569 matches found
PT-2022-21491 · Apple · Macos Monterey +7
Name of the Vulnerable Software and Affected Versions: iOS versions prior to 15.6 iPadOS versions prior to 15.6 macOS Big Sur versions prior to 11.6.8 watchOS versions prior to 8.7 tvOS versions prior to 15.6 macOS Monterey versions prior to 12.5 macOS Catalina versions prior to Security Update...
CVE-2022-34358
IBM i 7.2, 7.3, 7.4, and 7.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 230516...
mysql: InnoDB unspecified vulnerability (CPU Jul 2021)
Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server...
bVPN 代码问题漏洞
bVPN is a VPN software from the Dutch company bVPN. A security vulnerability exists in bVPN 2.5.1 via a carefully crafted file in the waselvpnserv service path...
CVE-2022-25606
creationtimestamp| type| source ---|---|--- 2022-03-25 21:36:56+00:00| seen| https://t.me/cibsecurity/39573...
CVE-2022-25582
A stored cross-site scripting XSS vulnerability in the Column module of ClassCMS v2.5 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add Articles field...
ALPINE-CVE-2022-0547
OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials...
WordPress plugin MaxGalleria 跨站脚本漏洞
WordPress is a set of blogging platform developed by Wordpress Foundation using PHP language. WordPress plugin is a WordPress application plugin. WordPress MaxGalleria plugin version 6.2.5 contains a cross-site scripting vulnerability. An attacker can exploit the vulnerability to execute JavaScri...
CVE-2022-23899
MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via search.do in the file /web/MCmsAction.java...
CVE-2022-23898
MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via the categoryId parameter in the file IContentDao.xml...
MingSoft Mcms SQL注入漏洞
MingSoft Mcms is China's MingFei MingSoft company's a complete open source J2ee system . A security vulnerability exists in MingSoft Mcms v5.2.5 that allows an attacker to perform a SQL injection attack via the search.do parameter in the file /web/MCmsAction.java. No details of the vulnerability...
CVE-2021-46063
MCMS v5.2.5 was discovered to contain a Server Side Template Injection SSTI vulnerability via the Template Management module...
CVE-2022-23580
Tensorflow is an Open Source Machine Learning Framework. During shape inference, TensorFlow can allocate a large vector based on a value from a tensor controlled by the user. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, a...
PYSEC-2022-76
Tensorflow is an Open Source Machine Learning Framework. The implementations of SparseCwise ops are vulnerable to integer overflows. These can be used to trigger large allocations so, OOM based denial of service or CHECK-fails when building new TensorShape objects so, assert failures based denial...
PT-2022-15068 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions 2.5.3 through 2.7.1 TensorFlow version 2.8.0 is not affected as it includes the fix. Description: The implementation of UnravelIndex is vulnerable to a division by zero caused by an integer overflow bug. This issue can be...
MingSoft MCMS 代码问题漏洞
MingSoft MCMS is a complete open source J2ee system from China's MingSoft. A code issue vulnerability exists in MingSoft MCMS, which stems from a file upload vulnerability in MCMS version =5.2.5. An attacker can exploit this vulnerability to execute arbitrary code remotely...
DEBIAN-CVE-2022-21695
OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions authenticated users or unauthenticated in public mode can send messages without being visible in the list of chat participants. Th...
UBUNTU-CVE-2022-21688
OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. Affected versions of the desktop application were found to be vulnerable to denial of service via an undisclosed vulnerability in the QT image parsing...
Netgear NETGEAR 注入漏洞
Netgear NETGEAR is a router from the American company Netgear. A hardware device that connects two or more networks and acts as a gateway between networks. An injection vulnerability exists in NETGEAR devices that are subject to server-side injection. The following products and versions are...
PYSEC-2021-439
In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths...