CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

429 matches found

BDU FSTEC•added 2022/01/17 12:0 a.m.•1 views

The vulnerability in the `client_send_params` function of the `lib/ext/pre_shared_key.c` component of the Transport Layer Security library GnuTLS, related to the use of memory after it is freed, allows a attacker to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the clientsendparams function in the lib/ext/presharedkey.c component of the Transport Layer Security library GnuTLS is related to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to gain access to confidential data, compromise its...

9.8CVSS6.7AI score0.03444EPSS

Exploits0References10Affected Software5

WPVulnDB•added 2021/09/27 12:0 a.m.•12 views

WooCommerce Product Table Lite < 2.4.0 - Reflected Cross-Site Scripting

The plugin does not escape the pricerangemin and pricerangemax parameters before outputting them back in attributes, leading a Reflected Cross-Site Scripting issue PoC On a page where there is a Product Table with a Price filter, append the following payload to the min and max price...

2.8AI score

Exploits0Affected Software1

OSV•added 2021/09/20 4:15 p.m.•1 views

UBUNTU-CVE-2021-39590

An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function paramsdump located in abc.c. It allows an attacker to cause Denial of Service...

5.5CVSS5.8AI score0.00639EPSS

Exploits1References3

OPENSUSE Linux•added 2021/09/14 12:0 a.m.•61 views

Security update for nextcloud (important)

openSUSE Security Update: Security update for nextcloud Announcement ID: openSUSE-SU-2021:1253-1 Rating: important References: 1190291 Cross-References: CVE-2021-32766 CVE-2021-32800 CVE-2021-32801 CVE-2021-32802 CVSS scores: CVE-2021-32800 NVD : 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N...

10CVSS7.6AI score0.02521EPSS

Exploits0References1

Code423n4•added 2021/09/08 12:0 a.m.•12 views

notionalCallback can be tricked by anyone

Handle pauliax Vulnerability details Impact Anyone can call function notionalCallback with arbitrary params and pass the auth check. The only auth check can be easily bypassed by setting sender param to the address of this contract. It allows to choose any parameter that I want: function...

7AI score

Exploits0

OSV•added 2021/05/14 8:15 p.m.•1 views

PYSEC-2021-226

TensorFlow is an end-to-end open source platform for machine learning. The reference implementation of the GatherNd TFLite operator is vulnerable to a division by zero...

7.8CVSS7.1AI score0.00201EPSS

Exploits1References2

OSV•added 2021/05/14 8:15 p.m.•0 views

PYSEC-2021-715

TensorFlow is an end-to-end open source platform for machine learning. The reference implementation of the GatherNd TFLite operator is vulnerable to a division by zero...

7.8CVSS7.1AI score0.00201EPSS

Exploits1References2

Debian CVE•added 2021/05/14 7:22 p.m.•1 views

CVE-2021-29589

TensorFlow is an end-to-end open source platform for machine learning. The reference implementation of the GatherNd TFLite operator is vulnerable to a division by zero...

7.8CVSS6.9AI score0.00201EPSS

Exploits1

Positive Technologies•added 2021/03/24 12:0 a.m.•1 views

PT-2024-11184 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue occurs when no valid fdt is found, causing initial boot params to be null. This happens when setup arch invokes efi init and then efi get fdt params. To prevent further fdt...

5.5CVSS6.2AI score0.00232EPSS

Exploits0References18

Microsoft CVE•added 2021/03/20 7:0 a.m.•2 views

A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences.

...

9.8CVSS6.4AI score0.03444EPSS

Exploits0

OSV•added 2021/03/12 7:15 p.m.•23 views

CVE-2021-20232