CVE-2022-41908 `CHECK` fail via inputs in `PyFunc` in Tensorflow

TensorFlow is an open source platform for machine learning. An input token that is not a UTF-8 bytestring will trigger a CHECK fail in tf.rawops.PyFunc. We have patched the issue in GitHub commit 9f03a9d3bafe902c1e6beb105b2f24172f238645. The fix will be included in TensorFlow 2.11. We will also...

CVE-2022-39321 GitHub Actions Runner vulnerable to Docker Command Escaping

GitHub Actions Runner is the application that runs a job from a GitHub Actions workflow. The actions runner invokes the docker cli directly in order to run job containers, service containers, or container actions. A bug in the logic for how the environment is encoded into these docker commands wa...

Team scope authorization bypass when Post/Put request with :team_name in body, allows HTTP parameter pollution

Impact For some Post/Put Concourse endpoint containing :teamname in the URL, a Concourse user can send a request with body including :teamname=team2 to bypass team scope check to gain access to certain resources belong to any other team. The user only needs a valid user session and belongs to...

PYSEC-2022-266

Poetry is a dependency manager for Python. When handling dependencies that come from a Git repository instead of a registry, Poetry uses various commands, such as git clone. These commands are constructed using user input e.g. the repository URL. When building the commands, Poetry correctly avoid...

OESA-2022-1870 grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: Grafana is an open-source platform for monitoring and observability. In versions 5.3 until 9.0.3, 8.5.9, 8.4.10, and 8.3.10, it is possible for a malicious user who has...

CVE-2022-29191 Missing validation causes denial of service via `GetSessionTensor` in TensorFlow

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.GetSessionTensor does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service attack...

GHSA-M2R5-4W96-QXG5 Arbitrary file access through XML parsing in org.xwiki.commons:xwiki-commons-xml

Impact It's possible in a script to access any file accessing to the user running XWiki application server with XML External Entity Injection through the XML script service. For example: velocity set$xml=$services.get'xml' set$xxepayload = "" set$doc=$xml.parse$xxepayload $xml.serialize$doc...

CVE-2022-23643 Side-channel attack in Sourcegraph Code Monitors

Sourcegraph is a code search and navigation engine. Sourcegraph versions 3.35 and 3.36 reintroduced a previously fixed side-channel vulnerabilitity in the Code Monitoring feature where strings in private source code could be guessed by an authenticated but unauthorized actor. This issue affects...

PT-2022-7070 · Unknown · Linuxasmcallgraph

Name of the Vulnerable Software and Affected Versions: LinuxASMCallGraph versions prior to commit 20dba06bd1a3cf260612d4f21547c25002121cd5 Description: The issue is related to incorrect filtering rules of uploaded files, allowing attackers to cause remote code execution on the server side via...

CVE-2022-23601

CVE-2022-23601 affects the Symfony form component (FrameworkBundle) where CSRF protection was not enabled by default after a configuration-loading change. This made applications vulnerable to CSRF attacks when the default was not explicitly enabled. The issue is resolved in patch versions; users ...

CVE-2022-23601 CSRF token missing in Symfony

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony form component provides a CSRF protection mechanism by using a random token injected in the form and using the session to store and control the token submitted by the user. When using the...

Denial of Service in TenderMint

Description Denial of Service Tendermint 0.33.0 and above allow block proposers to include signatures for the wrong block. This may happen naturally if you start a network, have it run for some time and restart it without changing the chainID. It is a misconfiguration to reuse chainIDs. Correct...

GHSA-25MP-G6FV-MQXX Unexpected server crash in Next.js.

Next.js is a React framework. In versions of Next.js prior to 12.0.5 or 11.1.3, invalid or malformed URLs could lead to a server crash. In order to be affected by this issue, the deployment must use Next.js versions above 11.1.0 and below 12.0.5, Node.js above 15.0.0, and next start or a custom...

PYSEC-2021-809

TensorFlow is an open source platform for machine learning. In affeced versions during execution, EinsumHelper::ParseEquation is supposed to set the flags in inputhasellipsis vector and outputhasellipsis boolean to indicate whether there is ellipsis in the corresponding inputs and output. However...

GHSA-QQ89-HQ3F-393P Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links

Impact Arbitrary File Creation, Arbitrary File Overwrite, Arbitrary Code Execution node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in...

GHSA-3JFQ-G458-7QM9 Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization

Impact Arbitrary File Creation, Arbitrary File Overwrite, Arbitrary Code Execution node-tar aims to prevent extraction of absolute file paths by turning absolute paths into relative paths when the preservePaths flag is not set to true. This is achieved by stripping the absolute path root from any...

GHSA-R628-MHMH-QJHW Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning

Impact Arbitrary File Creation, Arbitrary File Overwrite, Arbitrary Code Execution node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in...

Cisco Identity Services Engine 跨站脚本漏洞

Cisco Identity Services Engine ISE is a next-generation identity and access control policy platform that enables organizations to enforce compliance, enhance infrastructure security, and streamline their service operations. A stored cross-site scripting vulnerability exists in the Web management...

GHSA-6FC8-4GX4-V693 ReDoS in Sec-Websocket-Protocol header

Impact A specially crafted value of the Sec-Websocket-Protocol header can be used to significantly slow down a ws server. Proof of concept js for const length of 1000, 2000, 4000, 8000, 16000, 32000 const value = 'b' + ' '.repeatlength + 'x'; const start = process.hrtime.bigint; value.trim.split/...

DEBIAN-CVE-2021-29472

Composer is a dependency manager for PHP. URLs for Mercurial repositories in the root composer.json and package source download URLs are not sanitized correctly. Specifically crafted URL values allow code to be executed in the HgDriver if hg/Mercurial is installed on the system. The impact to...