Lucene search
K

4604 matches found

Positive Technologies
Positive Technologies
added 2021/10/29 12:0 a.m.3 views

PT-2022-11687 · Opensc +4 · Opensc +4

Name of the Vulnerable Software and Affected Versions: Opensc versions prior to 0.22.0 Description: A use after return issue was found in the insert pin function that could potentially crash programs using the library. Recommendations: For versions prior to 0.22.0, update to version 0.22.0 or lat...

7.5CVSS5.5AI score0.02725EPSS
Exploits3References128
Positive Technologies
Positive Technologies
added 2021/10/14 12:0 a.m.2 views

PT-2022-4662 · Otrs +1 · Otrs +1

Name of the Vulnerable Software and Affected Versions: OTRS affected versions not specified Description: The issue is related to the lack of protection of the web page structure in the OTRS ticket request system's admin interface. This can be exploited by a remote attacker to conduct a cross-site...

9.8CVSS4.8AI score0.01273EPSS
Exploits0References31
CVE
CVE
added 2021/09/15 1:50 p.m.75 views

CVE-2021-39189

Pimcore before version 10.1.3 is vulnerable to username enumeration through the forgot-password feature, enabling an attacker to infer valid usernames. The root cause is an observable response discrepancy in the lost-password flow. The issue is addressed in Pimcore 10.1.3; a patch can be applied ...

5.3CVSS5AI score0.01243EPSS
Exploits0References4Affected Software1
CBLMariner
CBLMariner
added 2021/09/09 3:3 p.m.24 views

CVE-2021-38203 affecting package kernel 5.10.189.1-1

CVE-2021-38203 affecting package kernel 5.10.189.1-1. A patched version of the package is available...

5.5CVSS7.4AI score0.00365EPSS
Exploits1
CBLMariner
CBLMariner
added 2021/09/09 3:3 p.m.19 views

CVE-2008-4609 affecting package kernel 5.10.111.1-1

CVE-2008-4609 affecting package kernel 5.10.111.1-1. A patched version of the package is available...

7.1CVSS7.4AI score0.32123EPSS
Exploits1
CBLMariner
CBLMariner
added 2021/09/09 3:3 p.m.17 views

CVE-2021-28950 affecting package kernel 5.10.189.1-1

CVE-2021-28950 affecting package kernel 5.10.189.1-1. A patched version of the package is available...

5.5CVSS7.4AI score0.0036EPSS
Exploits0
CBLMariner
CBLMariner
added 2021/09/09 3:3 p.m.17 views

CVE-2021-28660 affecting package kernel 5.10.161.1-1

CVE-2021-28660 affecting package kernel 5.10.161.1-1. A patched version of the package is available...

8.8CVSS7.4AI score0.01316EPSS
Exploits0
CBLMariner
CBLMariner
added 2021/09/09 3:3 p.m.11 views

CVE-2020-35499 affecting package kernel 5.10.189.1-1

CVE-2020-35499 affecting package kernel 5.10.189.1-1. A patched version of the package is available...

7.2CVSS7.4AI score0.00273EPSS
Exploits0
CBLMariner
CBLMariner
added 2021/09/09 3:3 p.m.12 views

CVE-2021-29265 affecting package kernel 5.10.189.1-1

CVE-2021-29265 affecting package kernel 5.10.189.1-1. A patched version of the package is available...

4.7CVSS7.4AI score0.00258EPSS
Exploits0
CBLMariner
CBLMariner
added 2021/09/09 3:3 p.m.13 views

CVE-2020-27171 affecting package kernel 5.10.189.1-1

CVE-2020-27171 affecting package kernel 5.10.189.1-1. A patched version of the package is available...

6CVSS7.4AI score0.00577EPSS
Exploits0
Prion
Prion
added 2021/09/07 1:15 p.m.23 views

Command injection

A remote arbitrary command execution vulnerability was discovered in Aruba Operating System Software versions: Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.16. Aruba has released patches for ArubaOS that address this security vulnerability...

9CVSS7.7AI score0.02957EPSS
Exploits0References2Affected Software2
Prion
Prion
added 2021/09/03 6:15 p.m.16 views

Input validation

Frontier is Substrate's Ethereum compatibility layer. Prior to commit number 0b962f218f0cdd796dadfe26c3f09e68f7861b26, a bug in pallet-ethereum can cause invalid transactions to be included in the Ethereum block state in pallet-ethereum due to not validating the input data size. Any invalid...

5CVSS5.2AI score0.01189EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2021/09/01 12:0 a.m.4 views

PT-2021-22448 · Frontier +3 · Frontier +3

Name of the Vulnerable Software and Affected Versions: Frontier versions prior to commit 0b962f218f0cdd796dadfe26c3f09e68f7861b26 Description: A bug in pallet-ethereum can cause invalid transactions to be included in the Ethereum block state due to not validating the input data size. Any invalid...

5.3CVSS5.3AI score0.01189EPSS
Exploits0References12
Prion
Prion
added 2021/08/27 10:15 p.m.14 views

Design/Logic Flaw

OpenMage magento-lts is an alternative to the Magento CE official releases. Due to missing sanitation in data flow in versions prior to 19.4.15 and 20.0.13, it was possible for admin users to upload arbitrary executable files to the server. OpenMage versions 19.4.15 and 20.0.13 have a patch for...

6.5CVSS6.9AI score0.01311EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2021/08/18 12:0 a.m.2 views

PT-2021-3823 · Cisco · Snort +2

Name of the Vulnerable Software and Affected Versions: Cisco Web Security Appliance affected versions not specified Cisco Firepower Threat Defense affected versions not specified Snort detection engine affected versions not specified Description: A vulnerability in Server Name Identification SNI...

8.6CVSS5.9AI score0.02367EPSS
Exploits0References42
OSV
OSV
added 2021/08/16 9:15 p.m.3 views

CVE-2021-32826

Proxyee-Down is open source proxy software. An attacker being able to provide an extension script eg: through a MiTM attack or by hosting a malicious extension may be able to run arbitrary commands on the system running Proxyee-Down. For more details including a PoC see the referenced...

8.1CVSS7.3AI score0.01135EPSS
Exploits1References1
OSV
OSV
added 2021/08/12 11:15 p.m.1 views

PYSEC-2021-779

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause denial of service in applications serving models using tf.rawops.UnravelIndex by triggering a division by 0. The implementation does not check that the tensor subsumed by dims is not...

5.5CVSS5.9AI score0.00154EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2021/08/12 12:0 a.m.3 views

PT-2021-21761 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.6.0 TensorFlow versions 2.5.1 and earlier TensorFlow versions 2.4.3 and earlier TensorFlow versions 2.3.4 and earlier Description: The implementation of tf.raw ops.StringNGrams is vulnerable to an integer overfl...

9.3CVSS5.8AI score0.00451EPSS
Exploits5References87
Positive Technologies
Positive Technologies
added 2021/08/12 12:0 a.m.8 views

PT-2021-21760 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.6.0 TensorFlow version 2.5.1 TensorFlow version 2.4.3 Description: The implementation of tf.raw ops.QuantizeAndDequantizeV4Grad is vulnerable to an integer overflow issue caused by converting a signed integer...

9.3CVSS5.9AI score0.00451EPSS
Exploits5References87
Positive Technologies
Positive Technologies
added 2021/08/12 12:0 a.m.5 views

PT-2021-21805 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow version 2.6.0 Description: The strided slice implementation in TFLite has a logic bug which can allow an attacker to trigger an infinite loop. This arises from newly introduced support for ellipsis in axis definition. An attacker c...

9.3CVSS5.6AI score0.00451EPSS
Exploits5References91
Rows per page
Query Builder