Lucene search
K

211 matches found

NVD
NVD
added 2023/06/20 3:15 p.m.44 views

CVE-2020-20726

Cross Site Request Forgery vulnerability in Gila GilaCMS v.1.11.4 allows a remote attacker to execute arbitrary code via the cm/updaterows/user parameter...

8.8CVSS8.9AI score0.00665EPSS
Exploits1References1
Prion
Prion
added 2023/06/20 3:15 p.m.25 views

Cross site request forgery (csrf)

Cross Site Request Forgery vulnerability in Gila GilaCMS v.1.11.4 allows a remote attacker to execute arbitrary code via the cm/updaterows/user parameter...

6.8CVSS8.9AI score0.00665EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/06/20 12:0 a.m.6 views

PT-2023-11561 · Gila · Gila Cms

Name of the Vulnerable Software and Affected Versions: Gila GilaCMS version 1.11.4 Description: The issue allows a remote attacker to execute arbitrary code via the cm/update rows/user parameter. This is a Cross Site Request Forgery vulnerability. Recommendations: For Gila GilaCMS version 1.11.4,...

8.8CVSS7.8AI score0.00665EPSS
Exploits1References6
F5 Networks
F5 Networks
added 2023/02/21 7:41 p.m.17 views

K16842: Row hammer (rowhammer) vulnerability

Security Advisory Description Row hammer rowhammer is a problem with some recent DRAM devices, in which repeatedly accessing a row of memory can cause bit flips in adjacent rows. Impact None. F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has...

6.7AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 6:20 a.m.2 views

SUSE CVE-2004-0990

Integer overflow in GD Graphics Library libgd 2.0.28 libgd2, and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the...

10CVSS8.2AI score0.28255EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 6:16 a.m.4 views

SUSE CVE-2005-4504

The khtml::RenderTableSection::ensureRows function in KHTMLParser in Apple Mac OS X 10.4.3 and earlier, as used by Safari and TextEdit, allows remote attackers to cause a denial of service memory consumption and application crash via HTML files with a large ROWSPAN attribute in a TD tag...

7.8CVSS6.4AI score0.11912EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:24 a.m.4 views

SUSE CVE-2014-9665

The LoadSBitPng function in sfnt/pngshim.c in FreeType before 2.5.4 does not restrict the rows and pitch values of PNG data, which allows remote attackers to cause a denial of service integer overflow and heap-based buffer overflow or possibly have unspecified other impact by embedding a PNG file...

7.5CVSS7.8AI score0.04892EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2023/02/15 5:4 a.m.3 views

SUSE CVE-2016-3981

Heap-based buffer overflow in the bmpreadrows function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service out-of-bounds read or write access and crash or possibly execute arbitrary code via a crafted image file...

9.3CVSS9.1AI score0.04426EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:56 a.m.2 views

SUSE CVE-2020-15195

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the implementation of SparseFillEmptyRowsGrad uses a double indexing pattern. It is possible for reverseindexmapi to be an index outside of bounds of gradvalues, thus resulting in a heap buffer overflow. The issue is patched in...

8.8CVSS8.7AI score0.00938EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:39 a.m.6 views

SUSE CVE-2021-37676

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.SparseFillEmptyRows. The shape inference implementation does not validate that the input arguments are not empt...

7.8CVSS6.2AI score0.00173EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/01/15 12:0 a.m.8 views

PT-2023-10224 · Unknown · Tutranta Project Todolist

Name of the Vulnerable Software and Affected Versions: tutranta project todolist affected versions not specified Description: A critical issue was found in the tutrantta project todolist, affecting the getAffectedRows/where/insert/update function in the library/Database.php library. This issue...

9.8CVSS6.5AI score0.00657EPSS
Exploits0References5
OSV
OSV
added 2022/11/21 9:54 p.m.1 views

GHSA-HQ7G-WWWP-Q46H `CHECK` fail via inputs in `SparseFillEmptyRowsGrad`

Impact If SparseFillEmptyRowsGrad is given empty inputs, TensorFlow will crash. python import tensorflow as tf tf.rawops.SparseFillEmptyRowsGrad reverseindexmap=, gradvalues=, name=None Patches We have patched the issue in GitHub commit af4a6a3c8b95022c351edae94560acc61253a1b8. The fix will be...

4.8CVSS6.9AI score0.0044EPSS
Exploits1References5
Snyk
Snyk
added 2022/11/20 9:12 a.m.2 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS when SparseFillEmptyRowsGrad is given empty inputs. Details Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users. Unlike other...

7.5CVSS7AI score0.0044EPSS
Exploits1References2
PyPA
PyPA
added 2022/11/09 8:15 p.m.6 views

PYSEC-2022-43178

An exponential ReDoS Regular Expression Denial of Service can be triggered in the cleo PyPI package, when an attacker is able to supply arbitrary input to the Table.setrows method...

7.5CVSS7AI score0.00909EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2022/11/09 8:15 p.m.6 views

CVE-2022-42966

An exponential ReDoS Regular Expression Denial of Service can be triggered in the cleo PyPI package, when an attacker is able to supply arbitrary input to the Table.setrows method...

7.5CVSS7.5AI score
Exploits0References1
OSV
OSV
added 2022/11/09 8:15 p.m.8 views

PYSEC-2022-43178

An exponential ReDoS Regular Expression Denial of Service can be triggered in the cleo PyPI package, when an attacker is able to supply arbitrary input to the Table.setrows method...

7.5CVSS7.5AI score0.00909EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2022/11/09 12:0 a.m.4 views

PT-2022-26685 · Pypi · Cleo

Name of the Vulnerable Software and Affected Versions: cleo affected versions not specified Description: An exponential ReDoS Regular Expression Denial of Service can be triggered in the cleo PyPI package when an attacker is able to supply arbitrary input to the Table.set rows method...

7.5CVSS7.3AI score0.00909EPSS
Exploits1References13
OSV
OSV
added 2022/08/31 4:15 p.m.6 views

AZL-43462 CVE-2020-35538 affecting package gdal 3.6.3-5

A crafted input file could cause a null pointer dereference in jcopysamplerows when processed by libjpeg-turbo...

5.5CVSS6.7AI score0.00269EPSS
Exploits0References1
Kitploit
Kitploit
added 2022/08/22 12:30 p.m.47 views

RPCMon - RPC Monitor Tool Based On Event Tracing For Windows

A GUI tool for scanning RPC communication through Event Tracing for Windows ETW. The tool was published as part of a research on RPC communication between the host and a Windows container. Overview RPCMon can help researchers to get a high level view over an RPC communication between processes. I...

6.9AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/08/21 12:0 a.m.4 views

PT-2022-37207 · Sqlite3 · Sqlite3

Name of the Vulnerable Software and Affected Versions: sqlite3 affected versions not specified Description: The issue is related to a heap-buffer-overflow read. Technical details about the crash include the sqlite3VdbeExec and sqlite3 step functions, as well as the osquery::readRows function...

6.8AI score
Exploits0References2
Rows per page
Query Builder