PaddlePaddle
Products
2- 32 CVEs
- 1 CVE
Recent CVEs
33| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-0917 | Cri | 0.64 | 9.8 | 0.02 | Mar 7, 2024 | remote code execution in paddlepaddle/paddle 2.6.0 | ||
| CVE-2022-31523 | Cri | 0.61 | 9.3 | 0.01 | Jul 11, 2022 | The PaddlePaddle/Anakin repository through 0.1.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | ||
| CVE-2022-46742 | Cri | 0.58 | 10.0 | 0.01 | Dec 7, 2022 | Code injection in paddle.audio.functional.get_window in PaddlePaddle 2.4.0-rc0 allows arbitrary code execution. | ||
| CVE-2023-38673 | Cri | 0.56 | 9.6 | 0.02 | Jul 26, 2023 | PaddlePaddle before 2.5.0 has a command injection in fs.py. This resulted in the ability to execute arbitrary commands on the operating system. | ||
| CVE-2023-52314 | Cri | 0.55 | 9.6 | 0.01 | Jan 3, 2024 | PaddlePaddle before 2.6.0 has a command injection in convert_shape_compare. This resulted in the ability to execute arbitrary commands on the operating system. | ||
| CVE-2023-52311 | Cri | 0.55 | 9.6 | 0.01 | Jan 3, 2024 | PaddlePaddle before 2.6.0 has a command injection in _wget_download. This resulted in the ability to execute arbitrary commands on the operating system. | ||
| CVE-2023-52310 | Cri | 0.55 | 9.6 | 0.01 | Jan 3, 2024 | PaddlePaddle before 2.6.0 has a command injection in get_online_pass_interval. This resulted in the ability to execute arbitrary commands on the operating system. | ||
| CVE-2024-0818 | Cri | 0.52 | 9.1 | 0.01 | Mar 7, 2024 | Arbitrary File Overwrite Via Path Traversal in paddlepaddle/paddle before 2.6 | ||
| CVE-2024-0521 | Hig | 0.51 | 7.8 | 0.00 | Jan 20, 2024 | Code Injection in paddlepaddle/paddle | ||
| CVE-2024-0815 | Hig | 0.50 | 8.8 | 0.01 | Mar 7, 2024 | Command injection in paddle.utils.download._wget_download (bypass filter) in paddlepaddle/paddle 2.6.0 | ||
| CVE-2024-1603 | Hig | 0.49 | 7.5 | 0.01 | Mar 23, 2024 | paddlepaddle/paddle 2.6.0 allows arbitrary file read via paddle.vision.ops.read_file. | ||
| CVE-2023-38671 | Hig | 0.47 | 8.3 | 0.01 | Jul 26, 2023 | Heap buffer overflow in paddle.trace in PaddlePaddle before 2.5.0. This flaw can lead to a denial of service, information disclosure, or more damage is possible. | ||
| CVE-2023-38669 | Hig | 0.47 | 8.3 | 0.01 | Jul 26, 2023 | Use after free in paddle.diagonal in PaddlePaddle before 2.5.0. This resulted in a potentially exploitable condition. | ||
| CVE-2023-52309 | Hig | 0.46 | 8.2 | 0.01 | Jan 3, 2024 | Heap buffer overflow in paddle.repeat_interleave in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, information disclosure, or more damage is possible. | ||
| CVE-2023-52307 | Hig | 0.46 | 8.2 | 0.01 | Jan 3, 2024 | Stack overflow in paddle.linalg.lu_unpack in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, or even more damage. | ||
| CVE-2023-52304 | Hig | 0.46 | 8.2 | 0.01 | Jan 3, 2024 | Stack overflow in paddle.searchsorted in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, or even more damage. | ||
| CVE-2024-0817 | Hig | 0.44 | 7.8 | 0.01 | Mar 7, 2024 | Command injection in IrGraph.draw in paddlepaddle/paddle 2.6.0 | ||
| CVE-2022-46741 | Hig | 0.39 | 7.1 | 0.01 | Dec 7, 2022 | Out-of-bounds read in gather_tree in PaddlePaddle before 2.4. | ||
| CVE-2023-52313 | Med | 0.24 | 4.7 | 0.00 | Jan 3, 2024 | FPE in paddle.argmin and paddle.argmax in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. | ||
| CVE-2023-52312 | Med | 0.24 | 4.7 | 0.00 | Jan 3, 2024 | Nullptr dereference in paddle.crop in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. |
- risk 0.64cvss 9.8epss 0.02
remote code execution in paddlepaddle/paddle 2.6.0
- risk 0.61cvss 9.3epss 0.01
The PaddlePaddle/Anakin repository through 0.1.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
- risk 0.58cvss 10.0epss 0.01
Code injection in paddle.audio.functional.get_window in PaddlePaddle 2.4.0-rc0 allows arbitrary code execution.
- risk 0.56cvss 9.6epss 0.02
PaddlePaddle before 2.5.0 has a command injection in fs.py. This resulted in the ability to execute arbitrary commands on the operating system.
- risk 0.55cvss 9.6epss 0.01
PaddlePaddle before 2.6.0 has a command injection in convert_shape_compare. This resulted in the ability to execute arbitrary commands on the operating system.
- risk 0.55cvss 9.6epss 0.01
PaddlePaddle before 2.6.0 has a command injection in _wget_download. This resulted in the ability to execute arbitrary commands on the operating system.
- risk 0.55cvss 9.6epss 0.01
PaddlePaddle before 2.6.0 has a command injection in get_online_pass_interval. This resulted in the ability to execute arbitrary commands on the operating system.
- risk 0.52cvss 9.1epss 0.01
Arbitrary File Overwrite Via Path Traversal in paddlepaddle/paddle before 2.6
- risk 0.51cvss 7.8epss 0.00
Code Injection in paddlepaddle/paddle
- risk 0.50cvss 8.8epss 0.01
Command injection in paddle.utils.download._wget_download (bypass filter) in paddlepaddle/paddle 2.6.0
- risk 0.49cvss 7.5epss 0.01
paddlepaddle/paddle 2.6.0 allows arbitrary file read via paddle.vision.ops.read_file.
- risk 0.47cvss 8.3epss 0.01
Heap buffer overflow in paddle.trace in PaddlePaddle before 2.5.0. This flaw can lead to a denial of service, information disclosure, or more damage is possible.
- risk 0.47cvss 8.3epss 0.01
Use after free in paddle.diagonal in PaddlePaddle before 2.5.0. This resulted in a potentially exploitable condition.
- risk 0.46cvss 8.2epss 0.01
Heap buffer overflow in paddle.repeat_interleave in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, information disclosure, or more damage is possible.
- risk 0.46cvss 8.2epss 0.01
Stack overflow in paddle.linalg.lu_unpack in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, or even more damage.
- risk 0.46cvss 8.2epss 0.01
Stack overflow in paddle.searchsorted in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, or even more damage.
- risk 0.44cvss 7.8epss 0.01
Command injection in IrGraph.draw in paddlepaddle/paddle 2.6.0
- risk 0.39cvss 7.1epss 0.01
Out-of-bounds read in gather_tree in PaddlePaddle before 2.4.
- risk 0.24cvss 4.7epss 0.00
FPE in paddle.argmin and paddle.argmax in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
- risk 0.24cvss 4.7epss 0.00
Nullptr dereference in paddle.crop in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.