1280 matches found
PYSEC-2021-768
TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type tf.rawops.MatrixDiagV. The implementation has incomplete validation that the value of k is a valid...
Foxit Reader and Foxit PhantomPDF Arbitrary File Write Vulnerability
Foxit Reader and Foxit PhantomPDF are both Chinese Foxit Foxit company a PDF document reader. An arbitrary file write vulnerability exists in Foxit Reader versions prior to 10.1.4 and PhantomPDF versions prior to 10.1.4, which stems from a failure to validate the CombineFiles pathname and can be...
GSD-2021-1001470 net: validate lwtstate->data before returning from skb_tunnel_info()
net: validate lwtstate-data before returning from skbtunnelinfo This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.4.277 by commit...
UVI-2021-1001470 net: validate lwtstate->data before returning from skb_tunnel_info()
net: validate lwtstate-data before returning from skbtunnelinfo This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.4.277 by commit...
GSD-2021-1001439 net: validate lwtstate->data before returning from skb_tunnel_info()
net: validate lwtstate-data before returning from skbtunnelinfo This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.9.277 by commit...
GSD-2021-1001407 net: validate lwtstate->data before returning from skb_tunnel_info()
net: validate lwtstate-data before returning from skbtunnelinfo This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.241 by commit...
UVI-2021-1001320 net: validate lwtstate->data before returning from skb_tunnel_info()
net: validate lwtstate-data before returning from skbtunnelinfo This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.135 by commit...
UVI-2021-1001258 net: validate lwtstate->data before returning from skb_tunnel_info()
net: validate lwtstate-data before returning from skbtunnelinfo This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.53 by commit...
GSD-2021-1001234 bus: mhi: core: Validate channel ID when processing command completions
bus: mhi: core: Validate channel ID when processing command completions This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.54 by commit...
UVI-2021-1001234 bus: mhi: core: Validate channel ID when processing command completions
bus: mhi: core: Validate channel ID when processing command completions This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.54 by commit...
CVE-2021-32796 Misinterpretation of malicious XML input in xmldom
xmldom is an open source pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. xmldom versions 0.6.0 and older do not correctly escape special characters when serializing elements removed from their ancestor. This may lead to unexpected syntactic changes duri...
Cross-Site Request Forgery (CSRF) in dolibarr/dolibarr
✍️ Description CSRF bug to validate inventory 🕵️♂️ Proof of Concept Here it does not check token parameter for csrf .You can remove token paramater from url. bellow request is vulnerable to csrf attack when validate inventory ....
GHSA-7F53-FMMV-MFJV Regular expression denial of service in react-native
A regular expression denial of service ReDoS vulnerability in the validateBaseUrl function can cause the application to use excessive resources, become unresponsive, or crash. This was introduced in react-native version 0.59.0 and fixed in version 0.64.1...
PHP 7.4.x < 7.4.21 Multiple Vulnerabilities
According to its self-reported version number, the version of PHP installed on the remote host is 7.3.x prior to 7.3.29, 7.4.x prior to 7.4.21, or 8.x prior to 8.0.8. It is, therefore, affected by multiple vulnerabilities: - Server-Side Request Forgery SSRF bypass in FILTERVALIDATEURL...
PT-2021-3390 · Phpmailer +3 · Phpmailer +3
Name of the Vulnerable Software and Affected Versions: PHPMailer versions 6.4.1 and earlier Description: The issue is related to the validateAddress function in PHPMailer, which can lead to the execution of untrusted code if such code is injected into the host project's scope by other means. This...
WordPress Video Embed plugin SQL Injection Vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an application plugin for WordPress. A SQL injection vulnerability exists in WordPress Vide...
PT-2021-10305 · Facebook · React Native
Name of the Vulnerable Software and Affected Versions: react-native versions 0.59.0 through 0.64.1 Description: A regular expression denial of service ReDoS vulnerability in the validateBaseUrl function can cause the application to use excessive resources, become unresponsive, or crash...
React Native代码问题漏洞
React Native is an open source JavaScript framework. It is used to build user interfaces and native applications. A code issue vulnerability exists in react-native version 0.59.0, which stems from a regular expression in the validateBaseUrl function that could cause an application to use too many...
PT-2021-8194 · Linux +2 · Linux Kernel +2
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a function in the Linux kernel's amdgpu driver, specifically the validate bksv function in the hdcp1 execution.c module. This function is vulnerable to a buffer...
GSD-2021-1000107 NFS: fs_context: validate UDP retrans to prevent shift out-of-bounds
NFS: fscontext: validate UDP retrans to prevent shift out-of-bounds This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.11.20 by commit...