The PaddlePaddle/Anakin repository through 0.1.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
9.3CVSS
9.3AI Score
0.002EPSS
In PaddlePaddle before 2.4, paddle.audio.functional.get_window is vulnerable to code injection because it calls eval on a user-supplied winstr. This may lead to arbitrary code execution.
9.8CVSS
9.7AI Score
0.003EPSS
9.1CVSS
9.1AI Score
0.002EPSS
Code injection in paddle.audio.functional.get_window in PaddlePaddle 2.4.0-rc0 allows arbitrary code execution.
10CVSS
9.7AI Score
0.004EPSS
Use after free in paddle.diagonal in PaddlePaddle before 2.5.0. This resulted in a potentially exploitable condition.
9.8CVSS
9.7AI Score
0.002EPSS
Null pointer dereference in paddle.flip in PaddlePaddle before 2.5.0. This resulted in a runtime crash and denial of service.
7.5CVSS
7.3AI Score
0.001EPSS
Heap buffer overflow in paddle.trace in PaddlePaddle before 2.5.0. This flaw can lead to a denial of service, information disclosure, or more damage is possible.
9.8CVSS
9.4AI Score
0.002EPSS
FPE in paddle.trace in PaddlePaddle before 2.5.0. This flaw can cause a runtime crash and a denial of service.
7.5CVSS
7.3AI Score
0.001EPSS
PaddlePaddle before 2.5.0 has a command injection in fs.py. This resulted in the ability to execute arbitrary commands on the operating system.
9.8CVSS
9.9AI Score
0.001EPSS
FPE in paddle.nanmedian in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
7.5CVSS
7.3AI Score
0.0005EPSS
FPE in paddle.linalg.matrix_rank in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
7.5CVSS
7.3AI Score
0.0005EPSS
Nullptr in paddle.dot in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
7.5CVSS
7.3AI Score
0.0005EPSS
FPE in paddle.linalg.eig in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
7.5CVSS
7.3AI Score
0.0005EPSS
OOB access in paddle.mode in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
7.5CVSS
7.3AI Score
0.0005EPSS
Nullptr in paddle.nextafter in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
7.5CVSS
7.3AI Score
0.0005EPSS
Nullptr in paddle.put_along_axis in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
7.5CVSS
7.3AI Score
0.0005EPSS
Stack overflow in paddle.searchsorted in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, or even more damage.
9.8CVSS
9.3AI Score
0.001EPSS
FPE in paddle.topk in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
7.5CVSS
7.3AI Score
0.0005EPSS
FPE in paddle.lerp in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
7.5CVSS
7.3AI Score
0.0005EPSS
Stack overflow in paddle.linalg.lu_unpack in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, or even more damage.
9.8CVSS
9.3AI Score
0.001EPSS
FPE in paddle.amin in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
7.5CVSS
7.3AI Score
0.0005EPSS
Heap buffer overflow in paddle.repeat_interleave in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, information disclosure, or more damage is possible.
9.8CVSS
9.5AI Score
0.001EPSS
PaddlePaddle before 2.6.0 has a command injection in get_online_pass_interval. This resulted in the ability to execute arbitrary commands on the operating system.
9.8CVSS
9.9AI Score
0.001EPSS
PaddlePaddle before 2.6.0 has a command injection in _wget_download. This resulted in the ability to execute arbitrary commands on the operating system.
9.8CVSS
9.9AI Score
0.001EPSS
Nullptr dereference in paddle.crop in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
7.5CVSS
7.3AI Score
0.0005EPSS
FPE in paddle.argmin and paddle.argmax in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
7.5CVSS
7.3AI Score
0.0005EPSS
PaddlePaddle before 2.6.0 has a command injection in convert_shape_compare. This resulted in the ability to execute arbitrary commands on the operating system.
9.8CVSS
9.9AI Score
0.001EPSS
7.8CVSS
8AI Score
0.0004EPSS
Command injection in paddle.utils.download._wget_download (bypass filter) in paddlepaddle/paddle 2.6.0
9.3CVSS
9.4AI Score
0.0004EPSS
9.1CVSS
9.2AI Score
0.0004EPSS
9.4CVSS
9.6AI Score
0.0004EPSS
paddlepaddle/paddle 2.6.0 allows arbitrary file read via paddle.vision.ops.read_file.
8.2CVSS
8.1AI Score
0.0004EPSS