Vulnerabilities
CVE-2024-1603
HIGHpaddlepaddle/paddle 2.6.0 allows arbitrary file read via paddle.vision.ops.read_file.
CVE-2024-0818
CRITICALArbitrary File Overwrite Via Path Traversal in paddlepaddle/paddle before 2.6
CVE-2024-0917
CRITICALremote code execution in paddlepaddle/paddle 2.6.0
CVE-2024-0815
CRITICALCommand injection in paddle.utils.download._wget_download (bypass filter) in paddlepaddle/paddle 2.6.0
CVE-2024-0817
CRITICALCommand injection in IrGraph.draw in paddlepaddle/paddle 2.6.0
CVE-2024-0521
CRITICALCode Injection in paddlepaddle/paddle
CVE-2023-52314
CRITICALPaddlePaddle before 2.6.0 has a command injection in convert_shape_compare. This resulted in the ability to execute arbitrary commands on the operating system.
CVE-2023-52313
MEDIUMFPE in paddle.argmin and paddle.argmax in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
CVE-2023-52312
MEDIUMNullptr dereference in paddle.crop in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
CVE-2023-52311
CRITICALPaddlePaddle before 2.6.0 has a command injection in _wget_download. This resulted in the ability to execute arbitrary commands on the operating system.
CVE-2023-52310
CRITICALPaddlePaddle before 2.6.0 has a command injection in get_online_pass_interval. This resulted in the ability to execute arbitrary commands on the operating system.
CVE-2023-52309
HIGHHeap buffer overflow in paddle.repeat_interleave in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, information disclosure, or more damage is possible.
CVE-2023-52308
MEDIUMFPE in paddle.amin in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
CVE-2023-52307
HIGHStack overflow in paddle.linalg.lu_unpack in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, or even more damage.
CVE-2023-52306
MEDIUMFPE in paddle.lerp in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
CVE-2023-52305
MEDIUMFPE in paddle.topk in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
CVE-2023-52304
HIGHStack overflow in paddle.searchsorted in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, or even more damage.
CVE-2023-52303
MEDIUMNullptr in paddle.put_along_axis in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
CVE-2023-52302
MEDIUMNullptr in paddle.nextafter in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
CVE-2023-38678
MEDIUMOOB access in paddle.mode in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
CVE-2023-38677
MEDIUMFPE in paddle.linalg.eig in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
CVE-2023-38676
MEDIUMNullptr in paddle.dot in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
CVE-2023-38675
MEDIUMFPE in paddle.linalg.matrix_rank in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
CVE-2023-38674
MEDIUMFPE in paddle.nanmedian in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
CVE-2023-38673
CRITICALPaddlePaddle before 2.5.0 has a command injection in fs.py. This resulted in the ability to execute arbitrary commands on the operating system.
CVE-2023-38672
MEDIUMFPE in paddle.trace in PaddlePaddle before 2.5.0. This flaw can cause a runtime crash and a denial of service.
CVE-2023-38671
HIGHHeap buffer overflow in paddle.trace in PaddlePaddle before 2.5.0. This flaw can lead to a denial of service, information disclosure, or more damage is possible.
CVE-2023-38670
MEDIUMNull pointer dereference in paddle.flip in PaddlePaddle before 2.5.0. This resulted in a runtime crash and denial of service.
CVE-2023-38669
HIGHUse after free in paddle.diagonal in PaddlePaddle before 2.5.0. This resulted in a potentially exploitable condition.
CVE-2022-46742
CRITICALCode injection in paddle.audio.functional.get_window in PaddlePaddle 2.4.0-rc0 allows arbitrary code execution.
CVE-2022-46741
HIGHOut-of-bounds read in gather_tree in PaddlePaddle before 2.4.