Lucene search
K

7035 matches found

PyPA
PyPA
added 2 days ago3 views

LlamaIndex vulnerable to data loss through hash collisions in its DocugamiReader class

A vulnerability in the DocugamiReader class of the run-llama/llamaindex repository, up to but excluding version 0.12.41, involves the use of MD5 hashing to generate IDs for document chunks. This approach leads to hash collisions when structurally distinct chunks contain identical text, resulting ...

6.5CVSS6.5AI score0.00314EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added 2 days ago4 views

Langflow Missing Authentication on Critical API Endpoints

SummaryMultiple critical API endpoints in Langflow are missing authentication controls, allowing any unauthenticated user to access sensitive user conversation data, transaction histories, and perform destructive operations including message deletion. This affects endpoints handling personal data...

9.3CVSS7.1AI score0.20655EPSS
Exploits1References7Affected Software1
PyPA
PyPA
added 2 days ago3 views

Malciously crafted QPY files can allows Remote Attackers to Cause Denial of Service in Qiskit

ImpactA maliciously crafted QPY file containing a malformed symengine serialization stream as part of the larger QPY serialization of a ParameterExpression object can cause a segfault within the symengine library, allowing an attacker to terminate the hosting process deserializing the QPY payload...

8.6CVSS6.1AI score0.0066EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added 2 days ago3 views

Azure PromptFlow remote code execution related to Jinja templates

Improper isolation or compartmentalization in Azure PromptFlow allows an unauthorized attacker to execute code over a network...

6.5CVSS6.9AI score0.00492EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added 2 days ago4 views

Composio Command Execution vulnerability

composio =0.5.40 is vulnerable to Command Execution in composioopenai, composioclaude, and composiojulep via the handletoolcalls function...

6.4CVSS6.1AI score0.00584EPSS
Exploits1References10Affected Software1
PyPA
PyPA
added 2 days ago4 views

Composio Command Execution vulnerability

composio =0.5.40 is vulnerable to Command Execution in composioopenai, composioclaude, and composiojulep via the handletoolcalls function...

6.4CVSS6.1AI score0.00584EPSS
Exploits1References10Affected Software1
PyPA
PyPA
added 2 days ago6 views

Access control vulnerable to user data deletion by anonynmous users

ImpactAnonymous users can delete the user data maintained by an AccessControl.userfolder.UserFolder which may prevent any privileged access. PatchesThe problem is fixed in version 7.2. WorkaroundsThe problem can be fixed by adding dataroles = to AccessControl.userfolder.UserFolder...

9.1CVSS6.1AI score0.00413EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2 days ago4 views

Werkzeug possible resource exhaustion when parsing file data in forms

Applications using Werkzeug to parse multipart/form-data requests are vulnerable to resource exhaustion. A specially crafted form body can bypass the Request.maxformmemorysize setting.The Request.maxcontentlength setting, as well as resource limits provided by deployment software and platforms, a...

7.5CVSS6.7AI score0.01102EPSS
Exploits0References11Affected Software1
PyPA
PyPA
added 2 days ago4 views

TensorFlow has segfault in array_ops.upper_bound

Impactarrayops.upperbound causes a segfault when not given a rank 2 tensor. PatchesWe have patched the issue in GitHub commit 915884fdf5df34aaedd00fc6ace33a2cfdefa586.The fix will be included in TensorFlow 2.13. We will also cherrypick this commit in TensorFlow 2.12.1. For more informationPlease...

8.7CVSS6.1AI score0.00429EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added 2 days ago3 views

OpenStack Cinder, Glance, and Nova vulnerable to arbitrary file access

An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data file path, an authenticated user may convince systems to...

7.1CVSS6.7AI score0.00835EPSS
Exploits0References17Affected Software1
PyPA
PyPA
added 2 days ago3 views

TensorFlow has segfault in array_ops.upper_bound

Impactarrayops.upperbound causes a segfault when not given a rank 2 tensor. PatchesWe have patched the issue in GitHub commit 915884fdf5df34aaedd00fc6ace33a2cfdefa586.The fix will be included in TensorFlow 2.13. We will also cherrypick this commit in TensorFlow 2.12.1. For more informationPlease...

