1059 matches found
Rock Convert < 3.0.0 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
curl: CVE-2022-42916: HSTS bypass via IDN
Summary: HSTS checks are bypassed if any character in the IDN convertNameprep to a '.' for example"。"UTF-8:E38082. I think there are other characters that become ".UTF-8:2E" as a result of converting with IDN. '。UTF-8:E38082' is converted to '.' so it doesn't matter if it's last or not. So the sa...
WordPress Rock Convert plugin <= 2.10.2 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by José Ricardo in the WordPress Rock Convert plugin versions = 2.10.2. Solution Update the WordPress Rock Convert plugin to the latest available version at least 2.11.0...
WordPress Rock Convert plugin <= 2.10.2 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
Auth. Stored Cross-Site Scripting XSS vulnerability discovered by José Ricardo in the WordPress Rock Convert plugin versions = 2.10.2. Solution Update the WordPress Rock Convert plugin to the latest available version at least 2.11.0...
Rock Convert < 2.11.0 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Go to the plugin's settings Popup tab, click on "C...
Rock Convert < 2.6.0 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape an URL before outputting it back in an attribute when a specific widget is present on a page, leading to a Reflected Cross-Site Scripting On a page where the "Capture box | Rock Convert" widget is present, append ?"alert/XSS/, e.g:...
Rock Convert < 2.11.0 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Go to the plugin's settings Popup tab, click o...
Rock Convert < 2.6.0 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape an URL before outputting it back in an attribute when a specific widget is present on a page, leading to a Reflected Cross-Site Scripting PoC On a page where the "Capture box | Rock Convert" widget is present, append ?", e.g: https://example.com/?"...
CVE-2022-35092
SWFTools commit 772e55a2 was discovered to contain a segmentation violation via convertgfxline at /gfxpoly/convert.c...
SWFTools 缓冲区错误漏洞
SWFTools is a set of utilities for working with Adobe Flash files SWF files. A security vulnerability exists in SWFTools that stems from a segmentation violation in the convertgfxline location of /gfxpoly/convert.c. The vulnerability is caused by an error in the /gfxpoly/convert.c location. No...
PT-2022-22561 · Swftools · Swftools
Name of the Vulnerable Software and Affected Versions: SWFTools affected versions not specified Description: A segmentation violation was discovered in SWFTools via the convert gfxline function at /gfxpoly/convert.c. This issue affects the convert gfxline functionality. Recommendations: At the...
CVE-2022-36012
TensorFlow is an open source platform for machine learning. When mlir::tfg::ConvertGenericFunctionToFunctionDef is given empty function attributes, it crashes. We have patched the issue in GitHub commit ad069af92392efee1418c48ff561fd3070a03d7b. The fix will be included in TensorFlow 2.10.0. We wi...
CVE-2022-36000
TensorFlow is an open source platform for machine learning. When mlir::tfg::ConvertGenericFunctionToFunctionDef is given empty function attributes, it gives a null dereference. We have patched the issue in GitHub commit aed36912609fc07229b4d0a7b44f3f48efc00fd0. The fix will be included in...
CVE-2022-37258
Prototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal 2.2.4 via the packageName variable in npm-convert.js...
GHSA-93Q5-3XPC-8VG3 steal vulnerable to Prototype Pollution via requestedVersion variable
Prototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal via the requestedVersion variable in the npm-convert.js file...
PT-2022-23112 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier Description: The issue occurs when mlir::tfg::ConvertGenericFunctionToFunctionDef is given...
Google TensorFlow 安全漏洞
Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google, Inc. in the United States. Google TensorFlow suffers from a security vulnerability that stems from the fact that it crashes when mlir::tfg::ConvertGenericFunctionToFunctionDef is given the null...
PT-2022-23111 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier Description: The issue occurs when the mlir::tfg::ConvertGenericFunctionToFunctionDef functi...
steal 安全漏洞
steal is StealJS open source an extensible general-purpose module loader . It can load JavaScript modules defined in ES6, AMD and CommonJS formats. A security vulnerability exists in steal version 2.2.4 that stems from prototype contamination in the function convertLater in npm-convert.js via the...
mariadb: MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used
A use-after-free vulnerability was found in MariaDB. This flaw allows attackers to trigger a convertconsttoint use-after-free when the BIGINT data type is used, resulting in a denial of service...