PT-2021-18271 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.5.0 TensorFlow version 2.4.2 TensorFlow version 2.3.3 TensorFlow version 2.2.3 TensorFlow version 2.1.4 Description: Missing validation between arguments to tf.raw ops.Conv3DBackprop operations can result in hea...

CVE-2020-26997

A vulnerability has been identified in Solid Edge SE2020 All versions SE2020MP13, Solid Edge SE2020 All versions SE2020MP14, Solid Edge SE2021 All Versions SE2021MP4. Affected applications lack proper validation of user-supplied data when parsing PAR files. This could lead to pointer dereferences...

The vulnerability in the recv_files function of the Rsync file transfer and synchronization utility’s receiver.c module allows a attacker to compromise data integrity.

The vulnerability in the recvfiles function in the receiver.c file of the Rsync file transfer and synchronization utility is related to the lack of checks on the file name. Exploiting this vulnerability could allow a remote attacker to compromise the integrity of the data...

GHSA-F4HQ-453J-P95F Open redirect in Slashify

The package is an Express middleware that normalises routes by stripping any final slash, redirecting, for example, bookings/latest/ to bookings/latest. However, it does not validate the path it redirects to in any way. In particular, if the path starts with two slashes or two backslashes, or a...

CVE-2020-11496

Sprecher SPRECON-E firmware prior to 8.64b might allow local attackers with access to engineering data to insert arbitrary code. This firmware lacks the validation of the input values on the device side, which is provided by the engineering software during parameterization. Attackers with access ...

CVE-2020-15196

In Tensorflow version 2.3.0, the SparseCountSparseOutput and RaggedCountSparseOutput implementations don't validate that the weights tensor has the same shape as the data. The check exists for DenseCountSparseOutput, where both tensors are fully specified. In the sparse and ragged count weights a...

8x8: 2FA Disable With Wrong Password - Response Tampering.

The application contained a business logic flaw that resulted in missing validation when removing 2FA on the authenticated account...

CVE-2020-6248

SAP Adaptive Server Enterprise Backup Server, version 16.0, does not perform the necessary validation checks for an authenticated user while executing DUMP or LOAD command allowing arbitrary code execution or Code Injection...

openstack-manila: User with share-network UUID is able to show, create and delete shares

An access flaw was found in openstack-manila, where the API did not validate the user/project on commands. A malicious user having the UUID of a share-network could view, update, delete, or share resources that did not belong to them. Attackers could also create resources on shared networks for...

Dojox Cross-Site Scripting Vulnerability

DojoX is a domain application for developing other Dojo features. A cross-site scripting vulnerability exists in dojox. The vulnerability stems from the WEB application lacking proper validation of client-side data. An attacker can exploit this vulnerability to execute client-side code...

SDL: heap-based buffer overflow in SDL blit functions in video/SDL_blit*.c

A heap-based buffer overflow was discovered in SDL in the SDLBlitCopy function, that was called while copying an existing surface into a new optimized one, due to lack of validation while loading a BMP image in the SDLLoadBMPRW function. An application that uses SDL to parse untrusted input files...

CVE-2019-6774

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Metinfo SQL Injection Vulnerability (CNVD-2019-24207)

MetInfo is a content management system CMS developed by China Mito MetInfo using PHP and Mysql. A SQL injection vulnerability exists in MetInfo version 6.x. The vulnerability stems from a lack of validation of externally entered SQL statements in database-based applications. An attacker can explo...

Sequelize SQL Injection Vulnerability (CNVD-2019-19314)

Sequelize is a database ORM Object Relational Mapping tool for Node.js. A SQL injection vulnerability exists in Sequelize versions prior to 5.8.11. The vulnerability stems from a lack of validation of externally entered SQL statements in database-based applications. An attacker can exploit the...

CVE-2018-17655

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2018-15683

An issue was discovered in BTITeam XBTIT. The "returnto" parameter of the login page is vulnerable to an open redirect due to a lack of validation. If a user is already logged in when accessing the page, they will be instantly redirected...

CVE-2018-14289

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

HPE Intelligent Management Center DBMan RestoreDBase MySQL Command Injection (CVE-2017-5819)

A command injection vulnerability exists in the dbman component of HPE Intelligent Management Center. The vulnerability exists due to missing validation when handling MySQL databases commands...

Foxit Reader Text Annotations Remote Code Execution Vulnerability

Foxit Reader is a small PDF document viewer and printing program. Foxit Reader has a security vulnerability in the Text Annotations handling, which can be exploited to execute arbitrary code in the current process context due to a lack of validation before performing operations on objects...

Foxit Reader Annotation author Remote Code Execution Vulnerability

Foxit Reader is a small PDF document viewer and printing program. Foxit Reader has a security vulnerability in Annotation author parsing, which can be exploited by an attacker to execute arbitrary code in the current process context due to a lack of validation before performing an operation on an...