Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 17 results


CVE-2024-48063

Medium priority
Needs evaluation

In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed computing.

1 affected packages

pytorch

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pytorch Not in release Needs evaluation Not in release
Show less packages

CVE-2024-40897

Medium priority
Fixed

Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the...

1 affected packages

orc

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
orc Fixed Fixed Fixed Fixed Fixed
Show less packages

CVE-2024-35198

Medium priority
Ignored

TorchServe is a flexible and easy-to-use tool for serving and scaling PyTorch models in production. TorchServe 's check on allowed_urls configuration can be by-passed if the URL contains characters such as ".." but it does not...

1 affected packages

pytorch

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pytorch Not in release Not affected Not in release
Show less packages

CVE-2024-5480

Medium priority
Needs evaluation

A vulnerability in the PyTorch's torch.distributed.rpc framework, specifically in versions prior to 2.2.2, allows for remote code execution (RCE). The framework, which is used in distributed training scenarios, does not properly...

1 affected packages

pytorch

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pytorch Not in release Needs evaluation Not in release
Show less packages

CVE-2024-31584

Medium priority
Needs evaluation

Pytorch before v2.2.0 has an Out-of-bounds Read vulnerability via the component torch/csrc/jit/mobile/flatbuffer_loader.cpp.

1 affected packages

pytorch

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pytorch Not in release Needs evaluation Not in release
Show less packages

CVE-2024-31583

Medium priority
Needs evaluation

Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in torch/csrc/jit/mobile/interpreter.cpp.

1 affected packages

pytorch

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pytorch Not in release Needs evaluation Not in release
Show less packages

CVE-2024-31580

Medium priority
Needs evaluation

PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

1 affected packages

pytorch

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pytorch Not in release Needs evaluation Not in release
Show less packages

CVE-2023-0341

Medium priority
Fixed

A stack buffer overflow exists in the ec_glob function of editorconfig-core-c before v0.12.6 which allowed an attacker to arbitrarily write to the stack and possibly allows remote code execution. editorconfig-core-c v0.12.6...

1 affected packages

editorconfig-core

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
editorconfig-core Not affected Fixed Fixed Fixed Fixed
Show less packages

CVE-2022-45907

Medium priority
Needs evaluation

In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is used unsafely.

1 affected packages

pytorch

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pytorch Not in release Needs evaluation Not in release Not in release Ignored
Show less packages

CVE-2021-43519

Low priority
Needs evaluation

Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file.

45 affected packages

ardour, bam, blobby, ceph, darktable...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ardour Not affected Not affected Not affected Not affected Not affected
bam Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
blobby Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ceph Not affected Not affected Not affected Not affected Not affected
darktable Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
eja Not in release Needs evaluation Needs evaluation Needs evaluation Ignored
emscripten Needs evaluation Needs evaluation Needs evaluation Needs evaluation
enigma Not affected Not affected Not affected Not affected Not affected
freeciv Not affected Not affected Not affected Not affected Not affected
freedroidrpg Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
fs-uae Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
golly Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
goxel Needs evaluation Needs evaluation Needs evaluation Needs evaluation Ignored
grub2 Not affected Not affected Not affected Not affected Not affected
gtk2-engines Not affected Not affected Not affected Not affected Not affected
haskell-hslua Not affected Not affected Not affected Not affected Not affected
hedgewars Not affected Not affected Not affected Not affected Not affected
lua5.1 Not affected Not affected Not affected Not affected Not affected
lua5.2 Not affected Not affected Not affected Not affected Not affected
lua5.3 Not affected Not affected Not affected Not affected Not affected
lua5.4 Not affected Not affected Not in release Not in release Not in release
lua50 Not in release Not in release Not affected Not affected Not affected
luajit Not affected Not affected Not affected Not affected Not affected
mame Not affected Not affected Not affected Not affected Not affected
naev Needs evaluation Needs evaluation Needs evaluation Ignored
openscenegraph Not affected Not affected Not affected Not affected Not affected
redis Not affected Not affected Not affected Not affected Not affected
rust-lua52-sys Needs evaluation Needs evaluation Needs evaluation Ignored
scite Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
scorched3d Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
scummvm Not affected Not affected Not affected Not affected Not affected
spring Not affected Not affected Not affected Not affected Not affected
syslinux Not affected Not affected Not affected Not affected Not affected
syslinux-legacy Not in release Not in release Not affected Not affected Not affected
tagua Not affected Not affected Not affected Not affected Not affected
tarantool Needs evaluation Needs evaluation Needs evaluation Needs evaluation
texlive-bin Not affected Not affected Not affected Not affected Not affected
tup Needs evaluation Needs evaluation Needs evaluation Ignored
ufoai Not affected Not affected Not affected Not affected Not affected
vifm Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
wcc Needs evaluation Needs evaluation Needs evaluation Needs evaluation Ignored
wesnoth Ignored
widelands Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
xmoto Not affected Not affected Not affected Not affected Not affected
zfs-linux Not affected Not affected Not affected Not affected Not affected
Show all 45 packages Show less packages