Lucene search
K

37 matches found

PyPA
PyPA
added 2021/05/14 8:15 p.m.4 views

PYSEC-2021-250

TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in tf.rawops.CTCLoss allows an attacker to trigger an OOB read from heap. The fix will be included in TensorFlow 2.5.0. We will also cherrypick these commits on TensorFlow 2.4.2, TensorFlow 2.3.3,...

7.1CVSS6.9AI score0.0024EPSS
Exploits1References3Affected Software1
PyPA
PyPA
added 2021/05/14 8:15 p.m.7 views

PYSEC-2021-218

TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in tf.rawops.CTCBeamSearchDecoder, an attacker can trigger denial of service via segmentation faults. The...

5.5CVSS6.7AI score0.00189EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/05/14 8:15 p.m.8 views

PYSEC-2021-541

TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in tf.rawops.CTCLoss allows an attacker to trigger an OOB read from heap. The fix will be included in TensorFlow 2.5.0. We will also cherrypick these commits on TensorFlow 2.4.2, TensorFlow 2.3.3,...

7.1CVSS6.9AI score0.0024EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2021/05/14 8:15 p.m.7 views

PYSEC-2021-707

TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in tf.rawops.CTCBeamSearchDecoder, an attacker can trigger denial of service via segmentation faults. The...

5.5CVSS6.1AI score0.00189EPSS
Exploits1References2
OSV
OSV
added 2021/05/14 8:15 p.m.5 views

PYSEC-2021-669

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in tf.rawops.CTCGreedyDecoder. This is because the...

5.5CVSS5.9AI score0.00189EPSS
Exploits1References2
PyPA
PyPA
added 2021/05/14 8:15 p.m.6 views

PYSEC-2021-180

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in tf.rawops.CTCGreedyDecoder. This is because the...

5.5CVSS6.8AI score0.00189EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2021/05/14 8:15 p.m.7 views

PYSEC-2021-669

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in tf.rawops.CTCGreedyDecoder. This is because the...

5.5CVSS6.8AI score0.00189EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2021/05/14 8:15 p.m.4 views

PYSEC-2021-180

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in tf.rawops.CTCGreedyDecoder. This is because the...

5.5CVSS5.9AI score0.00189EPSS
Exploits1References2
Gitee
Gitee
added 2020/11/27 8:6 p.m.5 views

Exploit for Missing Authentication for Critical Function in Sap Netweaver_Application_Server_Java

PoC exploit for CVE-2020-6287, a vulnerability in SAP NetWeaver AS Java. The exploit targets the CTCWebService component, allowing an unauthenticated attacker to add a user with no administrator permission set. The vulnerability is present in the CTCWebServiceBean?wsdl endpoint, which is accessed...

10CVSS9AI score0.94719EPSS
Exploits6
Openbugbounty
Openbugbounty
added 2019/06/18 10:51 p.m.10 views

ctc-performance.co.uk Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-861961 Security Researcher geeknik Helped patch 8675 vulnerabilities Received 8 Coordinated Disclosure badges Received 20 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting ctc-performance.co.uk websi...

0.1AI score
Exploits0
CNVD
CNVD
added 2019/03/07 12:0 a.m.6 views

SAP J2EE Engine Cross-Site Scripting Vulnerability

SAP J2EE Engine is a set of runtime environments for J2EE applications. A cross-site scripting vulnerability exists in SAP J2EE Engine because SAP J2EE Engine/7.01/Fiori fails to validate or filter user input data, resulting in cross-site scripting in the "ctcprotocol" protocol implementation,...

6.1CVSS6.2AI score0.00746EPSS
Exploits1References1
Metasploit
Metasploit
added 2013/05/16 3:41 p.m.17 views

SAP CTC Service Verb Tampering User Management

This module exploits an authentication bypass vulnerability in SAP NetWeaver CTC service. The service is vulnerable to verb tampering allowing for unauthorised OS user management. Information about resolution should be available at SAP notes 1589525 and 1624450 authentication required. This modul...

7.2AI score
Exploits0
seebug.org
seebug.org
added 2011/11/23 12:0 a.m.50 views

SAP NetWeaver身份验证绕过漏洞

SAP NetWeaver是SAP的集成技术平台和自从SAP Business Suite以来的所有SAP应用的技术基础。 SAP NetWeaver CTC服务在实现上存在身份验证绕过漏洞,可导致非法用户管理和OS命令执行。 SAP NetWeaver 厂商补丁: SAP --- SAP已经为此发布了一个安全公告(DSECRG-11-041)以及相应补丁: DSECRG-11-041:SAP NetWeaver – Authentication bypass Verb Tampering...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2011/11/20 12:0 a.m.59 views

[DSECRG-11-041] SAP NetWeaver - Authentication bypass (Verb Tampering)

DSECRG-11-041 SAP NetWeaver - Authentication bypass Verb Tampering Authentication bypass vulnerability in SAP NetWeaver CTC service can be exploited for unauthorized user management and OS command execution. Application: SAP NetWeaver Versions Affected: SAP NetWeaver Vendor URL: http://www.SAP.co...

0.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2011/08/15 12:0 a.m.26 views

Fedora 14 : NetworkManager-0.8.4-2.git20110622.fc14 (2011-8612)

This update fixes the security issue for creating shared WiFi networks. It's been tracked by 709662 - CVE-2011-2176. Before this update, NetworkManager didn't respect PolicyKit policies for creating shared WiFi networks: actions org.freedesktop.network-manager-settings.system.wifi.share.open and...

2.1CVSS7.7AI score0.00324EPSS
Exploits0References4
CVE
CVE
added 2006/04/07 10:0 a.m.53 views

CVE-2006-1672

The CVE-2006-1672 entry affects Cisco Optical Networking System (ONS) 15000 series nodes via Cisco Transport Controller (CTC). A Java policy file entry is installed that grants java.security.AllPermission to any http URL containing "fs/LAUNCHER.jar", enabling remote attackers to execute arbitrary...

7.5CVSS7.7AI score0.04021EPSS
Exploits0References7Affected Software1
securityvulns
securityvulns
added 2006/04/05 12:0 a.m.34 views

[Full-disclosure] Cisco Security Advisory: Cisco Optical Networking System 15000 series and Cisco Transport Controller Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory ======================= Cisco Optical Networking System 15000 series and Cisco Transport Controller Vulnerabilities =========================================================================== Advisory ID:...

0.7AI score
Exploits0
Rows per page
Query Builder