AZL-34797 CVE-2022-45142 affecting package heimdal for versions less than 7.8.0-3

The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding "!= 0" comparisons to the result of memcmp. When these patches were backported to the heimdal-7.7.1 and heimdal-7.8.0 branches and possibly other branches a logic inversion sneaked...

CVE-2022-38773

Affected devices do not contain an Immutable Root of Trust in Hardware. With this the integrity of the code executed on the device can not be validated during load-time. An attacker with physical access to the device could use this to replace the boot image of the device and execute arbitrary cod...

StandardPolicyERC1155.sol returns amount == 1 instead of amount == order.amount

Lines of code Vulnerability details Impact The canMatchMakerAsk and canMatchMakerBid functions in StandardPolicyERC1155.sol will only return 1 as the amount instead of the order.amount value. This value is then used in the executeTokenTransfer call during the execution flow and leads to only 1...

A cancelled order can be executed again by the order creator.

Lines of code Vulnerability details Impact A cancelled order can be executed again by the order creator. While validating the signature, it doesn't check any conditions when order.order.trader == msg.sender here so the already cancelled/filled orders can be executed again when the caller increase...

Missing sanity check

Lines of code Vulnerability details Impact Missing sanity check on linearVestAmount Proof of Concept 1. Visit here 2. You are missing the sanity check on user inputted linearVestAmount 3. You need add the check on zero amount --- The text was updated successfully, but these errors were encountere...

AlmaLinux 8 : cryptsetup (ALSA-2020:4542)

"The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2020:4542 advisory. - A vulnerability was found in upstream release cryptsetup-2.2.0 where, there's a bug in LUKS2 format validation code, that is effectively invoked on every...

Cross-site Scripting (XSS) - Generic in projectsend/projectsend

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a differen...

Google TensorFlow has an unspecified vulnerability (CNVD-2021-92551)

Google TensorFlow is a set of end-to-end open source platform for machine learning from Google Google Inc. A security vulnerability exists in versions prior to Google TensorFlow 2.7.0, which stems from a lack of code validation for boosting trees in TensorFlow. No details of the vulnerability are...

CVE-2021-41221

TensorFlow is an open source platform for machine learning. In affected versions the shape inference code for the Cudnn operations in TensorFlow can be tricked into accessing invalid memory, via a heap buffer overflow. This occurs because the ranks of the input, inputh and inputc parameters are n...

Inefficient Regular Expression Complexity in validatorjs/validator.js

Description I would like to report a Regular Expression Denial of Service ReDoS vulnerability in validator. It allows cause a denial of service when validating crafted invalid MagnetURIs. The ReDoS vulnerability is mainly due to the sub-pattern .+&tr=.+ with quantified overlapping adjacency and c...

latestMarket used where marketIndex should have been used

Handle gpersoon Vulnerability details Impact The functions initializeMarket and seedMarketInitially use the variable latestMarket. If these functions would be called seperately from createNewSyntheticMarket, then latestMarket would have the same value for each call of initializeMarket and...

Design/Logic Flaw

TensorFlow is an end-to-end open source platform for machine learning. The implementation of tf.rawops.FractionalMaxPoolGrad triggers an undefined behavior if one of the input tensors is empty. The code is also vulnerable to a denial of service attack as a CHECK condition becomes false and aborts...

Null pointer dereference

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a null pointer dereference in the implementation of tf.rawops.EditDistance. This is because the...

CVE-2021-29530

CVE-2021-29530 concerns TensorFlow’s SparseMatrixSparseCholesky: passing an invalid permutation could trigger a null pointer dereference due to incomplete input validation in the underlying code, allowing continuation after a failed check. Public sources (NVD, OSV, GHSA) describe the issue in Ten...

CVE-2021-29540 Heap buffer overflow in `Conv2DBackpropFilter`

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow to occur in Conv2DBackpropFilter. This is because the...

HGiga MailSherlock Arbitrary File Download Vulnerability

HGiga MailSherlock is an email archiving and auditing system that provides a complete email security solution. An arbitrary file download vulnerability exists in HGiga MailSherlock. The vulnerability stems from MailSherlock's View Source Code feature not validating specific characters. An attacke...

CVE-2020-17438

An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. The code that reassembles fragmented packets fails to properly validate the total length of an incoming packet specified in its IP header, as well as the fragmentation offset value specified in the IP header. By crafti...

PT-2020-3300 · Microsoft · Visual Studio Code Eslint Extension

Name of the Vulnerable Software and Affected Versions: ESLint extension for Visual Studio Code affected versions not specified Description: A remote code execution issue exists in the ESLint extension for Visual Studio Code. This occurs when the extension validates source code after a project is...

Valve: [Portal 2] Remote Code Execution via voice packets

Description RCE can be achieved on other players via voice packets due to the lack of length validation when reading into a stack based buffer. POC 1. As the victim, invite the attacker into a game. 2. Wait until both players have loaded into the game. 3. Inject the following DLL into the attacke...

Foxit Reader Field object signatureSetSeedValue Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the...