GHSA-79H2-Q768-FPXR TensorFlow segfault TFLite converter on per-channel quantized transposed convolutions

Impact When converting transposed convolutions using per-channel weight quantization the converter segfaults and crashes the Python process. python import tensorflow as tf class QuantConv2DTransposedtf.keras.layers.Layer: def buildself, inputshape: self.kernel = self.addweight"kernel", 3, 3,...

GHSA-F4W6-H4F5-WX45 TensorFlow vulnerable to `CHECK` failure in tf.reshape via overflows

Impact The implementation of tf.reshape op in TensorFlow is vulnerable to a denial of service via CHECK-failure assertion failure caused by overflowing the number of elements in a tensor: python import tensorflow as tf tf.reshapetensor=1,shape=tf.constant0 for i in range255, dtype=tf.int64 This i...

CVE-2022-35964

TensorFlow is an open source platform for machine learning. The implementation of BlockLSTMGradV2 does not fully validate its inputs. This results in a a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...

linked_list_allocator vulnerable to out-of-bound writes on `Heap` initialization and `Heap::extend`

Impact What kind of vulnerability is it? Who is impacted? This vulnerability impacts all the initialization functions on the Heap and LockedHeap types, including Heap::new, Heap::init, Heap::initfromslice, and LockedHeap::new. It also affects multiple uses of the Heap::extend method. Initializati...

Cross-site scripting from dynamic options in the multiselect field

Introduction Cross-site scripting XSS is a type of vulnerability that allows to execute any kind of JavaScript code inside the Panel session of the same or other users. In the Panel, a harmful script can for example trigger requests to Kirby's API with the permissions of the victim. Such...

CVE-2022-35962

Zulip is an open source team chat and Zulip Mobile is an app for iOS and Andriod users. In Zulip Mobile through version 27.189, a crafted link in a message sent by an authenticated user could lead to credential disclosure if a user follows the link. A patch was released in version 27.190...

CVE-2022-35962 Crafted link in Zulip message can cause disclosure of credentials

Zulip is an open source team chat and Zulip Mobile is an app for iOS and Andriod users. In Zulip Mobile through version 27.189, a crafted link in a message sent by an authenticated user could lead to credential disclosure if a user follows the link. A patch was released in version 27.190...

Updated clamav packages fix security vulnerability

ClamAV 0.103.7 is a critical patch release with the following fixes: Upgrade the vendored UnRAR library to version 6.1.7. Fix logical signature "Intermediates" feature. Relax constraints on slightly malformed zip archives that contain overlapping file entries...

loopback-connector-postgresql Vulnerable to Improper Sanitization of `contains` Filter

Improper input validation on the contains LoopBack filter may allow for arbitrary SQL injection. Impact When the extended filter property contains is permitted to be interpreted by the Postgres connector, it is possible to inject arbitrary SQL which may affect the confidentiality and integrity of...

GHSA-V4HR-4JPX-56GC Streamlit directory traversal vulnerability

Impact Users hosting Streamlit apps that use custom components are vulnerable to a directory traversal attack that could leak data from their web server file-system such as: server logs, world readable files, and potentially other sensitive information. An attacker can craft a malicious URL with...

Unauthenticated Remote Code Execution in a Wide Range of DrayTek Vigor Routers

Unauthenticated Remote Code Execution in a Wide Range of DrayTek Vigor Routers By Trellix · August 3, 2022 This story was written by Philippe Laulheret. Summary The Trellix Threat Labs Vulnerability Research team has found an unauthenticated remote code execution vulnerability, filed under...

GHSA-2CPX-6PQP-WF35 fs2-io skips mTLS client verification

Impact When establishing a server-mode TLSSocket using fs2-io on Node.js, the parameter requestCert = true is ignored, peer certificate verification is skipped, and the connection proceeds. The vulnerability is limited to: 1. fs2-io running on Node.js. The JVM TLS implementation is completely...

FreshTomato httpd unescape memory corruption vulnerability

Summary A memory corruption vulnerability exists in the httpd unescape functionality of FreshTomato 2022.1. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability. Tested Versions FreshTomato 2022.1 Product URLs...

CVE-2022-31105 Argo CD's certificate verification is skipped for connections to OIDC providers

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 0.4.0 and prior to 2.2.11, 2.3.6, and 2.4.5 is vulnerable to an improper certificate validation bug which could cause Argo CD to trust a malicious or otherwise untrustworthy OpenID Connect OIDC...

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with 2.3.0 and prior to 2.3.6 and 2.4.5 is vulnerable to a cross-site scripting XSS bug which could allow an attacker to inject arbitrary JavaScript in the /auth/callback page in a victim's browser. This...

CVE-2022-28623

Security vulnerabilities in HPE IceWall SSO 10.0 certd could be exploited remotely to allow SQL injection or unauthorized data injection. HPE has provided the following updated modules to resolve these vulnerabilities. HPE IceWall SSO version 10.0 certd library Patch 9 for RHEL and HPE IceWall SS...

springframework: Additional Log Injection in Spring Framework (follow-up to CVE-2021-22096)

In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more...

CVE-2022-31039 Improper privilege management - Anyone can view room settings in GreenLight

Greenlight is a simple front-end interface for your BigBlueButton server. In affected versions an attacker can view any room's settings even though they are not authorized to do so. Only the room owner and administrator should be able to view a room's settings. This issue has been patched in...

CVE-2022-31035 External URLs for Deployments can include javascript in argo-cd

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v1.0.0 are vulnerable to a cross-site scripting XSS bug allowing a malicious user to inject a javascript: link in the UI. When clicked by a victim user, the script will execute with the...

CVE-2022-32554

Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable t...