CVE-2022-40604 Airflow url had formatting issue, allowing for information extraction.
The following flow was not escaping all text within it, allowing for cross site scripting (XSS) attacks. a href="%= request.getPathName() %>">
CVE-2022-39220 SFTPGo is an SFTP server written in Go. Versions prior to 2.3.5 are vulnerable to Cross-site scripting (XSS) attacks due to a WebClient bug. An update is available.
SFTPGo is susceptible to Cross-site scripting (XSS) vulnerabilities in the WebClient component. According to the vendor, these vulnerabilities have been fixed in version 2.3.
CVE-2022-40955 An attacker with privileges to specify MySQL JDBC connection URL parameters and write to the database can cause deserialized data to be l
Users are advised to upgrade to Apache InLong 1.3.0 or newer. https://github.com/apache/incr/issues/2
Apache InLong 1.2.0
CVE-2022-36015 TensorFlow is an open source platform for machine learning. When RangeSize receives values that don't fit into an int64_t, it crashes. We have patched the issue in a GitHub commit.
If you are on TensorFlow 2.9.1, TensorFlow 2.8.1, or TensorFlow 2.7.2, please update your installations immediately. You can also
CVE-2022-36003 TensorFlow is an open source platform for machine learning. When RandomPoissonV2 receives large input and rates, it gives a CHECK fail that can trigger a DDoS attack.
When the `RandomPoissonV2` estimator receives a large input shape and rates, it gives a `CHECK` fail and stops training. The fix is cherry-picking this commit
Episode
00:00:00
00:00:00