CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-23584

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a use after free behavior when decoding PNG images. After `png::CommonFreeDecode(decode)` gets called, the values of ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：22 | 回复：0
CVE-2022-23585

Tensorflow is an Open Source Machine Learning Framework. When decoding PNG images TensorFlow can produce a memory leak if the image is invalid. After calling `png::CommonInitDecode(..., decode)`, the ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：22 | 回复：0
CVE-2022-23586

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that assertions in `function.cc` would be falsified and crash th ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：19 | 回复：0
CVE-2022-23587

Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow is vulnerable to an integer overflow during cost estimation for crop and resize. Sinc ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：16 | 回复：0
CVE-2022-23588

Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that Grappler optimizer would attempt to build a tensor using a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：17 | 回复：0
CVE-2022-23589

Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow can trigger a null pointer dereference. There are 2 places where this can occur, for ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：17 | 回复：0
CVE-2022-23590

Tensorflow is an Open Source Machine Learning Framework. A `GraphDef` from a TensorFlow `SavedModel` can be maliciously altered to cause a TensorFlow process to crash due to encountering a `StatusOr` ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：15 | 回复：0
CVE-2022-23591

Tensorflow is an Open Source Machine Learning Framework. The `GraphDef` format in TensorFlow does not allow self recursive functions. The runtime assumes that this invariant is satisfied. However, a ` ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：16 | 回复：0
CVE-2022-23592

Tensorflow is an Open Source Machine Learning Framework. TensorFlow's type inference can cause a heap out of bounds read as the bounds checking is done in a `DCHECK` (which is a no-op during produ ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：9 | 回复：0
CVE-2022-23593

Tensorflow is an Open Source Machine Learning Framework. The `simplifyBroadcast` function in the MLIR-TFRT infrastructure in TensorFlow is vulnerable to a segfault (hence, denial of service), if calle ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：13 | 回复：0
CVE-2022-23594

Tensorflow is an Open Source Machine Learning Framework. The TFG dialect of TensorFlow (MLIR) makes several assumptions about the incoming `GraphDef` before converting it to the MLIR-based dialect. If ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：12 | 回复：0
CVE-2022-23595

Tensorflow is an Open Source Machine Learning Framework. When building an XLA compilation cache, if default settings are used, TensorFlow triggers a null pointer dereference. In the default scenario, ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：11 | 回复：0
CVE-2022-23600

fleet is an open source device management, built on osquery. Versions prior to 4.9.1 expose a limited ability to spoof SAML authentication with missing audience verification. This impacts deployments ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：10 | 回复：0
CVE-2022-23605

Wire webapp is a web client for the wire messaging protocol. In versions prior to 2022-01-27-production.0 expired ephemeral messages were not reliably removed from local chat history of Wire Webapp. I ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：8 | 回复：0
CVE-2022-23609

iTunesRPC-Remastered is a Discord Rich Presence for iTunes on Windows utility. In affected versions iTunesRPC-Remastered did not properly sanitize user input used to remove files leading to file delet ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：8 | 回复：0
CVE-2022-23611

iTunesRPC-Remastered is a Discord Rich Presence for iTunes on Windows utility. In affected versions iTunesRPC-Remastered did not properly sanitize image file paths leading to OS level command injectio ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：8 | 回复：0
CVE-2022-23614

Twig is an open source template language for PHP. When in a sandbox mode, the `arrow` parameter of the `sort` filter must be a closure to avoid attackers being able to run arbitrary PHP functions. In ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：8 | 回复：0
CVE-2022-23805

A security out-of-bounds read information disclosure vulnerability in Trend Micro Worry-Free Business Security Server could allow a local attacker to send garbage data to a specific named pipe and cra ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：8 | 回复：0
CVE-2022-23913

In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：8 | 回复：0
CVE-2022-23946

A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon GCodeNumber parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerbe ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：7 | 回复：0
CVE-2022-23947

A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon DCodeNumber parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerbe ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：8 | 回复：0
CVE-2022-23980

Cross-Site Scripting (XSS) vulnerability discovered in Yasr – Yet Another Stars Rating WordPress plugin (versions = 2.9.9), vulnerable at parameter 'source'.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：8 | 回复：0
CVE-2022-24113

Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：7 | 回复：0
CVE-2022-24114

Local privilege escalation due to race condition on application startup. The following products are affected: Acronis Cyber Protect Home Office (macOS) before build 39605, Acronis True Image 2021 (mac ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：7 | 回复：0
CVE-2022-24115

Local privilege escalation due to unrestricted loading of unsigned libraries. The following products are affected: Acronis Cyber Protect Home Office (macOS) before build 39605, Acronis True Image 2021 ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：7 | 回复：0
CVE-2022-0437

Cross-site Scripting (XSS) - DOM in NPM karma prior to 6.3.14.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：8 | 回复：0
CVE-2022-0501

Cross-site Scripting (XSS) - Reflected in Packagist ptrofimov/beanstalk_console prior to 1.7.12.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：8 | 回复：0
CVE-2021-38172

perM 0.4.0 has a Buffer Overflow related to strncpy. (Debian initially fixed this in 0.4.0-7.)……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：8 | 回复：0
CVE-2022-0502

Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：8 | 回复：0
CVE-2022-23206

In Apache Traffic Control Traffic Ops prior to 6.1.0 or 5.1.6, an unprivileged user who can reach Traffic Ops over HTTPS can send a specially-crafted POST request to /user/login/oauth to scan a port o ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：9 | 回复：0
CVE-2007-20001

StarWind iSCSI SAN before 3.5 build 2007-08-09 allows socket exhaustion.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：9 | 回复：0
CVE-2013-20004

StarWind iSCSI SAN before 6.0 build 2013-03-20 allows a memory leak.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：9 | 回复：0
CVE-2021-39280

Certain Korenix JetWave devices allow authenticated users to execute arbitrary code as root via /syscmd.asp. This affects 2212X before 1.9.1, 2212S before 1.9.1, 2212G before 1.8, 3220 V3 before 1.5.1 ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：11 | 回复：0
CVE-2021-41816

CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) where size_t and long have different nu ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：13 | 回复：0
CVE-2022-22831

An issue was discovered in Servisnet Tessa 0.0.2. An attacker can add a new sysadmin user via a manipulation of the Authorization HTTP header.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：14 | 回复：0
CVE-2022-22832

An issue was discovered in Servisnet Tessa 0.0.2. Authorization data is available via an unauthenticated /data-service/users/ request.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：15 | 回复：0
CVE-2022-24551

StarWind SAN and NAS before 0.2 build 1685 allows users to reset other users' passwords.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：15 | 回复：0
CVE-2022-24552

StarWind SAN and NAS before 0.2 build 1685 allows remote code execution via a virtual disk management command.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：16 | 回复：0
CVE-2022-22833

An issue was discovered in Servisnet Tessa 0.0.2. An attacker can obtain sensitive information via a /js/app.js request.……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：16 | 回复：0
CVE-2022-22680

Exposure of sensitive information to an unauthorized actor vulnerability in Web Server in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to obtain sensitive informatio ...……

作者：菜鸟教程小白 | 时间：2022-6-23 08:27 | 阅读：18 | 回复：0