Lucene search
K

4602 matches found

PyPA
PyPA
•added 8 hours ago•3 views

TensorFlow has Null Pointer Error in LookupTableImportV2

ImpactThe function tf.rawops.LookupTableImportV2 cannot handle scalars in the values parameter and gives an NPE.pythonimport tensorflow as tfv = [email protected]=Truedef test: func = tf.rawops.LookupTableImportV2 para='tablehandle': v.handle,'keys': 62.98910140991211,...

7.5CVSS6.6AI score0.00358EPSS
Exploits0References6Affected Software1
PyPA
PyPA
•added 8 hours ago•3 views

TensorFlow has Floating Point Exception in TensorListSplit with XLA

ImpactFPE in TensorListSplit with XLA pythonimport tensorflow as tffunc = tf.rawops.TensorListSplitpara = 'tensor': 1, 'elementshape': -1, 'lengths': [email protected]=Truedef fuzzjit: y = funcpara return yprintfuzzjit PatchesWe have patched the issue in GitHub commit...

7.5CVSS6.6AI score0.00391EPSS
Exploits0References6Affected Software1
PyPA
PyPA
•added 8 hours ago•3 views

TensorFlow has Null Pointer Error in RandomShuffle with XLA enable

ImpactNPE in RandomShuffle with XLA enable pythonimport tensorflow as tffunc = tf.rawops.RandomShufflepara = 'value': 1e+20, 'seed': -4294967297, 'seed2': [email protected]=Truedef test: y = funcpara return ytest PatchesWe have patched the issue in GitHub commit...

7.5CVSS6.6AI score0.00391EPSS
Exploits0References6Affected Software1
PyPA
PyPA
•added 8 hours ago•4 views

tripleo-ansible may disclose important configuration details from an OpenStack deployment

A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the relevant directory and discover the file, leading to information disclosure of...

5.5CVSS6.4AI score0.00201EPSS
Exploits0References5Affected Software1
PyPA
PyPA
•added 8 hours ago•3 views

tripleo-ansible may disclose important configuration details from an OpenStack deployment

A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the relevant directory and discover the file. This issue leads to information...

5.5CVSS6.3AI score0.002EPSS
Exploits0References5Affected Software1
PyPA
PyPA
•added 8 hours ago•3 views

Apache HTTP Server via mod_proxy_uwsgi HTTP response smuggling

HTTP Response Smuggling vulnerability in Apache HTTP Server via modproxyuwsgi. This issue affects Apache HTTP Server from 2.4.30 through 2.4.55 and the uWSGI PyPI package prior to version 2.0.22. Special characters in the origin response header can truncate/split the response forwarded to the...

7.5CVSS7.1AI score0.02134EPSS
Exploits0References11Affected Software1
PyPA
PyPA
•added 8 hours ago•3 views

Saleor Unauthenticated Information Disclosure Vulnerability via Python Exceptions

ImpactSome internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like infrastructure details in unauthenticated requests.Affected versions: Saleor ≥ 2.0.0 WorkaroundsNone For more informationIf you hav...

5.3CVSS6.2AI score0.00751EPSS
Exploits0References11Affected Software1
PyPA
PyPA
•added 8 hours ago•3 views

Sentry SDK leaks sensitive session information when `sendDefaultPII` is set to `True`

ImpactWhen using the Django integration of the Sentry SDK in a specific configuration it is possible to leak sensitive cookies values, including the session cookie to Sentry. These sensitive cookies could then be used by someone with access to your Sentry issues to impersonate or escalate their...

7.6CVSS6.9AI score0.00641EPSS
Exploits0References7Affected Software1
PyPA
PyPA
•added 8 hours ago•3 views

TensorFlow vulnerable to Out-of-Bounds Read in GRUBlockCellGrad

ImpactOut of bounds read in GRUBlockCellGradpythonfunc = tf.rawops.GRUBlockCellGradpara = 'x': 21.1, 156.2, 83.3, 115.4, 'hprev': array136.5, 136.6, 'wru': array26.7, 0.8, 47.9, 26.1, 26.2, 26.3, 'wc': array 0.4, 31.5, 0.6, 'bru': array0.1, 0.2 , dtype=float32, 'bc': 0x41414141, 'r': array0.3, 0....