8.7CVSS6.1AI score0.00429EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added 2 days ago3 views

Litestar and Starlite vulnerable to Path Traversal

SummaryLocal File Inclusion via Path Traversal in LiteStar Static File ServingA Local File Inclusion LFI vulnerability has been discovered in the static file serving component of LiteStar. This vulnerability allows attackers to exploit path traversal flaws, enabling unauthorized access to sensiti...

8.2CVSS7.1AI score0.00722EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added 2 days ago4 views

Reverb use after free vulnerability

There exists a use after free vulnerability in Reverb.Reverb supports the VARIANT datatype, which is supposed to represent an arbitrary object in C++. When a tensor proto of type VARIANT is unpacked, memory is first allocated to store the entire tensor, and a ctor is called on each instance...

7.8CVSS6.2AI score0.00123EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2 days ago5 views

Denial of service in langchain-community

Denial of service in SitemapLoader Document Loader in the langchain-community package, affecting versions below 0.2.5. The parsesitemap method, responsible for parsing sitemaps and extracting URLs, lacks a mechanism to prevent infinite recursion when a sitemap URL refers to the current sitemap...

4.7CVSS6.1AI score0.00301EPSS
Exploits1References9Affected Software1
PyPA
PyPA
added 2 days ago4 views

HTML injection in Jupyter Notebook and JupyterLab leading to DOM Clobbering

ImpactThe vulnerability depends on user interaction by opening a malicious notebook with Markdown cells, or Markdown file using JupyterLab preview feature.A malicious user can access any data that the attacked user has access to as well as perform arbitrary requests acting as the attacked user...

8.8CVSS6.2AI score0.00373EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added 2 days ago4 views

OpenStack Cinder, Glance, and Nova vulnerable to arbitrary file access

An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data file path, an authenticated user may convince systems to...

7.1CVSS6.7AI score0.00835EPSS
Exploits0References17Affected Software1
PyPA
PyPA
added 2 days ago3 views

Potential DoS via the Tudoor mechanism in eventlet and dnspython

eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source port, aka a "TuDoor" attack. In other words, dnspython does not have the preferred behavior in whic...

7CVSS6.8AI score0.01857EPSS
Exploits1References16Affected Software1
PyPA
PyPA
added 2 days ago5 views

Docassemble unauthorized access through URL manipulation

ImpactThe vulnerability allows attackers to gain unauthorized access to information on the system through URL manipulation. It affects versions 1.4.53 to 1.4.96. PatchesThe vulnerability has been patched in version 1.4.97 of the master branch. The Docker image on docker.io has been patched...

7.5CVSS6.9AI score0.69486EPSS
Exploits2References6Affected Software1
PyPA
PyPA
added 2 days ago4 views

Apache Airflow Celery provider Insertion of Sensitive Information into Log File vulnerability

Insertion of Sensitive Information into Log File vulnerability in Apache Airflow Celery provider, Apache Airflow.Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backendNote: thevulnerability is about the information exposed in the logs not abo...

7.5CVSS7AI score0.01203EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added 2 days ago2 views

JupyterLab vulnerable to SXSS in Markdown Preview

ImpactThe vulnerability depends on user interaction by opening a malicious notebook with Markdown cells, or Markdown file using JupyterLab preview feature.A malicious user can access any data that the attacked user has access to as well as perform arbitrary requests acting as the attacked user...

6.5CVSS6.7AI score0.00568EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added 2 days ago4 views

Information disclosure in AccessControl

ImpactPython's "format" functionality allows someone controlling the format string to "read" objects accessible recursively via attribute access and subscription from accessible objects. Those attribute accesses and subscriptions use Python's full blown getattr and getitem, not the policy...

7.7CVSS7.1AI score0.00519EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2 days ago4 views

Apache Airflow missing Certificate Validation

Apache Airflow SMTP Provider before 1.3.0, Apache Airflow IMAP Provider before 3.3.0, andApache Airflow before 2.7.0 are affected by theValidation of OpenSSL Certificate vulnerability.The default SSL context with SSL library did not check a server's X.509certificate. Instead, the code accepted an...

5.9CVSS6.4AI score0.00594EPSS
Exploits0References12Affected Software1
PyPA
PyPA
added 2 days ago4 views

Apache Airflow CNCF Kubernetes provider, Apache Airflow: Kubernetes configuration file saved without encryption in the Metadata and logged as plain text in the Triggerer service

Since version 5.2.0, when using deferrable mode with the path of a Kubernetes configuration file for authentication, the Airflow worker serializes this configuration file as a dictionary and sends it to the triggerer by storing it in metadata without any encryption. Additionally, if used with an...

