PT-2022-19457 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.9.0 TensorFlow versions prior to 2.8.1 TensorFlow versions prior to 2.7.2 TensorFlow versions prior to 2.6.4 Description: There is a potential for segfault / denial of service in TensorFlow by calling...

new packages: perl-Parse-PMFile

An update is available for perl-Parse-PMFile. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

Symfony Arbitrary PHP code Execution

Symfony 2.0.x before 2.0.22, 2.1.x before 2.1.7, and 2.2.x remote attackers to execute arbitrary PHP code via a serialized PHP object to the 1 Yaml::parse or 2 Yaml\Parser::parse function, a different vulnerability than CVE-2013-1348...

Cross-site Scripting (XSS)

Overview modx/revolution is a Content Management System. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the parseCustomData function in the update.class.php file. An attacker can execute arbitrary scripts in the context of a user's browser by injecting malicious...

ai.idylnlp:idylnlp-models-deeplearning (>=1.0.0 <=1.1.0), ai.platon.pulsar:pulsar-agentic (>=4.5.0 <=4.6.0) +5843 more potentially affected by CVE-2013-4002 via xerces:xercesImpl (>=2.10.0 <=2.11.0)

xerces:xercesImpl MAVEN version =2.10.0, =1.0.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.7.0, =4.5.0, =4.5.0, =4.5.0, =0.2, =5.0.9, =1.0.0, =1.0.1 and more Source cves: CVE-2013-4002 Source advisory: OSV:GHSA-7J4H-8WPF-RQFH...

CVE-2022-24910

A buffer overflow vulnerability exists in the httpd parsepingresult API functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability...

OSV-2022-410 Heap-buffer-overflow in Assimp::ASE::Parser::ParseLV1SoftSkinBlock

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47392 Crash type: Heap-buffer-overflow READ 1 Crash state: Assimp::ASE::Parser::ParseLV1SoftSkinBlock Assimp::ASE::Parser::Parse Assimp::ASEImporter::InternReadFile...

InHand Networks InRouter302 缓冲区错误漏洞

InHand Networks InRouter Series is a series of routers from InHand Networks, U.S.A. A buffer overflow vulnerability exists in InHand Networks InRouter302 version V3.5.4, which stems from the httpd parsepingresult API function A boundary error occurs when handling untrusted input, which can be...

XML External Entity (XXE)

WSO2 Carbon Event Publisher is vulnerable to XML External Entity. The vulnerability exists in event receiver and publisher configurations due to not enabling the secure processing feature for XML parsing which allows an attacker to cause parse malicious XML into the system...

golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension

A flaw was found in golang.org. In x/text, an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension...

kernel: drm/amdkfd: NULL pointer dereference in kfd_parse_subtype_iolink()

An issue was discovered in the Linux kernel through 5.16-rc6. kfdparsesubtypeiolink in drivers/gpu/drm/amd/amdkfd/kfdcrat.c lacks check of the return value of kmemdup...

python: urllib.parse does not sanitize URLs containing ASCII newline and tabs

A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator URL strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an...

DEBIAN-CVE-2022-29340

GPAC 2.1-DEV-rev87-g053aae8-master. has a Null Pointer Dereference vulnerability in gfisomparsemovieboxesinternal due to improper return value handling of GFSKIPBOX, which causes a Denial of Service. This vulnerability was fixed in commit 37592ad...

UBUNTU-CVE-2022-29340

GPAC 2.1-DEV-rev87-g053aae8-master. has a Null Pointer Dereference vulnerability in gfisomparsemovieboxesinternal due to improper return value handling of GFSKIPBOX, which causes a Denial of Service. This vulnerability was fixed in commit 37592ad...

Authentication Bypass

parse-server is vulnerable to authentication bypass. An attacker is able to bypass the authentication because of lack of proper validation and checks for Apple certificate URL in the Apple Game Center authentication adapter, leading to application crash...

Denial Of Service (DoS)

parse-server is vulnerable to authentication bypass. An attacker is able to bypass the authentication because of lack of proper validation and checks for Apple certificate URL in the Apple Game Center authentication adapter, leading to application crash...

EulerOS Virtualization 2.9.0 : ruby (EulerOS-SA-2022-1637)

According to the versions of the ruby packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 f...

GPAC 代码问题漏洞

GPAC is an open source multimedia framework. A code issue vulnerability exists in GPAC version 2.1-DEV-rev87-g053aae8-master, which stems from a null pointer dereference vulnerability due to improper handling of the return value of GFSKIPBOX in the application gfisomparsemovieboxesinternal. An...

@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @peterpme/parse-server-mailgun (>=2.4.8 <=2.5.11) +19 more potentially affected by CVE-2022-24901 via parse-server (>=2.0.8 <=3.10.0)

parse-server NPM version =2.0.8, =1.0.5, =2.4.8, =1.0.0, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.0, =1.0.0, =1.0.0, =1.4.0 and more Source cves: CVE-2022-24901 Source advisory: OSV:GHSA-QF8X-VQJV-92GR...

parse-community parse-server 信任管理问题漏洞

parse-server is an open source Backend-as-a-Service BaaS framework that is primarily used for application backend processing. A security vulnerability exists in parse-community parse-server that stems from an authentication adapter that does not properly validate the Apple certificate URL. An...