Lucene search
K

4603 matches found

OSV
OSV
added 2021/05/21 2:22 p.m.2 views

GHSA-6F84-42VF-PPWP Division by 0 in `QuantizedMul`

Impact An attacker can trigger a division by 0 in tf.rawops.QuantizedMul: python import tensorflow as tf x = tf.zeros4, 1, dtype=tf.quint8 y = tf.constant, dtype=tf.quint8 minx = tf.constant0.0 maxx = tf.constant0.0010000000474974513 miny = tf.constant0.0 maxy = tf.constant0.0010000000474974513...

2.5CVSS6AI score0.00189EPSS
Exploits1References7
OSV
OSV
added 2021/05/17 8:52 p.m.9 views

GHSA-2FRX-J9HJ-6C65 User enumeration in authentication mechanisms

Description ----------- The ability to enumerate users was possible without relevant permissions due to different exception messages depending on whether the user existed or not. Resolution ---------- We now ensure that a generic message is returned whether the user exists or not if the password ...

7.1AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2021/05/13 8:23 p.m.56 views

Prevent user enumeration using Guard or the new Authenticator-based Security

Description ----------- The ability to enumerate users was possible without relevant permissions due to different exception messages depending on whether the user existed or not. It was also possible to enumerate users by using a timing attack, by comparing time elapsed when authenticating an...

5.3CVSS1.3AI score0.01712EPSS
Exploits0References20Affected Software7
Positive Technologies
Positive Technologies
added 2021/05/11 12:0 a.m.3 views

PT-2021-19788 · Unknown · Express-Cart

Name of the Vulnerable Software and Affected Versions: express-cart versions 1.1.10 and earlier Description: The issue allows Reflected XSS for an admin via a user input field for product options. It is noted that exploitation would rely on an admin hacking their own website. Recommendations: For...

4.8CVSS5.8AI score0.00527EPSS
Exploits1References3
CBLMariner
CBLMariner
added 2021/05/06 11:57 p.m.15 views

CVE-2021-3392 affecting package qemu-kvm 4.2.0-48

CVE-2021-3392 affecting package qemu-kvm 4.2.0-48. A patched version of the package is available...

3.2CVSS8.6AI score0.0045EPSS
Exploits1
CVE
CVE
added 2021/04/28 9:25 p.m.55 views

CVE-2021-29483

CVE-2021-29483 affects the ManageWiki extension for MediaWiki. The wikiconfig API leaked private configuration variable values to all users. The issue has been patched in the ManageWiki patch linked in the CVE and advisories; if patching isn’t possible, a workaround is to disable the wikiconfig A...

9.4CVSS7.7AI score0.01211EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2021/04/14 12:0 a.m.3 views

PT-2021-12084 · Unknown · Golang-Nanoauth

Name of the Vulnerable Software and Affected Versions: golang-nanoauth versions v0.0.0-20160722212129-ac0cc4484ad4 through v0.0.0-20200131131040-063a3fb69896 Description: The issue concerns a global bypass of authentication in the golang-nanoauth library. When the ListenAndServe function is calle...

9.1CVSS9.1AI score0.00811EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2021/04/10 12:0 a.m.7 views

PT-2021-8023 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.12.0-rc4-syzkaller Description: The vulnerability is related to a divide error in the nft limit init function, which is caused by the div u64 function dividing a 64-bit unsigned integer by a 32-bit unsigned...

7.8CVSS6.8AI score0.01549EPSS
Exploits0References411
Positive Technologies
Positive Technologies
added 2021/04/08 12:0 a.m.12 views

PT-2021-2653 · Linux +9 · Linux Kernel +9

Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 5.11.12 Description: The issue is related to incorrect computation of branch displacements in BPF JIT compilers, allowing them to execute arbitrary code within the kernel context. This affects files...

