CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 1CVE-2022-29204 – Missing validation causes denial of service in TensorFlow via `Conv3DBackpropFilterV2`
https://notcve.org/view.php?id=CVE-2022-29204
20 May 2022 — TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.UnsortedSegmentJoin` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code assumes `num_segments` is a positive scalar but there is no validation. Since this value is used to allocate the output tensor, a negative value would result in a `CHECK`-failure (assertion failure), as... • https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/unsorted_segment_join_op.cc#L83-L14 • CWE-20: Improper Input Validation CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1754 – Integer Overflow or Wraparound in polonel/trudesk
https://notcve.org/view.php?id=CVE-2022-1754
20 May 2022 — Integer Overflow or Wraparound in GitHub repository polonel/trudesk prior to 1.2.2. Un Desbordamiento de Enteros o Wraparound en el repositorio de GitHub polonel/trudesk versiones anteriores a 1.2.2 • https://github.com/polonel/trudesk/commit/e836d04d16787c2c9c72e7bf011cf396d1f73c19 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 1CVE-2022-22976 – springframework: BCrypt skips salt rounds for work factor of 31
https://notcve.org/view.php?id=CVE-2022-22976
19 May 2022 — Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work factor (31), the encoder does not perform any salt rounds, due to an integer overflow error. ... The encoder does not perform any salt rounds when using the BCrypt class with the maximum work factor (31) due to an integer overflow error. • https://github.com/spring-io/cve-2022-22976-bcrypt-skips-salt • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 1CVE-2022-1116 – Kernel Live Patch Security Notice LSN-0086-1
https://notcve.org/view.php?id=CVE-2022-1116
17 May 2022 — Integer Overflow or Wraparound vulnerability in io_uring of Linux Kernel allows local attacker to cause memory corruption and escalate privileges to root. ... Una vulnerabilidad de desbordamiento de enteros o Wraparound en io_uring del Kernel de Linux permite a un atacante local causar una corrupción de memoria y escalar privilegios a root. • http://packetstormsecurity.com/files/167386/Kernel-Live-Patch-Security-Notice-LSN-0086-1.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.1EPSS: 0%CPEs: 18EXPL: 0CVE-2022-26697 – Apple macOS SCPT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-26697
17 May 2022 — An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. macOS Monterey 12.4 addresses buffer overflow, bypass, code execution, denial of service, integer overflow, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities. • https://support.apple.com/en-us/HT213255 • CWE-125: Out-of-bounds Read •
CVSS: 7.1EPSS: 0%CPEs: 18EXPL: 0CVE-2022-26698 – Apple macOS SCPT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-26698
17 May 2022 — An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. macOS Monterey 12.4 addresses buffer overflow, bypass, code execution, denial of service, integer overflow, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities. • https://support.apple.com/en-us/HT213255 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 16EXPL: 0CVE-2022-26746 – Apple Security Advisory 2022-05-16-4
https://notcve.org/view.php?id=CVE-2022-26746
17 May 2022 — Una aplicación maliciosa puede ser capaz de omitir las preferencias de privacidad macOS Monterey 12.4 addresses buffer overflow, bypass, code execution, denial of service, integer overflow, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities. • https://support.apple.com/en-us/HT213255 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-26762 – Apple Security Advisory 2022-05-16-1
https://notcve.org/view.php?id=CVE-2022-26762
17 May 2022 — Una aplicación maliciosa puede ejecutar código arbitrario con privilegios del sistema. macOS Monterey 12.4 addresses buffer overflow, bypass, code execution, denial of service, integer overflow, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities. • https://support.apple.com/en-us/HT213257 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-26760 – Apple Security Advisory 2022-05-16-1
https://notcve.org/view.php?id=CVE-2022-26760
17 May 2022 — A malicious application may be able to elevate privileges. iOS 15.5 and iPadOS 15.5 addresses bypass, code execution, denial of service, integer overflow, out of bounds access, out of bounds write, and use-after-free vulnerabilities. • https://support.apple.com/en-us/HT213258 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-26724 – Apple Security Advisory 2022-05-16-6
https://notcve.org/view.php?id=CVE-2022-26724
17 May 2022 — Un usuario local puede ser capaz de habilitar Fotos de iCloud sin autenticación tvOS 15.5 addresses bypass, code execution, integer overflow, out of bounds access, out of bounds write, and use-after-free vulnerabilities. • https://support.apple.com/en-us/HT213254 • CWE-287: Improper Authentication •