211 matches found
CVE-2020-20726
Cross Site Request Forgery vulnerability in Gila GilaCMS v.1.11.4 allows a remote attacker to execute arbitrary code via the cm/updaterows/user parameter...
Cross site request forgery (csrf)
Cross Site Request Forgery vulnerability in Gila GilaCMS v.1.11.4 allows a remote attacker to execute arbitrary code via the cm/updaterows/user parameter...
PT-2023-11561 · Gila · Gila Cms
Name of the Vulnerable Software and Affected Versions: Gila GilaCMS version 1.11.4 Description: The issue allows a remote attacker to execute arbitrary code via the cm/update rows/user parameter. This is a Cross Site Request Forgery vulnerability. Recommendations: For Gila GilaCMS version 1.11.4,...
K16842: Row hammer (rowhammer) vulnerability
Security Advisory Description Row hammer rowhammer is a problem with some recent DRAM devices, in which repeatedly accessing a row of memory can cause bit flips in adjacent rows. Impact None. F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has...
SUSE CVE-2004-0990
Integer overflow in GD Graphics Library libgd 2.0.28 libgd2, and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the...
SUSE CVE-2005-4504
The khtml::RenderTableSection::ensureRows function in KHTMLParser in Apple Mac OS X 10.4.3 and earlier, as used by Safari and TextEdit, allows remote attackers to cause a denial of service memory consumption and application crash via HTML files with a large ROWSPAN attribute in a TD tag...
SUSE CVE-2014-9665
The LoadSBitPng function in sfnt/pngshim.c in FreeType before 2.5.4 does not restrict the rows and pitch values of PNG data, which allows remote attackers to cause a denial of service integer overflow and heap-based buffer overflow or possibly have unspecified other impact by embedding a PNG file...
SUSE CVE-2016-3981
Heap-based buffer overflow in the bmpreadrows function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service out-of-bounds read or write access and crash or possibly execute arbitrary code via a crafted image file...
SUSE CVE-2020-15195
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the implementation of SparseFillEmptyRowsGrad uses a double indexing pattern. It is possible for reverseindexmapi to be an index outside of bounds of gradvalues, thus resulting in a heap buffer overflow. The issue is patched in...
SUSE CVE-2021-37676
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in tf.rawops.SparseFillEmptyRows. The shape inference implementation does not validate that the input arguments are not empt...
PT-2023-10224 · Unknown · Tutranta Project Todolist
Name of the Vulnerable Software and Affected Versions: tutranta project todolist affected versions not specified Description: A critical issue was found in the tutrantta project todolist, affecting the getAffectedRows/where/insert/update function in the library/Database.php library. This issue...
GHSA-HQ7G-WWWP-Q46H `CHECK` fail via inputs in `SparseFillEmptyRowsGrad`
Impact If SparseFillEmptyRowsGrad is given empty inputs, TensorFlow will crash. python import tensorflow as tf tf.rawops.SparseFillEmptyRowsGrad reverseindexmap=, gradvalues=, name=None Patches We have patched the issue in GitHub commit af4a6a3c8b95022c351edae94560acc61253a1b8. The fix will be...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS when SparseFillEmptyRowsGrad is given empty inputs. Details Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users. Unlike other...
PYSEC-2022-43178
An exponential ReDoS Regular Expression Denial of Service can be triggered in the cleo PyPI package, when an attacker is able to supply arbitrary input to the Table.setrows method...
CVE-2022-42966
An exponential ReDoS Regular Expression Denial of Service can be triggered in the cleo PyPI package, when an attacker is able to supply arbitrary input to the Table.setrows method...
PYSEC-2022-43178
An exponential ReDoS Regular Expression Denial of Service can be triggered in the cleo PyPI package, when an attacker is able to supply arbitrary input to the Table.setrows method...
PT-2022-26685 · Pypi · Cleo
Name of the Vulnerable Software and Affected Versions: cleo affected versions not specified Description: An exponential ReDoS Regular Expression Denial of Service can be triggered in the cleo PyPI package when an attacker is able to supply arbitrary input to the Table.set rows method...
AZL-43462 CVE-2020-35538 affecting package gdal 3.6.3-5
A crafted input file could cause a null pointer dereference in jcopysamplerows when processed by libjpeg-turbo...
RPCMon - RPC Monitor Tool Based On Event Tracing For Windows
A GUI tool for scanning RPC communication through Event Tracing for Windows ETW. The tool was published as part of a research on RPC communication between the host and a Windows container. Overview RPCMon can help researchers to get a high level view over an RPC communication between processes. I...
PT-2022-37207 · Sqlite3 · Sqlite3
Name of the Vulnerable Software and Affected Versions: sqlite3 affected versions not specified Description: The issue is related to a heap-buffer-overflow read. Technical details about the crash include the sqlite3VdbeExec and sqlite3 step functions, as well as the osquery::readRows function...