Lucene search
+L

108 matches found

Debian CVE
Debian CVE
added 2023/03/24 11:10 p.m.3 views

CVE-2023-25676

TensorFlow is an open source machine learning platform. When running versions prior to 2.12.0 and 2.11.1 with XLA, tf.rawops.ParallelConcat segfaults with a nullptr dereference when given a parameter shape with rank that is not greater than zero. A fix is available in TensorFlow 2.12.0 and 2.11.1...

7.5CVSS6.8AI score0.00391EPSS
Exploits0
OSV
OSV
added 2023/03/20 3:15 p.m.3 views

UBUNTU-CVE-2023-28428

PDFio is a C library for reading and writing PDF files. In versions 1.1.0 and prior, a denial of service vulnerability exists in the pdfio parser. Crafted pdf files can cause the program to run at 100% utilization and never terminate. This is different from CVE-2023-24808. A patch for this issue ...

6.2CVSS5.8AI score0.00221EPSS
Exploits0References4
OSV
OSV
added 2023/03/03 11:37 p.m.23 views

CVE-2023-23929 Refresh tokens do not expire in Vantage6

vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. Currently, the refresh token is valid indefinitely. The refresh token should get a validity of 24-48 hours. A fix was released in version 3.8.0...

8.8CVSS8.6AI score0.00571EPSS
Exploits0References4
Cvelist
Cvelist
added 2022/11/16 12:0 a.m.19 views

CVE-2022-39347 Missing path sanitation with `drive` channel in FreeRDP

FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing path canonicalization and base path check for drive channel. A malicious server can trick a FreeRDP based client to read files outside the shared directory. This issue has been addressed in...

2.6CVSS6.4AI score0.00889EPSS
Exploits0References6
Spring Security Advisories
Spring Security Advisories
added 2022/05/16 5:27 a.m.481 views

CVE-2022-22978: Authorization Bypass in RegexRequestMatcher

UPDATES 05-17 Due to a mixup CVE-2022-22975 should have been CVE-2022-22978. The blog has been updated to reflect this correction. CVE-2022-22978 : Authorization Bypass in RegexRequestMatcher Spring Security 5.7.0, 5.6.4, 5.5.7 were released to fix CVE-2022-22978 : Authorization Bypass in...

7.5CVSS2.6AI score0.10689EPSS
Exploits6
Hacker One
Hacker One
added 2022/02/02 12:17 p.m.22 views

Dropbox: Exfiltrate GDrive access token using CSRF

The report demonstrates a method of redirecting Google Drive OAuth tokens from Dropbox. A fix for the issue has been released and it was applied for existing users through an automatic update. An attacker could exploit this vulnerability by getting a user to visit a specially-crafted link that se...

1.5AI score
Exploits0
0day.today
0day.today
added 2021/11/07 12:0 a.m.991 views

Pentaho Business Analytics / Pentaho Business Server 9.1 Authentication Bypass Vulnerability

Product: Pentaho Business Analytics / Pentaho Business Server Vendor / Manufacturer: Hitachi Vantara Affected Versions: sec:intercept-url pattern="\A/api/.\Z" access="Authent...

7.5CVSS8.8AI score0.51653EPSS
Exploits5
0day.today
0day.today
added 2021/11/07 12:0 a.m.393 views

Pentaho Business Analytics / Pentaho Business Server 9.1 Insufficient Access Control Vulnerability

Pentaho implements a series of web services using the SOAP protocol to allow scripting interaction with the backend server. While most of the interfaces correctly implement ACL, the Data Source Management Service located at /pentaho/webservices/datasourceMgmtService allows low-privilege...

7.1CVSS7.1AI score0.01307EPSS
Exploits3
Packet Storm
Packet Storm
added 2021/11/05 12:0 a.m.468 views

Pentaho Business Analytics / Pentaho Business Server 9.1 Filename Bypass

Product: Pentaho Business Analytics / Pentaho Business Server Vendor / Manufacturer: Hitachi Vantara Affected Versions: = 9.1 Vulnerability Type: Bypass of Filename Extension Restrictions Solution Status: Fix Released on public GitHub repository Manufacturer Notification: June 2021 Public...

7.3AI score0.02248EPSS
Exploits3
Packet Storm
Packet Storm
added 2021/11/05 12:0 a.m.441 views

Pentaho Business Analytics / Pentaho Business Server 9.1 Authentication Bypass

Product: Pentaho Business Analytics / Pentaho Business Server Vendor / Manufacturer: Hitachi Vantara Affected Versions: sec:intercept-url pattern="\A/api/.require-js-cfg.js.\Z" access="Anonymous,...

