37 matches found
PYSEC-2021-250
TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in tf.rawops.CTCLoss allows an attacker to trigger an OOB read from heap. The fix will be included in TensorFlow 2.5.0. We will also cherrypick these commits on TensorFlow 2.4.2, TensorFlow 2.3.3,...
PYSEC-2021-218
TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in tf.rawops.CTCBeamSearchDecoder, an attacker can trigger denial of service via segmentation faults. The...
PYSEC-2021-541
TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in tf.rawops.CTCLoss allows an attacker to trigger an OOB read from heap. The fix will be included in TensorFlow 2.5.0. We will also cherrypick these commits on TensorFlow 2.4.2, TensorFlow 2.3.3,...
PYSEC-2021-707
TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in tf.rawops.CTCBeamSearchDecoder, an attacker can trigger denial of service via segmentation faults. The...
PYSEC-2021-669
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in tf.rawops.CTCGreedyDecoder. This is because the...
PYSEC-2021-180
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in tf.rawops.CTCGreedyDecoder. This is because the...
PYSEC-2021-669
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in tf.rawops.CTCGreedyDecoder. This is because the...
PYSEC-2021-180
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in tf.rawops.CTCGreedyDecoder. This is because the...
Exploit for Missing Authentication for Critical Function in Sap Netweaver_Application_Server_Java
PoC exploit for CVE-2020-6287, a vulnerability in SAP NetWeaver AS Java. The exploit targets the CTCWebService component, allowing an unauthenticated attacker to add a user with no administrator permission set. The vulnerability is present in the CTCWebServiceBean?wsdl endpoint, which is accessed...
ctc-performance.co.uk Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-861961 Security Researcher geeknik Helped patch 8675 vulnerabilities Received 8 Coordinated Disclosure badges Received 20 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting ctc-performance.co.uk websi...
SAP J2EE Engine Cross-Site Scripting Vulnerability
SAP J2EE Engine is a set of runtime environments for J2EE applications. A cross-site scripting vulnerability exists in SAP J2EE Engine because SAP J2EE Engine/7.01/Fiori fails to validate or filter user input data, resulting in cross-site scripting in the "ctcprotocol" protocol implementation,...
SAP CTC Service Verb Tampering User Management
This module exploits an authentication bypass vulnerability in SAP NetWeaver CTC service. The service is vulnerable to verb tampering allowing for unauthorised OS user management. Information about resolution should be available at SAP notes 1589525 and 1624450 authentication required. This modul...
SAP NetWeaver身份验证绕过漏洞
SAP NetWeaver是SAP的集成技术平台和自从SAP Business Suite以来的所有SAP应用的技术基础。 SAP NetWeaver CTC服务在实现上存在身份验证绕过漏洞,可导致非法用户管理和OS命令执行。 SAP NetWeaver 厂商补丁: SAP --- SAP已经为此发布了一个安全公告(DSECRG-11-041)以及相应补丁: DSECRG-11-041:SAP NetWeaver – Authentication bypass Verb Tampering...
[DSECRG-11-041] SAP NetWeaver - Authentication bypass (Verb Tampering)
DSECRG-11-041 SAP NetWeaver - Authentication bypass Verb Tampering Authentication bypass vulnerability in SAP NetWeaver CTC service can be exploited for unauthorized user management and OS command execution. Application: SAP NetWeaver Versions Affected: SAP NetWeaver Vendor URL: http://www.SAP.co...
Fedora 14 : NetworkManager-0.8.4-2.git20110622.fc14 (2011-8612)
This update fixes the security issue for creating shared WiFi networks. It's been tracked by 709662 - CVE-2011-2176. Before this update, NetworkManager didn't respect PolicyKit policies for creating shared WiFi networks: actions org.freedesktop.network-manager-settings.system.wifi.share.open and...
CVE-2006-1672
The CVE-2006-1672 entry affects Cisco Optical Networking System (ONS) 15000 series nodes via Cisco Transport Controller (CTC). A Java policy file entry is installed that grants java.security.AllPermission to any http URL containing "fs/LAUNCHER.jar", enabling remote attackers to execute arbitrary...
[Full-disclosure] Cisco Security Advisory: Cisco Optical Networking System 15000 series and Cisco Transport Controller Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory ======================= Cisco Optical Networking System 15000 series and Cisco Transport Controller Vulnerabilities =========================================================================== Advisory ID:...