47 matches found
Oracle Linux 8 : pcs (ELSA-2024-2953)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2953 advisory. - Fixed CVE-2024-25126, CVE-2024-26141, CVE-2024-26146 in bundled dependency rack Resolves: RHEL-26445, RHEL-26447, RHEL-26449 Tenable has extracted th...
pcs security update
0.10.18-2.0.1 - Replace HAM-logo.png with a generic one 0.10.18-2 - Fixed CVE-2024-25126, CVE-2024-26141, CVE-2024-26146 in bundled dependency rack Resolves: RHEL-26445, RHEL-26447, RHEL-26449 0.10.18-1 - Rebased to the latest sources see CHANGELOG.md Resolves: RHEL-7741 0.10.17-6 - Rebased to th...
CVE-2023-52601 jfs: fix array-index-out-of-bounds in dbAdjTree
In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds in dbAdjTree Currently there is a bound check missing in the dbAdjTree while accessing the dmtstree. To add the required check added the bool isctl which is required to determine the size as...
CVE-2022-47069
p7zip 16.02 was discovered to contain a heap-buffer-overflow vulnerability via the function NArchive::NZip::CInArchive::FindCdbool at CPP/7zip/Archive/Zip/ZipIn.cpp. NOTE: the Supplier has found that this is not a buffer overflow; at most an out-of-bounds read can occur...
impl `FromMdbValue` for bool is unsound
The implementation of FromMdbValue has several unsoundness issues. First of all, it allows to reinterpret arbitrary bytes as a bool and could make undefined behavior happen with safe function. Secondly, it allows transmuting pointer without taking memory layout into consideration. The details of...
GHSA-F9G6-FP84-FV92 impl `FromMdbValue` for bool is unsound
The implementation of FromMdbValue has several unsoundness issues. First of all, it allows to reinterpret arbitrary bytes as a bool and could make undefined behavior happen with safe function. Secondly, it allows transmuting pointer without taking memory layout into consideration. The details of...
Google TensorFlow code issue vulnerability (CNVD-2022-80685)
Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A code issue vulnerability exists in Google TensorFlow, which stems from a logical error in the organization of data, where the conversion from char to bool is undefined if the const char array is not 0...
GHSA-PF36-R9C6-H97J Invalid char to bool conversion when printing a tensor
Impact When printing a tensor, we get it's data as a const char array since that's the underlying storage and then we typecast it to the element type. However, conversions from char to bool are undefined if the char is not 0 or 1, so sanitizers/fuzzers will crash. Patches We have patched the issu...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS because the conversions from char to bool are undefined if the char is not 0 or 1. This can happen when printing a tensor: the data is got as a const char array and then it is typecasted to the element type. Detail...
AZL-11544 CVE-2022-41911 affecting package tensorflow for versions less than 2.11.0-1
TensorFlow is an open source platform for machine learning. When printing a tensor, we get it's data as a const char array since that's the underlying storage and then we typecast it to the element type. However, conversions from char to bool are undefined if the char is not 0 or 1, so...
CVE-2022-41911 Invalid char to bool conversion when printing a tensor in Tensorflow
TensorFlow is an open source platform for machine learning. When printing a tensor, we get it's data as a const char array since that's the underlying storage and then we typecast it to the element type. However, conversions from char to bool are undefined if the char is not 0 or 1, so...
Google TensorFlow 代码问题漏洞
Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A code issue vulnerability exists in Google TensorFlow, which stems from a logical error in the organization of data, where the conversion from char to bool is undefined if the const char array is not 0...
CVE-2022-41911 Invalid char to bool conversion when printing a tensor in Tensorflow
TensorFlow is an open source platform for machine learning. When printing a tensor, we get it's data as a const char array since that's the underlying storage and then we typecast it to the element type. However, conversions from char to bool are undefined if the char is not 0 or 1, so...
Some ERC20 tokens don't return bool values
Lines of code Vulnerability details Impact VotingEscrow will not work for such tokens. Proof of Concept This issue is same as a previous contest. In the implementation of token transfer, the return value is checked after token transfer. But some tokens do not return bool values. After DM, I know...
OSV-2022-436 Stack-buffer-overflow in spvtools::opt::CompositeInsertToCompositeConstruct
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47684 Crash type: Stack-buffer-overflow READ 8 Crash state: spvtools::opt::CompositeInsertToCompositeConstruct std::1::function::funcbool spvtools::opt::InstructionFolder::FoldInstructionInternal...
GitHub Security Lab: ihsinme: CPP Add query for CWE-783 Operator Precedence Logic Error When Use Bool Type
This bug was reported directly to GitHub Security Lab...
actix-broker (>=0.1.3 <=0.1.7), actix-diesel (>=0.1.0 <=0.3.0) +894 more potentially affected by unknown CVE via cpuid-bool (>=0.1.2 <=0.2.0)
cpuid-bool CARGO version =0.1.2, =0.1.3, =0.1.0, =0.3.0, =0.3.0, =0.5.1, =0.0.2, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.2 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2021-0064...
`cpuid-bool` has been renamed to `cpufeatures`
Please use the cpufeatures crate going forward: There will be no further releases of cpuid-bool...
Design/Logic Flaw
An issue was discovered in the flatbuffers crate before 0.6.1 for Rust. Arbitrary bytes can be reinterpreted as a bool, defeating soundness...
CVE-2019-25004
An issue was discovered in the flatbuffers crate before 0.6.1 for Rust. Arbitrary bytes can be reinterpreted as a bool, defeating soundness...