MODERATE

Impact
If MirrorPadGrad is given outsize input paddings, TensorFlow will give a heap OOB error.
import tensorflow as tf
tf.raw_ops.MirrorPadGrad(input=[1],
paddings=[[0x77f00000,0xa000000]],
mode = ‘REFLECT’)

Patches
We have …

Impact
If tf.raw_ops.TensorListResize is given a nonscalar value for input size, it results CHECK fail which can be used to trigger a denial of service attack.
import numpy as np
import tensorflow as tf

a = data_structures.tf_tensor_list_new(elements …

Impact
Users of this library will be affected when using this library, the incoming secret will be disclosed unintentionally.
Patches
This have already been solved.
Workarounds
No, It cannot be patched without upgrading
References
No
For more informati…

Impact
immudb client SDKs use server’s UUID to distinguish between different server instance so that the client can connect to different immudb instances and keep the state for multiple servers. SDK does not validate this uuid and can accept any value …

Impact
In certain scenario a malicious immudb server can provide a falsified proof that will be accepted by the client SDK signing a falsified transaction replacing the genuine one. This situation can not be triggered by a genuine immudb server and req…

Missing input validation in Apache Hama may cause information disclosure through path traversal and XSS. Since Apache Hama is EOL, we do not expect these issues to be fixed.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-45470
https://lists.apac…

An issue was discovered in the FIPS Java API of Bouncy Castle BC-FJA before 1.0.2.4. Changes to the JVM garbage collector in Java 13 and later trigger an issue in the BC-FJA FIPS modules where it is possible for temporary keys used by the module to be …

Cross-site Scripting (XSS) – Stored in GitHub repository librenms/librenms prior to 22.10.0.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-4067
https://github.com/librenms/librenms/commit/8e85698aa3aa4884c2f3d6c987542477eb64f07c
https://huntr.d…

Cross-site Scripting (XSS) – Stored in GitHub repository librenms/librenms prior to 22.10.0.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-3562
https://github.com/librenms/librenms/commit/43cb72549d90e338f902b359a83c23d3cb5a2645
https://huntr.d…

Cross-site Scripting (XSS) – Generic in GitHub repository librenms/librenms prior to 22.10.0.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-3561
https://github.com/librenms/librenms/commit/d86cbcd96d684e4de8dfa50b4490e4e02782d242
https://huntr….