Search CVE reports


Toggle filters

1 – 10 of 18 results


CVE-2024-53849

Medium priority
Fixed

editorconfig-core-c is theEditorConfig core library written in C (for use by plugins supporting EditorConfig parsing). In affected versions several overflows may occur in switch case '[' when the input pattern contains...

1 affected package

editorconfig-core

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
editorconfig-core Not affected Fixed Fixed Fixed Fixed
Show less packages

CVE-2024-48063

Medium priority
Needs evaluation

In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed computing.

1 affected package

pytorch

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pytorch Not in release Needs evaluation Not in release
Show less packages

CVE-2024-40897

Medium priority
Fixed

Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the...

1 affected package

orc

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
orc Fixed Fixed Fixed Fixed Fixed
Show less packages

CVE-2024-35198

Medium priority
Ignored

TorchServe is a flexible and easy-to-use tool for serving and scaling PyTorch models in production. TorchServe 's check on allowed_urls configuration can be by-passed if the URL contains characters such as ".." but it does not...

1 affected package

pytorch

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pytorch Not in release Not affected Not in release
Show less packages

CVE-2024-5480

Medium priority
Needs evaluation

A vulnerability in the PyTorch's torch.distributed.rpc framework, specifically in versions prior to 2.2.2, allows for remote code execution (RCE). The framework, which is used in distributed training scenarios, does not properly...

1 affected package

pytorch

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pytorch Not in release Needs evaluation Not in release
Show less packages

CVE-2024-31584

Medium priority
Needs evaluation

Pytorch before v2.2.0 has an Out-of-bounds Read vulnerability via the component torch/csrc/jit/mobile/flatbuffer_loader.cpp.

1 affected package

pytorch

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pytorch Not in release Needs evaluation Not in release
Show less packages

CVE-2024-31583

Medium priority
Needs evaluation

Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in torch/csrc/jit/mobile/interpreter.cpp.

1 affected package

pytorch

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pytorch Not in release Needs evaluation Not in release
Show less packages

CVE-2024-31580

Medium priority
Needs evaluation

PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

1 affected package

pytorch

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pytorch Not in release Needs evaluation Not in release
Show less packages

CVE-2023-0341

Medium priority
Fixed

A stack buffer overflow exists in the ec_glob function of editorconfig-core-c before v0.12.6 which allowed an attacker to arbitrarily write to the stack and possibly allows remote code execution. editorconfig-core-c v0.12.6...

1 affected package

editorconfig-core

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
editorconfig-core Not affected Fixed Fixed Fixed Fixed
Show less packages

CVE-2022-45907

Medium priority
Needs evaluation

In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is used unsafely.

1 affected package

pytorch

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pytorch Not in release Needs evaluation Not in release Not in release Ignored
Show less packages