9.8CVSS7.9AI score0.88106EPSS
Exploits254References1583
CBLMariner
CBLMariner
added 2021/04/06 11:51 p.m.20 views

CVE-2020-8648 affecting package kernel 5.4.91-6

CVE-2020-8648 affecting package kernel 5.4.91-6. A patched version of the package is available...

7.1CVSS7.4AI score0.00661EPSS
Exploits1
CBLMariner
CBLMariner
added 2021/04/06 11:51 p.m.16 views

CVE-2020-11725 affecting package kernel 5.4.91-6

CVE-2020-11725 affecting package kernel 5.4.91-6. A patched version of the package is available...

7.8CVSS7.4AI score0.00511EPSS
Exploits1
CBLMariner
CBLMariner
added 2021/04/06 11:51 p.m.19 views

CVE-2020-12655 affecting package kernel 5.4.91-6

CVE-2020-12655 affecting package kernel 5.4.91-6. A patched version of the package is available...

5.5CVSS7.4AI score0.00461EPSS
Exploits0
CBLMariner
CBLMariner
added 2021/04/06 11:51 p.m.19 views

CVE-2020-12653 affecting package kernel 5.4.91-6

CVE-2020-12653 affecting package kernel 5.4.91-6. A patched version of the package is available...

7.8CVSS7.4AI score0.00435EPSS
Exploits0
Metasploit
Metasploit
added 2021/04/01 5:42 p.m.55 views

SaltStack Salt API Unauthenticated RCE through wheel_async client

This module leverages an authentication bypass and directory traversal vulnerabilities in Saltstack Salt's REST API to execute commands remotely on the master as the root user. Every 60 seconds, salt-master service performs a maintenance process check that reloads and executes all the grains on t...

9.8CVSS9.7AI score0.92312EPSS
Exploits6
Positive Technologies
Positive Technologies
added 2021/03/30 12:0 a.m.5 views

PT-2021-4110 · Genivia +1 · Genivi Diagnostic Log/Trace +1

Name of the Vulnerable Software and Affected Versions: GENIVI Diagnostic Log and Trace DLT versions 2.10.0 through 2.18.6 Description: The issue is related to the incorrect handling of special characters in configuration files, which can cause a vulnerable component to crash. This can lead to...

6.5CVSS6.2AI score0.00749EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2021/03/19 12:0 a.m.5 views

PT-2021-17484 · Netasq +2 · Netasq +2

Name of the Vulnerable Software and Affected Versions: Stormshield Network Security versions 1.0.0 through 4.2.0 Netasq versions 9.1.0 through 9.1.11 Description: The issue affects the ClamAV Engine component, which can be subject to a Denial of Service DoS when parsing malformed png files, leadi...

7.8CVSS7.8AI score0.03155EPSS
Exploits1References23
CBLMariner
CBLMariner
added 2021/03/03 3:44 a.m.15 views

CVE-2020-11608 affecting package kernel 5.4.91-6

CVE-2020-11608 affecting package kernel 5.4.91-6. A patched version of the package is available...

4.9CVSS7.4AI score0.00534EPSS
Exploits0
CBLMariner
CBLMariner
added 2021/03/03 3:44 a.m.10 views

CVE-2020-10711 affecting package kernel 5.4.91-6

CVE-2020-10711 affecting package kernel 5.4.91-6. A patched version of the package is available...

5.9CVSS7.4AI score0.03097EPSS
Exploits0
CBLMariner
CBLMariner
added 2021/03/03 3:44 a.m.16 views

CVE-2020-12768 affecting package kernel 5.4.91-6

CVE-2020-12768 affecting package kernel 5.4.91-6. A patched version of the package is available...

5.5CVSS7.4AI score0.00392EPSS
Exploits0
CBLMariner
CBLMariner
added 2021/03/03 3:44 a.m.21 views

CVE-2020-12659 affecting package kernel 5.4.91-6

CVE-2020-12659 affecting package kernel 5.4.91-6. A patched version of the package is available...

7.2CVSS7.4AI score0.00707EPSS
Exploits1
Rows per page
Query Builder