4602 matches found
TensorFlow has Null Pointer Error in LookupTableImportV2
ImpactThe function tf.rawops.LookupTableImportV2 cannot handle scalars in the values parameter and gives an NPE.pythonimport tensorflow as tfv = [email protected]=Truedef test: func = tf.rawops.LookupTableImportV2 para='tablehandle': v.handle,'keys': 62.98910140991211,...
TensorFlow has Floating Point Exception in TensorListSplit with XLA
ImpactFPE in TensorListSplit with XLA pythonimport tensorflow as tffunc = tf.rawops.TensorListSplitpara = 'tensor': 1, 'elementshape': -1, 'lengths': [email protected]=Truedef fuzzjit: y = funcpara return yprintfuzzjit PatchesWe have patched the issue in GitHub commit...
TensorFlow has Null Pointer Error in RandomShuffle with XLA enable
ImpactNPE in RandomShuffle with XLA enable pythonimport tensorflow as tffunc = tf.rawops.RandomShufflepara = 'value': 1e+20, 'seed': -4294967297, 'seed2': [email protected]=Truedef test: y = funcpara return ytest PatchesWe have patched the issue in GitHub commit...
tripleo-ansible may disclose important configuration details from an OpenStack deployment
A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the relevant directory and discover the file, leading to information disclosure of...
tripleo-ansible may disclose important configuration details from an OpenStack deployment
A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the relevant directory and discover the file. This issue leads to information...
Apache HTTP Server via mod_proxy_uwsgi HTTP response smuggling
HTTP Response Smuggling vulnerability in Apache HTTP Server via modproxyuwsgi. This issue affects Apache HTTP Server from 2.4.30 through 2.4.55 and the uWSGI PyPI package prior to version 2.0.22. Special characters in the origin response header can truncate/split the response forwarded to the...
Saleor Unauthenticated Information Disclosure Vulnerability via Python Exceptions
ImpactSome internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like infrastructure details in unauthenticated requests.Affected versions: Saleor ≥ 2.0.0 WorkaroundsNone For more informationIf you hav...
Sentry SDK leaks sensitive session information when `sendDefaultPII` is set to `True`
ImpactWhen using the Django integration of the Sentry SDK in a specific configuration it is possible to leak sensitive cookies values, including the session cookie to Sentry. These sensitive cookies could then be used by someone with access to your Sentry issues to impersonate or escalate their...
TensorFlow vulnerable to Out-of-Bounds Read in GRUBlockCellGrad
ImpactOut of bounds read in GRUBlockCellGradpythonfunc = tf.rawops.GRUBlockCellGradpara = 'x': 21.1, 156.2, 83.3, 115.4, 'hprev': array136.5, 136.6, 'wru': array26.7, 0.8, 47.9, 26.1, 26.2, 26.3, 'wc': array 0.4, 31.5, 0.6, 'bru': array0.1, 0.2 , dtype=float32, 'bc': 0x41414141, 'r': array0.3, 0....
TensorFlow has null dereference on ParallelConcat with XLA
ImpactWhen running with XLA, tf.rawops.ParallelConcat segfaults with a nullptr dereference when given a parameter shape with rank that is not greater than zero.pythonimport tensorflow as tffunc = tf.rawops.ParallelConcatpara = 'shape': 0, 'values': [email protected]=Truedef test: y = funcpa...
openstack-neutron uncontrolled resource consumption flaw
An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user's quota. If a malicious user were to submit a significa...
TensorFlow has Floating Point Exception in TFLite in conv kernel
ImpactConstructing a tflite model with a paramater filterinputchannel of less than 1 gives a FPE. PatchesWe have patched the issue in GitHub commit 34f8368c535253f5c9cb3a303297743b62442aaa.The fix will be included in TensorFlow 2.12. We will also cherrypick this commit on TensorFlow 2.11.1. For...
TensorFlow has Segfault in Bincount with XLA
ImpactWhen running with XLA, tf.rawops.Bincount segfaults when given a parameter weights that is neither the same shape as parameter arr nor a length-0 tensor.pythonimport tensorflow as tffunc = tf.rawops.Bincountpara='arr': 6, 'size': 804, 'weights': 52, [email protected]=Truedef fuzzjit...
Saleor has Staff-Authenticated Error Message Information Disclosure Vulnerability via Python Exceptions
ImpactSome internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like user email address in staff-authenticated requests.This issue has been patched in versions 3.1.48, 3.7.59, 3.8.30, 3.9.27, 3.10.14...
Open redirect in web2py
Open redirect vulnerability exists in web2py versions prior to 2.23.1. When using the tool, a web2py user may be redirected to an arbitrary website by accessing a specially crafted URL. As a result, the user may become a victim of a phishing attack...
