SUSE CVE-2021-29532

TensorFlow is an end-to-end open source platform for machine learning. An attacker can force accesses outside the bounds of heap allocated arrays by passing in invalid tensor values to tf.rawops.RaggedCross. This is because the...

SUSE CVE-2021-41208

TensorFlow is an open source platform for machine learning. In affected versions the code for boosted trees in TensorFlow is still missing validation. As a result, attackers can trigger denial of service via dereferencing nullptrs or via CHECK-failures as well as abuse undefined behavior binding...

SUSE CVE-2021-41226

TensorFlow is an open source platform for machine learning. In affected versions the implementation of SparseBinCount is vulnerable to a heap OOB access. This is because of missing validation between the elements of the values argument and the shape of the sparse output. The fix will be included ...

CVE-2023-22952

In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the EmailTemplates because of missing input validation. Recent assessments: h00die-gr3y at January 18, 2023 8:56am UTC reported: Last December, 28th 2022, a zero.day vulnerability in the SugarCRM applicati...

CVE-2022-3343 WPQA < 5.9.3 - Missing validation lead to functionality abuse

The WPQA Builder WordPress plugin before 5.9.3 which is a companion plugin used with Discy and Himer Discy WordPress themes incorrectly tries to validate that a user already follows another in the wpqafollowingyouajax action, allowing a user to inflate their score on the site by having another us...

freerdp -- multiple vulnerabilities

FreeRDP reports: GHSA-5w4j-mrrh-jjrm: Out of bound read in zgfx decoder. GHSA-99cm-4gw7-c8jh: Undefined behaviour in zgfx decoder. GHSA-387j-8j96-7q35: Division by zero in urbdrc channel. GHSA-mvxm-wfj2-5fvh: Missing length validation in urbdrc channel. GHSA-qfq2-82qr-7f4j: Heap buffer overflow i...

AZL-12095 CVE-2022-47940 affecting package kernel for versions less than 5.15.92.1-2

An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.18 before 5.18.18. fs/ksmbd/smb2pdu.c lacks length validation in the non-padding case in smb2write...

WPQA < 5.9.3 - Missing validation lead to functionality abuse

The plugin which is a companion plugin used with Discy and Himer themes incorrectly tries to validate that a user already follows another in the wpqafollowingyouajax action, allowing a user to inflate their score on the site by having another user send repeated follow actions to them...

CVE-2022-1540

The PostmagThemes Demo Import WordPress plugin through 1.0.7 does not validate the imported file, allowing high-privilege users such as admin to upload arbitrary files such as PHP leading to RCE...

PT-2022-26982 · Foxit · Foxit Pdf Reader

Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader version 12.0.1.12430 Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a malicious file. Th...

PT-2022-6455 · Foxit · Foxit Pdf Reader

Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this issue, where the target mus...

Null pointer dereference

An issue was discovered in Connected Vehicle Systems Alliance COVESA dlt-daemon through 2.18.8. Due to a faulty DLT file parser, a crafted DLT file that crashes the process can be created. This is due to missing validation checks. There is a NULL pointer dereference,...

Wedding Planner wedding_details.php SQL Injection Vulnerability

Wedding Planner is a wedding planner project by pushpam abhishek. Designed to provide users with an easy way to plan their wedding through a web application while using real data. Wedding Planner v1.0 suffers from a SQL injection vulnerability that stems from a lack of validation of the id...

Wedding Planner client_assign.php SQL Injection Vulnerability

Wedding Planner is a wedding planner project by pushpam abhishek. Designed to provide users with an easy way to plan their wedding through a web application while using real data. Wedding Planner v1.0 suffers from a SQL injection vulnerability that stems from a lack of validation of externally...

CVE-2022-41340

The secp256k1-js package before 1.1.0 for Node.js implements ECDSA without required r and s validation, leading to signature forgery...

secp256k1-js 数据伪造问题漏洞

secp256k1-js is a pure JS implementation of secp256k1 for signing, verifying, and recovering ECDSA by the individual developer Lio Liou lionello. A security vulnerability exists in versions of secp256k1-js prior to 1.1.0, which stems from the lack of r and s validation in the implementation of...

Ansys SpaceClaim 资源管理错误漏洞

Ansys SpaceClaim is a solid modeling CAD software from Ansys. Ansys SpaceClaim 2022 R1 suffers from a resource management error vulnerability that stems from a specific flaw in the parsing of XB files that lacks validation of the existence of an object before performing an operation on it, which...

The vulnerability of the Mozilla Firefox browser, related to the lack of validation during the processing of incoming requests, allows attackers to gain access to confidential data and compromise its integrity.

The vulnerability of the Mozilla Firefox browser is related to the lack of validation during the processing of incoming requests. Exploiting this vulnerability allows a remote attacker to gain access to confidential data and compromise its integrity...

WordPress plugin uContext for Clickbank 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

CVE-2022-22070

Memory corruption in audio due to lack of check of invalid routing address into APR Routing table in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables...