Lucene search
K

135 matches found

Positive Technologies
Positive Technologies
added 2020/09/25 12:0 a.m.4 views

PT-2020-14275 · Google +1 · Tensorflow +1

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 1.15.4 TensorFlow versions prior to 2.0.3 TensorFlow versions prior to 2.1.2 TensorFlow versions prior to 2.2.1 TensorFlow versions prior to 2.3.1 Description: In eager mode, TensorFlow does not set the session...

9.8CVSS6AI score0.01235EPSS
Exploits16References68
Prion
Prion
added 2019/05/22 6:29 p.m.19 views

Path traversal

An issue was discovered in GetSimple CMS through 3.3.15. insufficient input sanitation in the theme-edit.php file allows upload of files with arbitrary content PHP code, for example. This vulnerability is triggered by an authenticated user; however, authentication can be bypassed. According to th...

5CVSS9.5AI score0.71598EPSS
Exploits5References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 8:10 p.m.37 views

Security Bulletin: Multiple Security Issues in IBM Tealeaf Customer Experience on Cloud Network Capture Add-On

Summary BlueZ is vulnerable to a denial of service, caused by a buffer over-read issue. By using a specially-crafted dump file, an attacker could exploit this vulnerability to cause the application to crash. IBM Tealeaf contains hard-coded credentials. A remote attacker could exploit this...

9.8CVSS1.3AI score0.13314EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2018/01/30 12:0 a.m.3 views

IBM Tealeaf Customer Experience Session Vulnerability

IBM Tealeaf Customer Experience is a SaaS Software-as-a-Service based analytics solution for web and mobile applications from IBM, USA. The solution helps clients improve the overall user experience by analyzing and understanding data, and supports the adoption of advanced user interfaces for ric...

8.1CVSS6.6AI score0.0171EPSS
Exploits0References1
Prion
Prion
added 2018/01/26 9:29 p.m.17 views

Design/Logic Flaw

IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 could allow a remote attacker under unusual circumstances to read operational data or TLS session state for any active sessions, cause denial of service, or bypass security. IBM X-Force ID: 113999...

6.8CVSS6.9AI score0.0171EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2018/01/26 9:29 p.m.3 views

CVE-2016-2983

IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 could allow a remote attacker under unusual circumstances to read operational data or TLS session state for any active sessions, cause denial of service, or bypass security. IBM X-Force ID: 113999...

8.1CVSS5.6AI score0.0171EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2018/01/26 9:0 p.m.21 views

CVE-2016-2983

IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 could allow a remote attacker under unusual circumstances to read operational data or TLS session state for any active sessions, cause denial of service, or bypass security. IBM X-Force ID: 113999...

7.8AI score0.0171EPSS
Exploits0References4
Veracode
Veracode
added 2017/12/01 6:49 a.m.8 views

Cross-Site Request Forgery(CSRF)

Apache Fediz Spring Plugin is vulnerable to cross-site request forgery CSRF attacks. The attacks are possible because the application does not properly check the session state of a HTTP request, allowing a malicious user to take the roles of other end users...

8.8CVSS7.1AI score0.01609EPSS
Exploits3References17Affected Software3
OSV
OSV
added 2017/10/24 6:33 p.m.15 views

GHSA-FGMX-8H93-26FH omniauth-oauth2 Cross-Site Request Forgery vulnerability

Cross-site request forgery CSRF vulnerability in the omniauth-oauth2 gem prior to 1.1.1 for Ruby allows remote attackers to hijack the authentication of users for requests that modify session state...

6.8CVSS6.8AI score0.01196EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2015/05/08 12:0 a.m.56 views

MySQL Enterprise Monitor 3.0.x < 3.0.11 Multiple Vulnerabilities

According to its self-reported version, the MySQL Enterprise Monitor running on the remote host is affected by multiple vulnerabilities : - A flaw exists within 'MultipartStream.java' in Apache Commons FileUpload when parsing malformed Content-Type headers. A remote attacker, using a crafted...

7.5CVSS7.7AI score0.99614EPSS
Exploits15References8
Tenable Nessus
Tenable Nessus
added 2014/05/09 12:0 a.m.54 views

Apache Struts 2 CookieInterceptor Unspecified Security Bypass (S2-022)

The remote web application appears to use Struts 2, a Java based web application framework. The version of Struts 2 in use is affected by a security bypass vulnerability due to a flaw with CookieInterceptor. A remote, unauthenticated attacker can exploit this issue to manipulate the ClassLoader a...

5.8CVSS7.7AI score0.06516EPSS
Exploits0References2
NVD
NVD
added 2014/05/08 10:55 a.m.28 views

CVE-2014-0116

CookieInterceptor in Apache Struts 2.x before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and modify session state via a crafted request. NOTE: this vulnerability exists...

5.8CVSS9.3AI score0.06516EPSS
Exploits0References5
Prion
Prion
added 2014/05/08 10:55 a.m.27 views

Design/Logic Flaw

CookieInterceptor in Apache Struts 2.x before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and modify session state via a crafted request. NOTE: this vulnerability exists...

5.8CVSS6.7AI score0.78451EPSS
Exploits0References5Affected Software1
UbuntuCve
UbuntuCve
added 2014/05/08 10:55 a.m.47 views

CVE-2014-0116

CookieInterceptor in Apache Struts 2.x before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and modify session state via a crafted request. NOTE: this vulnerability exists...

5.8CVSS6.9AI score0.06516EPSS
Exploits0References3
CVE
CVE
added 2014/05/08 10:0 a.m.113 views

CVE-2014-0116

Apache Struts 2.x vulnerable to ClassLoader manipulation via CookieInterceptor (getClass access) when using wildcard cookiesName, allowing remote code execution. Affects Struts 2.x before 2.3.20 (and multiple related CVEs linked to the same class loader flaw, including CVE-2014-0112 and CVE-2014-...

5.8CVSS6.1AI score0.06516EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2013/04/09 8:55 p.m.12 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the omniauth-oauth2 gem 1.1.1 and earlier for Ruby allows remote attackers to hijack the authentication of users for requests that modify session state...

6.8CVSS7.6AI score0.01196EPSS
Exploits0References5Affected Software1
Debian CVE
Debian CVE
added 2013/04/09 8:0 p.m.34 views

CVE-2012-6134

Cross-site request forgery CSRF vulnerability in the omniauth-oauth2 gem 1.1.1 and earlier for Ruby allows remote attackers to hijack the authentication of users for requests that modify session state...

6.8CVSS6.8AI score0.01196EPSS
Exploits0
Cvelist
Cvelist
added 2013/04/09 8:0 p.m.21 views

CVE-2012-6134

Cross-site request forgery CSRF vulnerability in the omniauth-oauth2 gem 1.1.1 and earlier for Ruby allows remote attackers to hijack the authentication of users for requests that modify session state...

7AI score0.01196EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2013/04/09 6:4 p.m.3 views

tomcat: three DIGEST authentication implementation issues

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to...

5CVSS7.4AI score0.08768EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2013/03/14 4:46 p.m.6 views

tomcat: three DIGEST authentication implementation issues

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to...

5CVSS7.4AI score0.08768EPSS
Exploits0References4
Rows per page
Query Builder