4604 matches found
PT-2022-11687 · Opensc +4 · Opensc +4
Name of the Vulnerable Software and Affected Versions: Opensc versions prior to 0.22.0 Description: A use after return issue was found in the insert pin function that could potentially crash programs using the library. Recommendations: For versions prior to 0.22.0, update to version 0.22.0 or lat...
PT-2022-4662 · Otrs +1 · Otrs +1
Name of the Vulnerable Software and Affected Versions: OTRS affected versions not specified Description: The issue is related to the lack of protection of the web page structure in the OTRS ticket request system's admin interface. This can be exploited by a remote attacker to conduct a cross-site...
CVE-2021-39189
Pimcore before version 10.1.3 is vulnerable to username enumeration through the forgot-password feature, enabling an attacker to infer valid usernames. The root cause is an observable response discrepancy in the lost-password flow. The issue is addressed in Pimcore 10.1.3; a patch can be applied ...
CVE-2021-38203 affecting package kernel 5.10.189.1-1
CVE-2021-38203 affecting package kernel 5.10.189.1-1. A patched version of the package is available...
CVE-2008-4609 affecting package kernel 5.10.111.1-1
CVE-2008-4609 affecting package kernel 5.10.111.1-1. A patched version of the package is available...
CVE-2021-28950 affecting package kernel 5.10.189.1-1
CVE-2021-28950 affecting package kernel 5.10.189.1-1. A patched version of the package is available...
CVE-2021-28660 affecting package kernel 5.10.161.1-1
CVE-2021-28660 affecting package kernel 5.10.161.1-1. A patched version of the package is available...
CVE-2020-35499 affecting package kernel 5.10.189.1-1
CVE-2020-35499 affecting package kernel 5.10.189.1-1. A patched version of the package is available...
CVE-2021-29265 affecting package kernel 5.10.189.1-1
CVE-2021-29265 affecting package kernel 5.10.189.1-1. A patched version of the package is available...
CVE-2020-27171 affecting package kernel 5.10.189.1-1
CVE-2020-27171 affecting package kernel 5.10.189.1-1. A patched version of the package is available...
Command injection
A remote arbitrary command execution vulnerability was discovered in Aruba Operating System Software versions: Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.16. Aruba has released patches for ArubaOS that address this security vulnerability...
Input validation
Frontier is Substrate's Ethereum compatibility layer. Prior to commit number 0b962f218f0cdd796dadfe26c3f09e68f7861b26, a bug in pallet-ethereum can cause invalid transactions to be included in the Ethereum block state in pallet-ethereum due to not validating the input data size. Any invalid...
PT-2021-22448 · Frontier +3 · Frontier +3
Name of the Vulnerable Software and Affected Versions: Frontier versions prior to commit 0b962f218f0cdd796dadfe26c3f09e68f7861b26 Description: A bug in pallet-ethereum can cause invalid transactions to be included in the Ethereum block state due to not validating the input data size. Any invalid...
Design/Logic Flaw
OpenMage magento-lts is an alternative to the Magento CE official releases. Due to missing sanitation in data flow in versions prior to 19.4.15 and 20.0.13, it was possible for admin users to upload arbitrary executable files to the server. OpenMage versions 19.4.15 and 20.0.13 have a patch for...
PT-2021-3823 · Cisco · Snort +2
Name of the Vulnerable Software and Affected Versions: Cisco Web Security Appliance affected versions not specified Cisco Firepower Threat Defense affected versions not specified Snort detection engine affected versions not specified Description: A vulnerability in Server Name Identification SNI...
CVE-2021-32826
Proxyee-Down is open source proxy software. An attacker being able to provide an extension script eg: through a MiTM attack or by hosting a malicious extension may be able to run arbitrary commands on the system running Proxyee-Down. For more details including a PoC see the referenced...
PYSEC-2021-779
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause denial of service in applications serving models using tf.rawops.UnravelIndex by triggering a division by 0. The implementation does not check that the tensor subsumed by dims is not...
PT-2021-21761 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.6.0 TensorFlow versions 2.5.1 and earlier TensorFlow versions 2.4.3 and earlier TensorFlow versions 2.3.4 and earlier Description: The implementation of tf.raw ops.StringNGrams is vulnerable to an integer overfl...
PT-2021-21760 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.6.0 TensorFlow version 2.5.1 TensorFlow version 2.4.3 Description: The implementation of tf.raw ops.QuantizeAndDequantizeV4Grad is vulnerable to an integer overflow issue caused by converting a signed integer...
PT-2021-21805 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow version 2.6.0 Description: The strided slice implementation in TFLite has a logic bug which can allow an attacker to trigger an infinite loop. This arises from newly introduced support for ellipsis in axis definition. An attacker c...