paddlepaddle 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには vendor risk memory corruption、バッファオーバーフロー、パス処理の欠陥, and vendor risk file inclusion があり、vendor surface production workloads and vendor surface software deployment の利用場面で アプリケーションクラッシュ、ファイル上書き, and vendor impact unauthorized access などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2024-1603 | paddlepaddle/paddle 2.6.0 allows arbitrary file read via paddle.vision.ops.read_file. | [email protected] | 7.5 | 0.15% | 2024-03-23 | 2025-01-24 |
| CVE-2024-0818 | Arbitrary File Overwrite Via Path Traversal in paddlepaddle/paddle before 2.6 | [email protected] | 9.1 | 0.33% | 2024-03-07 | 2025-01-23 |
| CVE-2024-0917 | remote code execution in paddlepaddle/paddle 2.6.0 | [email protected] | 9.8 | 1.84% | 2024-03-07 | 2025-01-19 |
| CVE-2024-0815 | Command injection in paddle.utils.download._wget_download (bypass filter) in paddlepaddle/paddle 2.6.0 | [email protected] | 8.8 | 0.09% | 2024-03-07 | 2025-01-19 |
| CVE-2024-0817 | Command injection in IrGraph.draw in paddlepaddle/paddle 2.6.0 | [email protected] | 7.8 | 0.25% | 2024-03-07 | 2025-01-19 |
| CVE-2024-0521 | Code Injection in paddlepaddle/paddle | [email protected] | 7.8 | 0.08% | 2024-01-20 | 2024-11-21 |
| CVE-2023-52314 | PaddlePaddle before 2.6.0 has a command injection in convert_shape_compare. This resulted in the ability to execute arbitrary commands on the operating system. | [email protected] | 9.6 | 0.26% | 2024-01-03 | 2024-11-21 |
| CVE-2023-52313 | FPE in paddle.argmin and paddle.argmax in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. | [email protected] | 4.7 | 0.10% | 2024-01-03 | 2024-11-21 |
| CVE-2023-52312 | Nullptr dereference in paddle.crop in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. | [email protected] | 4.7 | 0.11% | 2024-01-03 | 2024-11-21 |
| CVE-2023-52311 | PaddlePaddle before 2.6.0 has a command injection in _wget_download. This resulted in the ability to execute arbitrary commands on the operating system. | [email protected] | 9.6 | 0.26% | 2024-01-03 | 2024-11-21 |
| CVE-2023-52310 | PaddlePaddle before 2.6.0 has a command injection in get_online_pass_interval. This resulted in the ability to execute arbitrary commands on the operating system. | [email protected] | 9.6 | 0.26% | 2024-01-03 | 2024-11-21 |
| CVE-2023-52309 | Heap buffer overflow in paddle.repeat_interleave in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, information disclosure, or more damage is possible. | [email protected] | 8.2 | 0.13% | 2024-01-03 | 2024-11-21 |
| CVE-2023-52308 | FPE in paddle.amin in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. | [email protected] | 4.7 | 0.10% | 2024-01-03 | 2024-11-21 |
| CVE-2023-52307 | Stack overflow in paddle.linalg.lu_unpack in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, or even more damage. | [email protected] | 8.2 | 0.13% | 2024-01-03 | 2024-11-21 |
| CVE-2023-52306 | FPE in paddle.lerp in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. | [email protected] | 4.7 | 0.10% | 2024-01-03 | 2024-11-21 |
| CVE-2023-52305 | FPE in paddle.topk in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. | [email protected] | 4.7 | 0.10% | 2024-01-03 | 2024-11-21 |
| CVE-2023-52304 | Stack overflow in paddle.searchsorted in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, or even more damage. | [email protected] | 8.2 | 0.16% | 2024-01-03 | 2024-11-21 |
| CVE-2023-52303 | Nullptr in paddle.put_along_axis in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. | [email protected] | 4.7 | 0.11% | 2024-01-03 | 2024-11-21 |
| CVE-2023-52302 | Nullptr in paddle.nextafter in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. | [email protected] | 4.7 | 0.12% | 2024-01-03 | 2024-11-21 |
| CVE-2023-38678 | OOB access in paddle.mode in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service. | [email protected] | 4.7 | 0.10% | 2024-01-03 | 2024-11-21 |