CVE-2022-36014 TensorFlow is an open source platform for machine learning. When it receives null type attributes, it crashes.
You can update to TensorFlow 2.10.0 or TensorFlow 2.9.1 if you are running TensorFlow 2.8.1 or TensorFlow 2.7.
CVE-2022-37258 The packageName variable in npm-convert.js steals 2.2.4 by converting package names to lowercase.
The packageName variable is where you can inject your own custom code to be executed before or after the stealJS conversion. For example, you can
CVE-2022-38621 Fox Doufox CMS was found to have a RCE vulnerability on the edit file page.
An attacker can host a specially crafted PHP file on a Web server and cause the application to consume an excessive amount of CPU resources.
CVE-2022-38808 ywoa v6.1 is vulnerable to SQL Injection via backend/oa/visual/exportExcel.do interface.
By sending a specially crafted request, a remote attacker may be able to gain access to the system and possibly run arbitrary SQL queries.
There
CVE-2022-22520 An attacker can enumerate valid users by sending specific requests to the webservices MB connect, mbCONNECT24, and Helmholz myREX24 and myREX24.virtual v2.11.2.
The request can look like this:
GET /v2.11.2/mymbCONNECT/users/validate?password=password&ip=IP Address of the device>&client=
Episode
00:00:00
00:00:00