PT-2022-20875 · Libjpeg +1 · Libjpeg +1

Name of the Vulnerable Software and Affected Versions: libjpeg versions prior to 1.64 Description: The issue is related to an assertion failure in BitStream::Get in bitstream.hpp, which may cause denial of service. This occurs due to out-of-bounds array access during specific scan modes, includin...

CVE-2022-31651

In SoX 14.4.2, there is an assertion failure in rateinit in rate.c in libsox.a...

SoX 输入验证错误漏洞

SoX is a set of audio processing tools. SoX version 14.4.2 contains a denial of service vulnerability that results from an assertion failure in rateinit in rate.c in libsox.a. The vulnerability can be exploited to cause a denial of service. An attacker could exploit this vulnerability to cause a...

CVE-2022-31651

SoX 14.4.2 contains an assertion failure in rate_init (rate.c in libsox.a). Affected component is SoX itself; the root cause is an assertion failure leading to abnormal termination (crash). Public advisories link this CVE to denial-of-service-like outcomes in some summaries; multiple CSPs indicat...

CVE-2022-31651

In SoX 14.4.2, there is an assertion failure in rateinit in rate.c in libsox.a...

CVE-2022-31651

In SoX 14.4.2, there is an assertion failure in rateinit in rate.c in libsox.a...

PT-2022-6491 · Sox +4 · Sox +4

Name of the Vulnerable Software and Affected Versions: SoX version 14.4.2 Description: The issue is related to an assertion failure in the rate init function within the rate.c component of the SoX audio editor. This failure is due to insufficient use of the assert function. Exploitation of this...

CVE-2022-31261

An XXE issue was discovered in Morpheus through 5.2.16 and 5.4.x through 5.4.4. A successful attack requires a SAML identity provider to be configured. In order to exploit the vulnerability, the attacker must know the unique SAML callback ID of the configured identity source. A remote attacker ca...

Google TensorFlow integer overflow vulnerability (CNVD-2022-44166)

Google TensorFlow, an end-to-end open source platform for machine learning from Google, Inc. is vulnerable to integer overflow in versions prior to 2.9.0, 2.8.1, 2.7.2, and 2.6.4, which originates from tf.rawops. SpaceToBatchND has an integer overflow problem. An attacker could use this...

CVE-2022-29209

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the macros that TensorFlow uses for writing assertions e.g., CHECKLT, CHECKGT, etc. have an incorrect logic when comparing sizet and int values. Due to type conversion rules, several of t...

Type confusion

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the macros that TensorFlow uses for writing assertions e.g., CHECKLT, CHECKGT, etc. have an incorrect logic when comparing sizet and int values. Due to type conversion rules, several of t...

Google TensorFlow安全漏洞

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. A security vulnerability exists in Google TensorFlow versions prior to 2.9.0, prior to 2.8.1, prior to 2.7.2, and prior to 2.6.4, which stems from incorrect logic when comparing sizet when writi...

CVE-2022-29209

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the macros that TensorFlow uses for writing assertions e.g., CHECKLT, CHECKGT, etc. have an incorrect logic when comparing sizet and int values. Due to type conversion rules, several of t...

CVE-2022-29209 Type confusion leading to `CHECK`-failure based denial of service in TensorFlow

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the macros that TensorFlow uses for writing assertions e.g., CHECKLT, CHECKGT, etc. have an incorrect logic when comparing sizet and int values. Due to type conversion rules, several of t...

CVE-2019-11066

openid.php in LightOpenID through 1.3.1 allows SSRF via a crafted OpenID 2.0 assertion request using the HTTP GET method...

CVE-2021-38385

Tor before 0.3.5.16, 0.4.5.10, and 0.4.6.7 mishandles the relationship between batch-signature verification and single-signature verification, leading to a remote assertion failure, aka TROVE-2021-007...

CVE-2021-46052

A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::Tuple::validate...

Google TensorFlow输入验证错误漏洞

Google TensorFlow, an end-to-end open source platform for machine learning from Google, Inc. is vulnerable to integer overflow in versions prior to 2.9.0, 2.8.1, 2.7.2, and 2.6.4, which originates from tf.rawops. SpaceToBatchND has an integer overflow problem. An attacker could use this...

PT-2022-19461 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.9.0 TensorFlow versions prior to 2.8.1 TensorFlow versions prior to 2.7.2 TensorFlow versions prior to 2.6.4 Description: TensorFlow is an open source platform for machine learning. The macros that TensorFlow us...

CVE-2022-1183

On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those that include a reference to http within the listen-on statements in their named.conf. TLS is used by both DNS over TLS DoT and DNS over HTTPS DoH, bu...