Lucene search
K

102 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 8:10 p.m.7 views

CVE-2021-3860

JFrog Artifactory before 7.25.4 Enterprise+ deployments only, is vulnerable to Blind SQL Injection by a low privileged authenticated user due to incomplete validation when performing an SQL query...

8.8CVSS7.8AI score0.00997EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:30 p.m.3 views

CVE-2020-6260

SAP Solution Manager Trace Analysis, version 7.20, allows an attacker to inject superflous data that can be displayed by the application, due to Incomplete XML Validation. The application shows additional data that do not actually exist...

6.5CVSS6.8AI score0.00775EPSS
Exploits0References1
OSV
OSV
added 2024/03/06 11:20 a.m.16 views

BIT-TENSORFLOW-2020-15194 Denial of Service in Tensorflow

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the SparseFillEmptyRowsGrad implementation has incomplete validation of the shapes of its arguments. Although reverseindexmapt and gradvaluest are accessed in a similar pattern, only reverseindexmapt is validated to be of proper...

5.3CVSS5.3AI score0.01017EPSS
Exploits1References5
OSV
OSV
added 2024/03/06 11:19 a.m.17 views

BIT-TENSORFLOW-2021-29564 Null pointer dereference in `EditDistance`

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a null pointer dereference in the implementation of tf.rawops.EditDistance. This is because the...

5.5CVSS5.5AI score0.00189EPSS
Exploits1References3
OSV
OSV
added 2024/03/06 11:18 a.m.13 views

BIT-TENSORFLOW-2021-29609 Incomplete validation in `SparseAdd`

TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in SparseAdd results in allowing attackers to exploit undefined behavior dereferencing null pointers as well as write outside of bounds of heap allocated data. The...

7.8CVSS7.6AI score0.00234EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/02/14 12:0 a.m.4 views

PT-2024-13557 · Unknown · Contiki-Ng

Name of the Vulnerable Software and Affected Versions: Contiki-NG affected versions not specified Description: An out-of-bounds write exists in the driver for IEEE 802.15.4 radios on nRF platforms in the Contiki-NG operating system. The issue is triggered when parsing radio frames in the read fra...

7.6CVSS7.5AI score0.00387EPSS
Exploits0References5
CNVD
CNVD
added 2022/05/24 12:0 a.m.14 views

Google TensorFlow code issue vulnerability (CNVD-2022-44164)

Google TensorFlow, an end-to-end open source platform for machine learning from Google, Inc. is vulnerable to a code issue in versions prior to 2.9.0, 2.8.1, 2.7.2, and 2.6.4, which stems from tf.rawops. SparseTensorDenseAdd has incomplete validation for the input parameters. No detailed...

5.5CVSS3.6AI score0.00338EPSS
Exploits1References1
Cvelist
Cvelist
added 2022/05/20 10:30 p.m.27 views

CVE-2022-29208 Segfault and Out-of-bounds Write write due to incomplete validation in TensorFlow

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.EditDistance has incomplete validation. Users can pass negative values to cause a segmentation fault based denial of service. In multiple places throughout...

7.1CVSS7.2AI score0.00378EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2022/05/20 10:30 p.m.7 views

CVE-2022-29208 Segfault and Out-of-bounds Write write due to incomplete validation in TensorFlow

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.EditDistance has incomplete validation. Users can pass negative values to cause a segmentation fault based denial of service. In multiple places throughout...

7.1CVSS7.1AI score0.00378EPSS
Exploits1References6
NVD
NVD
added 2022/04/19 9:15 p.m.23 views

CVE-2021-26625

Insufficient Verification of input Data leading to arbitrary file download and execute was discovered in Nexacro platform. This vulnerability is caused by an automatic update function that does not verify input data except version information. Remote attackers can use this incomplete validation...

