Type confusion leading to `CHECK`-failure based denial of service in TensorFlow

Impact The macros that TensorFlow uses for writing assertions e.g., CHECKLT, CHECKGT, etc. have an incorrect logic when comparing sizet and int values. Due to type conversion rules, several of the macros would trigger incorrectly. Patches We have patched the issue in GitHub commit...

Denial of service in `tf.ragged.constant` due to lack of validation

Impact The implementation of tf.ragged.constant does not fully validate the input arguments. This results in a denial of service by consuming all available memory: python import tensorflow as tf tf.ragged.constantpylist=,raggedrank=8968073515812833920 Patches We have patched the issue in GitHub...

CVE-2022-30975

In Artifex MuJS through 1.2.0, jsPdumpsyntax in jsdump.c has a NULL pointer dereference, as demonstrated by mujs-pp...

Forget to remove account out of _roleMembers[role]

Originally submitted by warden TrungOre in 89, duplicate of 164. For get to remove account out of roleMembersrole --- The text was updated successfully, but these errors were encountered: All reactions...

Tokens having more than 18 decimals are not supported

Originally submitted by warden pauliax in 173, duplicate of 49. Tokens having more than 18 decimals are not supported, the calculation will revert here: function decimalMultiplieraddress token internal view returns uint256 return 1018 - IERC20Fulltoken.decimals; --- The text was updated...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS due to a memory leak in VFRRT.cpp. Details Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users. Unlike other vulnerabilities, DoS...

CVE-2022-1114

A heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo function of dcm.c file. This vulnerability is triggered when an attacker passes a specially crafted DICOM image file to ImageMagick for conversion, potentially leading to information disclosure and a denial of service...

SQL Injection in elide-datastore-aggregation

Impact When leveraging the following together: - Elide Aggregation Data Store for Analytic Queries - Parameterized Columns A column that requires a client provided parameter - A parameterized column of type TEXT There is the potential for a hacker to provide a carefully crafted query that would...

CVE-2022-26635

PHP-Memcached v2.2.0 and below contains an improper NULL termination which allows attackers to execute CLRF injection. Note: Third parties have disputed this as not affecting PHP-Memcached directly...

CVE-2022-23395

jQuery Cookie 1.4.1 is affected by prototype pollution, which can lead to DOM cross-site scripting XSS...

Missing receiver validation in withdrawFunds

Lines of code Vulnerability details Impact The CollateralManagement.withdrawFunds function does not validate its to parameter. Funds can be lost if to is the zero address. Similar issues have been judged as medium recently, see Sandclock M-15 / Github issue Recommended Mitigation Steps Check that...

Rufus 3.17.1846 DLL Hijacking

Hi all, I would like to disclose a vulnerability that I just found today. Details below: Vulnerable Software and Version: 1. Rufus 3.17.1846 executable 2. Rufus 3.17.1846 portable executable Vulnerable software download link: https://rufus.ie/en/ https://github.com/pbatard/rufus/releases/tag/v3.1...

Integer overflow in Tensorflow

Impact The implementation of Range suffers from integer overflows. These can trigger undefined behavior or, in some scenarios, extremely large allocations. Patches We have patched the issue in GitHub commit f0147751fd5d2ff23251149ebad9af9f03010732 merging 51733. The fix will be included in...

GHSA-MMJ4-777P-FPQ9 Validation bypass in frourio-express

日本語 影響 v0.26.0以前のfrourioを使用している、かつvalidators/を利用している場合、ネストされたバリデータがリクエストのボディーとクエリに対して正しく働かないケースがあります。また、リクエストに対してバリデーションが効かなくなる入力があります。 パッチ frourioをv0.26.0かそれ以降のバージョンにアップデートをお願いします。frourio を使用したプロジェクトには class-transformer と reflect-metadata の依存への追加も必要となります。 ワークアラウンド...

Trust Boundary Violation due to Incomplete Blacklist in Test Failure Processing in Ares

Impact This allows an attacker to create special subclasses of InvocationTargetException that escape the exception sanitization because JUnit extracts the cause in a trusted context before the exception reaches Ares. This means that arbitrary student code can be executed in a trusted context, and...

Unsoundness in `dashmap` references

Reference returned by some methods of Ref and similar types may outlive the Ref and escape the lock. This causes undefined behavior and may result in a segfault. More information in dashmap167 issue...

GHSA-273R-RM8G-7F3X Uncaught Exception in mercurius

Impact Any users from [email protected] to 8.11.1 are subjected to a denial of service attack by sending a malformed JSON to /graphql unless they are using a custom error handler. Patches The vulnerability has been fixed in https://github.com/mercurius-js/mercurius/pull/678 and shipped as v8.11.2...

GHSA-M3RF-7M4W-R66Q Improper Authentication in Flask-AppBuilder

Impact Improper authentication on the REST API. Allows for a malicious actor with a carefully crafted request to successfully authenticate and gain access to existing protected REST API endpoints. Only affects non database authentication types, and new REST API endpoints. Patches Upgrade to...

Overflow/crash in `tf.image.resize` when size is large

Impact If tf.image.resize is called with a large input argument then the TensorFlow process will crash due to a CHECK-failure caused by an overflow. python import tensorflow as tf import numpy as np tf.keras.layers.UpSampling2D size=1610637938, dataformat='channelsfirst',...

Overflow/crash in `tf.range`

Impact While calculating the size of the output within the tf.range kernel, there is a conditional statement of type int64 = condition ? int64 : double. Due to C++ implicit conversion rules, both branches of the condition will be cast to double and the result would be truncated before the...