6 matches found
PT-2023-20532 · Unknown · Geokit-Rails
Name of the Vulnerable Software and Affected Versions: geokit-rails versions prior to 2.5.0 Description: The issue is related to Command Injection due to unsafe deserialization of YAML within the geo location cookie. This can be exploited remotely via a malicious cookie value, allowing an attacke...
BigBlueButton 跨站脚本漏洞
BigBlueButton is an open source Web conferencing system from the BigBlueButton community.A cross-site scripting vulnerability exists in versions prior to BigBlueButton 2.4.8 and prior to 2.5.0, which stems from users in private chat-enabled meetings being vulnerable to malicious JavaScript attack...
PT-2021-18331 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.5.0 TensorFlow version 2.4.2 TensorFlow version 2.3.3 TensorFlow version 2.2.3 TensorFlow version 2.1.4 Description: The implementation of tf.raw ops.FractionalMaxPoolGrad triggers an undefined behavior if one o...
PT-2021-18287 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.5.0 TensorFlow versions 2.4.2 and earlier TensorFlow versions 2.3.3 and earlier TensorFlow versions 2.2.3 and earlier TensorFlow versions 2.1.4 and earlier Description: An attacker can cause a heap buffer overfl...
Design/Logic Flaw
A smart proxy that provides a restful API to various sub-systems of the Foreman is affected by the flaw which can cause a Man-in-the-Middle attack. The FreeIPA module of Foreman smart proxy does not check the SSL certificate, thus, an unauthenticated attacker can perform actions in FreeIPA if...
PT-2019-18009 · Lenovo · Lenovo Xclarity Administrator
Name of the Vulnerable Software and Affected Versions: Lenovo XClarity Administrator versions prior to 2.5.0 Description: A reflected cross-site scripting issue was reported that could allow a crafted URL to cause JavaScript code to be executed in the user's web browser. The JavaScript code is no...