PaddlePaddle/Paddle

GitHub

github.com

www.paddlepaddle.org

Releases93

Frequency1 month 1 week

Last Release 3 months ago

Stars23.9K

PArallel Distributed Deep LEarning: Machine Learning Framework from Industrial Practice （『飞桨』核心框架，深度学习&机器学习高性能单机、分布式训练和跨平台部署）

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2023-52313 ↗	Jan 3, 2024Wednesday, 3 January 2024, 09:15	4.7 MEDIUM	—
FPE in paddle.argmin and paddle.argmax in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
CVE-2023-52314 ↗	Jan 3, 2024Wednesday, 3 January 2024, 09:15	9.6 CRITICAL	—
PaddlePaddle before 2.6.0 has a command injection in convert_shape_compare. This resulted in the ability to execute arbitrary commands on the operating system.
CVE-2023-52309 ↗	Jan 3, 2024Wednesday, 3 January 2024, 09:15	8.2 HIGH	—
Heap buffer overflow in paddle.repeat_interleave in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, information disclosure, or more damage is possible.
CVE-2023-52312 ↗	Jan 3, 2024Wednesday, 3 January 2024, 09:15	4.7 MEDIUM	—
Nullptr dereference in paddle.crop in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
CVE-2023-52311 ↗	Jan 3, 2024Wednesday, 3 January 2024, 09:15	9.6 CRITICAL	—
PaddlePaddle before 2.6.0 has a command injection in _wget_download. This resulted in the ability to execute arbitrary commands on the operating system.
CVE-2023-52310 ↗	Jan 3, 2024Wednesday, 3 January 2024, 09:15	9.6 CRITICAL	—
PaddlePaddle before 2.6.0 has a command injection in get_online_pass_interval. This resulted in the ability to execute arbitrary commands on the operating system.
CVE-2023-52308 ↗	Jan 3, 2024Wednesday, 3 January 2024, 09:15	4.7 MEDIUM	—
FPE in paddle.amin in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
CVE-2023-52302 ↗	Jan 3, 2024Wednesday, 3 January 2024, 09:15	4.7 MEDIUM	—
Nullptr in paddle.nextafter in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
CVE-2023-52307 ↗	Jan 3, 2024Wednesday, 3 January 2024, 09:15	8.2 HIGH	—
Stack overflow in paddle.linalg.lu_unpack in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, or even more damage.
CVE-2023-52306 ↗	Jan 3, 2024Wednesday, 3 January 2024, 09:15	4.7 MEDIUM	—
FPE in paddle.lerp in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
CVE-2023-52305 ↗	Jan 3, 2024Wednesday, 3 January 2024, 09:15	4.7 MEDIUM	—
FPE in paddle.topk in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
CVE-2023-52304 ↗	Jan 3, 2024Wednesday, 3 January 2024, 09:15	8.2 HIGH	—
Stack overflow in paddle.searchsorted in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, or even more damage.
CVE-2023-52303 ↗	Jan 3, 2024Wednesday, 3 January 2024, 09:15	4.7 MEDIUM	—
Nullptr in paddle.put_along_axis in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
CVE-2023-38678 ↗	Jan 3, 2024Wednesday, 3 January 2024, 09:15	4.7 MEDIUM	—
OOB access in paddle.mode in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
CVE-2023-38677 ↗	Jan 3, 2024Wednesday, 3 January 2024, 09:15	4.7 MEDIUM	—
FPE in paddle.linalg.eig in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
CVE-2023-38676 ↗	Jan 3, 2024Wednesday, 3 January 2024, 09:15	4.7 MEDIUM	—
Nullptr in paddle.dot in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
CVE-2023-38675 ↗	Jan 3, 2024Wednesday, 3 January 2024, 09:15	4.7 MEDIUM	—
FPE in paddle.linalg.matrix_rank in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
CVE-2023-38674 ↗	Jan 3, 2024Wednesday, 3 January 2024, 09:15	4.7 MEDIUM	—
FPE in paddle.nanmedian in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
CVE-2023-38673 ↗	Jul 26, 2023Wednesday, 26 July 2023, 12:15	9.6 CRITICAL	—
PaddlePaddle before 2.5.0 has a command injection in fs.py. This resulted in the ability to execute arbitrary commands on the operating system.
CVE-2023-38672 ↗	Jul 26, 2023Wednesday, 26 July 2023, 12:15	4.7 MEDIUM	—
FPE in paddle.trace in PaddlePaddle before 2.5.0. This flaw can cause a runtime crash and a denial of service.
CVE-2023-38671 ↗	Jul 26, 2023Wednesday, 26 July 2023, 11:15	8.3 HIGH	—
Heap buffer overflow in paddle.trace in PaddlePaddle before 2.5.0. This flaw can lead to a denial of service, information disclosure, or more damage is possible.
CVE-2023-38670 ↗	Jul 26, 2023Wednesday, 26 July 2023, 11:15	4.7 MEDIUM	—
Null pointer dereference in paddle.flip in PaddlePaddle before 2.5.0. This resulted in a runtime crash and denial of service.
CVE-2023-38669 ↗	Jul 26, 2023Wednesday, 26 July 2023, 10:15	8.3 HIGH	—
Use after free in paddle.diagonal in PaddlePaddle before 2.5.0. This resulted in a potentially exploitable condition.
CVE-2022-46742 ↗	Dec 7, 2022Wednesday, 7 December 2022, 09:15	10 CRITICAL	—
Code injection in paddle.audio.functional.get_window in PaddlePaddle 2.4.0-rc0 allows arbitrary code execution.
CVE-2022-46741 ↗	Dec 7, 2022Wednesday, 7 December 2022, 08:15	7.1 HIGH	—
Out-of-bounds read in gather_tree in PaddlePaddle before 2.4.
CVE-2022-45908 ↗	Nov 26, 2022Saturday, 26 November 2022, 02:15	9.8 CRITICAL	—
In PaddlePaddle before 2.4, paddle.audio.functional.get_window is vulnerable to code injection because it calls eval on a user-supplied winstr. This may lead to arbitrary code execution.