BIT-TENSORFLOW-2022-41900 FractionalMaxPool and FractionalAVGPool heap out-of-bounds acess in Tensorflow

TensorFlow is an open source platform for machine learning. The security vulnerability results in FractionalMaxAVGPool with illegal poolingratio. Attackers using Tensorflow can exploit the vulnerability. They can access heap memory which is not in the control of user, leading to a crash or remote...

BIT-TENSORFLOW-2022-41907 Overflow in `ResizeNearestNeighborGrad` in Tensorflow

TensorFlow is an open source platform for machine learning. When tf.rawops.ResizeNearestNeighborGrad is given a large size input, it overflows. We have patched the issue in GitHub commit 00c821af032ba9e5f5fa3fe14690c8d28a657624. The fix will be included in TensorFlow 2.11. We will also cherrypick...

BIT-TENSORFLOW-2022-41908 `CHECK` fail via inputs in `PyFunc` in Tensorflow

TensorFlow is an open source platform for machine learning. An input token that is not a UTF-8 bytestring will trigger a CHECK fail in tf.rawops.PyFunc. We have patched the issue in GitHub commit 9f03a9d3bafe902c1e6beb105b2f24172f238645. The fix will be included in TensorFlow 2.11. We will also...

Possible CSRF attack at questionnaire templates preview

Impact The CSRF authenticity token check is currently disabled for the questionnaire templates preview as per: https://github.com/decidim/decidim/blob/3187bdfd40ea1c57c2c12512b09a7fec0b2bed08/decidim-templates/app/controllers/decidim/templates/admin/questionnairetemplatescontroller.rbL11 This was...

CVE-2023-47470

Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a denial of service DoS via the refpicliststruct function in libavcodec/evcps.c...

GHSA-V6XP-CCVX-W52M Json response for search reveals Solr credentials

Impact An error in Ibexa's Solr search engine results in potential exposure of Solr credentials. This is a critical vulnerability and all supported versions of the engine are affected. Those not using the Solr search engine are not affected. Patches The issue is fixed in all supported versions of...

Json response for search reveals Solr credentials

Impact An error in Ibexa's Solr search engine results in potential exposure of Solr credentials. This is a critical vulnerability and all supported versions of the engine are affected. Those not using the Solr search engine are not affected. Patches The issue is fixed in all supported versions of...

Download route allows filename change in eZpublish kernel

Impact The route used for file downloads allows specifying the name of the downloaded file. This is an unintended side effect of the implementation, and means one could construct download URLs with filenames that have no relation to the actual file, which could lead to misunderstandings and...

org.xwiki.platform:xwiki-platform-office-importer vulnerable to arbitrary server side file writing from account through office converter

Impact Triggering the office converter with a specially crafted file name allows writing the attachment's content to an attacker-controlled location on the server as long as the Java process has write access to that location. In particular in the combination with attachment moving, a feature...

GHSA-5MF8-V43W-MFXP XWiki Platform privilege escalation (PR) from account through AWM content fields

Impact Any registered user can use the content field of their user profile page to execute arbitrary scripts with programming rights, thus effectively performing rights escalation. The problem is present since version 4.3M2 when AppWithinMinutes Application added support for the Content field,...

GHSA-4QCV-QF38-5J3J Unintentional leakage of private information via cross-origin websocket session hijacking

Impact Private messages or posts might be leaked to third parties if victim opens the attackers site while browsing nodebb. Patches Patched in v3.1.3 Backported to v2.x line via v2.8.13 Workarounds Users can cherry-pick...

GHSA-6XXR-648M-GCH6 XWiki Platform vulnerable to cross-site request forgery (CSRF) via the REST API

Impact The REST API allows executing all actions via POST requests and accepts text/plain, multipart/form-data or application/www-form-urlencoded as content types which can be sent via regular HTML forms, thus allowing cross-site request forgery. With the interaction of a user with programming...

XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in DeleteApplication page

Impact Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the DeleteApplication page to perform a XSS, e.g. by using URL such as:...

GHSA-PHWM-87RG-27QQ XWiki Platform vulnerable to reflected cross-site scripting via delattachment action

Impact It's possible to perform an XSS by forging a request to a delete attachment action with a specific attachment name. Now this XSS can be exploited only if the attacker knows the CSRF token of the user, or if the user ignores the warning about the missing CSRF token. Patches The vulnerabilit...

GHSA-QPGM-GJGF-8C2X Craft CMS XSS in RSS widget feed

Summary A malformed RSS feed can deliver an XSS payload PoC Create an RSS widget and add the domain https://blog.whitebear.vn/file/rss-xss2.rss The XSS payload will be triggered by the title in tag Resolved in https://github.com/craftcms/cms/commit/b77cb3023bed4f4a37c11294c4d319ff9f598e1f...

Craft CMS XSS in RSS widget feed

Summary A malformed RSS feed can deliver an XSS payload PoC Create an RSS widget and add the domain https://blog.whitebear.vn/file/rss-xss2.rss The XSS payload will be triggered by the title in tag Resolved in https://github.com/craftcms/cms/commit/b77cb3023bed4f4a37c11294c4d319ff9f598e1f...

CVE-2023-31722

There exists a heap buffer overflow in nasm 2.16.02rc1 GitHub commit: b952891...

CVE-2023-31722

There exists a heap buffer overflow in nasm 2.16.02rc1 GitHub commit: b952891...

CVE-2023-31722

There exists a heap buffer overflow in nasm 2.16.02rc1 GitHub commit: b952891...

CVE-2023-31722

There exists a heap buffer overflow in nasm 2.16.02rc1 GitHub commit: b952891...