8.8CVSS0.00586EPSS
Exploits0References1
OSV
OSV
added 2022/04/07 4:2 a.m.7 views

OPENSUSE-SU-2022:0105-1 Security update for pdns-recursor

This update for pdns-recursor fixes the following issues: - CVE-2022-27227: Fixed incomplete validation of incoming IXFR transfers. It applies to setups retrieving one or more RPZ zones from a remote server if the network path to the server is not trusted. boo1197525...

7.5CVSS7.5AI score0.04908EPSS
Exploits0References3
OPENSUSE Linux
OPENSUSE Linux
added 2022/04/07 12:0 a.m.38 views

Security update for pdns-recursor (important)

openSUSE Security Update: Security update for pdns-recursor Announcement ID: openSUSE-SU-2022:0105-1 Rating: important References: 1197525 Cross-References: CVE-2022-27227 CVSS scores: CVE-2022-27227 NVD : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27227 SUSE: 7.5...

7.5CVSS7AI score0.04908EPSS
Exploits0References1
OSV
OSV
added 2022/03/18 5:52 p.m.1 views

GHSA-GV26-JPJ9-C8GQ Incomplete validation in `SparseSparseMinimum`

Impact Incomplete validation in SparseAdd results in allowing attackers to exploit undefined behavior dereferencing null pointers as well as write outside of bounds of heap allocated data: python import tensorflow as tf aindices = tf.ones45, 92, dtype=tf.int64 avalues = tf.ones45, dtype=tf.int64...

5.8CVSS5.8AI score0.00234EPSS
Exploits1References7
Prion
Prion
added 2021/12/20 10:15 p.m.18 views

Sql injection

JFrog Artifactory before 7.25.4 Enterprise+ deployments only, is vulnerable to Blind SQL Injection by a low privileged authenticated user due to incomplete validation when performing an SQL query...

6.5CVSS8.9AI score0.00997EPSS
Exploits3References2Affected Software1
Vulnrichment
Vulnrichment
added 2021/12/20 12:0 a.m.13 views

CVE-2021-3860

JFrog Artifactory before 7.25.4 Enterprise+ deployments only, is vulnerable to Blind SQL Injection by a low privileged authenticated user due to incomplete validation when performing an SQL query...

8.8CVSS8.2AI score0.00997EPSS
Exploits3References2
Cvelist
Cvelist
added 2021/12/20 12:0 a.m.40 views

CVE-2021-3860

JFrog Artifactory before 7.25.4 Enterprise+ deployments only, is vulnerable to Blind SQL Injection by a low privileged authenticated user due to incomplete validation when performing an SQL query...

8.8CVSS9.2AI score0.00997EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2021/09/27 12:0 a.m.44 views

CentOS 8 : nodejs:14 (CESA-2021:3666)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:3666 advisory. - nodejs: Use-after-free on close http2 on stream canceling CVE-2021-22930, CVE-2021-22940 - nodejs: Improper handling of untypical characters in domai...

9.8CVSS7.3AI score0.37286EPSS
Exploits5References9
OpenVAS
OpenVAS
added 2021/09/24 12:0 a.m.25 views

SUSE: Security Advisory (SUSE-SU-2021:3211-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.9AI score0.37286EPSS
Exploits3References2
OpenVAS
OpenVAS
added 2021/09/24 12:0 a.m.20 views

openSUSE: Security Advisory for nodejs14 (openSUSE-SU-2021:3211-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.8CVSS8.3AI score0.37286EPSS
Exploits3References2
RedHat Linux
RedHat Linux
added 2021/09/22 9:6 a.m.8 views

nodejs: Incomplete validation of tls rejectUnauthorized parameter

A flaw was found in Node.js. If the Node.js HTTPS API is used incorrectly and "undefined" is passed for the "rejectUnauthorized" parameter, no error is returned, and the connections to servers with an expired certificate are accepted. The highest threat from this vulnerability is to integrity...

5.3CVSS7.3AI score0.1473EPSS
Exploits1References5
Rows per page
Query Builder