7 matches found
Improper Authentication
Overview @x402/svm is a x402 Payment Protocol SVM Implementation Affected versions of this package are vulnerable to Improper Authentication in facilitator payment processing on Solana. An attacker can interfere with or manipulate payment transactions by exploiting a race condition. Remediation...
CVE-2024-55532
Improper Neutralization of Formula Elements in Export CSV feature of Apache Ranger in Apache Ranger Version 2.6.0. Users are recommended to upgrade to version 2.6.0, which fixes this issue...
PT-2024-14509 · Unknown · Paddlepaddle
Name of the Vulnerable Software and Affected Versions: PaddlePaddle versions prior to 2.6.0 Description: The issue is related to a nullptr in paddle.nextafter in PaddlePaddle, which can cause a runtime crash and a denial of service. Recommendations: For versions prior to 2.6.0, update to version...
PT-2023-4783 · Apache · Apache Airflow
Name of the Vulnerable Software and Affected Versions: Apache Airflow versions prior to 2.6.0 Description: The issue is related to the "Run Task" feature in Apache Airflow, which allows an authenticated user to bypass some restrictions and execute code in the webserver context, as well as access...
DEBIAN-CVE-2022-3008
The tinygltf library uses the C library function wordexp to perform file path expansion on untrusted paths that are provided from the input file. This function allows for command injection by using backticks. An attacker could craft an untrusted path input that would result in a path expansion. W...
PT-2021-21793 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.6.0 TensorFlow version 2.5.1 TensorFlow version 2.4.3 TensorFlow version 2.3.4 Description: The issue is related to a division by 0 vulnerability in most implementations of convolution operators in TensorFlow,...
PYSEC-2021-44
Products.PluggableAuthService is a pluggable Zope authentication and authorization framework. In Products.PluggableAuthService before version 2.6.0 there is an information disclosure vulnerability - everyone can list the names of roles defined in the ZODB Role Manager plugin if the site uses this...