SUSE CVE-2011-1015

The iscgi method in CGIHTTPServer.py in the CGIHTTPServer module in Python 2.5, 2.6, and 3.0 allows remote attackers to read script source code via an HTTP GET request that lacks a / slash character at the beginning of the URI...

SUSE CVE-2017-11509

An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement...

SUSE CVE-2019-9848

LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLogo, a programmable turtle vector graphics script, which can be manipulated into executing arbitrar...

SUSE CVE-2019-9849

LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a document. A flaw existed...

SUSE CVE-2021-25313

A Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Rancher allows remote attackers to execute JavaScript via malicious links. This issue affects: SUSE Rancher Rancher versions prior to 2.5.6...

SUSE CVE-2021-29521

TensorFlow is an end-to-end open source platform for machine learning. Specifying a negative dense shape in tf.rawops.SparseCountSparseOutput results in a segmentation fault being thrown out from the standard library as std::vector invariants are broken. This is because the...

SUSE CVE-2021-29558

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in tf.rawops.SparseSplit. This is because the...

SUSE CVE-2021-29559

TensorFlow is an end-to-end open source platform for machine learning. An attacker can access data outside of bounds of heap allocated array in tf.rawops.UnicodeEncode. This is because the...

SUSE CVE-2021-36782

A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners, Project Members and User Base to use the Kubernetes API to retrieve plaintext version of sensitive data. This issue affects: SUSE Rancher Rancher versio...

SUSE CVE-2021-36783

A Insufficiently Protected Credentials vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners and Project Members to read credentials, passwords and API tokens that have been stored in cleartext and exposed via API endpoints. This issue affects: SUSE...

SUSE CVE-2021-37642

TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of tf.rawops.ResourceScatterDiv is vulnerable to a division by 0 error. The implementation uses a common class for all binary operations but fails to treat the division by 0 case...

SUSE CVE-2021-41222

TensorFlow is an open source platform for machine learning. In affected versions the implementation of SplitV can trigger a segfault is an attacker supplies negative arguments. This occurs whenever sizesplits contains more than one value and at least one value is negative. The fix will be include...

SUSE CVE-2022-21729

Tensorflow is an Open Source Machine Learning Framework. The implementation of UnravelIndex is vulnerable to a division by zero caused by an integer overflow bug. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlo...

SUSE CVE-2022-29155

In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping...

CVE-2022-4062

A CWE-285: Improper Authorization vulnerability exists that could cause unauthorized access to certain software functions when an attacker gets access to localhost interface of the EcoStruxure Power Commission application. Affected Products: EcoStruxure Power Commission Versions prior to V2.25...

PYSEC-2022-43004

Cross-Site Request Forgery CSRF in GitHub repository ikus060/rdiffweb prior to 2.5.4...

PT-2022-36381 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.4.225 Description: The issue is related to the 9p/trans fd functionality, where it does not always use O NONBLOCK for read/write operations. The actual impact and potential for attack have not been proven yet...

PYSEC-2022-43000

Insufficient Session Expiration in GitHub repository ikus060/rdiffweb prior to 2.5.0...

PT-2022-25292 · Searchwp · Searchwp

Name of the Vulnerable Software and Affected Versions: SearchWP premium plugin versions = 4.2.5 Description: The issue concerns nonce token leakage and missing authorization in the SearchWP premium plugin, allowing unauthorized changes to plugin settings. Recommendations: For SearchWP premium...

ai.catboost:catboost-spark_2.11 (>=0.25-rc1 <=0.25-rc3), ai.catboost:catboost-spark_2.12 (>=0.25-rc1 <=0.25-rc3) +4273 more potentially affected by CVE-2022-37865 via org.apache.ivy:ivy (>=2.4.0 <=2.5.0)

org.apache.ivy:ivy MAVEN version =2.4.0, =0.25-rc1, =0.25-rc1, =0.25, =0.25, =0.25, =0.25, =1.0.1, =1.0.6, =1.0.6, =1.1, =1.1.1, =0.0.25, =0.0.25, =0.0.25, =0.0.25, =def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91 and more Source cves: CVE-2022-37865 Source advisory: OSV:GHSA-94RR-4JR5-9H2P...