rpnet (>=0.0.1 <=0.1.0), rpnet-dev (>=0.0.5 <=0.0.12) +4 more potentially affected by CVE-2022-23580 via tensorflow-gpu (=2.7.0)

tensorflow-gpu PYPI version =2.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-gpu and may be impacted: - rpnet =0.0.1, =0.0.5, =1.0.5, =1.1.1 - tpu-tf2 =1.0.0 - troj =1.0.0 Source cves: CVE-2022-23580 Source advisory:...

rpnet (>=0.0.1 <=0.1.0), rpnet-dev (>=0.0.5 <=0.0.12) +4 more potentially affected by CVE-2022-23581 via tensorflow-gpu (=2.7.0)

tensorflow-gpu PYPI version =2.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-gpu and may be impacted: - rpnet =0.0.1, =0.0.5, =1.0.5, =1.1.1 - tpu-tf2 =1.0.0 - troj =1.0.0 Source cves: CVE-2022-23581 Source advisory:...

ddpg-tf2 (=1.0.1), rpnet (>=0.0.1 <=0.1.0) +6 more potentially affected by CVE-2022-23592 via tensorflow-gpu (>=2.7.0 <=2.7.2)

tensorflow-gpu PYPI version =2.7.0, =0.0.1, =0.0.5, =1.0.5, =1.1.1 - tpu-tf2 =1.0.0 - troj =1.0.0 Source cves: CVE-2022-23592 Source advisory: OSV:PYSEC-2022-156...

DRUPAL-CONTRIB-2022-019

This module provides a stream wrapper for files located in the vendor directory. Even when the vendor directory is moved outside the webroot, it allows providing publically accessible URLs to these files. The module exposes all files that are in the vendor directory, without a site owner's...

Remote Stream Wrapper - Critical - Unsupported - SA-CONTRIB-2022-020

Update 2022-05-04: Existing maintainers have updated the project to clarify that the module did not contain a security issue that caused the module to be unsupported. The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by...

Vendor Stream Wrapper - Moderately critical - Unsupported - SA-CONTRIB-2022-019

This module provides a stream wrapper for files located in the vendor directory. Even when the vendor directory is moved outside the webroot, it allows providing publically accessible URLs to these files. The module exposes all files that are in the vendor directory, without a site owner's...

Path Traversal

io.spinnaker.clouddriver:clouddriver-appengine is vulnerable to path traversal. The utility to extract files locally for deployment does not validate the paths, allowing a local attacker to override files on a particular container resulting in path traversal vulnerability. Man in the middle attac...

CVE-2021-39143

Spinnaker is an open source, multi-cloud continuous delivery platform. A path traversal vulnerability was discovered in uses of TAR files by AppEngine for deployments. This uses a utility to extract files locally for deployment without validating the paths in that deployment don't override system...

PYSEC-2022-43148

Open Asset Import Library aka assimp 5.1.0 and 5.1.1 has a heap-based buffer overflow in m3dsafestr called from m3dload and Assimp::M3DWrapper::M3DWrapper...

PYSEC-2022-43148

Open Asset Import Library aka assimp 5.1.0 and 5.1.1 has a heap-based buffer overflow in m3dsafestr called from m3dload and Assimp::M3DWrapper::M3DWrapper...

Rust ash crate has an unspecified vulnerability

Rust ash crate is a very lightweight Vulkan wrapper. a security vulnerability exists in versions of Rust ash crate prior to 0.33.1, which stems from the fact that util::readspv can read data from an uninitialized memory location. No details of the vulnerability are currently available...

PT-2021-8079 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel version 5.13.0 mlnx Description: The vulnerability is related to the function mlx5e tx reporter dump sq in the net/mlx5e component of the Linux kernel. This function casts its void argument to struct mlx5e txqsq , but in the...

[SECURITY] Fedora 35 Update: rust-rusqlite-0.26.3-1.fc35

Ergonomic wrapper for SQLite...

[SECURITY] Fedora 34 Update: rust-rusqlite-0.26.3-1.fc34

Ergonomic wrapper for SQLite...

CVE-2021-32497

SICK SOPAS ET before version 4.8.0 allows attackers to wrap any executable file into an SDD and provide this to a SOPAS ET user. When a user starts the emulator the executable is run without further checks...

embly-wrapper (=0.0.2), wasi-common-lucet (>=0.4.0 <=0.4.2) potentially affected by CVE-2021-43790 via lucet-runtime (>=0.4.3 <=0.6.1)

lucet-runtime CARGO version =0.4.3, =0.4.0, =0.4.2 Source cves: CVE-2021-43790 Source advisory: OSV:GHSA-HF79-8HJP-RRVQ...

embly-wrapper (=0.0.2), wasi-common-lucet (>=0.4.0 <=0.4.2) potentially affected by CVE-2021-43790 via lucet-runtime (>=0.4.3 <=0.6.1)

lucet-runtime CARGO version =0.4.3, =0.4.0, =0.4.2 Source cves: CVE-2021-43790 Source advisory: OSV:RUSTSEC-2021-0155...

SHOULD CHECK RETURN DATA FROM CHAINLINK AGGREGATORS

Handle defsec Vulnerability details Impact The consult function in the contract TwapOracle.sol fetches the asset price from a Chainlink aggregator using the latestRoundData function. However, there are no checks on timeStamp, resulting in stale prices. The oracle wrapper calls out to a chainlink...

Mozilla Firefox Security Advisory (MFSA2014-91) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

Mozilla Firefox Security Advisory (MFSA2012-83) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...