7.5CVSS7AI score0.00383EPSS
Exploits0References6Affected Software1
PyPA
PyPA
•added 8 hours ago•4 views

TensorFlow has null dereference on ParallelConcat with XLA

ImpactWhen running with XLA, tf.rawops.ParallelConcat segfaults with a nullptr dereference when given a parameter shape with rank that is not greater than zero.pythonimport tensorflow as tffunc = tf.rawops.ParallelConcatpara = 'shape': 0, 'values': [email protected]=Truedef test: y = funcpa...

7.5CVSS6.7AI score0.00391EPSS
Exploits0References6Affected Software1
PyPA
PyPA
•added 8 hours ago•3 views

openstack-neutron uncontrolled resource consumption flaw

An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user's quota. If a malicious user were to submit a significa...

6.5CVSS6.5AI score0.01056EPSS
Exploits0References12Affected Software1
PyPA
PyPA
•added 8 hours ago•3 views

TensorFlow has Floating Point Exception in TFLite in conv kernel

ImpactConstructing a tflite model with a paramater filterinputchannel of less than 1 gives a FPE. PatchesWe have patched the issue in GitHub commit 34f8368c535253f5c9cb3a303297743b62442aaa.The fix will be included in TensorFlow 2.12. We will also cherrypick this commit on TensorFlow 2.11.1. For...

7.5CVSS6.7AI score0.00391EPSS
Exploits0References6Affected Software1
PyPA
PyPA
•added 8 hours ago•3 views

TensorFlow has Segfault in Bincount with XLA

ImpactWhen running with XLA, tf.rawops.Bincount segfaults when given a parameter weights that is neither the same shape as parameter arr nor a length-0 tensor.pythonimport tensorflow as tffunc = tf.rawops.Bincountpara='arr': 6, 'size': 804, 'weights': 52, [email protected]=Truedef fuzzjit...

7.5CVSS6.7AI score0.00391EPSS
Exploits0References6Affected Software1
PyPA
PyPA
•added 8 hours ago•3 views

Saleor has Staff-Authenticated Error Message Information Disclosure Vulnerability via Python Exceptions

ImpactSome internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like user email address in staff-authenticated requests.This issue has been patched in versions 3.1.48, 3.7.59, 3.8.30, 3.9.27, 3.10.14...

6.5CVSS6.3AI score0.00817EPSS
Exploits0References12Affected Software1
PyPA
PyPA
•added 8 hours ago•3 views

Open redirect in web2py

Open redirect vulnerability exists in web2py versions prior to 2.23.1. When using the tool, a web2py user may be redirected to an arbitrary website by accessing a specially crafted URL. As a result, the user may become a victim of a phishing attack...

6.1CVSS6.3AI score0.02382EPSS
Exploits1References6Affected Software1
PyPA
PyPA
•added 8 hours ago•4 views

TensorFlow has double free in Fractional(Max/Avg)Pool

Impactnnops.fractionalavgpoolv2 and nnops.fractionalmaxpoolv2 require the first and fourth elements of their parameter poolingratio to be equal to 1.0, as pooling on batch and channel dimensions is not supported.pythonimport tensorflow as tfimport osimport numpy as npfrom tensorflow.python.ops...

8CVSS6.7AI score0.00148EPSS
Exploits0References6Affected Software1
PyPA
PyPA
•added 8 hours ago•3 views

Cross-site Scripting in django-ajax-utilities

A vulnerability was found in Mobile Vikings Django AJAX Utilities and classified as problematic. This issue affects the function Pagination of the file djangoajax/static/ajax-utilities/js/pagination.js of the component Backslash Handler. The manipulation of the argument url leads to cross site...

6.1CVSS3.8AI score0.00564EPSS
Exploits0References8Affected Software1
PyPA
PyPA
•added 8 hours ago•3 views

Path traversal in binwalk

A path traversal vulnerability was identified in ReFirm Labs binwalk from version 2.1.2b through 2.3.3 inclusive. By crafting a malicious PFS filesystem file, an attacker can get binwalk's PFS extractor to extract files at arbitrary locations when binwalk is run in extraction mode -e option. Remo...

