CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1603 – confirmed
https://notcve.org/view.php?id=CVE-2024-1603
23 Mar 2024 — paddlepaddle/paddle 2.6.0 allows arbitrary file read via paddle.vision.ops.read_file. paddlepaddle/paddle 2.6.0 permite la lectura de archivos arbitrarios a través de paddle.vision.ops.read_file. • https://huntr.com/bounties/7739eced-73a3-4a96-afcd-9c753c55929e • CWE-73: External Control of File Name or Path •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-0917
https://notcve.org/view.php?id=CVE-2024-0917
07 Mar 2024 — remote code execution in paddlepaddle/paddle 2.6.0 ejecución remota de código en paddlepaddle/paddle 2.6.0 • https://huntr.com/bounties/2d840735-e255-4700-9709-6f7361829119 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-0815
https://notcve.org/view.php?id=CVE-2024-0815
07 Mar 2024 — Command injection in paddle.utils.download._wget_download (bypass filter) in paddlepaddle/paddle 2.6.0 Inyección de comando en paddle.utils.download._wget_download (filtro de derivación) en paddlepaddle/paddle 2.6.0 • https://huntr.com/bounties/83bf8191-b259-4b24-8ec9-0115d7c05350 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0521 – Code Injection in paddlepaddle/paddle
https://notcve.org/view.php?id=CVE-2024-0521
20 Jan 2024 — Code Injection in paddlepaddle/paddle Inyección de código en paddlepaddle/paddle • https://huntr.com/bounties/a569c64b-1e2b-4bed-a19f-47fd5a3da453 • CWE-94: Improper Control of Generation of Code ('Code Injection') •