6.5CVSS6.6AI score0.00381EPSS
Exploits0References9Affected Software1
PyPA
PyPA
added 2 days ago4 views

JupyterLab vulnerable to potential authentication and CSRF tokens leak

ImpactUsers of JupyterLab who click on a malicious link may get their Authorization and XSRFToken tokens exposed to a third party when running an older jupyter-server version. PatchesJupyterLab 4.1.0b2, 4.0.11, and 3.6.7 were patched. WorkaroundsNo workaround has been identified, however users...

7.6CVSS6.7AI score0.00665EPSS
Exploits0References9Affected Software1
PyPA
PyPA
added 2 days ago4 views

Authenticated Local Privilege Escalation vulnerability in Intel Optimization for Tensorflow

Improper buffer restrictions in the IntelR Optimization for Tensorflow software before version 2.12 may allow an authenticated user to potentially enable escalation of privilege via local access...

7.8CVSS7AI score0.00152EPSS
Exploits0References4Affected Software1
PyPA
PyPA
added 2 days ago3 views

Apache Airflow ODBC Provider, Apache Airflow MSSQL Provider Improper Input Validation vulnerability

Input Validation vulnerability in Apache Software Foundation Apache Airflow ODBC Provider, Apache Software Foundation Apache Airflow MSSQL Provider.Thisvulnerability is considered low since it requires DAG code to use getsqlalchemyconnection and someone with access to connection resources...

4.3CVSS6.1AI score0.01263EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added 2 days ago3 views

pypdf and PyPDF2 possible Infinite Loop when a comment isn't followed by a character

ImpactAn attacker who uses this vulnerability can craft a PDF which leads to an infinite loop if parsecontentstream is executed. This infinite loop blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. That is, for example, the case if the...

6.2CVSS6.3AI score0.00352EPSS
Exploits1References9Affected Software1
PyPA
PyPA
added 2 days ago4 views

TensorFlow Denial of Service vulnerability

ImpactA malicious invalid input crashes a tensorflow model Check Failed and can be used to trigger a denial of service attack.To minimize the bug, we built a simple single-layer TensorFlow model containing a Convolution3DTranspose layer, which works well with expected inputs and can be deployed i...

6.5CVSS6.7AI score0.00432EPSS
Exploits1References7Affected Software1
PyPA
PyPA
added 2 days ago4 views

Apache Airflow missing Certificate Validation

Apache Airflow SMTP Provider before 1.3.0, Apache Airflow IMAP Provider before 3.3.0, andApache Airflow before 2.7.0 are affected by theValidation of OpenSSL Certificate vulnerability.The default SSL context with SSL library did not check a server's X.509certificate. Instead, the code accepted an...

5.9CVSS6.4AI score0.00594EPSS
Exploits0References12Affected Software1
PyPA
PyPA
added 2 days ago5 views

Authenticated Local Privilege Escalation vulnerability in Intel Optimization for Tensorflow

Improper buffer restrictions in the IntelR Optimization for Tensorflow software before version 2.12 may allow an authenticated user to potentially enable escalation of privilege via local access...

7.8CVSS7AI score0.00152EPSS
Exploits0References4Affected Software1
PyPA
PyPA
added 2 days ago4 views

TensorFlow vulnerable to seg fault in `tf.raw_ops.Print`

ImpactWhen the parameter summarize of tf.rawops.Print is zero, the new method SummarizeArray will reference to a nullptr, leading to a seg fault.pythonimport tensorflow as tftf.rawops.Printinput = tf.constant1, 1, 1, 1,dtype=tf.int32, data = False, False, False, False, False, False, False, False,...

7.5CVSS6.6AI score0.00391EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2 days ago7 views

TensorFlow vulnerable to Out-of-Bounds Read in DynamicStitch

ImpactIf the parameter indices for DynamicStitch does not match the shape of the parameter data, it can trigger an stack OOB read.pythonimport tensorflow as tffunc = tf.rawops.DynamicStitchpara='indices': 0xdeadbeef, 405, 519, 758, 1015, 'data': 110.27793884277344, 120.29475402832031,...

