Filtered by CWE-475
Total 8 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-3099 1 Lfprojects 1 Mlflow 2024-10-11 5.4 Medium
A vulnerability in mlflow/mlflow version 2.11.1 allows attackers to create multiple models with the same name by exploiting URL encoding. This flaw can lead to Denial of Service (DoS) as an authenticated user might not be able to use the intended model, as it will open a different model each time. Additionally, an attacker can exploit this vulnerability to perform data model poisoning by creating a model with the same name, potentially causing an authenticated user to become a victim by using the poisoned model. The issue stems from inadequate validation of model names, allowing for the creation of models with URL-encoded names that are treated as distinct from their URL-decoded counterparts.
CVE-2020-7925 1 Mongodb 1 Mongodb 2024-09-17 7.5 High
Incorrect validation of user input in the role name parser may lead to use of uninitialized memory allowing an unauthenticated attacker to use a specially crafted request to cause a denial of service. This issue affects MongoDB Server v4.4 versions prior to 4.4.0-rc12; MongoDB Server v4.2 versions prior to 4.2.9.
CVE-2023-4874 3 Debian, Mutt, Redhat 3 Debian Linux, Mutt, Enterprise Linux 2024-08-30 4.3 Medium
Null pointer dereference when viewing a specially crafted email in Mutt >1.5.2 <2.2.12
CVE-2023-4875 3 Debian, Mutt, Redhat 3 Debian Linux, Mutt, Enterprise Linux 2024-08-30 2.2 Low
Null pointer dereference when composing from a specially crafted draft message in Mutt >1.5.2 <2.2.12
CVE-2022-29207 1 Google 1 Tensorflow 2024-08-03 5.5 Medium
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, multiple TensorFlow operations misbehave in eager mode when the resource handle provided to them is invalid. In graph mode, it would have been impossible to perform these API calls, but migration to TF 2.x eager mode opened up this vulnerability. If the resource handle is empty, then a reference is bound to a null pointer inside TensorFlow codebase (various codepaths). This is undefined behavior. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.
CVE-2022-2598 2 Debian, Vim 2 Debian Linux, Vim 2024-08-03 6.5 Medium
Out-of-bounds Write to API in GitHub repository vim/vim prior to 9.0.0100.
CVE-2023-2253 1 Redhat 5 Openshift, Openshift Api Data Protection, Openshift Api For Data Protection and 2 more 2024-08-02 6.5 Medium
A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory.
CVE-2024-20380 2024-08-01 7.5 High
A vulnerability in the HTML parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to an issue in the C to Rust foreign function interface. An attacker could exploit this vulnerability by submitting a crafted file containing HTML content to be scanned by ClamAV on an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software.