Home/Product/paddlepaddle
Product

paddlepaddle

33 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2024-1603
all versions
paddlepaddle/paddle 2.6.0 allows arbitrary file read via paddle.vision.ops.read_file.
7.5HIGH
 CVE-2024-0818
< 2.6.0
Arbitrary File Overwrite Via Path Traversal in paddlepaddle/paddle before 2.6
9.1CRITICAL
 CVE-2024-0917
all versions
remote code execution in paddlepaddle/paddle 2.6.0
9.8CRITICAL
 CVE-2024-0815
all versions
Command injection in paddle.utils.download._wget_download (bypass filter) in paddlepaddle/paddle 2.6.0
8.8HIGH
 CVE-2024-0817
all versions
Command injection in IrGraph.draw in paddlepaddle/paddle 2.6.0
7.8HIGH
 CVE-2024-0521
all versions
Code Injection in paddlepaddle/paddle
7.8HIGH
 CVE-2023-52314
< 2.6.0
PaddlePaddle before 2.6.0 has a command injection in convert_shape_compare. This resulted in the ability to execute arbitrary comm
9.6CRITICAL
 CVE-2023-52313
< 2.6.0
FPE in paddle.argmin and paddle.argmax in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
4.7MEDIUM
 CVE-2023-52312
<= 2.6.0
Nullptr dereference in paddle.crop in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
4.7MEDIUM
 CVE-2023-52311
< 2.6.0
PaddlePaddle before 2.6.0 has a command injection in _wget_download. This resulted in the ability to execute arbitrary commands on
9.6CRITICAL
 CVE-2023-52310
< 2.6.0
PaddlePaddle before 2.6.0 has a command injection in get_online_pass_interval. This resulted in the ability to execute arbitrary c
9.6CRITICAL
 CVE-2023-52309
< 2.6.0
Heap buffer overflow in paddle.repeat_interleave in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, informa
8.2HIGH
 CVE-2023-52308
< 2.6.0
FPE in paddle.amin in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
4.7MEDIUM
 CVE-2023-52307
< 2.6.0
Stack overflow in paddle.linalg.lu_unpack in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, or even more d
8.2HIGH
 CVE-2023-52306
< 2.6.0
FPE in paddle.lerp in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
4.7MEDIUM
 CVE-2023-52305
< 2.6.0
FPE in paddle.topk in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
4.7MEDIUM
 CVE-2023-52304
< 2.6.0
Stack overflow in paddle.searchsorted in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, or even more damag
8.2HIGH
 CVE-2023-52303
< 2.6.0
Nullptr in paddle.put_along_axis in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
4.7MEDIUM
 CVE-2023-52302
< 2.6.0
Nullptr in paddle.nextafter in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
4.7MEDIUM
 CVE-2023-38678
< 2.6.0
OOB access in paddle.mode in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
4.7MEDIUM
 CVE-2023-38677
< 2.6.0
FPE in paddle.linalg.eig in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
4.7MEDIUM
 CVE-2023-38676
< 2.6.0
Nullptr in paddle.dot in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
4.7MEDIUM
 CVE-2023-38675
< 2.6.0
FPE in paddle.linalg.matrix_rank in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
4.7MEDIUM
 CVE-2023-38674
< 2.6.0
FPE in paddle.nanmedian in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
4.7MEDIUM
 CVE-2023-38673
< 2.5.0
PaddlePaddle before 2.5.0 has a command injection in fs.py. This resulted in the ability to execute arbitrary commands on the ope
9.6CRITICAL
 CVE-2023-38672
< 2.5.0
FPE in paddle.trace in PaddlePaddle before 2.5.0. This flaw can cause a runtime crash and a denial of service.
4.7MEDIUM
 CVE-2023-38671
< 2.5.0
Heap buffer overflow in paddle.trace in PaddlePaddle before 2.5.0. This flaw can lead to a denial of service, information disclosu
8.3HIGH
 CVE-2023-38670
< 2.5.0
Null pointer dereference in paddle.flip in PaddlePaddle before 2.5.0. This resulted in a runtime crash and denial of service.
4.7MEDIUM
 CVE-2023-38669
< 2.5.0
Use after free in paddle.diagonal in PaddlePaddle before 2.5.0. This resulted in a potentially exploitable condition.
8.3HIGH
 CVE-2022-46742
all versions
Code injection in paddle.audio.functional.get_window in PaddlePaddle 2.4.0-rc0 allows arbitrary code execution.
10.0CRITICAL
 CVE-2022-46741
< 2.4
Out-of-bounds read in gather_tree in PaddlePaddle before 2.4.
7.1HIGH
 CVE-2022-45908
< 2.4
In PaddlePaddle before 2.4, paddle.audio.functional.get_window is vulnerable to code injection because it calls eval on a user-sup
9.8CRITICAL
 CVE-2022-31523
<= 0.1.1
The PaddlePaddle/Anakin repository through 0.1.1 on GitHub allows absolute path traversal because the Flask send_file function is
9.3CRITICAL
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Recently exploited
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns
About All capabilities Pricing API docs Live status Privacy policy Terms of service
threatengine.sh