CVE-2021-33635

When malicious images are pulled by isula pull, attackers can execute arbitrary code...

CVE-2021-33635

CVE-2021-33635 affects iSulad within EulerOS (and isola-related tooling). The connected Red Hat/EUVD/OpenVAS entries confirm the vulnerability allows arbitrary code execution when malicious images are pulled with isula pull. The root cause is action by pulling/handling images via iSulad’s isula c...

CVE-2021-33635 Pull malicious images may cause process to be hijacked

When malicious images are pulled by isula pull, attackers can execute arbitrary code...

PT-2023-12215 · Isula · Isula

Name of the Vulnerable Software and Affected Versions: isula affected versions not specified Description: The issue allows attackers to execute arbitrary code when malicious images are pulled by isula pull. Recommendations: At the moment, there is no information about a newer version that contain...

openEuler Security Vulnerability

openEuler is an operating system from the Open Atomics Open Source Foundation. A security vulnerability exists in openEuler that stems from an attacker being able to execute arbitrary code when a malicious image is pulled by the isula pull command...

CVE-2023-46227 Apache inlong has an Arbitrary File Read Vulnerability

Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong. This issue affects Apache InLong: from 1.4.0 through 1.8.0, the attacker can use \t to bypass. Users are advised to upgrade to Apache InLong's 1.9.0 or cherry-pick 1 to solve it. 1...

GHSA-WJ6Q-CHPV-MCRX Insufficient Verification of Data Authenticity in Apache InLong

Insufficient Verification of Data Authenticity vulnerability in Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.8.0, General user can view all user data like Admin account. Users are advised to upgrade to Apache InLong's 1.9.0 or cherry-pick 1 to solve it. 1 ...

CVE-2023-43666

Insufficient Verification of Data Authenticity vulnerability in Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.8.0, General user can view all user data like Admin account. Users are advised to upgrade to Apache InLong's 1.9.0 or cherry-pick 1 to solve it. 1 ...

GHSA-PFFG-92CG-XF5C gnark-crypto's exponentiation in the pairing target group GT using GLV can give incorrect results

Impact When the exponent is bigger than r, the group order of the pairing target group GT, the exponentiation à la GLV ExpGLV can sometimes give incorrect results compared to normal exponentiation Exp. The issue impacts all users using ExpGLV for exponentiations in GT. This does not impact Exp an...

gnark-crypto's exponentiation in the pairing target group GT using GLV can give incorrect results

Impact When the exponent is bigger than r, the group order of the pairing target group GT, the exponentiation à la GLV ExpGLV can sometimes give incorrect results compared to normal exponentiation Exp. The issue impacts all users using ExpGLV for exponentiations in GT. This does not impact Exp an...

gnark unsoundness in variable comparison / non-unique binary decomposition

Impact For some in-circuit values, it is possible to construct two valid decomposition to bits. In addition to the canonical decomposition of a, for small values there exists a second decomposition for a+r where r is the modulus the values are being reduced by. The second decomposition was possib...

GHSA-498W-5J49-VQJG gnark unsoundness in variable comparison / non-unique binary decomposition

Impact For some in-circuit values, it is possible to construct two valid decomposition to bits. In addition to the canonical decomposition of a, for small values there exists a second decomposition for a+r where r is the modulus the values are being reduced by. The second decomposition was possib...

The vulnerabilities of the classes DirCacheCheckout, ResolveMerger, PullCommand, and PatchApplier in the Git version control system for the Java Eclipse JGit framework allow a hacker to execute arbitrary code.

The vulnerability of the DirCacheCheckout, ResolveMerger, PullCommand, and PatchApplier classes in the Git version control system for the Java Eclipse JGit framework is related to improper handling of data that is sensitive to registry operations during repository cloning to the file system...

Default configuration

TorchServe is a tool for serving and scaling PyTorch models in production. TorchServe default configuration lacks proper input validation, enabling third parties to invoke remote HTTP download requests and write files to the disk. This issue could be taken advantage of to compromise the integrity...

CVE-2023-43654 TorchServe Server-Side Request Forgery

TorchServe is a tool for serving and scaling PyTorch models in production. TorchServe default configuration lacks proper input validation, enabling third parties to invoke remote HTTP download requests and write files to the disk. This issue could be taken advantage of to compromise the integrity...

OESA-2023-1686 iSulad security update

Security Fixes: When malicious images are pulled by isula pull, attackers can execute arbitrary code.CVE-2021-33635 When the isula load command is used to load malicious images, attackers can execute arbitrary code.CVE-2021-33636 When the isula export command is used to export a container to an...

Out-of-bounds

Vyper is a Pythonic Smart Contract Language for the EVM. The abidecode function does not validate input when it is nested in an expression. Uses of abidecode can be constructed which allow for bounds checking to be bypassed resulting in incorrect results. This issue has not yet been fixed, but a...

PYSEC-2023-191

Vyper is a Pythonic Smart Contract Language for the EVM. The abidecode function does not validate input when it is nested in an expression. Uses of abidecode can be constructed which allow for bounds checking to be bypassed resulting in incorrect results. This issue has not yet been fixed, but a...

PYSEC-2023-191

Vyper is a Pythonic Smart Contract Language for the EVM. The abidecode function does not validate input when it is nested in an expression. Uses of abidecode can be constructed which allow for bounds checking to be bypassed resulting in incorrect results. This issue has not yet been fixed, but a...

CVE-2023-42460 _abi_decode input not validated in complex expressions in Vyper

Vyper is a Pythonic Smart Contract Language for the EVM. The abidecode function does not validate input when it is nested in an expression. Uses of abidecode can be constructed which allow for bounds checking to be bypassed resulting in incorrect results. This issue has not yet been fixed, but a...