CVE-2022-41939 Credential exposure when running third-party builders in knative/func

knative.dev/func is is a client library and CLI enabling the development and deployment of Kubernetes functions. Developers using a malicious or compromised third-party buildpack could expose their registry credentials or local docker socket to a malicious lifecycle container. This issues has bee...

AZL-11543 CVE-2022-41909 affecting package tensorflow for versions less than 2.11.0-1

TensorFlow is an open source platform for machine learning. An input encoded that is not a valid CompositeTensorVariant tensor will trigger a segfault in tf.rawops.CompositeTensorVariantToComponents. We have patched the issue in GitHub commits bf594d08d377dc6a3354d9fdb494b32d45f91971 and...

AZL-11525 CVE-2022-41884 affecting package tensorflow for versions less than 2.11.0-1

TensorFlow is an open source platform for machine learning. If a numpy array is created with a shape such that one element is zero and the others sum to a large number, an error will be raised. We have patched the issue in GitHub commit 2b56169c16e375c521a3bc8ea658811cc0793784. The fix will be...

OESA-2022-2049 swtpm security update

TPM emulator built on libtpms providing TPM functionality for QEMU VMs Security Fixes: swtpm is a libtpms-based TPM emulator with socket, character device, and Linux CUSE interface. Versions prior to 0.5.3, 0.6.2, and 0.7.1 are vulnerable to out-of-bounds read. A specially crafted header of swtpm...

Redwood is vulnerable to account takeover via dbAuth "forgot-password"

Impact What kind of vulnerability is it? Who is impacted? This is an API vulnerability in Redwood's dbAuth, specifically the dbAuth forgot password feature: - only projects with the dbAuth "forgot password" feature are affected - this vulnerability was introduced in v0.38.0 User Accounts are...

Effectively Preparing for the OpenSSL 3.x Vulnerability

With all the noise about the OpenSSL vulnerability, see this blog about how to prepare for mitigation when the patch is released...

CVE-2022-36016

TensorFlow is an open source platform for machine learning. When tensorflow::fulltype::SubstituteFromAttrs receives a FullTypeDef& t that is not exactly three args, it triggers a CHECK-fail instead of returning a status. We have patched the issue in GitHub commit...

GHSA-79H2-Q768-FPXR TensorFlow segfault TFLite converter on per-channel quantized transposed convolutions

Impact When converting transposed convolutions using per-channel weight quantization the converter segfaults and crashes the Python process. python import tensorflow as tf class QuantConv2DTransposedtf.keras.layers.Layer: def buildself, inputshape: self.kernel = self.addweight"kernel", 3, 3,...

GHSA-F4W6-H4F5-WX45 TensorFlow vulnerable to `CHECK` failure in tf.reshape via overflows

Impact The implementation of tf.reshape op in TensorFlow is vulnerable to a denial of service via CHECK-failure assertion failure caused by overflowing the number of elements in a tensor: python import tensorflow as tf tf.reshapetensor=1,shape=tf.constant0 for i in range255, dtype=tf.int64 This i...

CVE-2022-35964

TensorFlow is an open source platform for machine learning. The implementation of BlockLSTMGradV2 does not fully validate its inputs. This results in a a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...

linked_list_allocator vulnerable to out-of-bound writes on `Heap` initialization and `Heap::extend`

Impact What kind of vulnerability is it? Who is impacted? This vulnerability impacts all the initialization functions on the Heap and LockedHeap types, including Heap::new, Heap::init, Heap::initfromslice, and LockedHeap::new. It also affects multiple uses of the Heap::extend method. Initializati...

Cross-site scripting from dynamic options in the multiselect field

Introduction Cross-site scripting XSS is a type of vulnerability that allows to execute any kind of JavaScript code inside the Panel session of the same or other users. In the Panel, a harmful script can for example trigger requests to Kirby's API with the permissions of the victim. Such...

CVE-2022-35962

Zulip is an open source team chat and Zulip Mobile is an app for iOS and Andriod users. In Zulip Mobile through version 27.189, a crafted link in a message sent by an authenticated user could lead to credential disclosure if a user follows the link. A patch was released in version 27.190...

CVE-2022-35962 Crafted link in Zulip message can cause disclosure of credentials

Zulip is an open source team chat and Zulip Mobile is an app for iOS and Andriod users. In Zulip Mobile through version 27.189, a crafted link in a message sent by an authenticated user could lead to credential disclosure if a user follows the link. A patch was released in version 27.190...

Updated clamav packages fix security vulnerability

ClamAV 0.103.7 is a critical patch release with the following fixes: Upgrade the vendored UnRAR library to version 6.1.7. Fix logical signature "Intermediates" feature. Relax constraints on slightly malformed zip archives that contain overlapping file entries...

loopback-connector-postgresql Vulnerable to Improper Sanitization of `contains` Filter

Improper input validation on the contains LoopBack filter may allow for arbitrary SQL injection. Impact When the extended filter property contains is permitted to be interpreted by the Postgres connector, it is possible to inject arbitrary SQL which may affect the confidentiality and integrity of...

GHSA-V4HR-4JPX-56GC Streamlit directory traversal vulnerability

Impact Users hosting Streamlit apps that use custom components are vulnerable to a directory traversal attack that could leak data from their web server file-system such as: server logs, world readable files, and potentially other sensitive information. An attacker can craft a malicious URL with...

Unauthenticated Remote Code Execution in a Wide Range of DrayTek Vigor Routers

Unauthenticated Remote Code Execution in a Wide Range of DrayTek Vigor Routers By Trellix · August 3, 2022 This story was written by Philippe Laulheret. Summary The Trellix Threat Labs Vulnerability Research team has found an unauthenticated remote code execution vulnerability, filed under...

GHSA-2CPX-6PQP-WF35 fs2-io skips mTLS client verification

Impact When establishing a server-mode TLSSocket using fs2-io on Node.js, the parameter requestCert = true is ignored, peer certificate verification is skipped, and the connection proceeds. The vulnerability is limited to: 1. fs2-io running on Node.js. The JVM TLS implementation is completely...

FreshTomato httpd unescape memory corruption vulnerability

Summary A memory corruption vulnerability exists in the httpd unescape functionality of FreshTomato 2022.1. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability. Tested Versions FreshTomato 2022.1 Product URLs...