7.5CVSS6.6AI score0.00391EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2 days ago3 views

TensorFlow has Null Pointer Error in TensorArrayConcatV2

ImpactWhen ctx-stepcontainter is a null ptr, the Lookup function will be executed with a null pointer.pythonimport tensorflow as tftf.rawops.TensorArrayConcatV2handle='a', 'b', flowin = 0.1, dtype=tf.int32, elementshapeexcept0=1 PatchesWe have patched the issue in GitHub commit...

7.5CVSS6.6AI score0.00391EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2 days ago4 views

TensorFlow vulnerable to integer overflow in EditDistance

ImpactTFversion 2.11.0 //tensorflow/core/ops/arrayops.cc:1067 const Tensor hypothesisshapet = c-inputtensor2; std::vector dimshypothesisshapet-NumElements - 1; for int i = 0; i MakeDimstd::maxhvaluesi, tvaluesi; if hypothesisshapet is empty, hypothesisshapet-NumElements - 1 will be integer...

7.5CVSS6.6AI score0.00391EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2 days ago4 views

TensorFlow vulnerable to Out-of-Bounds Read in DynamicStitch

ImpactIf the parameter indices for DynamicStitch does not match the shape of the parameter data, it can trigger an stack OOB read.pythonimport tensorflow as tffunc = tf.rawops.DynamicStitchpara='indices': 0xdeadbeef, 405, 519, 758, 1015, 'data': 110.27793884277344, 120.29475402832031,...

7.5CVSS6.6AI score0.00391EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2 days ago3 views

TensorFlow vulnerable to seg fault in `tf.raw_ops.Print`

ImpactWhen the parameter summarize of tf.rawops.Print is zero, the new method SummarizeArray will reference to a nullptr, leading to a seg fault.pythonimport tensorflow as tftf.rawops.Printinput = tf.constant1, 1, 1, 1,dtype=tf.int32, data = False, False, False, False, False, False, False, False,...

7.5CVSS6.6AI score0.00391EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2 days ago3 views

TensorFlow has Heap-buffer-overflow in AvgPoolGrad

Impactpythonimport osos.environ'TFENABLEONEDNNOPTS' = '0'import tensorflow as tfprinttf.versionwith tf.device"CPU": ksize = 1, 40, 128, 1 strides = 1, 128, 128, 30 padding = "SAME" dataformat = "NHWC" originputshape = 11, 9, 78, 9 grad = tf.saturatecasttf.random.uniform16, 16, 16, 16, minval=-128...

9.8CVSS6.6AI score0.00415EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2 days ago3 views

TensorFlow vulnerable to integer overflow in EditDistance

ImpactTFversion 2.11.0 //tensorflow/core/ops/arrayops.cc:1067 const Tensor hypothesisshapet = c-inputtensor2; std::vector dimshypothesisshapet-NumElements - 1; for int i = 0; i MakeDimstd::maxhvaluesi, tvaluesi; if hypothesisshapet is empty, hypothesisshapet-NumElements - 1 will be integer...

7.5CVSS6.6AI score0.00391EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2 days ago4 views

TensorFlow has Null Pointer Error in TensorArrayConcatV2

ImpactWhen ctx-stepcontainter is a null ptr, the Lookup function will be executed with a null pointer.pythonimport tensorflow as tftf.rawops.TensorArrayConcatV2handle='a', 'b', flowin = 0.1, dtype=tf.int32, elementshapeexcept0=1 PatchesWe have patched the issue in GitHub commit...

7.5CVSS6.6AI score0.00391EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2 days ago3 views

TensorFlow has Null Pointer Error in SparseSparseMaximum

ImpactWhen SparseSparseMaximum is given invalid sparse tensors as inputs, it can give an NPE. pythonimport tensorflow as tftf.rawops.SparseSparseMaximum aindices=1, avalues = 0.1 , ashape = 2, bindices=, bvalues =2 , bshape = 2, PatchesWe have patched the issue in GitHub commit...

7.5CVSS6.6AI score0.00439EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added 2 days ago3 views

TensorFlow has Floating Point Exception in AudioSpectrogram

Impactversion:2.11.0 //core/ops/audioops.cc:70Status SpectrogramShapeFnInferenceContext c ShapeHandle input; TFRETURNIFERRORc-WithRankc-input0, 2, ; int32t windowsize; TFRETURNIFERRORc-GetAttr"windowsize", size; int32t stride; TFRETURNIFERRORc-GetAttr"stride", ; .....1DimensionHandle inputlength ...

