PYSEC-2021-710

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in caused by an integer overflow in constructing a new tensor shape. This is because the...

PYSEC-2021-462

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in tf.rawops.SparseConcat. This is because the...

CVE-2021-29584

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a CHECK-fail in caused by an integer overflow in constructing a new tensor shape. This is because the...

Ubuntu 20.04 LTS : PyYAML vulnerability (USN-4940-1)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4940-1 advisory. It was discovered that PyYAML incorrectly handled untrusted YAML files with the FullLoader loader. A remote attacker could possibly use this issue to execute...

GHSA-W8F3-PVX4-4C3H Prototype Pollution in arr-flatten-unflatten

All versions of package arr-flatten-unflatten up to and including version 1.1.4 are vulnerable to Prototype Pollution via the constructor...

Missing zero-address check for the beneficiary address

Handle 0xRajeev Vulnerability details Impact The beneficiary address specified in constructor receives all the proceeds from NFT sales which could be of significant value. However, there is no zero-address validation of this beneficiary address parameter during initialization in the constructor...

init functions can be frontrun

Handle @cmichelio Vulnerability details Vulnerability Details The init function that initializes important contract state can be called by anyone. Impact The attacker can initialize the contract before the legitimate deployer, hoping that the victim continues to use the same contract. In the best...

Initialization can be front-run in USDV.sol

Handle 0xRajeev Vulnerability details Impact Given the public access, this is susceptible to front-running by an attacker who can initialize this with arbitrary assets before the deployer. Reinitialization will require contract redeployment because initialization can be done only once. Reference:...

Prototype Pollution

jquery-bbq is vulnerable to prototype pollution. An attacker is able to inject malicious properties into existing construct prototypes Object.prototype and modify attributes such as proto, constructor and prototype...

Prototype Pollution

@type/purl is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes and modify attributes such as proto, constructor and prototype...

datatables.net: prototype pollution if 'constructor' were used in a data property name

All versions of package datatables.net are vulnerable to Prototype Pollution due to an incomplete fix for https://snyk.io/vuln/SNYK-JS-DATATABLESNET-598806...

datatables.net: prototype pollution if 'constructor' were used in a data property name

All versions of package datatables.net are vulnerable to Prototype Pollution due to an incomplete fix for https://snyk.io/vuln/SNYK-JS-DATATABLESNET-598806...

DEBIAN-CVE-2020-28590

An out-of-bounds read vulnerability exists in the Obj File TriangleMesh::TriangleMesh functionality of Slic3r libslic3r 1.3.0 and Master Commit 92abbc42. A specially crafted obj file could lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability...

Misuse of `Reference` and other transferable APIs may lead to access to nodejs isolate

Versions of isolated-vm before v4.0.0, and especially before v3.0.0, have API pitfalls which may make it easy for implementers to expose supposed secure isolates to the permissions of the main nodejs isolate. Reference objects allow access to the underlying reference's full prototype chain. In an...

CVE-2019-10196

A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Denial of Service through the usage of all available CPU resources and data exposure through an...

Design/Logic Flaw

A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Denial of Service through the usage of all available CPU resources and data exposure through an...

CVE-2019-10196

A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Denial of Service through the usage of all available CPU resources and data exposure through an...

Prototype Pollution

patchmerge is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes and modify attributes such as proto, constructor and prototype...

Prototype Pollution

Overview shvl is a Get and set dot-notated properties within an object Affected versions of this package are vulnerable to Prototype Pollution due to an incomplete fix not protecting against the constructor.prototype vector. PoC js var shvl = require"shvl" let obj = console.log"Before: " +...

fltk crate for Rust 缓冲区错误漏洞

fltk crate for Rust is a cross-platform lightweight GUI library. It can be statically linked to produce small, standalone and fast GUI applications. A security vulnerability exists in fltk crate before 0.15.3 for Rust, which stems from a read overrun in the pixmap constructor due to a lack of...