CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-29434

Insecure Direct Object References (IDOR) vulnerability in Spiffy Plugins Spiffy Calendar = 4.9.0 at WordPress allows an attacker to edit or delete events.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：6 | 回复：0
CVE-2022-29447

Authenticated (administrator or higher user role) Local File Inclusion (LFI) vulnerability in Wow-Company's Hover Effects plugin = 2.1 at WordPress.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：6 | 回复：0
CVE-2022-1803

Improper Restriction of Rendered UI Layers or Frames in GitHub repository polonel/trudesk prior to 1.2.2.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：6 | 回复：0
CVE-2022-29193

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.TensorSummaryV2` does not fully validate the input argum ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：6 | 回复：0
CVE-2022-29195

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.StagePeek` does not fully validate the input arguments. ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：6 | 回复：0
CVE-2022-29196

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.Conv3DBackpropFilterV2` does not fully validate the inpu ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：6 | 回复：0
CVE-2022-29197

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.UnsortedSegmentJoin` does not fully validate the input a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：6 | 回复：0
CVE-2022-29198

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.SparseTensorToCSRSparseMatrix` does not fully validate t ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：6 | 回复：0
CVE-2022-29199

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.LoadAndRemapMatrix does not fully validate the input arg ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：6 | 回复：0
CVE-2022-29200

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.LSTMBlockCell` does not fully validate the input argumen ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：6 | 回复：0
CVE-2022-29207

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, multiple TensorFlow operations misbehave in eager mode when the resource handle provided t ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：6 | 回复：0
CVE-2022-1775

Weak Password Requirements in GitHub repository polonel/trudesk prior to 1.2.2.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：6 | 回复：0
CVE-2022-29201

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.QuantizedConv2D` does not fully validate the input argum ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：6 | 回复：0
CVE-2022-29202

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.ragged.constant` does not fully validate the input arguments. Th ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：6 | 回复：0
CVE-2022-29203

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.SpaceToBatchND` (in all backends such as XLA and handwri ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：6 | 回复：0
CVE-2022-29204

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.UnsortedSegmentJoin` does not fully validate the input a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：6 | 回复：0
CVE-2022-29205

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, there is a potential for segfault / denial of service in TensorFlow by calling `tf.compat. ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：6 | 回复：0
CVE-2022-29206

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.SparseTensorDenseAdd` does not fully validate the input ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：6 | 回复：0
CVE-2022-29208

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.EditDistance` has incomplete validation. Users can pass ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：6 | 回复：0
CVE-2022-31258

In Checkmk before 1.6.0p29, 2.x before 2.0.0p25, and 2.1.x before 2.1.0b10, a site user can escalate to root by editing an OMD hook symlink.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：6 | 回复：0
CVE-2022-29188

Smokescreen is an HTTP proxy. The primary use case for Smokescreen is to prevent server-side request forgery (SSRF) attacks in which external attackers leverage the behavior of applications to connect ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：6 | 回复：0
CVE-2022-29189

Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.4, a buffer that was used for inbound network traffic had no upper limit. Pion DTLS would buffer all network ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：6 | 回复：0
CVE-2022-29190

Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.4, an attacker can send packets that sends Pion DTLS into an infinite loop when processing. Version 2.1.4 co ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：6 | 回复：0
CVE-2022-29209

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the macros that TensorFlow uses for writing assertions (e.g., `CHECK_LT`, `CHECK_GT`, etc. ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：6 | 回复：0
CVE-2022-29210

TensorFlow is an open source platform for machine learning. In version 2.8.0, the `TensorKey` hash function used total estimated `AllocatedBytes()`, which (a) is an estimate per tensor, and (b) is a v ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：6 | 回复：0
CVE-2022-29211

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.histogram_fixed_width` is vulnerable to a crash when the values ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：6 | 回复：0
CVE-2022-29212

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, certain TFLite models that were created using TFLite model converter would crash when load ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：6 | 回复：0
CVE-2022-29213

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the `tf.compat.v1.signal.rfft2d` and `tf.compat.v1.signal.rfft3d` lack input validation an ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：6 | 回复：0
CVE-2022-29214

NextAuth.js (next-auth) is am open source authentication solution for Next.js applications. Prior to versions 3.29.3 and 4.3.3, an open redirect vulnerability is present when the developer is implemen ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：6 | 回复：0
CVE-2022-29215

RegionProtect is a plugin that allows users to manage certain events in certain regions of the world. Versions prior to 1.1.0 contain a YAML injection vulnerability that can cause an instant server cr ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：6 | 回复：0
CVE-2022-29216

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, TensorFlow's `saved_model_cli` tool is vulnerable to a code injection. This can be use ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：6 | 回复：0
CVE-2022-29222

Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.5, a DTLS Client could provide a Certificate that it doesn't posses the private key for and Pion DTLS wo ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：6 | 回复：0
CVE-2022-1752

Unrestricted Upload of File with Dangerous Type in GitHub repository polonel/trudesk prior to 1.2.2.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：7 | 回复：0
CVE-2022-31259

The route lookup process in beego through 1.12.4 and 2.x through 2.0.2 allows attackers to bypass access control. When a /p1/p2/:name route is configured, attackers can access it by appending .xml in ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：8 | 回复：0
CVE-2022-31264

Solana solana_rbpf before 0.2.29 has an addition integer overflow via invalid ELF program headers. elf.rs has a panic via a malformed eBPF program.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：8 | 回复：0
CVE-2022-31267

Gitblit 1.9.2 allows privilege escalation via the Config User Service: a control character can be placed in a profile data field, such as an emailAddress%3Atext '[email protected]\n\trole = #ad ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：8 | 回复：0
CVE-2022-31268

A Path Traversal vulnerability in Gitblit 1.9.3 can lead to reading website files via /resources//../ (e.g., followed by a WEB-INF or META-INF pathname).……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：8 | 回复：0
CVE-2022-1809

Access of Uninitialized Pointer in GitHub repository radareorg/radare2 prior to 5.7.0.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：11 | 回复：0
CVE-2022-1813

OS Command Injection in GitHub repository yogeshojha/rengine prior to 1.2.0.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：16 | 回复：0
CVE-2021-41834

JFrog Artifactory prior to version 7.28.0 and 6.23.38, is vulnerable to Broken Access Control, the copy functionality can be used by a low-privileged user to read and copy any artifact that exists in ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：17 | 回复：0