CVE-2022-23801

An issue was discovered in Joomla! 4.0.0 through 4.1.0. Possible XSS atack vector through SVG embedding in commedia...

Design/Logic Flaw

An issue was discovered in Joomla! 4.0.0 through 4.1.0. Possible XSS atack vector through SVG embedding in commedia...

CVE-2022-23801

Joomla! 4.0.0–4.1.0 is affected by a cross-site scripting (XSS) vulnerability via an SVG embedding path in com_media. Root cause: improper handling/cleanup of SVG content leading to executable HTML/script in the user’s browser. Public references describe a possible XSS attack vector through SVGs,...

PT-2022-16273 · Joomla · Joomla!

Name of the Vulnerable Software and Affected Versions: Joomla! versions 4.0.0 through 4.1.0 Description: An issue was discovered in Joomla, allowing a possible XSS attack vector through SVG embedding in com media. Recommendations: For Joomla! versions 4.0.0 through 4.1.0, consider disabling the S...

UBUNTU-CVE-2021-3660

Cockpit and its plugins do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website, inside an HTML entry. This may be used by a malicious website in clickjacking or similar attacks...

Microsoft Windows Object Linking & Embedding (OLE) Remote Code Execution Vulnerability

A vulnerability exists in Windows Object Linking & Embedding OLE that could allow remote code execution if a user opens a file that contains a specially crafted OLE object...

Integer overflow in TFLite

Impact An attacker can craft a TFLite model that would cause an integer overflow in embedding lookup operations: cc int embeddingsize = 1; int lookupsize = 1; for int i = 0; i data.i32i; lookupsize = dim; outputshape-datak = dim; for int i = 1; i datak = dim; Both embeddingsize and lookupsize are...

GHSA-98P5-X8X4-C9M5 Integer overflow in TFLite

Impact An attacker can craft a TFLite model that would cause an integer overflow in embedding lookup operations: cc int embeddingsize = 1; int lookupsize = 1; for int i = 0; i data.i32i; lookupsize = dim; outputshape-datak = dim; for int i = 1; i datak = dim; Both embeddingsize and lookupsize are...

Google Tensorflow Input Validation Error Vulnerability (CNVD-2022-09880)

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. Google Tensorflow is vulnerable to an input validation error that could be exploited by an attacker to build a TFLite model that leads to an integer overflow in the embedding lookup operation...

Integer overflow

Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in embedding lookup operations. Both embeddingsize and lookupsize are products of values provided by the user. Hence, a malicious user could trigger overflows in the...

PYSEC-2022-68

Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in embedding lookup operations. Both embeddingsize and lookupsize are products of values provided by the user. Hence, a malicious user could trigger overflows in the...

PYSEC-2022-123

Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in embedding lookup operations. Both embeddingsize and lookupsize are products of values provided by the user. Hence, a malicious user could trigger overflows in the...

PYSEC-2022-68

Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in embedding lookup operations. Both embeddingsize and lookupsize are products of values provided by the user. Hence, a malicious user could trigger overflows in the...

PYSEC-2022-123

Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in embedding lookup operations. Both embeddingsize and lookupsize are products of values provided by the user. Hence, a malicious user could trigger overflows in the...

CVE-2022-23559 Integer overflow in TFLite

Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in embedding lookup operations. Both embeddingsize and lookupsize are products of values provided by the user. Hence, a malicious user could trigger overflows in the...

CVE-2022-23559 Integer overflow in TFLite

Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in embedding lookup operations. Both embeddingsize and lookupsize are products of values provided by the user. Hence, a malicious user could trigger overflows in the...

CVE-2022-23559

Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in embedding lookup operations. Both embeddingsize and lookupsize are products of values provided by the user. Hence, a malicious user could trigger overflows in the...

PT-2022-16074 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.8.0 TensorFlow versions 2.7.0 through 2.7.0 TensorFlow versions 2.6.0 through 2.6.2 TensorFlow versions 2.5.0 through 2.5.2 Description: An attacker can craft a TFLite model that would cause an integer overflow ...

Google Tensorflow 输入验证错误漏洞

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. Google Tensorflow is vulnerable to an input validation error that could be exploited by an attacker to build a TFLite model that leads to an integer overflow in the embedding lookup operation...

Mageia: Security Advisory (MGASA-2021-0467)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...