CVE-2022-36319

CVE-2022-36319 involves a mouse position spoofing issue caused by combining CSS overflow and transform properties, affecting Firefox ESR and Thunderbird prior to certain fixed versions. Affected are Firefox ESR < 102.1, Firefox ESR < 91.12, Firefox < 103, Thunderbird < 102.1, and Thun...

CVE-2022-36319

When combining CSS properties for overflow and transform, the mouse cursor could interact with different coordinates than displayed. This vulnerability affects Firefox ESR 102.1, Firefox ESR 91.12, Firefox 103, Thunderbird 102.1, and Thunderbird 91.12...

CVE-2022-36319

When combining CSS properties for overflow and transform, the mouse cursor could interact with different coordinates than displayed. This vulnerability affects Firefox ESR 102.1, Firefox ESR 91.12, Firefox 103, Thunderbird 102.1, and Thunderbird 91.12...

Overflow in `ImageProjectiveTransformV2` in Tensorflow

...

Buffer Overflow

Overview Affected versions of this package are vulnerable to Buffer Overflow via tf.rawops.ImageProjectiveTransformV2 when a large output shape is given. Remediation Upgrade tensorflow-lite to version 2.12.0 or higher. References - GitHub Commit - Vulnerable Code Credit: Neophytos Christou from S...

AZL-11526 CVE-2022-41886 affecting package tensorflow for versions less than 2.11.0-1

TensorFlow is an open source platform for machine learning. When tf.rawops.ImageProjectiveTransformV2 is given a large output shape, it overflows. We have patched the issue in GitHub commit 8faa6ea692985dbe6ce10e1a3168e0bd60a723ba. The fix will be included in TensorFlow 2.11. We will also...

OESA-2022-2100 bash security update

Bash is the GNU Project's shell. Bash is the Bourne Again SHell. Bash is an sh-compatible shell that incorporates useful features from the Korn shell ksh and C shell csh. It is intended to conform to the IEEE POSIX P1003.2/ISO 9945.2 Shell and Tools standard. It offers functional improvements ove...

Google TensorFlow 安全漏洞

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. A buffer overflow vulnerability exists in Google TensorFlow versions prior to 2.8.4, 2.9.0 and later, and 2.9.3 and earlier, which stems from a lack of proper validation of user-supplied data in...

Security Bulletin: IBM Transform Services for IBM i is vulnerable to denial of service, buffer overflow, and allowing attacker to obtain sensitive information due to multiple vulnerabilities.

Summary Transform Services for IBM i is vulnerable to denial of service, heap memory buffer overflow, and allowing attacker to obtain sensitive information due to multiple vulnerabilities in Independent JPEG Group IJG JPEG library and zlib library as described in the vulnerability details section...

The vulnerability of the valid_parameter_transform function in the Bash operating system of Red Hat Enterprise Linux allows a hacker to execute arbitrary code.

The vulnerability of the validparametertransform function in the Bash library of the Red Hat Enterprise Linux operating system is related to operations that go beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

Bash 缓冲区错误漏洞

Bash is an American shell command language interpreter written for the GNU Project and running on Unix-like operating systems by the individual developer Brian J. Fox. It is capable of reading and executing commands from standard input devices or files. A buffer error vulnerability exists in Bash...

PT-2022-5389 · Bash +6 · Bash +6

Name of the Vulnerable Software and Affected Versions: bash affected versions not specified Description: The issue is related to a heap-buffer overflow in the valid parameter transform function of the bash package, which can lead to memory problems. This can potentially allow a remote attacker to...

MGASA-2022-0358 Updated bash packages fix security vulnerability

Bash has been updated to version 5.1.16 using a patch from Fedora to fix a security issue by adding a null check in the parameterbracetransform function...

PT-2022-37578 · Bash · Bash

Name of the Vulnerable Software and Affected Versions: Bash versions prior to 5.1.16 Description: A security issue was fixed in Bash by adding a null check in the parameter brace transform function. Recommendations: For versions prior to 5.1.16, update to version 5.1.16 to resolve the issue...

SWFTools 缓冲区错误漏洞

SWFTools is a set of utilities for working with Adobe Flash files SWF files from the individual developer Matthias Kramm. A security vulnerability exists in SWFTools that stems from a global buffer overflow in the DCTStream::transformDataUnit location of /xpdf/Stream.cc...

The vulnerability of the xfrm_expand_policies function (net/xfrm/xfrm_policy.c) in the Linux operating system allows a hacker to trigger a service failure.

The vulnerability of the xfrmexpandpolicies function net/xfrm/xfrmpolicy.c in the Linux operating system is related to errors during resource release. Exploiting this vulnerability allows a remote attacker to cause service interruptions...

CVE-2022-39135

Apache Calcite 1.22.0 introduced the SQL operators EXISTSNODE, EXTRACTXML, XMLTRANSFORM and EXTRACTVALUE do not restrict XML External Entity references in their configuration, making them vulnerable to a potential XML External Entity XXE attack. Therefore any client exposing these operators,...

Apache Calcite 代码问题漏洞

Apache Calcite is an open source framework from the Apache USA Foundation for building databases and data management systems. A code issue vulnerability exists in Apache Calcite versions prior to 1.32.0 that stems from the SQL operators EXISTSNODE, EXTRACTXML, XMLTRANSFORM, and EXTRACTVALUE not...

xml-security: XPath Transform abuse allows for information disclosure

All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any...

PT-2022-37235 · Git +1 · Lcms

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash caused by a negative-size-param, as reported by OSS-Fuzz. The crash involves the functions PackChunkyBytes,...