7.8CVSS7.3AI score0.21845EPSS
Exploits8References7Affected Software1
PyPA
PyPA
•added 8 hours ago•3 views

Vulnerable OpenSSL included in cryptography wheels

pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 0.8.1-39.0.0 are vulnerable to a security issue. More details about the vulnerabilities themselves can be found in https://www.openssl.org/news/secadv/20221213.txt and...

7.4CVSS6.9AI score0.59501EPSS
Exploits0References15Affected Software1
PyPA
PyPA
•added 8 hours ago•3 views

Apache Airflow AWS Provider Generates Error Message Containing Sensitive Information

Generation of Error Message Containing Sensitive Information vulnerability in the Apache Airflow AWS Provider. This issue affects Apache Airflow AWS Provider versions before 7.2.1...

7.5CVSS7.1AI score0.01499EPSS
Exploits0References6Affected Software1
PyPA
PyPA
•added 8 hours ago•3 views

Denial of service vulnerability on Password reset page

ImpactPrevious versions of Kiwi TCMS do not impose rate limits which makes it easier to attempt denial-of-service attacks against the Password reset page. An attacker could potentially send a large number of emails if they know the email addresses of users in Kiwi TCMS. Additionally that may stra...

7.5CVSS6.8AI score0.00908EPSS
Exploits0References8Affected Software1
PyPA
PyPA
•added 8 hours ago•5 views

No protection against brute-force attacks on login page

ImpactPrevious versions of Kiwi TCMS do not impose rate limits which makes it easier to attempt brute-force attacks against the login page. PatchesUsers should upgrade to v12.0 or later. WorkaroundsUsers may install and configure a rate-limiting proxy in front of Kiwi TCMS. For example nginx...

9.8CVSS7.2AI score0.00902EPSS
Exploits0References8Affected Software1
PyPA
PyPA
•added 8 hours ago•3 views

Improper Restriction of Excessive Authentication Attempts in modoboa

Improper Restriction of Excessive Authentication Attempts in GitHub repository modoboa/modoboa-installer prior to 2.0.4...

7.8CVSS7AI score0.00653EPSS
Exploits1References6Affected Software1
PyPA
PyPA
•added 8 hours ago•4 views

Improper Certificate Validation in pyload-ng

Improper Certificate Validation in GitHub repository pyload/pyload prior to 0.5.0b3.dev44...

7.4CVSS7AI score0.00526EPSS
Exploits1References6Affected Software1
PyPA
PyPA
•added 8 hours ago•3 views

Cross-site Scripting in pyload-ng

Cross-site Scripting XSS - Stored in GitHub repository pyload/pyload prior to 0.5.0b3.dev42...

9.6CVSS6.8AI score0.00822EPSS
Exploits1References6Affected Software1
PyPA
PyPA
•added 8 hours ago•3 views

OpenStack Swift XML external entities (XXE) Injection

An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data...

6.5CVSS6.9AI score0.01001EPSS
Exploits1References16Affected Software1
PyPA
PyPA
•added 8 hours ago•3 views

Apache AGE: Python and Golang drivers allow data manipulation and exposure due to SQL injection

There are issues with the AGE drivers for Golang and Python that enable SQL injections to occur. This impacts AGE for PostgreSQL 11 & AGE for PostgreSQL 12, all versions up-to-and-including 1.1.0, when using those drivers. The fix is to update to the latest Golang and Python drivers in addition t...

8.1CVSS7.1AI score0.00948EPSS
Exploits0References5Affected Software1
PyPA
PyPA
•added 8 hours ago•3 views

Improper Input Validation in pyload-ng

Improper Input Validation in GitHub repository pyload/pyload prior to 0.5.0b3.dev40...

7.5CVSS6.5AI score0.00816EPSS
Exploits1References6Affected Software1
PyPA
PyPA
•added 8 hours ago•4 views

Apache Airflow Google Provider Improper Input Validation vulnerability

Improper Input Validation vulnerability in the Apache Airflow Google Provider. This issue affects Apache Airflow Google Provider versions before 8.10.0...

