Vendor CVEs
PaddlePaddle
All CVEs
31 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-1603 | 0.00 | — | 0.00 | Mar 23, 2024 | paddlepaddle/paddle 2.6.0 allows arbitrary file read via paddle.vision.ops.read_file. | |||
| CVE-2024-0818 | 0.00 | — | 0.00 | Mar 7, 2024 | Arbitrary File Overwrite Via Path Traversal in paddlepaddle/paddle before 2.6 | |||
| CVE-2024-0917 | 0.00 | — | 0.02 | Mar 7, 2024 | remote code execution in paddlepaddle/paddle 2.6.0 | |||
| CVE-2024-0815 | 0.00 | — | 0.00 | Mar 7, 2024 | Command injection in paddle.utils.download._wget_download (bypass filter) in paddlepaddle/paddle 2.6.0 | |||
| CVE-2024-0817 | 0.00 | — | 0.00 | Mar 7, 2024 | Command injection in IrGraph.draw in paddlepaddle/paddle 2.6.0 | |||
| CVE-2024-0521 | 0.00 | — | 0.00 | Jan 20, 2024 | Code Injection in paddlepaddle/paddle | |||
| CVE-2023-52314 | 0.00 | — | 0.00 | Jan 3, 2024 | PaddlePaddle before 2.6.0 has a command injection in convert_shape_compare. This resulted in the ability to execute arbitrary commands on the operating system. | |||
| CVE-2023-52313 | 0.00 | — | 0.00 | Jan 3, 2024 | FPE in paddle.argmin and paddle.argmax in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. | |||
| CVE-2023-52312 | 0.00 | — | 0.00 | Jan 3, 2024 | Nullptr dereference in paddle.crop in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. | |||
| CVE-2023-52311 | 0.00 | — | 0.00 | Jan 3, 2024 | PaddlePaddle before 2.6.0 has a command injection in _wget_download. This resulted in the ability to execute arbitrary commands on the operating system. | |||
| CVE-2023-52310 | 0.00 | — | 0.00 | Jan 3, 2024 | PaddlePaddle before 2.6.0 has a command injection in get_online_pass_interval. This resulted in the ability to execute arbitrary commands on the operating system. | |||
| CVE-2023-52309 | 0.00 | — | 0.00 | Jan 3, 2024 | Heap buffer overflow in paddle.repeat_interleave in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, information disclosure, or more damage is possible. | |||
| CVE-2023-52308 | 0.00 | — | 0.00 | Jan 3, 2024 | FPE in paddle.amin in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. | |||
| CVE-2023-52307 | 0.00 | — | 0.00 | Jan 3, 2024 | Stack overflow in paddle.linalg.lu_unpack in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, or even more damage. | |||
| CVE-2023-52306 | 0.00 | — | 0.00 | Jan 3, 2024 | FPE in paddle.lerp in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. | |||
| CVE-2023-52305 | 0.00 | — | 0.00 | Jan 3, 2024 | FPE in paddle.topk in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. | |||
| CVE-2023-52304 | 0.00 | — | 0.00 | Jan 3, 2024 | Stack overflow in paddle.searchsorted in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, or even more damage. | |||
| CVE-2023-52303 | 0.00 | — | 0.00 | Jan 3, 2024 | Nullptr in paddle.put_along_axis in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. | |||
| CVE-2023-52302 | 0.00 | — | 0.00 | Jan 3, 2024 | Nullptr in paddle.nextafter in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. | |||
| CVE-2023-38678 | 0.00 | — | 0.00 | Jan 3, 2024 | OOB access in paddle.mode in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. | |||
| CVE-2023-38677 | 0.00 | — | 0.00 | Jan 3, 2024 | FPE in paddle.linalg.eig in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. | |||
| CVE-2023-38676 | 0.00 | — | 0.00 | Jan 3, 2024 | Nullptr in paddle.dot in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. | |||
| CVE-2023-38675 | 0.00 | — | 0.00 | Jan 3, 2024 | FPE in paddle.linalg.matrix_rank in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. | |||
| CVE-2023-38674 | 0.00 | — | 0.00 | Jan 3, 2024 | FPE in paddle.nanmedian in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. | |||
| CVE-2023-38673 | 0.00 | — | 0.00 | Jul 26, 2023 | PaddlePaddle before 2.5.0 has a command injection in fs.py. This resulted in the ability to execute arbitrary commands on the operating system. | |||
| CVE-2023-38672 | 0.00 | — | 0.00 | Jul 26, 2023 | FPE in paddle.trace in PaddlePaddle before 2.5.0. This flaw can cause a runtime crash and a denial of service. | |||
| CVE-2023-38671 | 0.00 | — | 0.01 | Jul 26, 2023 | Heap buffer overflow in paddle.trace in PaddlePaddle before 2.5.0. This flaw can lead to a denial of service, information disclosure, or more damage is possible. | |||
| CVE-2023-38670 | 0.00 | — | 0.00 | Jul 26, 2023 | Null pointer dereference in paddle.flip in PaddlePaddle before 2.5.0. This resulted in a runtime crash and denial of service. | |||
| CVE-2023-38669 | 0.00 | — | 0.00 | Jul 26, 2023 | Use after free in paddle.diagonal in PaddlePaddle before 2.5.0. This resulted in a potentially exploitable condition. | |||
| CVE-2022-46742 | 0.00 | — | 0.01 | Dec 7, 2022 | Code injection in paddle.audio.functional.get_window in PaddlePaddle 2.4.0-rc0 allows arbitrary code execution. | |||
| CVE-2022-46741 | 0.00 | — | 0.00 | Dec 7, 2022 | Out-of-bounds read in gather_tree in PaddlePaddle before 2.4. |
- CVE-2024-1603Mar 23, 2024risk 0.00cvss —epss 0.00
paddlepaddle/paddle 2.6.0 allows arbitrary file read via paddle.vision.ops.read_file.
