Lucene search
+L

104 matches found

Prion
Prion
added 2020/09/25 7:15 p.m.15 views

Input validation

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the SparseFillEmptyRowsGrad implementation has incomplete validation of the shapes of its arguments. Although reverseindexmapt and gradvaluest are accessed in a similar pattern, only reverseindexmapt is validated to be of proper...

5CVSS5.1AI score0.01017EPSS
Exploits1References4Affected Software2
Cvelist
Cvelist
added 2020/09/25 6:40 p.m.25 views

CVE-2020-15194 Denial of Service in Tensorflow

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the SparseFillEmptyRowsGrad implementation has incomplete validation of the shapes of its arguments. Although reverseindexmapt and gradvaluest are accessed in a similar pattern, only reverseindexmapt is validated to be of proper...

5.3CVSS5.5AI score0.01017EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2020/09/25 6:28 p.m.44 views

Denial of Service in Tensorflow

Impact The SparseFillEmptyRowsGrad implementation has incomplete validation of the shapes of its arguments: https://github.com/tensorflow/tensorflow/blob/0e68f4d3295eb0281a517c3662f6698992b7b2cf/tensorflow/core/kernels/sparsefillemptyrowsop.ccL235-L241 Although reverseindexmapt and gradvaluest ar...

5.3CVSS2.3AI score0.01017EPSS
Exploits1References9Affected Software3
Tenable Nessus
Tenable Nessus
added 2020/07/23 12:0 a.m.33 views

Debian DSA-4732-1 : squid - security update

Two security issues were discovered in the Squid proxy caching server, which could result in cache poisoning, request smuggling and incomplete validation of hostnames in cachemgr.cgi. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debia...

9.9CVSS6.7AI score0.05706EPSS
Exploits0References5
OSV
OSV
added 2020/07/01 1:15 p.m.3 views

CVE-2020-6261

SAP Solution Manager Trace Analysis, version 7.20, allows an attacker to perform a log injection into the trace file, due to Incomplete XML Validation. The readability of the trace file is impaired...

5.3CVSS6.1AI score0.00775EPSS
Exploits0References2
OSV
OSV
added 2020/06/10 1:15 p.m.5 views

CVE-2020-6260

SAP Solution Manager Trace Analysis, version 7.20, allows an attacker to inject superflous data that can be displayed by the application, due to Incomplete XML Validation. The application shows additional data that do not actually exist...

5.3CVSS6.5AI score0.00775EPSS
Exploits0References2
Prion
Prion
added 2020/06/10 1:15 p.m.24 views

Input validation

SAP Solution Manager Trace Analysis, version 7.20, allows an attacker to inject superflous data that can be displayed by the application, due to Incomplete XML Validation. The application shows additional data that do not actually exist...

5CVSS5.3AI score0.00775EPSS
Exploits0References2Affected Software1
Debian
Debian
added 2020/01/20 11:59 a.m.215 views

[SECURITY] [DSA 4606-1] chromium security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4606-1 [email protected] https://www.debian.org/security/ Michael Gilbert January 20, 2020 https://www.debian.org/security/faq -...

8.8CVSS9AI score0.15537EPSS
Exploits7
Prion
Prion
added 2019/09/25 9:15 p.m.17 views

Directory traversal

A vulnerability in the Guest Shell of Cisco IOS XE Software could allow an authenticated, local attacker to perform directory traversal on the base Linux operating system of Cisco IOS XE Software. The vulnerability is due to incomplete validation of certain commands. An attacker could exploit thi...

7.2CVSS6.8AI score0.01138EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/05/15 12:0 a.m.33 views

Debian DSA-4445-1 : drupal7 - security update

It was discovered that incomplete validation in a Phar processing library embedded in Drupal, a fully-featured content management framework, could result in information disclosure. For additional information, please refer to the upstream advisory at https://www.drupal.org/sa-core-2019-007. C...

