GHSA-JQM7-M5Q7-3HM5 TensorFlow vulnerable to `CHECK` fail in `DrawBoundingBoxes`

Impact When DrawBoundingBoxes receives an input boxes that is not of dtype float, it gives a CHECK fail that can trigger a denial of service attack. python import tensorflow as tf import numpy as np arg0=tf.constantvalue=np.random.randomsize=1, 3, 2, 3, shape=1, 3, 2, 3, dtype=tf.half...

a62-emotion (>=0.10.12 <=0.11.4), aiproteomics (=0.2.1) +98 more potentially affected by CVE-2022-36002 via tensorflow-cpu (>=1.15.0 <=2.7.0)

tensorflow-cpu PYPI version =1.15.0, =0.10.12, =2.0.0, =2.0.0, =1.0.0, =0.0.5, =0.3.0, =0.0.1, =0.8.1, =0.1.1, =1.3.0, =0.1.0.dev1, =0.0.1, =0.3.3 and more Source cves: CVE-2022-36002 Source advisory: OSV:GHSA-MH3M-62V7-68XG...

a62-emotion (>=0.10.12 <=0.11.4), aiproteomics (=0.2.1) +98 more potentially affected by CVE-2022-36026 via tensorflow-cpu (>=1.15.0 <=2.7.0)

tensorflow-cpu PYPI version =1.15.0, =0.10.12, =2.0.0, =2.0.0, =1.0.0, =0.0.5, =0.3.0, =0.0.1, =0.8.1, =0.1.1, =1.3.0, =0.1.0.dev1, =0.0.1, =0.3.3 and more Source cves: CVE-2022-36026 Source advisory: OSV:GHSA-9CR2-8PWR-FHFQ...

a62-emotion (>=0.10.12 <=0.11.4), aiproteomics (=0.2.1) +98 more potentially affected by CVE-2022-35939 via tensorflow-cpu (>=1.15.0 <=2.7.0)

tensorflow-cpu PYPI version =1.15.0, =0.10.12, =2.0.0, =2.0.0, =1.0.0, =0.0.5, =0.3.0, =0.0.1, =0.8.1, =0.1.1, =1.3.0, =0.1.0.dev1, =0.0.1, =0.3.3 and more Source cves: CVE-2022-35939 Source advisory: OSV:GHSA-FFJM-4QWC-7CMF...

PT-2022-23100 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier Description: The issue occurs when the DrawBoundingBoxes function receives an input boxes th...

CVE-2022-31760

Dialog boxes can still be displayed even if the screen is locked in carrier-customized USSD services. Successful exploitation of this vulnerability may affect data integrity and confidentiality...

CVE-2022-31760

Dialog boxes can still be displayed even if the screen is locked in carrier-customized USSD services. Successful exploitation of this vulnerability may affect data integrity and confidentiality...

CVE-2022-31760

Dialog boxes can still be displayed even if the screen is locked in carrier-customized USSD services. Successful exploitation of this vulnerability may affect data integrity and confidentiality...

a62-emotion (>=0.10.12 <=0.11.4), aiproteomics (=0.2.1) +97 more potentially affected by CVE-2022-29191 via tensorflow-cpu (>=1.15.0 <=2.5.3)

tensorflow-cpu PYPI version =1.15.0, =0.10.12, =2.0.0, =2.0.0, =1.0.0, =0.0.5, =0.3.0, =0.0.1, =0.8.1, =0.1.1, =1.3.0, =0.1.0.dev1, =0.0.1, =0.3.3 and more Source cves: CVE-2022-29191 Source advisory: OSV:GHSA-FV25-WRFF-WF86...

militaryspecboxes.com Cross Site Scripting vulnerability OBB-2608503

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

DEBIAN-CVE-2022-29340

GPAC 2.1-DEV-rev87-g053aae8-master. has a Null Pointer Dereference vulnerability in gfisomparsemovieboxesinternal due to improper return value handling of GFSKIPBOX, which causes a Denial of Service. This vulnerability was fixed in commit 37592ad...

UBUNTU-CVE-2022-29340

GPAC 2.1-DEV-rev87-g053aae8-master. has a Null Pointer Dereference vulnerability in gfisomparsemovieboxesinternal due to improper return value handling of GFSKIPBOX, which causes a Denial of Service. This vulnerability was fixed in commit 37592ad...

GPAC 代码问题漏洞

GPAC is an open source multimedia framework. A code issue vulnerability exists in GPAC version 2.1-DEV-rev87-g053aae8-master, which stems from a null pointer dereference vulnerability due to improper handling of the return value of GFSKIPBOX in the application gfisomparsemovieboxesinternal. An...

Stored Cross-site Scripting vulnerability in Jenkins Extended Choice Parameter Plugin

Jenkins Extended Choice Parameter Plugin 346.vd87693c5a86c and earlier does not escape the value and description of extended choice parameters of radio buttons or check boxes type, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

GHSA-H2V5-3HPC-85J5 Stored Cross-site Scripting vulnerability in Jenkins Extended Choice Parameter Plugin

Jenkins Extended Choice Parameter Plugin 346.vd87693c5a86c and earlier does not escape the value and description of extended choice parameters of radio buttons or check boxes type, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

Cross site scripting

Jenkins Extended Choice Parameter Plugin 346.vd87693c5a86c and earlier does not escape the value and description of extended choice parameters of radio buttons or check boxes type, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

CVE-2022-27202

Jenkins Extended Choice Parameter Plugin 346.vd87693c5a86c and earlier does not escape the value and description of extended choice parameters of radio buttons or check boxes type, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

PT-2022-18289 · Jenkins · Jenkins Extended Choice Parameter Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Extended Choice Parameter Plugin versions 346.vd87693c5a 86c and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability. This occurs because the plugin does not escape the value and description of...

Jenkins Extended Choice Parameter Plugin跨站脚本漏洞

Jenkins and Jenkins Plugin are both products of Jenkins. jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. The vulnerability stems from the plugin's failure to escape the value and description ...

WordPress Drop Shadow Boxes plugin <= 1.7.4 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Drop Shadow Boxes plugin versions = 1.7.4. Solution Update the WordPress Drop Shadow Boxes plugin to the latest available version at least 1.7.5...