108 matches found
CVE-2023-25676
TensorFlow is an open source machine learning platform. When running versions prior to 2.12.0 and 2.11.1 with XLA, tf.rawops.ParallelConcat segfaults with a nullptr dereference when given a parameter shape with rank that is not greater than zero. A fix is available in TensorFlow 2.12.0 and 2.11.1...
UBUNTU-CVE-2023-28428
PDFio is a C library for reading and writing PDF files. In versions 1.1.0 and prior, a denial of service vulnerability exists in the pdfio parser. Crafted pdf files can cause the program to run at 100% utilization and never terminate. This is different from CVE-2023-24808. A patch for this issue ...
CVE-2023-23929 Refresh tokens do not expire in Vantage6
vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. Currently, the refresh token is valid indefinitely. The refresh token should get a validity of 24-48 hours. A fix was released in version 3.8.0...
CVE-2022-39347 Missing path sanitation with `drive` channel in FreeRDP
FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing path canonicalization and base path check for drive channel. A malicious server can trick a FreeRDP based client to read files outside the shared directory. This issue has been addressed in...
CVE-2022-22978: Authorization Bypass in RegexRequestMatcher
UPDATES 05-17 Due to a mixup CVE-2022-22975 should have been CVE-2022-22978. The blog has been updated to reflect this correction. CVE-2022-22978 : Authorization Bypass in RegexRequestMatcher Spring Security 5.7.0, 5.6.4, 5.5.7 were released to fix CVE-2022-22978 : Authorization Bypass in...
Dropbox: Exfiltrate GDrive access token using CSRF
The report demonstrates a method of redirecting Google Drive OAuth tokens from Dropbox. A fix for the issue has been released and it was applied for existing users through an automatic update. An attacker could exploit this vulnerability by getting a user to visit a specially-crafted link that se...
Pentaho Business Analytics / Pentaho Business Server 9.1 Authentication Bypass Vulnerability
Product: Pentaho Business Analytics / Pentaho Business Server Vendor / Manufacturer: Hitachi Vantara Affected Versions: sec:intercept-url pattern="\A/api/.\Z" access="Authent...
Pentaho Business Analytics / Pentaho Business Server 9.1 Insufficient Access Control Vulnerability
Pentaho implements a series of web services using the SOAP protocol to allow scripting interaction with the backend server. While most of the interfaces correctly implement ACL, the Data Source Management Service located at /pentaho/webservices/datasourceMgmtService allows low-privilege...
Pentaho Business Analytics / Pentaho Business Server 9.1 Filename Bypass
Product: Pentaho Business Analytics / Pentaho Business Server Vendor / Manufacturer: Hitachi Vantara Affected Versions: = 9.1 Vulnerability Type: Bypass of Filename Extension Restrictions Solution Status: Fix Released on public GitHub repository Manufacturer Notification: June 2021 Public...
Pentaho Business Analytics / Pentaho Business Server 9.1 Authentication Bypass
Product: Pentaho Business Analytics / Pentaho Business Server Vendor / Manufacturer: Hitachi Vantara Affected Versions: sec:intercept-url pattern="\A/api/.require-js-cfg.js.\Z" access="Anonymous,...
Vulnerability fixed in SonicWall SonicOS
A vulnerability has been fixed in SonicOS. The vulnerability allows an unauthenticated malicious party to obtain system information through a malicious http request to obtain system information. SonicWall categorizes this vulnerability according to the CVSSv3 method with a score of 5.3. SonicWall...
GHSA-RJ44-GPJC-29R7 [thi.ng/egf] Potential arbitrary code execution of `#gpg`-tagged property values
Impact Potential for arbitrary code execution in gpg-tagged property values only if decrypt: true option is enabled Patches A fix has already been released as v0.4.0 Workarounds By default, EGF parse functions do NOT attempt to decrypt values since GPG is only available in non-browser env. Howeve...
Final Tiles Gallery < 3.4.19 - Authenticated Stored Cross-Site Scripting (XSS)
Multiple cross-site scripting vulnerabilities in Final Tiles Gallery 3.4.18 and lower allow remote attackers to inject arbitrary web script or HTML via the Title and Caption fields of an image. Successful exploitation of this vulnerability would allow an authenticated high-privileged user author+...
WordPress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery (Add User)
Exploit Title: Wordpress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery Add User Date: 2020-01-30 Vendor Homepage: https://www.themeum.com/product/tutor-lms/ Vendor Changelog: https://wordpress.org/plugins/tutor/developers Exploit Author: Jinson Varghese Behanan Author Advisory:...
RUSTSEC-2019-0016 Use-after-free in buffer conversion implementation
The From implementation for Vec was not properly implemented, returning a vector backed by freed memory. This could lead to memory corruption or be exploited to cause undefined behavior. A fix was published in version 0.1.3...
Critical RCE Flaw Discovered in Blockchain-Based EOS Smart Contract System
Security researchers have discovered a series of new vulnerabilities in EOS blockchain platform, one of which could allow remote hackers to take complete control over the node servers running the critical blockchain-based applications. EOS is an open source smart contract platform, known as...
CVE-2018-9113
Centers for Disease Control and Prevention MicrobeTRACE 0.1.12 allows remote attackers to execute arbitrary code, related to code injection via a crafted CSV file with an initial 'script type="text/javascript" src=' line. Fix released on 2018-03-29...
Code injection
Centers for Disease Control and Prevention MicrobeTRACE 0.1.11 allows remote attackers to execute arbitrary code, related to code injection via a crafted CSV file with an initial 'Sourcescript type="text/javascript" src=' line. Fix released on 2018-03-28...
Security Advisory - Memory Leak Vulnerability in Some Huawei Products
There is a memory leak vulnerability in several Huawei products. The software does not release allocated memory properly when handling XML data. An authenticated, local attacker could upload crafted XML file repeatedly to cause memory leak and service abnormal. Vulnerability ID: HWPSIRT-2017-0803...
TeamCity 2017.1.5 Privilege Escalation
TeamCity 2017.1.5 - Weak file permissions - Privilege Escalation ===================================================== Vendor Homepage: http://www.jetbrains.com Date: 17 Oct 2017 Version : TeamCity Version: 2017.1.5 Build: 47175 Tested on: Windows 7 Ultimate SP1 EN and Windows 10 x64 Author:...