8.3AI score0.51653EPSS
Exploits5
NCSC
NCSC
added 2021/06/23 12:0 a.m.4 views

Vulnerability fixed in SonicWall SonicOS

A vulnerability has been fixed in SonicOS. The vulnerability allows an unauthenticated malicious party to obtain system information through a malicious http request to obtain system information. SonicWall categorizes this vulnerability according to the CVSSv3 method with a score of 5.3. SonicWall...

7.5CVSS6.7AI score0.01414EPSS
Exploits0
OSV
OSV
added 2021/04/06 5:22 p.m.18 views

GHSA-RJ44-GPJC-29R7 [thi.ng/egf] Potential arbitrary code execution of `#gpg`-tagged property values

Impact Potential for arbitrary code execution in gpg-tagged property values only if decrypt: true option is enabled Patches A fix has already been released as v0.4.0 Workarounds By default, EGF parse functions do NOT attempt to decrypt values since GPG is only available in non-browser env. Howeve...

6.4CVSS9AI score0.01339EPSS
Exploits0References5
wpexploit
wpexploit
added 2020/05/28 12:0 a.m.69 views

Final Tiles Gallery < 3.4.19 - Authenticated Stored Cross-Site Scripting (XSS)

Multiple cross-site scripting vulnerabilities in Final Tiles Gallery 3.4.18 and lower allow remote attackers to inject arbitrary web script or HTML via the Title and Caption fields of an image. Successful exploitation of this vulnerability would allow an authenticated high-privileged user author+...

3.5CVSS5.5AI score0.00892EPSS
Exploits2
Exploit DB
Exploit DB
added 2020/03/02 12:0 a.m.197 views

WordPress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery (Add User)

Exploit Title: Wordpress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery Add User Date: 2020-01-30 Vendor Homepage: https://www.themeum.com/product/tutor-lms/ Vendor Changelog: https://wordpress.org/plugins/tutor/developers Exploit Author: Jinson Varghese Behanan Author Advisory:...

6.5CVSS6.5AI score0.0883EPSS
Exploits6
OSV
OSV
added 2019/09/01 12:0 p.m.27 views

RUSTSEC-2019-0016 Use-after-free in buffer conversion implementation

The From implementation for Vec was not properly implemented, returning a vector backed by freed memory. This could lead to memory corruption or be exploited to cause undefined behavior. A fix was published in version 0.1.3...

9.8CVSS9.3AI score0.01634EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2018/05/29 9:34 a.m.99 views

Critical RCE Flaw Discovered in Blockchain-Based EOS Smart Contract System

Security researchers have discovered a series of new vulnerabilities in EOS blockchain platform, one of which could allow remote hackers to take complete control over the node servers running the critical blockchain-based applications. EOS is an open source smart contract platform, known as...

0.5AI score
Exploits0
NVD
NVD
added 2018/04/26 6:29 a.m.12 views

CVE-2018-9113

Centers for Disease Control and Prevention MicrobeTRACE 0.1.12 allows remote attackers to execute arbitrary code, related to code injection via a crafted CSV file with an initial 'script type="text/javascript" src=' line. Fix released on 2018-03-29...

9.3CVSS8AI score0.04103EPSS
Exploits1References3
Prion
Prion
added 2018/04/26 6:29 a.m.19 views

Code injection

Centers for Disease Control and Prevention MicrobeTRACE 0.1.11 allows remote attackers to execute arbitrary code, related to code injection via a crafted CSV file with an initial 'Sourcescript type="text/javascript" src=' line. Fix released on 2018-03-28...

9.3CVSS8AI score0.04103EPSS
Exploits1References3Affected Software1
Huawei
Huawei
added 2018/01/24 12:0 a.m.32 views

Security Advisory - Memory Leak Vulnerability in Some Huawei Products

There is a memory leak vulnerability in several Huawei products. The software does not release allocated memory properly when handling XML data. An authenticated, local attacker could upload crafted XML file repeatedly to cause memory leak and service abnormal. Vulnerability ID: HWPSIRT-2017-0803...

3.3CVSS3.8AI score0.00211EPSS
Exploits0Affected Software6
Packet Storm
Packet Storm
added 2017/12/10 12:0 a.m.29 views

TeamCity 2017.1.5 Privilege Escalation

TeamCity 2017.1.5 - Weak file permissions - Privilege Escalation ===================================================== Vendor Homepage: http://www.jetbrains.com Date: 17 Oct 2017 Version : TeamCity Version: 2017.1.5 Build: 47175 Tested on: Windows 7 Ultimate SP1 EN and Windows 10 x64 Author:...

0.6AI score
Exploits0
Rows per page
Query Builder