2020-123

In Tensorflow before version 2.3.1, the RaggedCountSparseOutput implementation does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the values in the splits tensor generate a valid partitioning of the values tensor. Thus, the code sets ...

5.9CVSS7.2AI score0.00844EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2020/09/25 7:15 p.m.•7 views

PYSEC-2020-137

In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a write out bounds / segmentation fault if the segment ids are not sorted. Code assumes that the segment ids are in increasing order, using the last element of the tensor holding them to determine the...

8.1CVSS6.9AI score0.00556EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2020/09/25 7:15 p.m.•5 views

PYSEC-2020-134

In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indice...

5.8CVSS7AI score0.00905EPSS
Exploits1References9Affected Software1
PyPA
PyPA
•added 2020/09/25 7:15 p.m.•7 views

PYSEC-2020-323

In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a DCHECK which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can...

9.8CVSS6.9AI score0.00893EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2020/09/25 7:15 p.m.•6 views

PYSEC-2020-292

In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor. Users having access to segmentidsdata can alter outputindex and then write to outside of outputdata...

8.6CVSS6.9AI score0.0061EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2020/09/25 7:15 p.m.•7 views

PYSEC-2020-322

In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, to mimic Python's indexing with negative values, TFLite uses ResolveAxis to convert negative values to positive indices. However, the only check that the converted index is now valid is only present in debug builds. If the...

9CVSS7.6AI score0.01227EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2020/09/25 7:15 p.m.•6 views

PYSEC-2020-116

In Tensorflow before versions 2.2.1 and 2.3.1, the implementation of dlpack.todlpack can be made to use uninitialized memory resulting in further memory corruption. This is because the pybind11 glue code assumes that the argument is a tensor. However, there is nothing stopping users from passing ...

7.1CVSS7.1AI score0.00681EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2020/09/25 7:15 p.m.•7 views

PYSEC-2020-326

In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indice...

5.8CVSS7AI score0.00905EPSS
Exploits1References9Affected Software1
PyPA
PyPA
•added 2020/09/25 7:15 p.m.•7 views

PYSEC-2020-117

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the SparseFillEmptyRowsGrad implementation has incomplete validation of the shapes of its arguments. Although reverseindexmapt and gradvaluest are accessed in a similar pattern, only reverseindexmapt is validated to be of proper...

5.3CVSS6.8AI score0.01017EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2020/09/25 7:15 p.m.•9 views

PYSEC-2020-119

In Tensorflow version 2.3.0, the SparseCountSparseOutput and RaggedCountSparseOutput implementations don't validate that the weights tensor has the same shape as the data. The check exists for DenseCountSparseOutput, where both tensors are fully specified. In the sparse and ragged count weights a...

9.9CVSS7AI score0.00902EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2020/09/25 7:15 p.m.•6 views

PYSEC-2020-135

In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor. Users having access to segmentidsdata can alter outputindex and then write to outside of outputdata...

8.6CVSS6.9AI score0.0061EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2020/09/25 7:15 p.m.•5 views

PYSEC-2020-287

In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, to mimic Python's indexing with negative values, TFLite uses ResolveAxis to convert negative values to positive indices. However, the only check that the converted index is now valid is only present in debug builds. If the...

9CVSS7.6AI score0.01227EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2020/09/25 7:15 p.m.•8 views

PYSEC-2020-293

In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a denial of service by causing an out of memory allocation in the implementation of segment sum. Since code uses the last element of the tensor holding them to determine the dimensionality of output tensor,...

4.3CVSS6.7AI score0.00632EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2020/09/25 7:15 p.m.•7 views

PYSEC-2020-285

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the datasplits argument of tf.rawops.StringNGrams lacks validation. This allows a user to pass values that can cause heap overflow errors and even leak contents of memory In the linked code snippet, all the binary strings after ...

9.8CVSS7.3AI score0.01015EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2020/09/25 7:15 p.m.•8 views

PYSEC-2020-325

In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b a...

6.5CVSS6.9AI score0.00729EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2020/09/25 7:15 p.m.•6 views

PYSEC-2020-320

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the datasplits argument of tf.rawops.StringNGrams lacks validation. This allows a user to pass values that can cause heap overflow errors and even leak contents of memory In the linked code snippet, all the binary strings after ...

