PYSEC-2022-132

Tensorflow is an Open Source Machine Learning Framework. The implementation of AddManySparseToTensorsMap is vulnerable to an integer overflow which results in a CHECK-fail when building new TensorShape objects so, an assert failure based denial of service. We are missing some validation on the...

CVE-2022-23568

Tensorflow is an Open Source Machine Learning Framework. The implementation of AddManySparseToTensorsMap is vulnerable to an integer overflow which results in a CHECK-fail when building new TensorShape objects so, an assert failure based denial of service. We are missing some validation on the...

Elite Graphix Elite Cms SQL注入漏洞

Elite Graphix Elite Cms is a web content management written in Php language from Elite Graphix India. platform for storing and organizing information and documents. Elite Graphix Elite Cms suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL...

Elite Graphix Elite Cms 安全漏洞

Elite Graphix Elite Cms is a web content management written in Php language by Elite Graphix India. A platform for storing and organizing information and documents, Elite Graphix Elite Cms v1.0 suffers from a file upload vulnerability that stems from the lack of valid validation of uploaded files...

CVE-2022-22530

The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files. This allows an attacker with basic user rights to inject dangerous content or malicious code which could result in critical information being...

Code injection

The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files. This allows an attacker with basic user rights to inject dangerous content or malicious code which could result in critical information being...

AZL-7533 CVE-2022-23219 affecting package glibc for versions less than 2.35-1

The deprecated compatibility function clntcreate in the sunrpc module of the GNU C Library aka glibc through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or if an application is no...

IBM Security Verify Access 跨站脚本漏洞

IBM Security Verify Access is a service from IBM USA that improves user access security. The service enables secure and simple access to platforms such as Web, mobile, IoT, and cloud technologies through the use of risk-based access, single sign-on, integrated access management controls, identity...

Apache Pluto 跨站脚本漏洞

Apache Pluto is a runtime environment for a set of Portlet containers from the Apache Foundation.Apache Pluto in version 3.1.0 has a cross-site scripting vulnerability that stems from a lack of data validation filtering of user-supplied and output data in the first name and last name fields. An...

CVE-2021-20156

Trendnet AC2600 TEW-827DRU version 2.08B01 contains an improper access control configuration that could allow for a malicious firmware update. It is possible to manually install firmware that may be malicious in nature as there does not appear to be any signature validation done to determine if i...

CVE-2021-43548

Patient Information Center iX PIC iX Versions C.02 and C.03 receives input or data, but does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly...

UBUNTU-CVE-2021-44273

e2guardian v5.4.x = v5.4.3r is affected by missing SSL certificate validation in the SSL MITM engine. In standalone mode i.e., acting as a proxy or a transparent proxy, with SSL MITM enabled, e2guardian, if built with OpenSSL v1.1.x, did not validate hostnames in certificates of the web servers...

xml-security: XPath Transform abuse allows for information disclosure

All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any...

WordPress 插件跨站脚本漏洞

WordPress Plugin is an open source application plugin for WordPress. A security vulnerability exists in the Wordpress plugin that stems from insufficient input validation in the Use-Your-Drive search function of the Wordpress plugin prior to 1.18.3, allowing an unauthenticated user to create a...

GHSA-76QM-4F93-FG6F Improper Input Validation in xdLocalStorage

An issue was discovered in xdLocalStorage through 2.0.5. The receiveMessage function in xdLocalStorage.js does not implement any validation of the origin of web messages. Remote attackers who can entice a user to load a malicious site can exploit this issue to impact the confidentiality and...

ZZCMS 跨站请求伪造漏洞

ZZCMS is a content management system CMS by China Zzcms team. ZZZCMS V1.7.1 suffers from a cross-site request forgery vulnerability, which stems from the lack of token validation for cross-site request forgery in the saveuser function in save.php...

ZZCMS 跨站脚本漏洞

ZZZCMS is a content management system CMS from the ZZZCMS team in China. ZZZCMS suffers from a cross-site scripting vulnerability that stems from a lack of data validation filtering of user-supplied and output data in the editfile action of /adminxxx/save.php. An attacker could exploit the...

Tripexpress 路径遍历漏洞

Tripexpress is an open source bus tour travel booking management web application by Shpetim Islami, an Austrian individual developer. tripexpress suffers from a path traversal vulnerability, which originates from the assignment of $SERVERargv assigned to src, the lack of effective filtering and...

CVE-2021-43582

A Use-After-Free Remote Vulnerability exists when reading a DWG file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DWG files. The issue results from the lack of validating the existence of an object prior to performing operations on the...

ALPINE-CVE-2021-42376

A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. This may be used for DoS under very rare conditions of filtered command input...