Lucene search
K

22 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/03/29 11:41 p.m.10 views

Security Bulletin: IBM Content Navigator is affected by Apache Xerces2

Summary IBM Content Navigator is affected by multiple vulnerabilities in the Apache Xerces2 Java XML parser library. CVE-2009-2625 and CVE-2022-23437 describe infinite loop conditions triggered by malformed XML input, leading to application hang or denial of service. CVE-2012-0881 allows CPU...

7.8CVSS6.7AI score0.3038EPSS
Exploits2Affected Software1
Snyk
Snyk
added 2026/03/12 9:41 p.m.4 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to improper validation of the crit header parameter. An attacker can bypass critical header checks by crafting a JSON Web Signature JWS token with unrecognized critical extensions. Po...

8.7CVSS5.8AI score0.00269EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/01/27 3:23 p.m.4 views

CVE-2026-24656

Deserialization of Untrusted Data vulnerability in Apache Karaf Decanter. The Decanter log socket collector exposes the port 4560, without authentication. If the collector exposes allowed classes property, this configuration can be bypassed. It means that the log socket collector is vulnerable to...

3.7CVSS5.8AI score0.00655EPSS
Exploits0References1
NVD
NVD
added 2026/01/26 10:16 a.m.7 views

CVE-2026-24656

Deserialization of Untrusted Data vulnerability in Apache Karaf Decanter. The Decanter log socket collector exposes the port 4560, without authentication. If the collector exposes allowed classes property, this configuration can be bypassed. It means that the log socket collector is vulnerable to...

3.7CVSS0.00655EPSS
Exploits0References2
EUVD
EUVD
added 2026/01/26 9:41 a.m.10 views

EUVD-2026-4680

Deserialization of Untrusted Data vulnerability in Apache Karaf Decanter. The Decanter log socket collector exposes the port 4560, without authentication. If the collector exposes allowed classes property, this configuration can be bypassed. It means that the log socket collector is vulnerable to...

3.7CVSS5.8AI score0.00655EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/26 9:41 a.m.3 views

CVE-2026-24656

Deserialization of Untrusted Data vulnerability in Apache Karaf Decanter. The Decanter log socket collector exposes the port 4560, without authentication. If the collector exposes allowed classes property, this configuration can be bypassed. It means that the log socket collector is vulnerable to...

3.7CVSS5.8AI score0.00655EPSS
Exploits0References2
CVE
CVE
added 2026/01/26 9:41 a.m.23 views

CVE-2026-24656

Concretely, CVE-2026-24656 affects Apache Karaf Decanter before 2.12.0, specifically the Decanter log socket collector that exposes port 4560 without authentication. If the collector exposes the allowed-classes property, this configuration can be bypassed, allowing deserialization of untrusted da...

3.7CVSS5.8AI score0.00655EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2025/12/11 4:48 p.m.2 views

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the evaluation of credential values in non-POSIX shell environments. An attacker can execute arbitrary commands on the operator's device by crafting malicious credential values in infrastructure Secret...

8CVSS7.9AI score0.00204EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/11 4:48 p.m.1 views

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the evaluation of credential values in non-POSIX shell environments. An attacker can execute arbitrary commands on the operator's device by crafting malicious credential values in infrastructure Secret...

8CVSS7.9AI score0.00204EPSS
Exploits0References2
Snyk
Snyk
added 2024/07/30 7:44 p.m.4 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound due to the arrayops.upperbound function. An attacker can cause a denial of service by providing input that is not a rank 2 tensor. Remediation Upgrade tensorflow-lite to version 2.15.0 or higher. Reference...

8.7CVSS5.9AI score0.00429EPSS
Exploits0References2
Snyk
Snyk
added 2023/03/26 8:12 a.m.3 views

Incorrect Comparison

Overview Affected versions of this package are vulnerable to Incorrect Comparison. Constructing a tflite model with a paramater filterinputchannel of less than 1 gives a float pointer exception. Remediation Upgrade tensorflow-lite to version 2.12.0 or higher. References - GitHub Commit Credit: Wa...

7.5CVSS6.9AI score0.00391EPSS
Exploits0References2
Snyk
Snyk
added 2023/03/26 7:52 a.m.3 views

Integer Overflow to Buffer Overflow

Overview Affected versions of this package are vulnerable to Integer Overflow to Buffer Overflow when 2^31 = numframes height width channels 2^32, for example Full HD screencast of at least 346 frames. PoC import urllib.request dat =...

7.5CVSS7AI score0.00305EPSS
Exploits0References2
Snyk
Snyk
added 2023/03/26 7:48 a.m.2 views

Out-of-Bounds

Overview Affected versions of this package are vulnerable to Out-of-Bounds due to mismatched integer type sizes in ValueMap::Manager::GetValueOrCreatePlaceholder, because there is a bug with the tfg-translate call to InitMlir. Remediation Upgrade tensorflow-lite to version 2.12.0 or higher...

7.5CVSS6.9AI score0.00516EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/03/24 12:0 a.m.1 views

PT-2023-20233

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.11.1 TensorFlow versions prior to 2.12.0 Description TensorFlow is an open source platform for machine learning. There is out-of-bounds access due to mismatched integer type sizes. The issue is related to the...

7.5CVSS6.7AI score0.00516EPSS
Exploits0References16
Positive Technologies
Positive Technologies
added 2022/12/27 12:0 a.m.5 views

PT-2022-11734 · Openmrs · Openmrs

Name of the Vulnerable Software and Affected Versions: OpenMRS openmrs-module-referenceapplication versions up to 2.11.x Description: A vulnerability was found in the function post of the file omod/src/main/java/org/openmrs/module/referenceapplication/page/controller/UserAppPageController.java of...

6.1CVSS4.2AI score0.00955EPSS
Exploits0References11
Snyk
Snyk
added 2022/11/20 9:12 a.m.2 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS when SparseFillEmptyRowsGrad is given empty inputs. Details Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users. Unlike other...

7.5CVSS7AI score0.0044EPSS
Exploits1References2
Snyk
Snyk
added 2022/11/20 9:8 a.m.2 views

Buffer Overflow

Overview Affected versions of this package are vulnerable to Buffer Overflow via tf.rawops.FusedResizeAndPadConv2D when a large tensor shape is given. Remediation Upgrade tensorflow-lite to version 2.12.0 or higher. References - GitHub Commit - Vulnerable Code Credit: Neophytos Christou from SSL ...

7.5CVSS7AI score0.0043EPSS
Exploits1References2
Snyk
Snyk
added 2022/11/20 9:8 a.m.2 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS when FractionMaxPoolGrad is given outsize inputs rowpoolingsequence and colpoolingsequence. Details Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessible to its intended and...

7.5CVSS7AI score0.0044EPSS
Exploits1References2
Snyk
Snyk
added 2022/11/20 9:8 a.m.1 views

Buffer Overflow

Overview Affected versions of this package are vulnerable to Buffer Overflow. The reference kernel of the CONV3DTRANSPOSE TensorFlow Lite operator wrongly increments the dataptr when adding the bias to the result. Instead of dataptr += numchannels; it should be dataptr += outputnumchannels; as if...

8.1CVSS8.2AI score0.00523EPSS
Exploits1References2
Snyk
Snyk
added 2022/11/20 9:8 a.m.0 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS. This is vulnerable when an input token that is not a UTF-8 bytestring will trigger a CHECK fail in tf.rawops.PyFunc. Details Denial of Service DoS describes a family of attacks, all aimed at making a system...

7.5CVSS7.1AI score0.0045EPSS
Exploits1References2
Rows per page
Query Builder