224 matches found
Versions of the package onnx before 1.13.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory for example "../../../etc/passwd"
...
K68816502: A BIG-IP LTM policy referencing an external data group may not match traffic
Security Advisory Description A BIG-IP LTM policy referencing an external data group may not match traffic. This issue occurs when the following conditions are met: The virtual server is configured with a BIG-IP LTM policy and an external data group. The BIG-IP system reboots or the Traffic...
SUSE CVE-2017-12082
An exploitable integer overflow exists in the 'CustomData' Mesh loading functionality of the Blender open-source 3d creation suite. A .blend file with a specially crafted external data file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the...
SUSE CVE-2022-39050
An attacker who is logged into OTRS as an admin user may manipulate customer URL field to store JavaScript code to be run later by any other agent when clicking the customer URL link. Then the stored JavaScript is executed in the context of OTRS. The same issue applies for the usage of external...
CVE-2022-25882
Versions of the package onnx before 1.13.0 are vulnerable to Directory Traversal as the externaldata field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory, for example "../../../etc/passwd"...
UBUNTU-CVE-2022-25882
Versions of the package onnx before 1.13.0 are vulnerable to Directory Traversal as the externaldata field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory, for example "../../../etc/passwd"...
PYSEC-2023-38
Versions of the package onnx before 1.13.0 are vulnerable to Directory Traversal as the externaldata field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory, for example "../../../etc/passwd"...
PT-2023-12827 · Onnx · Onnx
Name of the Vulnerable Software and Affected Versions: onnx versions prior to 1.13.0 Description: The issue allows Directory Traversal, where the external data field of the tensor proto can contain a path to a file outside the model's current directory or user-provided directory. For example, an...
CVE-2022-39050
An attacker who is logged into OTRS as an admin user may manipulate customer URL field to store JavaScript code to be run later by any other agent when clicking the customer URL link. Then the stored JavaScript is executed in the context of OTRS. The same issue applies for the usage of external...
Code injection
An attacker who is logged into OTRS as an admin user may manipulate customer URL field to store JavaScript code to be run later by any other agent when clicking the customer URL link. Then the stored JavaScript is executed in the context of OTRS. The same issue applies for the usage of external...
CVE-2022-39050
An attacker who is logged into OTRS as an admin user may manipulate customer URL field to store JavaScript code to be run later by any other agent when clicking the customer URL link. Then the stored JavaScript is executed in the context of OTRS. The same issue applies for the usage of external...
UBUNTU-CVE-2022-39050
An attacker who is logged into OTRS as an admin user may manipulate customer URL field to store JavaScript code to be run later by any other agent when clicking the customer URL link. Then the stored JavaScript is executed in the context of OTRS. The same issue applies for the usage of external...
CVE-2022-39050
An attacker who is logged into OTRS as an admin user may manipulate customer URL field to store JavaScript code to be run later by any other agent when clicking the customer URL link. Then the stored JavaScript is executed in the context of OTRS. The same issue applies for the usage of external...
Microsoft Excel Code Execution Vulnerability (CNVD-2023-53908)
Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Office Excel. The vulnerability arises from a failure of a network system or product to properly filter specific elements of externally entered data duri...
Microsoft Excel 安全漏洞
Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Office Excel. The vulnerability arises from a failure of a network system or product to properly filter specific elements of externally entered data duri...
The vulnerability of the external data integration driver Magnitude Simba Amazon Redshift ODBC in cloud services like Azure Data Factory and Azure Synapse allows a hacker to execute arbitrary code.
The vulnerability of the external data integration driver Magnitude Simba Amazon Redshift ODBC in cloud services like Azure Data Factory and Azure Synapse lies in the lack of authentication for the critical function. Exploiting this vulnerability allows a malicious actor to execute arbitrary code...
Datarobot 代码注入漏洞
DataRobot Datarobot is an enterprise Ai platform from US-based DataRobot, Inc. It automates the entire process required for machine learning. Datarobot suffers from a code injection vulnerability that arises from a network system or product not properly filtering specific elements of externally...
Directory Traversal
Overview onnx is an Open Neural Network Exchange Affected versions of this package are vulnerable to Directory Traversal as the externaldata field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory, for example...
Microsoft Windows 代码注入漏洞
Microsoft Windows is a suite of operating systems for personal device use from Microsoft Corporation USA. A code injection vulnerability exists in Microsoft Windows Geolocation Service, which arises from a network system or product not properly filtering specific elements of externally entered da...
Netgear RBR750和NETGEAR 命令注入漏洞
Netgear RBR750 and NETGEAR are both products of Netgear, Inc.RBR750 is a home WiFi system.NETGEAR is a router. A hardware device that connects two or more networks and acts as a gateway between networks. NETGEAR suffers from a command injection vulnerability that arises from a network system or...