13677 matches found
CVE-2022-46492
nbnbk commit 879858451d53261d10f77d4709aee2d01c72c301 was discovered to contain an arbitrary file read vulnerability via the component /api/Index/getFileBinary...
CVE-2022-41885
TensorFlow is an open source platform for machine learning. When tf.rawops.FusedResizeAndPadConv2D is given a large tensor shape, it overflows. We have patched the issue in GitHub commit d66e1d568275e6a2947de97dca7a102a211e01ce. The fix will be included in TensorFlow 2.11. We will also cherrypick...
CVE-2022-41239
Jenkins DotCi Plugin 2.40.00 and earlier does not escape the GitHub user name parameter provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site scripting XSS vulnerability...
CVE-2022-41886
TensorFlow is an open source platform for machine learning. When tf.rawops.ImageProjectiveTransformV2 is given a large output shape, it overflows. We have patched the issue in GitHub commit 8faa6ea692985dbe6ce10e1a3168e0bd60a723ba. The fix will be included in TensorFlow 2.11. We will also...
CVE-2022-40016
Use After Free UAF vulnerability in ireader media-server before commit 3e0f63f1d3553f75c7d4eb32fa7c7a1976a9ff84 in librtmp, allows attackers to cause a denial of service...
CVE-2022-1193
Improper access control in GitLab CE/EE versions 10.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows a malicious actor to obtain details of the latest commit in a private project via Merge Requests under certain circumstances...
CVE-2022-0090
An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. GitLab is configured in a way that it doesn't ignore replacement references with git sub-commands, allowing a malicious user to spoof the contents of their commits in...
CVE-2022-39281
fatfreecrm is a an open source, Ruby on Rails customer relationship management platform CRM. In versions prior to 0.20.1 an authenticated user can perform a remote Denial of Service attack against Fat Free CRM via bucket access. The vulnerability has been patched in commit c85a254 and will be...
CVE-2022-38495
LIEF commit 365a16a was discovered to contain a heap-buffer overflow via the function printbinary at /c/machoreader.c...
CVE-2022-38496
LIEF commit 365a16a was discovered to contain a reachable assertion abort via the component BinaryStream.hpp...
CVE-2022-37237
An attacker can send malicious RTMP requests to make the ZLMediaKit server crash remotely. Affected version is below commit 7d8b212a3c3368bc2f6507cb74664fc419eb9327...
CVE-2022-38231
XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::getChar at /xpdf/Stream.cc...
CVE-2022-36143
SWFMill commit 53d7690 was discovered to contain a heap-buffer overflow via interceptorstrlen.part at /sanitizercommon/sanitizercommoninterceptors.inc...
CVE-2022-36140
SWFMill commit 53d7690 was discovered to contain a segmentation violation via SWF::DeclareFunction2::writeSWF::Writer, SWF::Context...
CVE-2022-36004
TensorFlow is an open source platform for machine learning. When tf.random.gamma receives large input shape and rates, it gives a CHECK fail that can trigger a denial of service attack. We have patched the issue in GitHub commit 552bfced6ce4809db5f3ca305f60ff80dd40c5a3. The fix will be included i...
CVE-2022-36144
SWFMill commit 53d7690 was discovered to contain a heap-buffer overflow via base64encode...
CVE-2022-35058
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b05ce...
CVE-2022-35051
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b55af...
CVE-2022-35054
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6171b2...
CVE-2022-35036
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e1fc8...