mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-30 18:04:30 +00:00
"-Synchronized-Data."
This commit is contained in:
CVE Team
parent
2fc9fdb7b8
commit
bd033ca8f5
@ -34,7 +34,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The Flask-Caching extension through 1.10.1 for Flask relies on Pickle for serialization, which may lead to remote code execution or local privilege escalation. If an attacker gains access to cache storage (e.g., filesystem, Memcached, Redis, etc.), they can construct a crafted payload, poison the cache, and execute Python code."
|
||||
"value": "** DISPUTED ** The Flask-Caching extension through 1.10.1 for Flask relies on Pickle for serialization, which may lead to remote code execution or local privilege escalation. If an attacker gains access to cache storage (e.g., filesystem, Memcached, Redis, etc.), they can construct a crafted payload, poison the cache, and execute Python code. NOTE: a third party indicates that exploitation is extremely unlikely unless the machine is already compromised; in other cases, the attacker would be unable to write their payload to the cache and generate the required collision."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -56,6 +56,11 @@
|
||||
"url": "https://github.com/sh4nks/flask-caching/pull/209",
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/sh4nks/flask-caching/pull/209"
|
||||
},
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://github.com/pallets-eco/flask-caching/pull/209#issuecomment-1136397937",
|
||||
"url": "https://github.com/pallets-eco/flask-caching/pull/209#issuecomment-1136397937"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -41,7 +41,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "TensorFlow is an open source platform for machine learning. When `SetSize` receives an input `set_shape` that is not a 1D tensor, it gives a `CHECK` fails that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit cf70b79d2662c0d3c6af74583641e345fc939467. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.\n"
|
||||
"value": "TensorFlow is an open source platform for machine learning. When `SetSize` receives an input `set_shape` that is not a 1D tensor, it gives a `CHECK` fails that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit cf70b79d2662c0d3c6af74583641e345fc939467. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue."
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -41,7 +41,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "TensorFlow is an open source platform for machine learning. When `Conv2DBackpropInput` receives empty `out_backprop` inputs (e.g. `[3, 1, 0, 1]`), the current CPU/GPU kernels `CHECK` fail (one with dnnl, the other with cudnn). This can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 27a65a43cf763897fecfa5cdb5cc653fc5dd0346. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.\n"
|
||||
"value": "TensorFlow is an open source platform for machine learning. When `Conv2DBackpropInput` receives empty `out_backprop` inputs (e.g. `[3, 1, 0, 1]`), the current CPU/GPU kernels `CHECK` fail (one with dnnl, the other with cudnn). This can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 27a65a43cf763897fecfa5cdb5cc653fc5dd0346. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue."
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -75,15 +75,15 @@
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-mv8m-8x97-937q",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-mv8m-8x97-937q"
|
||||
},
|
||||
{
|
||||
"name": "https://github.com/tensorflow/tensorflow/commit/552bfced6ce4809db5f3ca305f60ff80dd40c5a3",
|
||||
"refsource": "MISC",
|
||||
"url": "https://github.com/tensorflow/tensorflow/commit/552bfced6ce4809db5f3ca305f60ff80dd40c5a3"
|
||||
},
|
||||
{
|
||||
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-mv8m-8x97-937q",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-mv8m-8x97-937q"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -75,15 +75,15 @@
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-r26c-679w-mrjm",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-r26c-679w-mrjm"
|
||||
},
|
||||
{
|
||||
"name": "https://github.com/tensorflow/tensorflow/commit/f3cf67ac5705f4f04721d15e485e192bb319feed",
|
||||
"refsource": "MISC",
|
||||
"url": "https://github.com/tensorflow/tensorflow/commit/f3cf67ac5705f4f04721d15e485e192bb319feed"
|
||||
},
|
||||
{
|
||||
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-r26c-679w-mrjm",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-r26c-679w-mrjm"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -75,16 +75,6 @@
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7j3m-8g3c-9qqq",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7j3m-8g3c-9qqq"
|
||||
},
|
||||
{
|
||||
"name": "https://github.com/tensorflow/tensorflow/commit/3a754740d5414e362512ee981eefba41561a63a6",
|
||||
"refsource": "MISC",
|
||||
"url": "https://github.com/tensorflow/tensorflow/commit/3a754740d5414e362512ee981eefba41561a63a6"
|
||||
},
|
||||
{
|
||||
"name": "https://github.com/tensorflow/tensorflow/commit/a0f0b9a21c9270930457095092f558fbad4c03e5",
|
||||
"refsource": "MISC",
|
||||
@ -94,6 +84,16 @@
|
||||
"name": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ir/importexport/graphdef_import.cc",
|
||||
"refsource": "MISC",
|
||||
"url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ir/importexport/graphdef_import.cc"
|
||||
},
|
||||
{
|
||||
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7j3m-8g3c-9qqq",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7j3m-8g3c-9qqq"
|
||||
},
|
||||
{
|
||||
"name": "https://github.com/tensorflow/tensorflow/commit/3a754740d5414e362512ee981eefba41561a63a6",
|
||||
"refsource": "MISC",
|
||||
"url": "https://github.com/tensorflow/tensorflow/commit/3a754740d5414e362512ee981eefba41561a63a6"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -41,7 +41,7 @@
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "TensorFlow is an open source platform for machine learning. If `Requantize` is given `input_min`, `input_max`, `requested_output_min`, `requested_output_max` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 785d67a78a1d533759fcd2f5e8d6ef778de849e0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.\n"
|
||||
"value": "TensorFlow is an open source platform for machine learning. If `Requantize` is given `input_min`, `input_max`, `requested_output_min`, `requested_output_max` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 785d67a78a1d533759fcd2f5e8d6ef778de849e0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -75,15 +75,15 @@
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-wqmc-pm8c-2jhc",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-wqmc-pm8c-2jhc"
|
||||
},
|
||||
{
|
||||
"name": "https://github.com/tensorflow/tensorflow/commit/785d67a78a1d533759fcd2f5e8d6ef778de849e0",
|
||||
"refsource": "MISC",
|
||||
"url": "https://github.com/tensorflow/tensorflow/commit/785d67a78a1d533759fcd2f5e8d6ef778de849e0"
|
||||
},
|
||||
{
|
||||
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-wqmc-pm8c-2jhc",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-wqmc-pm8c-2jhc"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -1,17 +1,61 @@
|
||||
{
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2022-40300",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "RESERVED"
|
||||
"ID": "CVE-2022-40300",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"value": "Zoho ManageEngine Password Manager Pro through 12120 before 12121, PAM360 through 5550 before 5600, and Access Manager Plus through 4304 before 4305 have multiple SQL injection vulnerabilities."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "MISC",
|
||||
"name": "https://www.manageengine.com/products/passwordmanagerpro/advisory/cve-2022-40300.html",
|
||||
"url": "https://www.manageengine.com/products/passwordmanagerpro/advisory/cve-2022-40300.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user