Lucene search
K

224 matches found

Microsoft CVE
Microsoft CVE
added 2023/04/03 7:0 a.m.3 views

Versions of the package onnx before 1.13.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory for example "../../../etc/passwd"

...

7.5CVSS6.3AI score0.01608EPSS
Exploits1
F5 Networks
F5 Networks
added 2023/02/21 6:53 p.m.16 views

K68816502: A BIG-IP LTM policy referencing an external data group may not match traffic

Security Advisory Description A BIG-IP LTM policy referencing an external data group may not match traffic. This issue occurs when the following conditions are met: The virtual server is configured with a BIG-IP LTM policy and an external data group. The BIG-IP system reboots or the Traffic...

7AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 4:42 a.m.3 views

SUSE CVE-2017-12082

An exploitable integer overflow exists in the 'CustomData' Mesh loading functionality of the Blender open-source 3d creation suite. A .blend file with a specially crafted external data file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the...

8.8CVSS8.6AI score0.02022EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:23 a.m.3 views

SUSE CVE-2022-39050

An attacker who is logged into OTRS as an admin user may manipulate customer URL field to store JavaScript code to be run later by any other agent when clicking the customer URL link. Then the stored JavaScript is executed in the context of OTRS. The same issue applies for the usage of external...

4.8CVSS4.7AI score0.00452EPSS
Exploits0References3
NVD
NVD
added 2023/01/26 9:15 p.m.22 views

CVE-2022-25882

Versions of the package onnx before 1.13.0 are vulnerable to Directory Traversal as the externaldata field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory, for example "../../../etc/passwd"...

7.5CVSS7.5AI score0.01608EPSS
Exploits1References6
OSV
OSV
added 2023/01/26 9:15 p.m.4 views

UBUNTU-CVE-2022-25882

Versions of the package onnx before 1.13.0 are vulnerable to Directory Traversal as the externaldata field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory, for example "../../../etc/passwd"...

7.5CVSS6.7AI score0.01608EPSS
Exploits1References8
PyPA
PyPA
added 2023/01/26 9:15 p.m.4 views

PYSEC-2023-38

Versions of the package onnx before 1.13.0 are vulnerable to Directory Traversal as the externaldata field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory, for example "../../../etc/passwd"...

7.5CVSS7AI score0.01608EPSS
Exploits1References7Affected Software1
Positive Technologies
Positive Technologies
added 2023/01/25 12:0 a.m.3 views

PT-2023-12827 · Onnx · Onnx

Name of the Vulnerable Software and Affected Versions: onnx versions prior to 1.13.0 Description: The issue allows Directory Traversal, where the external data field of the tensor proto can contain a path to a file outside the model's current directory or user-provided directory. For example, an...

8.7CVSS5.4AI score0.01608EPSS
Exploits1References20
OSV
OSV
added 2022/09/05 7:15 a.m.4 views

CVE-2022-39050

An attacker who is logged into OTRS as an admin user may manipulate customer URL field to store JavaScript code to be run later by any other agent when clicking the customer URL link. Then the stored JavaScript is executed in the context of OTRS. The same issue applies for the usage of external...

4.8CVSS5.8AI score0.00452EPSS
Exploits0References1
Prion
Prion
added 2022/09/05 7:15 a.m.29 views

Code injection

An attacker who is logged into OTRS as an admin user may manipulate customer URL field to store JavaScript code to be run later by any other agent when clicking the customer URL link. Then the stored JavaScript is executed in the context of OTRS. The same issue applies for the usage of external...

4.3CVSS5AI score0.00452EPSS
Exploits0References1Affected Software1
UbuntuCve
UbuntuCve
added 2022/09/05 7:15 a.m.40 views

CVE-2022-39050

An attacker who is logged into OTRS as an admin user may manipulate customer URL field to store JavaScript code to be run later by any other agent when clicking the customer URL link. Then the stored JavaScript is executed in the context of OTRS. The same issue applies for the usage of external...

4.8CVSS5.9AI score0.00452EPSS
Exploits0References2
OSV
OSV
added 2022/09/05 7:15 a.m.1 views

UBUNTU-CVE-2022-39050

An attacker who is logged into OTRS as an admin user may manipulate customer URL field to store JavaScript code to be run later by any other agent when clicking the customer URL link. Then the stored JavaScript is executed in the context of OTRS. The same issue applies for the usage of external...

4.8CVSS5.8AI score0.00452EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/09/05 7:0 a.m.2 views

CVE-2022-39050

An attacker who is logged into OTRS as an admin user may manipulate customer URL field to store JavaScript code to be run later by any other agent when clicking the customer URL link. Then the stored JavaScript is executed in the context of OTRS. The same issue applies for the usage of external...

4.8CVSS5.8AI score0.00452EPSS
Exploits0References2Affected Software2
CNVD
CNVD
added 2022/08/11 12:0 a.m.11 views

Microsoft Excel Code Execution Vulnerability (CNVD-2023-53908)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Office Excel. The vulnerability arises from a failure of a network system or product to properly filter specific elements of externally entered data duri...

7.8CVSS7.5AI score0.00774EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/08/09 12:0 a.m.5 views

Microsoft Excel 安全漏洞

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Office Excel. The vulnerability arises from a failure of a network system or product to properly filter specific elements of externally entered data duri...

7.8CVSS6.6AI score0.00774EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2022/05/13 12:0 a.m.6 views

The vulnerability of the external data integration driver Magnitude Simba Amazon Redshift ODBC in cloud services like Azure Data Factory and Azure Synapse allows a hacker to execute arbitrary code.

The vulnerability of the external data integration driver Magnitude Simba Amazon Redshift ODBC in cloud services like Azure Data Factory and Azure Synapse lies in the lack of authentication for the critical function. Exploiting this vulnerability allows a malicious actor to execute arbitrary code...

9.1CVSS8AI score0.03686EPSS
Exploits0References7Affected Software1
CNNVD
CNNVD
added 2022/02/21 12:0 a.m.2 views

Datarobot 代码注入漏洞

DataRobot Datarobot is an enterprise Ai platform from US-based DataRobot, Inc. It automates the entire process required for machine learning. Datarobot suffers from a code injection vulnerability that arises from a network system or product not properly filtering specific elements of externally...

9.8CVSS8.7AI score0.03278EPSS
Exploits2References4
Snyk
Snyk
added 2022/02/07 4:26 p.m.1 views

Directory Traversal

Overview onnx is an Open Neural Network Exchange Affected versions of this package are vulnerable to Directory Traversal as the externaldata field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory, for example...

7.5CVSS7.6AI score0.01608EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/01/11 12:0 a.m.5 views

Microsoft Windows 代码注入漏洞

Microsoft Windows is a suite of operating systems for personal device use from Microsoft Corporation USA. A code injection vulnerability exists in Microsoft Windows Geolocation Service, which arises from a network system or product not properly filtering specific elements of externally entered da...

9.3CVSS8AI score0.02661EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/12/25 12:0 a.m.2 views

Netgear RBR750和NETGEAR 命令注入漏洞

Netgear RBR750 and NETGEAR are both products of Netgear, Inc.RBR750 is a home WiFi system.NETGEAR is a router. A hardware device that connects two or more networks and acts as a gateway between networks. NETGEAR suffers from a command injection vulnerability that arises from a network system or...

8.4CVSS6.9AI score0.00631EPSS
Exploits0References2
Rows per page
Query Builder