CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-38671 – Heap buffer overflow in paddle.trace
https://notcve.org/view.php?id=CVE-2023-38671
26 Jul 2023 — Heap buffer overflow in paddle.trace in PaddlePaddle before 2.5.0. This flaw can lead to a denial of service, information disclosure, or more damage is possible. • https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-003.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-38670 – Null pointer dereference in paddle.flip
https://notcve.org/view.php?id=CVE-2023-38670
26 Jul 2023 — Null pointer dereference in paddle.flip in PaddlePaddle before 2.5.0. This resulted in a runtime crash and denial of service. • https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-002.md • CWE-476: NULL Pointer Dereference •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-38669
https://notcve.org/view.php?id=CVE-2023-38669
26 Jul 2023 — Use after free in paddle.diagonal in PaddlePaddle before 2.5.0. This resulted in a potentially exploitable condition. • https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-001.md • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-46742
https://notcve.org/view.php?id=CVE-2022-46742
07 Dec 2022 — Code injection in paddle.audio.functional.get_window in PaddlePaddle 2.4.0-rc0 allows arbitrary code execution. La inyección de código en paddle.audio.functional.get_window en PaddlePaddle 2.4.0-rc0 permite la ejecución de código arbitrario. • https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2022-002.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-46741
https://notcve.org/view.php?id=CVE-2022-46741
07 Dec 2022 — Out-of-bounds read in gather_tree in PaddlePaddle before 2.4. Lectura fuera de los límites en together_tree en PaddlePaddle antes de 2.4. • https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2022-001.md • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-45908
https://notcve.org/view.php?id=CVE-2022-45908
26 Nov 2022 — In PaddlePaddle before 2.4, paddle.audio.functional.get_window is vulnerable to code injection because it calls eval on a user-supplied winstr. This may lead to arbitrary code execution. En PaddlePaddle anterior a 2.4, paddle.audio.functional.get_window es vulnerable a la inyección de código porque llama a eval en un winstr proporcionado por el usuario. Esto puede provocar la ejecución de código arbitrario. • https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2022-002.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •