CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0818
https://notcve.org/view.php?id=CVE-2024-0818
07 Mar 2024 — Arbitrary File Overwrite Via Path Traversal in paddlepaddle/paddle before 2.6 Sobrescritura arbitraria de archivos mediante path traversal en paddlepaddle/paddle antes de 2.6 • https://huntr.com/bounties/85b06a1b-ac0b-4096-a06d-330891570cd9 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-0917
https://notcve.org/view.php?id=CVE-2024-0917
07 Mar 2024 — remote code execution in paddlepaddle/paddle 2.6.0 ejecución remota de código en paddlepaddle/paddle 2.6.0 • https://huntr.com/bounties/2d840735-e255-4700-9709-6f7361829119 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-0815
https://notcve.org/view.php?id=CVE-2024-0815
07 Mar 2024 — Command injection in paddle.utils.download._wget_download (bypass filter) in paddlepaddle/paddle 2.6.0 Inyección de comando en paddle.utils.download._wget_download (filtro de derivación) en paddlepaddle/paddle 2.6.0 • https://huntr.com/bounties/83bf8191-b259-4b24-8ec9-0115d7c05350 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0817
https://notcve.org/view.php?id=CVE-2024-0817
07 Mar 2024 — Command injection in IrGraph.draw in paddlepaddle/paddle 2.6.0 Inyección de comando en IrGraph.draw en paddlepaddle/paddle 2.6.0 • https://huntr.com/bounties/44d5cbd9-a046-417b-a8d4-bea6fda9cbe3 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52314 – Command injection in convert_shape_compare
https://notcve.org/view.php?id=CVE-2023-52314
03 Jan 2024 — PaddlePaddle before 2.6.0 has a command injection in convert_shape_compare. This resulted in the ability to execute arbitrary commands on the operating system. PaddlePaddle anterior a 2.6.0 tiene una inyección de comando en convert_shape_compare. Esto resultó en la capacidad de ejecutar comandos arbitrarios en el sistema operativo. • https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-023.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52313 – FPE in paddle.argmin and paddle.argmax
https://notcve.org/view.php?id=CVE-2023-52313
03 Jan 2024 — FPE in paddle.argmin and paddle.argmax in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. FPE en paddle.argmin y paddle.argmax en PaddlePaddle antes de 2.6.0. Este fallo puede provocar un bloqueo del tiempo de ejecución y una denegación de servicio. FPE in paddle.argmin and paddle.argmax in PaddlePaddle before 2.6.0. • https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-022.md • CWE-369: Divide By Zero •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52312 – Null pointer dereference in paddle.crop
https://notcve.org/view.php?id=CVE-2023-52312
03 Jan 2024 — Nullptr dereference in paddle.crop in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. Desreferencia de puntero NULL en paddle.crop en PaddlePaddle antes de 2.6.0. Esta falla puede provocar un bloqueo del tiempo de ejecución y una denegación de servicio. Nullptr dereference in paddle.crop in PaddlePaddle before 2.6.0. • https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-021.md • CWE-476: NULL Pointer Dereference •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52311 – Command injection in _wget_download
https://notcve.org/view.php?id=CVE-2023-52311
03 Jan 2024 — PaddlePaddle before 2.6.0 has a command injection in _wget_download. This resulted in the ability to execute arbitrary commands on the operating system. PaddlePaddle anterior a 2.6.0 tiene una inyección de comando en _wget_download. Esto resultó en la capacidad de ejecutar comandos arbitrarios en el sistema operativo. • https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-020.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52310 – Command injection in get_online_pass_interval
https://notcve.org/view.php?id=CVE-2023-52310
03 Jan 2024 — PaddlePaddle before 2.6.0 has a command injection in get_online_pass_interval. This resulted in the ability to execute arbitrary commands on the operating system. PaddlePaddle anterior a 2.6.0 tiene una inyección de comando en get_online_pass_interval. Esto resultó en la capacidad de ejecutar comandos arbitrarios en el sistema operativo. • https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-019.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52309 – Heap buffer overflow in paddle.repeat_interleave
https://notcve.org/view.php?id=CVE-2023-52309
03 Jan 2024 — Heap buffer overflow in paddle.repeat_interleave in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, information disclosure, or more damage is possible. desbordamiento de búfer de almacenamiento dinámico en paddle.repeat_interleave en PaddlePaddle antes de 2.6.0. Esta falla puede provocar una denegación de servicio, divulgación de información o es posible que se produzcan más daños. Heap buffer overflow in paddle.repeat_interleave in PaddlePaddle before 2.6.0. This flaw can lead to a de... • https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-018.md • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •