CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 1CVE-2021-23497 – Prototype Pollution
https://notcve.org/view.php?id=CVE-2021-23497
This affects the package @strikeentco/set before 1.0.2. It allows an attacker to cause a denial of service and may lead to remote code execution. **Note:** This vulnerability derives from an incomplete fix in https://security.snyk.io/vuln/SNYK-JS-STRIKEENTCOSET-1038821 Esto afecta al paquete @strikeentco/set versiones anteriores a 1.0.2. Permite a un atacante causar una denegación de servicio y puede conllevar a una ejecución de código remota. **Nota:** Esta vulnerabilidad deriva de una corrección incompleta en https://security.snyk.io/vuln/SNYK-JS-STRIKEENTCOSET-1038821 • https://github.com/strikeentco/set/commit/b2f942c https://snyk.io/blog/remediate-javascript-type-confusion-bypassed-input-validation https://snyk.io/vuln/SNYK-JS-STRIKEENTCOSET-2385945 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2022-21734 – `CHECK`-failures in Tensorflow
https://notcve.org/view.php?id=CVE-2022-21734
Tensorflow is an Open Source Machine Learning Framework. The implementation of `MapStage` is vulnerable a `CHECK`-fail if the key tensor is not a scalar. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. Tensorflow es un marco de aprendizaje automático de código abierto. • https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/map_stage_op.cc#L519-L550 https://github.com/tensorflow/tensorflow/commit/f57315566d7094f322b784947093406c2aea0d7d https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gcvh-66ff-4mwm • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 2CVE-2022-21731 – Type confusion leading to segfault in Tensorflow
https://notcve.org/view.php?id=CVE-2022-21731
The implementation of shape inference for `ConcatV2` can be used to trigger a denial of service attack via a segfault caused by a type confusion. ... La implementación de la inferencia de formas para "ConcatV2" puede ser usada para desencadenar un ataque de denegación de servicio por medio de un segfault causado por una confusión de tipos. • https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/framework/common_shape_fns.cc#L1961-L2059 https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/framework/shape_inference.cc#L345-L358 https://github.com/tensorflow/tensorflow/commit/08d7b00c0a5a20926363849f611729f53f3ec022 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-m4hf-j54p-p353 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-23558 – Prototype Pollution
https://notcve.org/view.php?id=CVE-2021-23558
The package bmoor before 0.10.1 are vulnerable to Prototype Pollution due to missing sanitization in set function. **Note:** This vulnerability derives from an incomplete fix in [CVE-2020-7736](https://security.snyk.io/vuln/SNYK-JS-BMOOR-598664) El paquete bmoor versiones anteriores a 0.10.1, es vulnerable a una Contaminación de Prototipos debido a una falta de saneo en la función set. **Nota:** Esta vulnerabilidad es derivada de una corrección incompleta en [CVE-2020-7736](https://security.snyk.io/vuln/SNYK-JS-BMOOR-598664) • https://github.com/b-heilman/bmoor/commit/29b0162cc1dc1791fc060891f568b0ae29bc542b https://snyk.io/blog/remediate-javascript-type-confusion-bypassed-input-validation https://snyk.io/vuln/SNYK-JS-BMOOR-2342622 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-24044
https://notcve.org/view.php?id=CVE-2021-24044
This could result in segmentation fault as a consequence of type confusion error, with a low chance of RCE. ... Esto podría resultar en un fallo de segmentación como consecuencia de un error de confusión de tipos, con una baja probabilidad de RCE. • https://www.facebook.com/security/advisories/cve-2021-24044 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •