‼ CVE-2022-29216 ‼
📖 Read
via "National Vulnerability Database".
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, TensorFlow's `saved_model_cli` tool is vulnerable to a code injection. This can be used to open a reverse shell. This code path was maintained for compatibility reasons as the maintainers had several test cases where numpy expressions were used as arguments. However, given that the tool is always run manually, the impact of this is still not severe. The maintainers have now removed the `safe=False` argument, so all parsing is done without calling `eval`. The patch is available in versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29209 ‼
📖 Read
via "National Vulnerability Database".
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the macros that TensorFlow uses for writing assertions (e.g., `CHECK_LT`, `CHECK_GT`, etc.) have an incorrect logic when comparing `size_t` and `int` values. Due to type conversion rules, several of the macros would trigger incorrectly. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29211 ‼
📖 Read
via "National Vulnerability Database".
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.histogram_fixed_width` is vulnerable to a crash when the values array contain `Not a Number` (`NaN`) elements. The implementation assumes that all floating point operations are defined and then converts a floating point result to an integer index. If `values` contains `NaN` then the result of the division is still `NaN` and the cast to `int32` would result in a crash. This only occurs on the CPU implementation. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29222 ‼
📖 Read
via "National Vulnerability Database".
Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.5, a DTLS Client could provide a Certificate that it doesn't posses the private key for and Pion DTLS wouldn't reject it. This issue affects users that are using Client certificates only. The connection itself is still secure. The Certificate provided by clients can't be trusted when using a Pion DTLS server prior to version 2.1.5. Users should upgrade to version 2.1.5 to receive a patch. There are currently no known workarounds.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29190 ‼
📖 Read
via "National Vulnerability Database".
Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.4, an attacker can send packets that sends Pion DTLS into an infinite loop when processing. Version 2.1.4 contains a patch for this issue. There are currently no known workarounds available.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29210 ‼
📖 Read
via "National Vulnerability Database".
TensorFlow is an open source platform for machine learning. In version 2.8.0, the `TensorKey` hash function used total estimated `AllocatedBytes()`, which (a) is an estimate per tensor, and (b) is a very poor hash function for constants (e.g. `int32_t`). It also tried to access individual tensor bytes through `tensor.data()` of size `AllocatedBytes()`. This led to ASAN failures because the `AllocatedBytes()` is an estimate of total bytes allocated by a tensor, including any pointed-to constructs (e.g. strings), and does not refer to contiguous bytes in the `.data()` buffer. The discoverers could not use this byte vector anyway because types such as `tstring` include pointers, whereas they needed to hash the string values themselves. This issue is patched in Tensorflow versions 2.9.0 and 2.8.1.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29214 ‼
📖 Read
via "National Vulnerability Database".
NextAuth.js (next-auth) is am open source authentication solution for Next.js applications. Prior to versions 3.29.3 and 4.3.3, an open redirect vulnerability is present when the developer is implementing an OAuth 1 provider. Versions 3.29.3 and 4.3.3 contain a patch for this issue. The maintainers recommend adding a certain configuration to one's `callbacks` option as a workaround for those unable to upgrade.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1809 ‼
📖 Read
via "National Vulnerability Database".
Access of Uninitialized Pointer in GitHub repository radareorg/radare2 prior to 5.7.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41834 ‼
📖 Read
via "National Vulnerability Database".
JFrog Artifactory prior to version 7.28.0 and 6.23.38, is vulnerable to Broken Access Control, the copy functionality can be used by a low-privileged user to read and copy any artifact that exists in the Artifactory deployment due to improper permissions validation.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1547 ‼
📖 Read
via "National Vulnerability Database".
The Check & Log Email WordPress plugin before 1.0.6 does not sanitise and escape a parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1558 ‼
📖 Read
via "National Vulnerability Database".
The Curtain WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1218 ‼
📖 Read
via "National Vulnerability Database".
The Domain Replace WordPress plugin through 1.3.8 does not sanitise and escape a parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2022-1221 ‼
📖 Read
via "National Vulnerability Database".
The Gwyn's Imagemap Selector WordPress plugin through 0.3.3 does not sanitise and escape some parameters before outputting them back in attributes, leading to a Reflected Cross-Site Scripting.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1320 ‼
📖 Read
via "National Vulnerability Database".
The Sliderby10Web WordPress plugin before 1.2.52 does not properly sanitize and escape some of its settings, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1268 ‼
📖 Read
via "National Vulnerability Database".
The Donate Extra WordPress plugin through 2.02 does not sanitise and escape a parameter before outputting it back in the response, leading to a Reflected cross-Site Scripting📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1298 ‼
📖 Read
via "National Vulnerability Database".
The Tabs WordPress plugin before 2.2.8 does not sanitise and escape Tab descriptions, which could allow high privileged users with a role as low as editor to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1014 ‼
📖 Read
via "National Vulnerability Database".
The WP Contacts Manager WordPress plugin through 2.2.4 fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to an SQL injection vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0346 ‼
📖 Read
via "National Vulnerability Database".
The XML Sitemap Generator for Google WordPress plugin before 2.0.4 does not validate a parameter which can be set to an arbitrary value, thus causing XSS via error message or RCE if allow_url_include is turned on.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1093 ‼
📖 Read
via "National Vulnerability Database".
The WP Meta SEO WordPress plugin before 4.4.7 does not sanitise or escape the breadcrumb separator before outputting it to the page, allowing a high privilege user such as an administrator to inject arbitrary javascript into the page even when unfiltered html is disallowed.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2022-0781 ‼
📖 Read
via "National Vulnerability Database".
The Nirweb support WordPress plugin before 2.8.2 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action (available to unauthenticated users), leading to an SQL injection📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1192 ‼
📖 Read
via "National Vulnerability Database".
The Turn off all comments WordPress plugin through 1.0 does not sanitise and escape the rows parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting📖 Read
via "National Vulnerability Database".