9.8CVSS7.2AI score0.05586EPSS
Exploits0References5
Debian
Debian
added 2019/05/14 9:15 p.m.122 views

[SECURITY] [DSA 4445-1] drupal7 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4445-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 14, 2019 https://www.debian.org/security/faq -...

9.8CVSS9.5AI score0.05586EPSS
Exploits0
Debian CVE
Debian CVE
added 2019/01/07 6:0 p.m.37 views

CVE-2018-1320

Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making t...

7.5CVSS7AI score0.08188EPSS
Exploits0
OSV
OSV
added 2018/05/02 10:29 p.m.6 views

CVE-2018-0245

A vulnerability in the REST API of Cisco 5500 and 8500 Series Wireless LAN Controller WLC Software could allow an unauthenticated, remote attacker to view system information that under normal circumstances should be prohibited. The vulnerability is due to incomplete input and validation checking...

5.3CVSS5.8AI score0.02325EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2018/02/16 12:0 a.m.32 views

Debian DSA-4114-1 : jackson-databind - security update

It was discovered that jackson-databind, a Java library used to parse JSON and other data formats, did not properly validate user input before attempting deserialization. This allowed an attacker to perform code execution by providing maliciously crafted input. C Tenable Network Security, Inc. Th...

9.8CVSS7.5AI score0.49727EPSS
Exploits1References8
NVD
NVD
added 2017/06/13 6:29 a.m.23 views

CVE-2017-2773

An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.60, 1.7.x versions prior to 1.7.41, 1.8.x versions prior to 1.8.23, and 1.9.x versions prior to 1.9.1. Incomplete validation logic in JSON Web Token JWT libraries can allow unprivileged attackers to impersonate oth...

9.8CVSS9.4AI score0.02129EPSS
Exploits0References2
Prion
Prion
added 2017/06/13 6:29 a.m.18 views

Input validation

An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.60, 1.7.x versions prior to 1.7.41, 1.8.x versions prior to 1.8.23, and 1.9.x versions prior to 1.9.1. Incomplete validation logic in JSON Web Token JWT libraries can allow unprivileged attackers to impersonate oth...

7.5CVSS9.2AI score0.02129EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2017/06/13 6:29 a.m.21 views

CVE-2017-2773

An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.60, 1.7.x versions prior to 1.7.41, 1.8.x versions prior to 1.8.23, and 1.9.x versions prior to 1.9.1. Incomplete validation logic in JSON Web Token JWT libraries can allow unprivileged attackers to impersonate oth...

9.8CVSS6.8AI score0.02129EPSS
Exploits0References2
Cvelist
Cvelist
added 2017/06/13 6:0 a.m.26 views

CVE-2017-2773

An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.60, 1.7.x versions prior to 1.7.41, 1.8.x versions prior to 1.8.23, and 1.9.x versions prior to 1.9.1. Incomplete validation logic in JSON Web Token JWT libraries can allow unprivileged attackers to impersonate oth...

9.4AI score0.02129EPSS
Exploits0References2
Cisco
Cisco
added 2017/03/01 4:0 p.m.44 views

Cisco NetFlow Generation Appliance Stream Control Transmission Protocol Denial of Service Vulnerability

A vulnerability in the Stream Control Transmission Protocol SCTP decoder of the Cisco NetFlow Generation Appliance NGA could allow an unauthenticated, remote attacker to cause the device to hang or unexpectedly reload, causing a denial of service DoS condition. The vulnerability is due to...

7.5CVSS7.7AI score0.01697EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2016/09/08 12:0 a.m.89 views

Cisco AnyConnect Secure Mobility Client 4.2.x < 4.2.5015.0 / 4.3.x < 4.3.2039.0 Privilege Escalation Vulnerability

The version of Cisco AnyConnect Secure Mobility Client installed on the remote Windows host is 4.2.x prior to 4.2.5015.0 or 4.3.x prior to 4.3.2039.0. It is, therefore, affected by a privilege escalation vulnerability due to incomplete validation of path names and file names at installation time....

7.8CVSS7.3AI score0.00392EPSS
Exploits0References3
Rows per page
Query Builder