- CVE-2024-0818Mar 7, 2024risk 0.00cvss —epss 0.00
Arbitrary File Overwrite Via Path Traversal in paddlepaddle/paddle before 2.6
- CVE-2024-0917Mar 7, 2024risk 0.00cvss —epss 0.02
remote code execution in paddlepaddle/paddle 2.6.0
- CVE-2024-0815Mar 7, 2024risk 0.00cvss —epss 0.00
Command injection in paddle.utils.download._wget_download (bypass filter) in paddlepaddle/paddle 2.6.0
- CVE-2024-0817Mar 7, 2024risk 0.00cvss —epss 0.00
Command injection in IrGraph.draw in paddlepaddle/paddle 2.6.0
- CVE-2024-0521Jan 20, 2024risk 0.00cvss —epss 0.00
Code Injection in paddlepaddle/paddle
- CVE-2023-52314Jan 3, 2024risk 0.00cvss —epss 0.00
PaddlePaddle before 2.6.0 has a command injection in convert_shape_compare. This resulted in the ability to execute arbitrary commands on the operating system.
- CVE-2023-52313Jan 3, 2024risk 0.00cvss —epss 0.00
FPE in paddle.argmin and paddle.argmax in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
- CVE-2023-52312Jan 3, 2024risk 0.00cvss —epss 0.00
Nullptr dereference in paddle.crop in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
- CVE-2023-52311Jan 3, 2024risk 0.00cvss —epss 0.00
PaddlePaddle before 2.6.0 has a command injection in _wget_download. This resulted in the ability to execute arbitrary commands on the operating system.
- CVE-2023-52310Jan 3, 2024risk 0.00cvss —epss 0.00
PaddlePaddle before 2.6.0 has a command injection in get_online_pass_interval. This resulted in the ability to execute arbitrary commands on the operating system.
- CVE-2023-52309Jan 3, 2024risk 0.00cvss —epss 0.00
Heap buffer overflow in paddle.repeat_interleave in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, information disclosure, or more damage is possible.
- CVE-2023-52308Jan 3, 2024risk 0.00cvss —epss 0.00
FPE in paddle.amin in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
- CVE-2023-52307Jan 3, 2024risk 0.00cvss —epss 0.00
Stack overflow in paddle.linalg.lu_unpack in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, or even more damage.
- CVE-2023-52306Jan 3, 2024risk 0.00cvss —epss 0.00
FPE in paddle.lerp in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
- CVE-2023-52305Jan 3, 2024risk 0.00cvss —epss 0.00
FPE in paddle.topk in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
- CVE-2023-52304Jan 3, 2024risk 0.00cvss —epss 0.00
Stack overflow in paddle.searchsorted in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, or even more damage.
- CVE-2023-52303Jan 3, 2024risk 0.00cvss —epss 0.00
Nullptr in paddle.put_along_axis in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
- CVE-2023-52302Jan 3, 2024risk 0.00cvss —epss 0.00
Nullptr in paddle.nextafter in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
- CVE-2023-38678Jan 3, 2024risk 0.00cvss —epss 0.00
OOB access in paddle.mode in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
- CVE-2023-38677Jan 3, 2024risk 0.00cvss —epss 0.00
FPE in paddle.linalg.eig in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
- CVE-2023-38676Jan 3, 2024risk 0.00cvss —epss 0.00
Nullptr in paddle.dot in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
- CVE-2023-38675Jan 3, 2024risk 0.00cvss —epss 0.00
FPE in paddle.linalg.matrix_rank in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
- CVE-2023-38674Jan 3, 2024risk 0.00cvss —epss 0.00
FPE in paddle.nanmedian in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
- CVE-2023-38673Jul 26, 2023risk 0.00cvss —epss 0.00
PaddlePaddle before 2.5.0 has a command injection in fs.py. This resulted in the ability to execute arbitrary commands on the operating system.
- CVE-2023-38672Jul 26, 2023risk 0.00cvss —epss 0.00
FPE in paddle.trace in PaddlePaddle before 2.5.0. This flaw can cause a runtime crash and a denial of service.
- CVE-2023-38671Jul 26, 2023risk 0.00cvss —epss 0.01
Heap buffer overflow in paddle.trace in PaddlePaddle before 2.5.0. This flaw can lead to a denial of service, information disclosure, or more damage is possible.
- CVE-2023-38670Jul 26, 2023risk 0.00cvss —epss 0.00
Null pointer dereference in paddle.flip in PaddlePaddle before 2.5.0. This resulted in a runtime crash and denial of service.
- CVE-2023-38669Jul 26, 2023risk 0.00cvss —epss 0.00
Use after free in paddle.diagonal in PaddlePaddle before 2.5.0. This resulted in a potentially exploitable condition.
- CVE-2022-46742Dec 7, 2022risk 0.00cvss —epss 0.01
Code injection in paddle.audio.functional.get_window in PaddlePaddle 2.4.0-rc0 allows arbitrary code execution.
- CVE-2022-46741Dec 7, 2022risk 0.00cvss —epss 0.00
Out-of-bounds read in gather_tree in PaddlePaddle before 2.4.