193 matches found
CVE-2022-35018
Advancecomp v2.3 was discovered to contain a segmentation fault...
CVE-2022-36577
An issue was discovered in jizhicms v2.3.1. There is a CSRF vulnerability that can add a admin...
PT-2022-4147 · Siemens · Scalance W-700 +9
Name of the Vulnerable Software and Affected Versions: SCALANCE M-800 / S615 versions prior to V2.3.1 SCALANCE SC-600 family versions prior to V2.3.1 SCALANCE W-1700 IEEE 802.11ac family versions prior to V2.3.1 SCALANCE W-700 IEEE 802.11ax family versions prior to V2.3.1 SCALANCE W-700 IEEE...
CVE-2021-31677
An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerability that can modify admin and other members' passwords...
PESCMS 跨站请求伪造漏洞
PESCMS is a content publishing platform. A security vulnerability exists in PESCMS version V2.3.3. An attacker exploited the vulnerability to delete the accounts of admin and other members...
Online Ordering System SQL注入漏洞
Online Ordering System is a multi-store ordering system that can be used by any small business.Online Ordering System version v2.3.2 is vulnerable to SQL injection, which originates from /ordering/index.php?q=category&search=Lack of validation of external input SQL statement validation, an attack...
GHSA-QF2H-H3XQ-J93J Jenkins allows Remote Users to Inject Build Parameters
Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables...
DEBIAN-CVE-2022-24891
ESAPI The OWASP Enterprise Security API is a free, open source, web application security control library. Prior to version 2.3.0.0, there is a potential for a cross-site scripting vulnerability in ESAPI caused by a incorrect regular expression for "onsiteURL" in the antisamy-esapi.xml configurati...
CVE-2021-38478
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to an attacker using a traceroute tool to inject commands into the device. This may allow the attacker to remotely run commands on behalf of the device...
CVE-2021-38480
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to cross-site request forgery when unauthorized commands are submitted from a user the web application trusts. This may allow an attacker to remotely perform actions on the router’s management portal, such as makin...
PYSEC-2021-305
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of division in TFLite is vulnerable to a division by 0 error. There is no check that the divisor tensor does not contain zero elements. We have patched the issue in GitHub commit...
DEBIAN-CVE-2021-32740
Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. An uncontrolled resource consumption vulnerability exists after version 2.3.0 through version 2.7.0. Within the URI template implementation in Addressable, a maliciously crafted templat...
WordPress plugin 代码问题漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A PHP object injection vulnerability exists in WordPress Redirection for Contact Form 7 Plugin...
PT-2021-2951 · Adobe · Magento
Name of the Vulnerable Software and Affected Versions: Magento versions 2.4.1 and earlier Magento versions 2.4.0-p1 and earlier Magento versions 2.3.6 and earlier Description: The issue is related to a lack of protection for SQL query structures in the Magento Commerce platform, which can be...
c4v-py (>=0.1.0.dev1 <=0.1.0.dev202107081840) potentially affected by CVE-2020-26268 via tensorflow-cpu (=2.3.1)
tensorflow-cpu PYPI version =2.3.1 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-cpu and may be impacted: - c4v-py =0.1.0.dev1, =0.1.0.dev202107081840 Source cves: CVE-2020-26268 Source advisory: OSV:GHSA-HHVC-G5HV-48C6...
News Script PHP Pro Cross-Site Scripting Vulnerability
News Script PHP Pro is a PHP/MySQL based web script from Simple PHP Scripts for displaying news on your website. A cross-site scripting vulnerability exists in News Script PHP Pro 2.3. The vulnerability can be exploited to conduct cross-site scripting attacks via the editorname parameter...
PYSEC-2020-122
In Tensorflow before version 2.3.1, the RaggedCountSparseOutput does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the splits tensor has the minimum required number of elements. Code uses this quantity to initialize a different data...
CVE-2020-15199
In Tensorflow before version 2.3.1, the RaggedCountSparseOutput does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the splits tensor has the minimum required number of elements. Code uses this quantity to initialize a different data...
stb_image.h Assertion Failure Vulnerability
libsixel is a package that provides an encoding/decoding implementation for DEC SIXEL graphics and other converter programs. stbimage.h is an image library. A security vulnerability exists in stbimage.h version 2.23 used in libsixel and other products. No details of the vulnerability are provided...
IBM Cloud Pak System Client Authentication Vulnerability
IBM Cloud Pak System is a full-stack, converged infrastructure with configurable, pre-integrated software from IBM USA. The product supports deploying, managing and moving application environments across hybrid clouds. A security vulnerability exists in IBM Cloud Pak System version V2.3.0. An...