CVE-2023-46227 Apache inlong has an Arbitrary File Read Vulnerability

Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong. This issue affects Apache InLong: from 1.4.0 through 1.8.0, the attacker can use \t to bypass. Users are advised to upgrade to Apache InLong's 1.9.0 or cherry-pick 1 to solve it. 1...

GHSA-WJ6Q-CHPV-MCRX Insufficient Verification of Data Authenticity in Apache InLong

Insufficient Verification of Data Authenticity vulnerability in Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.8.0, General user can view all user data like Admin account. Users are advised to upgrade to Apache InLong's 1.9.0 or cherry-pick 1 to solve it. 1 ...

CVE-2023-43666

Insufficient Verification of Data Authenticity vulnerability in Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.8.0, General user can view all user data like Admin account. Users are advised to upgrade to Apache InLong's 1.9.0 or cherry-pick 1 to solve it. 1 ...

GHSA-PFFG-92CG-XF5C gnark-crypto's exponentiation in the pairing target group GT using GLV can give incorrect results

Impact When the exponent is bigger than r, the group order of the pairing target group GT, the exponentiation à la GLV ExpGLV can sometimes give incorrect results compared to normal exponentiation Exp. The issue impacts all users using ExpGLV for exponentiations in GT. This does not impact Exp an...

gnark-crypto's exponentiation in the pairing target group GT using GLV can give incorrect results

Impact When the exponent is bigger than r, the group order of the pairing target group GT, the exponentiation à la GLV ExpGLV can sometimes give incorrect results compared to normal exponentiation Exp. The issue impacts all users using ExpGLV for exponentiations in GT. This does not impact Exp an...

gnark unsoundness in variable comparison / non-unique binary decomposition

Impact For some in-circuit values, it is possible to construct two valid decomposition to bits. In addition to the canonical decomposition of a, for small values there exists a second decomposition for a+r where r is the modulus the values are being reduced by. The second decomposition was possib...

GHSA-498W-5J49-VQJG gnark unsoundness in variable comparison / non-unique binary decomposition

Impact For some in-circuit values, it is possible to construct two valid decomposition to bits. In addition to the canonical decomposition of a, for small values there exists a second decomposition for a+r where r is the modulus the values are being reduced by. The second decomposition was possib...

Default configuration

TorchServe is a tool for serving and scaling PyTorch models in production. TorchServe default configuration lacks proper input validation, enabling third parties to invoke remote HTTP download requests and write files to the disk. This issue could be taken advantage of to compromise the integrity...

CVE-2023-43654 TorchServe Server-Side Request Forgery

TorchServe is a tool for serving and scaling PyTorch models in production. TorchServe default configuration lacks proper input validation, enabling third parties to invoke remote HTTP download requests and write files to the disk. This issue could be taken advantage of to compromise the integrity...

Out-of-bounds

Vyper is a Pythonic Smart Contract Language for the EVM. The abidecode function does not validate input when it is nested in an expression. Uses of abidecode can be constructed which allow for bounds checking to be bypassed resulting in incorrect results. This issue has not yet been fixed, but a...

PYSEC-2023-191

Vyper is a Pythonic Smart Contract Language for the EVM. The abidecode function does not validate input when it is nested in an expression. Uses of abidecode can be constructed which allow for bounds checking to be bypassed resulting in incorrect results. This issue has not yet been fixed, but a...

PYSEC-2023-191

Vyper is a Pythonic Smart Contract Language for the EVM. The abidecode function does not validate input when it is nested in an expression. Uses of abidecode can be constructed which allow for bounds checking to be bypassed resulting in incorrect results. This issue has not yet been fixed, but a...

CVE-2023-42460 _abi_decode input not validated in complex expressions in Vyper

Vyper is a Pythonic Smart Contract Language for the EVM. The abidecode function does not validate input when it is nested in an expression. Uses of abidecode can be constructed which allow for bounds checking to be bypassed resulting in incorrect results. This issue has not yet been fixed, but a...

CVE-2023-42460 _abi_decode input not validated in complex expressions in Vyper

Vyper is a Pythonic Smart Contract Language for the EVM. The abidecode function does not validate input when it is nested in an expression. Uses of abidecode can be constructed which allow for bounds checking to be bypassed resulting in incorrect results. This issue has not yet been fixed, but a...

CVE-2023-42460 _abi_decode input not validated in complex expressions in Vyper

Vyper is a Pythonic Smart Contract Language for the EVM. The abidecode function does not validate input when it is nested in an expression. Uses of abidecode can be constructed which allow for bounds checking to be bypassed resulting in incorrect results. This issue has not yet been fixed, but a...

CVE-2023-23766

An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff in a re-opened Pull Request. To do so, an attacker would need write access to the repository. This vulnerability affected all versions of GitHub Enterpris...

CVE-2023-23766

CVE-2023-23766 describes an incorrect comparison vulnerability in GitHub Enterprise Server that enabled commit smuggling by displaying an incorrect diff when re-opening a Pull Request. Exploitation would require write access to the repository. All versions prior to the fixed releases are affected...

PT-2023-19191 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.6.17 GitHub Enterprise Server versions prior to 3.7.15 GitHub Enterprise Server versions prior to 3.8.8 GitHub Enterprise Server versions prior to 3.9.3 GitHub Enterprise Server versions prior to...

CVE-2023-37459

Contiki-NG is an operating system for internet-of-things devices. In versions 4.9 and prior, when a packet is received, the Contiki-NG network stack attempts to start the periodic TCP timer if it is a TCP packet with the SYN flag set. But the implementation does not first verify that a full TCP...

CVE-2023-37459

CVE-2023-37459 maps to Contiki-NG ≤ 4.9, where the network stack, on receiving a TCP packet with the SYN flag, may access the TCP header before ensuring it is complete. This can trigger an out-of-bounds read from the packet buffer due to reading the flags field in check_for_tcp_syn. The result is...