Type confusion

Wasmtime is an open source runtime for WebAssembly & WASI. Wasmtime before version 0.30.0 is affected by a type confusion vulnerability. As a Rust library the wasmtime crate clearly marks which functions are safe and which are unsafe, guaranteeing that if consumers never use unsafe then it should...

PYSEC-2021-322

Wasmtime is an open source runtime for WebAssembly & WASI. Wasmtime before version 0.30.0 is affected by a type confusion vulnerability. As a Rust library the wasmtime crate clearly marks which functions are safe and which are unsafe, guaranteeing that if consumers never use unsafe then it should...

PYSEC-2021-322

Wasmtime is an open source runtime for WebAssembly & WASI. Wasmtime before version 0.30.0 is affected by a type confusion vulnerability. As a Rust library the wasmtime crate clearly marks which functions are safe and which are unsafe, guaranteeing that if consumers never use unsafe then it should...

alphapulldown (>=0.21.2 <=0.22.3), analytics-lib (>=0.0.1 <=0.0.2) +54 more potentially affected by CVE-2021-37637 via tensorflow (=2.5.0)

tensorflow PYPI version =2.5.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow and may be impacted: - alphapulldown =0.21.2, =0.0.1, =1.1.0, =0.1.0.dev2, =0.8.1, =3.3.0, =0.0.24, =1.0.0, =2.0.2, =0.6.0, =0.7.0, =1.4.0 and more Source cves:...

alphapulldown (>=0.21.2 <=0.22.3), analytics-lib (>=0.0.1 <=0.0.2) +54 more potentially affected by CVE-2021-37668 via tensorflow (=2.5.0)

tensorflow PYPI version =2.5.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow and may be impacted: - alphapulldown =0.21.2, =0.0.1, =1.1.0, =0.1.0.dev2, =0.8.1, =3.3.0, =0.0.24, =1.0.0, =2.0.2, =0.6.0, =0.7.0, =1.4.0 and more Source cves:...

[20220309] - Core - XSS attack vector through SVG

Possible XSS attack vector through SVG embedding in commedia...

PT-2021-10148

Name of the Vulnerable Software and Affected Versions: TechSmith Snagit version 19.1.0.2653 Description: The issue allows attackers to obfuscate and embed crafted files used to escalate privileges by utilizing Object Linking and Embedding OLE. Recommendations: For TechSmith Snagit version...

TechSmith Snagit 安全漏洞

Techsmith TechSmith SnagIT is a set of screen capture software from Techsmith USA. The software is mainly used to take screenshots and record videos on the screen. A security vulnerability exists in TechSmith Snagit that stems from TechSmith Snagit's use of Object Linking and Embedding OLE, which...

WordPress: wp-embed XSS on Safari

An XSS vulnerability was discovered in the open embed auto discovery function of WordPress. The vulnerability allowed an attacker to execute malicious JavaScript code by embedding a blog post on a victim's WordPress site. The vulnerability affected Safari browsers and potentially other browsers...

GHSA-MM8J-9X84-M9CV Arbitrary code injection in json-sanitizer

OWASP json-sanitizer before 1.2.2 may emit closing SCRIPT tags and CDATA section delimiters for crafted input. This allows an attacker to inject arbitrary HTML or XML into embedding documents...

Libinjection - SQL / SQLI Tokenizer Parser Analyzer

SQL / SQLI tokenizer parser analyzer. For C and C++ PHP Python Lua Java external port LuaJIT/FFI https://github.com/p0pr0ck5/lua-ffi-libinjection external port See https://www.client9.com/ for details and presentations. Simple example: fingerprint of '%s'\n", state.fingerprint; return issqli; "...

The vulnerability of the OLE Automation technology implementation in Microsoft Windows operating systems allows a perpetrator to execute arbitrary code.

The vulnerability of the OLE Automation technology implementation in Microsoft Windows operating systems is related to improper code generation management. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

FooGallery < 2.0.35 - Authenticated Stored Cross-Site Scripting

In the plugin, the Custom CSS field of each gallery is not properly sanitised or validated before being being output in the page where the gallery is embed, leading to a stored Cross-Site Scripting issue. Create or edit a gallery and add the following payload in the Custom CSS field: Then, view t...

GHSA-4VRF-FF7V-HPGR Division by zero in TFLite's implementation of `EmbeddingLookup`

The implementation of the EmbeddingLookup TFLite operator is vulnerable to a division by zero error: cc const int rowsize = SizeOfDimensionvalue, 0; const int rowbytes = value-bytes / rowsize; An attacker can craft a model such that the first dimension of the value input is 0. Patches We have...

a2grunnerp (>=0.1.0 <=0.1.8), abba-python (>=0.1.6 <=0.3.0) +1361 more potentially affected by CVE-2021-29557 via tensorflow (>=1.0.1 <=2.1.2)

tensorflow PYPI version =1.0.1, =0.1.0, =0.1.6, =0.0.6, =0.1.0, =0.0.1, =1.1.2, =0.0.1, =2.0.0, =0.3.26, =0.2.1, =7.13.1, =0.0.1, =0.0.2 and more Source cves: CVE-2021-29557 Source advisory: OSV:GHSA-XW93-V57J-FCGH...

a2grunnerp (>=0.1.0 <=0.1.8), abba-python (>=0.1.6 <=0.3.0) +1361 more potentially affected by CVE-2021-29519 via tensorflow (>=1.0.1 <=2.1.2)

tensorflow PYPI version =1.0.1, =0.1.0, =0.1.6, =0.0.6, =0.1.0, =0.0.1, =1.1.2, =0.0.1, =2.0.0, =0.3.26, =0.2.1, =7.13.1, =0.0.1, =0.0.2 and more Source cves: CVE-2021-29519 Source advisory: OSV:GHSA-772J-H9XW-FFP5...

Improper Access Control in codingtrain/website

✍️ Description Google Maps API key without proper referer restrictions is found in your repo. It can be embeded to anyone's website and if the billing account is active, it will incur charges on your account. 🕵️‍♂️ Proof of Concept Visit this link to verify that you can use the service by visiting...

a2grunnerp (>=0.1.0 <=0.1.8), abba-python (>=0.1.6 <=0.3.0) +1361 more potentially affected by CVE-2021-29517 via tensorflow (>=1.0.1 <=2.1.2)

tensorflow PYPI version =1.0.1, =0.1.0, =0.1.6, =0.0.6, =0.1.0, =0.0.1, =1.1.2, =0.0.1, =2.0.0, =0.3.26, =0.2.1, =7.13.1, =0.0.1, =0.0.2 and more Source cves: CVE-2021-29517 Source advisory: OSV:PYSEC-2021-154...

a2grunnerp (>=0.1.0 <=0.1.8), abba-python (>=0.1.6 <=0.3.0) +1361 more potentially affected by CVE-2021-29559 via tensorflow (>=1.0.1 <=2.1.2)

tensorflow PYPI version =1.0.1, =0.1.0, =0.1.6, =0.0.6, =0.1.0, =0.0.1, =1.1.2, =0.0.1, =2.0.0, =0.3.26, =0.2.1, =7.13.1, =0.0.1, =0.0.2 and more Source cves: CVE-2021-29559 Source advisory: OSV:PYSEC-2021-196...

PYSEC-2021-722

TensorFlow is an end-to-end open source platform for machine learning. The implementation of the EmbeddingLookup TFLite operator is vulnerable to a division by zero...