CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2022-21734 – `CHECK`-failures in Tensorflow
https://notcve.org/view.php?id=CVE-2022-21734
Tensorflow is an Open Source Machine Learning Framework. The implementation of `MapStage` is vulnerable a `CHECK`-fail if the key tensor is not a scalar. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. Tensorflow es un marco de aprendizaje automático de código abierto. • https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/map_stage_op.cc#L519-L550 https://github.com/tensorflow/tensorflow/commit/f57315566d7094f322b784947093406c2aea0d7d https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gcvh-66ff-4mwm • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 2CVE-2022-21731 – Type confusion leading to segfault in Tensorflow
https://notcve.org/view.php?id=CVE-2022-21731
The implementation of shape inference for `ConcatV2` can be used to trigger a denial of service attack via a segfault caused by a type confusion. ... La implementación de la inferencia de formas para "ConcatV2" puede ser usada para desencadenar un ataque de denegación de servicio por medio de un segfault causado por una confusión de tipos. • https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/framework/common_shape_fns.cc#L1961-L2059 https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/framework/shape_inference.cc#L345-L358 https://github.com/tensorflow/tensorflow/commit/08d7b00c0a5a20926363849f611729f53f3ec022 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-m4hf-j54p-p353 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-23558 – Prototype Pollution
https://notcve.org/view.php?id=CVE-2021-23558
The package bmoor before 0.10.1 are vulnerable to Prototype Pollution due to missing sanitization in set function. **Note:** This vulnerability derives from an incomplete fix in [CVE-2020-7736](https://security.snyk.io/vuln/SNYK-JS-BMOOR-598664) El paquete bmoor versiones anteriores a 0.10.1, es vulnerable a una Contaminación de Prototipos debido a una falta de saneo en la función set. **Nota:** Esta vulnerabilidad es derivada de una corrección incompleta en [CVE-2020-7736](https://security.snyk.io/vuln/SNYK-JS-BMOOR-598664) • https://github.com/b-heilman/bmoor/commit/29b0162cc1dc1791fc060891f568b0ae29bc542b https://snyk.io/blog/remediate-javascript-type-confusion-bypassed-input-validation https://snyk.io/vuln/SNYK-JS-BMOOR-2342622 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-24044
https://notcve.org/view.php?id=CVE-2021-24044
This could result in segmentation fault as a consequence of type confusion error, with a low chance of RCE. ... Esto podría resultar en un fallo de segmentación como consecuencia de un error de confusión de tipos, con una baja probabilidad de RCE. • https://www.facebook.com/security/advisories/cve-2021-24044 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2021-44647
https://notcve.org/view.php?id=CVE-2021-44647
Lua v5.4.3 and above are affected by SEGV by type confusion in funcnamefromcode function in ldebug.c which can cause a local denial of service. Lua versión v5.4.3 y superiores están afectados por SEGV por confusión de tipo en la función funcnamefromcode en ldebug.c que puede causar una denegación de servicio local • http://lua-users.org/lists/lua-l/2021-11/msg00195.html http://lua-users.org/lists/lua-l/2021-11/msg00204.html https://access.redhat.com/security/cve/cve-2021-44647 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P3EMGAQ5Y6GXJLY4K5DUOOEQT4MZ4J4F https://security.gentoo.org/glsa/202305-23 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •