Those using FasterXML/woodstox to serialise XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect ma…
[org.codehaus.jettison:jettison] Jettison memory exhaustion
Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by Out of memory. This effect…
[craftcms/cms] Craft CMS Cross site Scripting vulnerability
Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via src/helpers/Cp.php.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-37248
https://github.com/craftcms/cms/commit/cedeba0609e4b173cd584dae7f33c5f713f19627
https://labs.integrity.pt/…
[craftcms/cms] Craft CMS Stored Cross-site Scripting in User Addresses Title
Craft CMS 4.2.0.1 suffers from Stored Cross Site Scripting (XSS) in /admin/myaccount.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-37250
https://github.com/craftcms/cms/commit/cdc9cb66d0716c9552e4113c8e426fd1a31f9516
https://labs.integrity.pt/…
[craftcms/cms] Craft CMS vulnerable to Cross-site Scripting via entry revisions and drafts
Craft CMS 3.70-RC1–3.7.55.1 and 4.0.0-RC1–4.2.0.1 are vulnerable to Cross Site Scripting (XSS) via entry revisions and drafts. Versions 3.7.55.2 and 4.2.1 contain patches for this issue.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-37251
https…
[craftcms/cms] Craft CMS vulnerable to stored Cross-site Scripting via /admin/settings/fields page
Craft CMS 4.2.0.1 is vulnerable to stored a cross-site scripting (XSS) via /admin/settings/fields page.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-37247
https://github.com/craftcms/cms/commit/cedeba0609e4b173cd584dae7f33c5f713f19627
https://…
[steal] steal vulnerable to Prototype Pollution
Prototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal 2.2.4 via the packageName variable in npm-convert.js.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-37258
https://github.com/stealjs/steal/issues/1527…
[tensorflow-cpu] TensorFlow vulnerable to `CHECK` fail in `Save` and `SaveSlices`
Impact
If Save or SaveSlices is run over tensors of an unsupported dtype, it results in a CHECK fail that can be used to trigger a denial of service attack.
import tensorflow as tf
filename = tf.constant(“”)
tensor_names = tf.constant(“”)
# Save
data =…
[tensorflow] TensorFlow vulnerable to `CHECK` fail in `ParameterizedTruncatedNormal`
Impact
ParameterizedTruncatedNormal assumes shape is of type int32. A valid shape of type int64 results in a mismatched type CHECK fail that can be used to trigger a denial of service attack.
import tensorflow as tf
seed = 1618
seed2 = 0
shape = tf.ran…
[tensorflow-gpu] TensorFlow vulnerable to `CHECK` fail in `LRNGrad`
Impact
If LRNGrad is given an output_image input tensor that is not 4-D, it results in a CHECK fail that can be used to trigger a denial of service attack.
import tensorflow as tf
depth_radius = 1
bias = 1.59018219
alpha = 0.117728651
beta = 0.40442705…