GitHub

A stored XSS in a kiwi Test Plan can run malicious javascript which could be chained with an HTML injection to perform a UI redressing attack (clickjacking) and an HTML injection which disables the use of the history page.
References

https://nvd.nist….

Impact
If MirrorPadGrad is given outsize input paddings, TensorFlow will give a heap OOB error.
import tensorflow as tf
tf.raw_ops.MirrorPadGrad(input=[1],
paddings=[[0x77f00000,0xa000000]],
mode = ‘REFLECT’)

Patches
We have …

Impact
If tf.raw_ops.TensorListResize is given a nonscalar value for input size, it results CHECK fail which can be used to trigger a denial of service attack.
import numpy as np
import tensorflow as tf

a = data_structures.tf_tensor_list_new(elements …

Impact
Users of this library will be affected when using this library, the incoming secret will be disclosed unintentionally.
Patches
This have already been solved.
Workarounds
No, It cannot be patched without upgrading
References
No
For more informati…

Impact
immudb client SDKs use server’s UUID to distinguish between different server instance so that the client can connect to different immudb instances and keep the state for multiple servers. SDK does not validate this uuid and can accept any value …

Impact
In certain scenario a malicious immudb server can provide a falsified proof that will be accepted by the client SDK signing a falsified transaction replacing the genuine one. This situation can not be triggered by a genuine immudb server and req…

Missing input validation in Apache Hama may cause information disclosure through path traversal and XSS. Since Apache Hama is EOL, we do not expect these issues to be fixed.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-45470
https://lists.apac…

An issue was discovered in the FIPS Java API of Bouncy Castle BC-FJA before 1.0.2.4. Changes to the JVM garbage collector in Java 13 and later trigger an issue in the BC-FJA FIPS modules where it is possible for temporary keys used by the module to be …