Impact
If MirrorPadGrad is given outsize input paddings, TensorFlow will give a heap OOB error.
import tensorflow as tf
tf.raw_ops.MirrorPadGrad(input=[1],
paddings=[[0x77f00000,0xa000000]],
mode = ‘REFLECT’)
Patches
We have …
[tensorflow] `CHECK_EQ` fail in `tf.raw_ops.TensorListResize`
Impact
If tf.raw_ops.TensorListResize is given a nonscalar value for input size, it results CHECK fail which can be used to trigger a denial of service attack.
import numpy as np
import tensorflow as tf
a = data_structures.tf_tensor_list_new(elements …
[aliyun-oss-client] Leakage Aliyun KeySecret
Impact
Users of this library will be affected when using this library, the incoming secret will be disclosed unintentionally.
Patches
This have already been solved.
Workarounds
No, It cannot be patched without upgrading
References
No
For more informati…
[github.com/codenotary/immudb/pkg/client] Lack of proper validation of server UUID can be used by the server to trick the client to accept invalid proofs
Impact
immudb client SDKs use server’s UUID to distinguish between different server instance so that the client can connect to different immudb instances and keep the state for multiple servers. SDK does not validate this uuid and can accept any value …
[github.com/codenotary/immudb/pkg/client] Insufficient Verification of Proofs generated by the immudb server in client SDK.
Impact
In certain scenario a malicious immudb server can provide a falsified proof that will be accepted by the client SDK signing a falsified transaction replacing the genuine one. This situation can not be triggered by a genuine immudb server and req…
[org.apache.hama:hama-core] Cross-site Scripting in Apache Hama
Missing input validation in Apache Hama may cause information disclosure through path traversal and XSS. Since Apache Hama is EOL, we do not expect these issues to be fixed.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-45470
https://lists.apac…
[org.bouncycastle:bc-fips] Garbage collection issue in BC-FJA in Java 13 and later
An issue was discovered in the FIPS Java API of Bouncy Castle BC-FJA before 1.0.2.4. Changes to the JVM garbage collector in Java 13 and later trigger an issue in the BC-FJA FIPS modules where it is possible for temporary keys used by the module to be …
[librenms/librenms] Cross-site Scripting in librenms/librenms
Cross-site Scripting (XSS) – Stored in GitHub repository librenms/librenms prior to 22.10.0.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-4067
https://github.com/librenms/librenms/commit/8e85698aa3aa4884c2f3d6c987542477eb64f07c
https://huntr.d…
[librenms/librenms] Cross-site Scripting in librenms/librenms
Cross-site Scripting (XSS) – Stored in GitHub repository librenms/librenms prior to 22.10.0.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-3562
https://github.com/librenms/librenms/commit/43cb72549d90e338f902b359a83c23d3cb5a2645
https://huntr.d…
[librenms/librenms] Cross-site Scripting in librenms/librenms
Cross-site Scripting (XSS) – Generic in GitHub repository librenms/librenms prior to 22.10.0.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-3561
https://github.com/librenms/librenms/commit/d86cbcd96d684e4de8dfa50b4490e4e02782d242
https://huntr….