7.5CVSS7.1AI score0.01826EPSS
Exploits0References6Affected Software1
PyPA
PyPA
•added 8 hours ago•3 views

OpenStack Cinder, glance, and Nova vulnerable to Path Traversal

An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that references a specific backing file path, a...

5.7CVSS6.8AI score0.01025EPSS
Exploits1References11Affected Software1
PyPA
PyPA
•added 8 hours ago•4 views

Path traversal in spotipy

SummaryIf a malicious URI is passed to the library, the library can be tricked into performing an operation on a different API endpoint than intended. DetailsThe code Spotipy uses to parse URIs and URLs accepts user data too liberally which allows a malicious user to insert arbitrary characters...

5.4CVSS6.1AI score0.00653EPSS
Exploits1References5Affected Software1
PyPA
PyPA
•added 8 hours ago•3 views

Apache Superset vulnerable to Cross-Site Request Forgery via legacy REST API endpoints

Two legacy REST API endpoints for approval and request access are vulnerable to cross site request forgery. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0...

8.8CVSS6.4AI score0.00567EPSS
Exploits0References5Affected Software1
PyPA
PyPA
•added 8 hours ago•3 views

Apache Superset's SQL Alchemy connector vulnerable to SQL Injection

A vulnerability in the SQL Alchemy connector of Apache Superset allows an authenticated user with read access to a specific database to add subqueries to the WHERE and HAVING fields referencing tables on the same database that the user should not have access to, despite the user having the featur...

5.4CVSS6.2AI score0.01194EPSS
Exploits0References5Affected Software1
PyPA
PyPA
•added 8 hours ago•3 views

nsupdate.info has Sensitive Cookie Without 'HttpOnly' Flag

A vulnerability classified as problematic has been found in nsupdate.info. This affects an unknown part of the file src/nsupdate/settings/base.py of the component CSRF Cookie Handler. The manipulation of the argument CSRFCOOKIEHTTPONLY leads to cookie without httponly flag. It is possible to...

5.3CVSS4.8AI score0.00612EPSS
Exploits0References8Affected Software1
PyPA
PyPA
•added 8 hours ago•3 views

Pyload contains Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository pyload/pyload prior to 0.5.0b3.dev32. The Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the user agent to send those cookies in plaintext over an HTTP session. This issue is...

5.3CVSS6AI score0.00436EPSS
Exploits1References6Affected Software1
PyPA
PyPA
•added 8 hours ago•3 views

Apache Superset vulnerable to Cross-site Scripting

Dashboard rendering does not sufficiently sanitize the content of markdown components leading to possible XSS attack vectors that can be performed by authenticated users with create dashboard permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0...

5.4CVSS6.1AI score0.0124EPSS
Exploits0References5Affected Software1
PyPA
PyPA
•added 8 hours ago•3 views

Apache Superset has Improper Access Control

When explicitly enabling the feature flag DASHBOARDCACHE disabled by default, the system allowed for an unauthenticated user to access dashboard configuration metadata using a REST API Get endpoint. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0...

5.3CVSS6.1AI score0.01229EPSS
Exploits0References5Affected Software1
PyPA
PyPA
•added 8 hours ago•4 views

Apache Superset vulnerable to Injection

An authenticated attacker with write CSS template permissions can create a record with specific HTML tags that will not get properly escaped by the toast message displayed when a user deletes that specific CSS template record. This issue affects Apache Superset version 1.5.2 and prior versions an...

5.4CVSS6.2AI score0.01243EPSS
Exploits0References5Affected Software1
PyPA
PyPA
•added 8 hours ago•3 views

pgAdmin 4 Open Redirect vulnerability

Open redirect vulnerability in pgAdmin 4 versions prior to v6.14 allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL...

6.1CVSS6.3AI score0.0091EPSS
Exploits0References9Affected Software1
PyPA
PyPA
•added 8 hours ago•3 views

pyLoad vulnerable to Improper Restriction of Rendered UI Layers or Frames

Improper Restriction of Rendered UI Layers or Frames in GitHub repository pyload/pyload prior to 0.5.0b3.dev33...