9.8CVSS7.3AI score0.01015EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2020/09/25 7:15 p.m.•6 views

PYSEC-2020-294

In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a write out bounds / segmentation fault if the segment ids are not sorted. Code assumes that the segment ids are in increasing order, using the last element of the tensor holding them to determine the...

8.1CVSS6.9AI score0.00556EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2020/09/25 7:15 p.m.•6 views

PYSEC-2020-273

In Tensorflow before versions 2.2.1 and 2.3.1, the implementation of dlpack.todlpack can be made to use uninitialized memory resulting in further memory corruption. This is because the pybind11 glue code assumes that the argument is a tensor. However, there is nothing stopping users from passing ...

7.1CVSS7.1AI score0.00681EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2020/09/25 7:15 p.m.•7 views

PYSEC-2020-128

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the datasplits argument of tf.rawops.StringNGrams lacks validation. This allows a user to pass values that can cause heap overflow errors and even leak contents of memory In the linked code snippet, all the binary strings after ...

9.8CVSS7.3AI score0.01015EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2020/09/25 7:15 p.m.•6 views

PYSEC-2020-126

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the fill argument of tf.strings.asstring, a malicious attacker is able to trigger a format string vulnerability due to the way the internal format use in a printf call is constructed. This may result in segmentati...

7.5CVSS6.9AI score0.00952EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2020/09/25 7:15 p.m.•11 views

PYSEC-2020-329

In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a write out bounds / segmentation fault if the segment ids are not sorted. Code assumes that the segment ids are in increasing order, using the last element of the tensor holding them to determine the...

8.1CVSS6.9AI score0.00556EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2020/09/25 7:15 p.m.•6 views

PYSEC-2020-281

In Tensorflow before version 2.3.1, the RaggedCountSparseOutput implementation does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the values in the splits tensor generate a valid partitioning of the values tensor. Hence, the code is...

6.8CVSS7.4AI score0.00563EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2020/09/25 7:15 p.m.•6 views

PYSEC-2020-311

In Tensorflow version 2.3.0, the SparseCountSparseOutput and RaggedCountSparseOutput implementations don't validate that the weights tensor has the same shape as the data. The check exists for DenseCountSparseOutput, where both tensors are fully specified. In the sparse and ragged count weights a...

9.9CVSS7AI score0.00902EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2020/09/25 7:15 p.m.•5 views

PYSEC-2020-306

In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an invalid argument to dlpack.todlpack the expected validations will cause variables to bind to nullptr while setting a status variable to the error condition. However, this status argument is not properly checked. Hence, code...

5.3CVSS7.1AI score0.00749EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2020/09/25 7:15 p.m.•6 views

PYSEC-2020-315

In Tensorflow before version 2.3.1, the RaggedCountSparseOutput implementation does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the values in the splits tensor generate a valid partitioning of the values tensor. Thus, the code sets ...

5.9CVSS7.2AI score0.00844EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2020/09/25 7:15 p.m.•6 views

PYSEC-2020-280

In Tensorflow before version 2.3.1, the RaggedCountSparseOutput implementation does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the values in the splits tensor generate a valid partitioning of the values tensor. Thus, the code sets ...

5.9CVSS7.2AI score0.00844EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2020/09/25 7:15 p.m.•5 views

PYSEC-2020-290

In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b a...

6.5CVSS6.9AI score0.00729EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2020/09/25 7:15 p.m.•6 views

PYSEC-2020-124

In Tensorflow before version 2.3.1, the RaggedCountSparseOutput implementation does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the values in the splits tensor generate a valid partitioning of the values tensor. Hence, the code is...

6.8CVSS7.4AI score0.00563EPSS
Exploits1References3Affected Software1
PyPA
PyPA
•added 2020/09/25 7:15 p.m.•6 views

PYSEC-2020-283

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the fill argument of tf.strings.asstring, a malicious attacker is able to trigger a format string vulnerability due to the way the internal format use in a printf call is constructed. This may result in segmentati...

7.5CVSS6.9AI score0.00952EPSS
Exploits1References4Affected Software1
PyPA
PyPA
•added 2020/09/25 7:15 p.m.•7 views

PYSEC-2020-305

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the tf.rawops.Switch operation takes as input a tensor and a boolean and outputs two tensors. Depending on the boolean value, one of the tensors is exactly the input tensor whereas the other one should be an empty tensor. Howeve...

5.3CVSS6.8AI score0.00943EPSS
Exploits1References4Affected Software1
Total number of security vulnerabilities7044