Search CVE reports
1 – 10 of 18 results
CVE-2024-53849
Medium priorityeditorconfig-core-c is theEditorConfig core library written in C (for use by plugins supporting EditorConfig parsing). In affected versions several overflows may occur in switch case '[' when the input pattern contains...
1 affected package
editorconfig-core
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
editorconfig-core | Not affected | Fixed | Fixed | Fixed | Fixed |
CVE-2024-48063
Medium priorityIn PyTorch <=2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed computing.
1 affected package
pytorch
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
pytorch | Not in release | Needs evaluation | Not in release | — | — |
CVE-2024-40897
Medium priorityStack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the...
1 affected package
orc
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
orc | Fixed | Fixed | Fixed | Fixed | Fixed |
CVE-2024-35198
Medium priorityTorchServe is a flexible and easy-to-use tool for serving and scaling PyTorch models in production. TorchServe 's check on allowed_urls configuration can be by-passed if the URL contains characters such as ".." but it does not...
1 affected package
pytorch
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
pytorch | Not in release | Not affected | Not in release | — | — |
CVE-2024-5480
Medium priorityA vulnerability in the PyTorch's torch.distributed.rpc framework, specifically in versions prior to 2.2.2, allows for remote code execution (RCE). The framework, which is used in distributed training scenarios, does not properly...
1 affected package
pytorch
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
pytorch | Not in release | Needs evaluation | Not in release | — | — |
CVE-2024-31584
Medium priorityPytorch before v2.2.0 has an Out-of-bounds Read vulnerability via the component torch/csrc/jit/mobile/flatbuffer_loader.cpp.
1 affected package
pytorch
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
pytorch | Not in release | Needs evaluation | Not in release | — | — |
CVE-2024-31583
Medium priorityPytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in torch/csrc/jit/mobile/interpreter.cpp.
1 affected package
pytorch
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
pytorch | Not in release | Needs evaluation | Not in release | — | — |
CVE-2024-31580
Medium priorityPyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
1 affected package
pytorch
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
pytorch | Not in release | Needs evaluation | Not in release | — | — |
CVE-2023-0341
Medium priorityA stack buffer overflow exists in the ec_glob function of editorconfig-core-c before v0.12.6 which allowed an attacker to arbitrarily write to the stack and possibly allows remote code execution. editorconfig-core-c v0.12.6...
1 affected package
editorconfig-core
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
editorconfig-core | Not affected | Fixed | Fixed | Fixed | Fixed |
CVE-2022-45907
Medium priorityIn PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is used unsafely.
1 affected package
pytorch
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
pytorch | Not in release | Needs evaluation | Not in release | Not in release | Ignored |