7.5CVSS6.6AI score0.00383EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2 days ago4 views

TensorFlow vulnerable to segfault when opening multiframe gif

ImpactInteger overflow occurs when 2^31 = numframes height width channels 2^32, for example Full HD screencast of at least 346 frames.pythonimport urllib.requestdat =...

7.5CVSS6.7AI score0.00305EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2 days ago4 views

TensorFlow has Floating Point Exception in AvgPoolGrad with XLA

ImpactIf the stride and window size are not positive for tf.rawops.AvgPoolGrad, it can give an FPE.pythonimport tensorflow as tfimport numpy as [email protected]=Truedef test: y = tf.rawops.AvgPoolGradoriginputshape=1,0,0,0, grad=0.39117979, ksize=1,0,0,0, strides=1,0,0,0, padding="SAME",...

7.5CVSS6.6AI score0.00391EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2 days ago3 views

TensorFlow has Floating Point Exception in AudioSpectrogram

Impactversion:2.11.0 //core/ops/audioops.cc:70Status SpectrogramShapeFnInferenceContext c ShapeHandle input; TFRETURNIFERRORc-WithRankc-input0, 2, ; int32t windowsize; TFRETURNIFERRORc-GetAttr"windowsize", size; int32t stride; TFRETURNIFERRORc-GetAttr"stride", ; .....1DimensionHandle inputlength ...

7.5CVSS6.6AI score0.00383EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2 days ago3 views

TensorFlow vulnerable to segfault when opening multiframe gif

ImpactInteger overflow occurs when 2^31 = numframes height width channels 2^32, for example Full HD screencast of at least 346 frames.pythonimport urllib.requestdat =...

7.5CVSS6.7AI score0.00305EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2 days ago4 views

TensorFlow has Floating Point Exception in AvgPoolGrad with XLA

ImpactIf the stride and window size are not positive for tf.rawops.AvgPoolGrad, it can give an FPE.pythonimport tensorflow as tfimport numpy as [email protected]=Truedef test: y = tf.rawops.AvgPoolGradoriginputshape=1,0,0,0, grad=0.39117979, ksize=1,0,0,0, strides=1,0,0,0, padding="SAME",...

7.5CVSS6.6AI score0.00391EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2 days ago4 views

TensorFlow has Null Pointer Error in QuantizedMatMulWithBiasAndDequantize

ImpactNPE in QuantizedMatMulWithBiasAndDequantize with MKL enable pythonimport tensorflow as tffunc = tf.rawops.QuantizedMatMulWithBiasAndDequantizepara='a': tf.constant138, dtype=tf.quint8, 'b': tf.constant4, dtype=tf.qint8, 'bias': 31.81644630432129, 47.21876525878906, 109.95201110839844,...

7.5CVSS6.6AI score0.00391EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2 days ago3 views

TensorFlow has Null Pointer Error in SparseSparseMaximum

ImpactWhen SparseSparseMaximum is given invalid sparse tensors as inputs, it can give an NPE. pythonimport tensorflow as tftf.rawops.SparseSparseMaximum aindices=1, avalues = 0.1 , ashape = 2, bindices=, bvalues =2 , bshape = 2, PatchesWe have patched the issue in GitHub commit...

7.5CVSS6.6AI score0.00439EPSS
Exploits1References6Affected Software1
PyPA
PyPA
added 2 days ago3 views

TensorFlow has Floating Point Exception in TensorListSplit with XLA

ImpactFPE in TensorListSplit with XLA pythonimport tensorflow as tffunc = tf.rawops.TensorListSplitpara = 'tensor': 1, 'elementshape': -1, 'lengths': [email protected]=Truedef fuzzjit: y = funcpara return yprintfuzzjit PatchesWe have patched the issue in GitHub commit...

7.5CVSS6.6AI score0.00391EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2 days ago3 views

TensorFlow has Floating Point Exception in TensorListSplit with XLA

ImpactFPE in TensorListSplit with XLA pythonimport tensorflow as tffunc = tf.rawops.TensorListSplitpara = 'tensor': 1, 'elementshape': -1, 'lengths': [email protected]=Truedef fuzzjit: y = funcpara return yprintfuzzjit PatchesWe have patched the issue in GitHub commit...

7.5CVSS6.6AI score0.00391EPSS
Exploits0References6Affected Software1
Total number of security vulnerabilities7035