6.1CVSS6AI score0.00456EPSS
Exploits0References6Affected Software1
PyPA
PyPA
•added 8 hours ago•5 views

Graphite Web Cross-site Scripting vulnerability

A vulnerability was found in Graphite Web and classified as problematic. This issue affects some unknown processing of the component Template Name Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be...

5.4CVSS3.8AI score0.00733EPSS
Exploits1References8Affected Software1
PyPA
PyPA
•added 8 hours ago•3 views

Apache Superset is vulnerable to Cross-Site Scripting (XSS)

Upload data forms do not correctly render user input leading to possible XSS attack vectors that can be performed by authenticated users with database connection update permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0...

5.4CVSS6.1AI score0.01302EPSS
Exploits0References5Affected Software1
PyPA
PyPA
•added 8 hours ago•3 views

Pyload Insufficient Session Expiration vulnerability

Pyload 0.5.0b3.dev35 has an Insufficient Session Expiration vulnerability. A patch is available and anticipated to be part of version 0.5.0b3.dev36...

8.3CVSS6.8AI score0.00655EPSS
Exploits1References6Affected Software1
PyPA
PyPA
•added 8 hours ago•3 views

sviehb/jefferson vulnerable to path traversal

A vulnerability has been found in the sviehb/jefferson JFFS2 filesystem extraction tool. This vulnerability affects unknown code of the file src/scripts/jefferson. The manipulation leads to path traversal. The attack can be initiated remotely. Upgrading to version 0.4 is able to address this issu...

7.5CVSS5.7AI score0.0074EPSS
Exploits0References9Affected Software1
PyPA
PyPA
•added 8 hours ago•4 views

Apache Superset Open Redirect vulnerability

An authenticated attacker with update datasets permission could change a dataset link to an untrusted site, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0...

5.4CVSS6AI score0.00994EPSS
Exploits0References5Affected Software1
PyPA
PyPA
•added 8 hours ago•7 views

Graphite Web Cross-site Scripting vulnerability

A vulnerability was found in Graphite Web. It has been classified as problematic. Affected is an unknown function of the component Absolute Time Range Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the publi...

5.4CVSS3.9AI score0.00765EPSS
Exploits1References8Affected Software1
PyPA
PyPA
•added 8 hours ago•3 views

binwalk vulnerable to UNIX Symbolic Link (Symlink) Following

A vulnerability, which was classified as problematic, was found in ReFirm Labs binwalk up to 2.3.2. Affected is an unknown function of the file src/binwalk/modules/extractor.py of the component Archive Extraction Handler. The manipulation leads to symlink following. It is possible to launch the...

6.5CVSS5.3AI score0.01933EPSS
Exploits0References9Affected Software1
PyPA
PyPA
•added 8 hours ago•2 views

OS Command Injection in Apache Airflow

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Apache Airflow Hive Provider, Apache Airflow allows an attacker to execute arbtrary commands in the task execution context, without write access to DAG files. This issue affects Hive Provider...

7.8CVSS7.3AI score0.01753EPSS
Exploits0References6Affected Software1
PyPA
PyPA
•added 8 hours ago•2 views

Tensorflow vulnerable to Out-of-Bounds Read

ImpactWhen the BaseCandidateSamplerOp function receives a value in trueclasses larger than rangemax, a heap oob vuln occurs.pythontf.rawops.ThreadUnsafeUnigramCandidateSampler trueclasses=0x100000,1, numtrue = 2, numsampled = 2, unique = False, rangemax = 2, seed = 2, seed2 = 2 PatchesWe have...

9.1CVSS7.1AI score0.0038EPSS
Exploits1References7Affected Software1
PyPA
PyPA
•added 8 hours ago•2 views

pyRdfa3 Cross-site Scripting vulnerability

A vulnerability was found in RDFlib pyrdfa3 and classified as problematic. This issue affects the function getoption of the file pyRdfa/init.py. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the patch is ffd1d62dd50d5f4190013b39cedcdfbd81f3ce3e...

5.4CVSS4AI score0.0056EPSS
Exploits0References8Affected Software1
Total number of security vulnerabilities4602