TensorFlow has double free in Fractional(Max/Avg)Pool
Impactnnops.fractionalavgpoolv2 and nnops.fractionalmaxpoolv2 require the first and fourth elements of their parameter poolingratio to be equal to 1.0, as pooling on batch and channel dimensions is not supported.pythonimport tensorflow as tfimport osimport numpy as npfrom tensorflow.python.ops...
Cross-site Scripting in django-ajax-utilities
A vulnerability was found in Mobile Vikings Django AJAX Utilities and classified as problematic. This issue affects the function Pagination of the file djangoajax/static/ajax-utilities/js/pagination.js of the component Backslash Handler. The manipulation of the argument url leads to cross site...
Path traversal in binwalk
A path traversal vulnerability was identified in ReFirm Labs binwalk from version 2.1.2b through 2.3.3 inclusive. By crafting a malicious PFS filesystem file, an attacker can get binwalk's PFS extractor to extract files at arbitrary locations when binwalk is run in extraction mode -e option. Remo...
Vulnerable OpenSSL included in cryptography wheels
pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 0.8.1-39.0.0 are vulnerable to a security issue. More details about the vulnerabilities themselves can be found in https://www.openssl.org/news/secadv/20221213.txt and...
Apache Airflow AWS Provider Generates Error Message Containing Sensitive Information
Generation of Error Message Containing Sensitive Information vulnerability in the Apache Airflow AWS Provider. This issue affects Apache Airflow AWS Provider versions before 7.2.1...
Denial of service vulnerability on Password reset page
ImpactPrevious versions of Kiwi TCMS do not impose rate limits which makes it easier to attempt denial-of-service attacks against the Password reset page. An attacker could potentially send a large number of emails if they know the email addresses of users in Kiwi TCMS. Additionally that may stra...
No protection against brute-force attacks on login page
ImpactPrevious versions of Kiwi TCMS do not impose rate limits which makes it easier to attempt brute-force attacks against the login page. PatchesUsers should upgrade to v12.0 or later. WorkaroundsUsers may install and configure a rate-limiting proxy in front of Kiwi TCMS. For example nginx...
Improper Restriction of Excessive Authentication Attempts in modoboa
Improper Restriction of Excessive Authentication Attempts in GitHub repository modoboa/modoboa-installer prior to 2.0.4...
Improper Certificate Validation in pyload-ng
Improper Certificate Validation in GitHub repository pyload/pyload prior to 0.5.0b3.dev44...
Cross-site Scripting in pyload-ng
Cross-site Scripting XSS - Stored in GitHub repository pyload/pyload prior to 0.5.0b3.dev42...
OpenStack Swift XML external entities (XXE) Injection
An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data...
Apache AGE: Python and Golang drivers allow data manipulation and exposure due to SQL injection
There are issues with the AGE drivers for Golang and Python that enable SQL injections to occur. This impacts AGE for PostgreSQL 11 & AGE for PostgreSQL 12, all versions up-to-and-including 1.1.0, when using those drivers. The fix is to update to the latest Golang and Python drivers in addition t...
Improper Input Validation in pyload-ng
Improper Input Validation in GitHub repository pyload/pyload prior to 0.5.0b3.dev40...
Apache Airflow Google Provider Improper Input Validation vulnerability
Improper Input Validation vulnerability in the Apache Airflow Google Provider. This issue affects Apache Airflow Google Provider versions before 8.10.0...
OpenStack Cinder, glance, and Nova vulnerable to Path Traversal
An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that references a specific backing file path, a...
Path traversal in spotipy
SummaryIf a malicious URI is passed to the library, the library can be tricked into performing an operation on a different API endpoint than intended. DetailsThe code Spotipy uses to parse URIs and URLs accepts user data too liberally which allows a malicious user to insert arbitrary characters...
Apache Superset vulnerable to Cross-Site Request Forgery via legacy REST API endpoints
Two legacy REST API endpoints for approval and request access are vulnerable to cross site request forgery. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0...
Apache Superset's SQL Alchemy connector vulnerable to SQL Injection
A vulnerability in the SQL Alchemy connector of Apache Superset allows an authenticated user with read access to a specific database to add subqueries to the WHERE and HAVING fields referencing tables on the same database that the user should not have access to, despite the user having the featur...
nsupdate.info has Sensitive Cookie Without 'HttpOnly' Flag
A vulnerability classified as problematic has been found in nsupdate.info. This affects an unknown part of the file src/nsupdate/settings/base.py of the component CSRF Cookie Handler. The manipulation of the argument CSRFCOOKIEHTTPONLY leads to cookie without httponly flag. It is possible to...
Pyload contains Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository pyload/pyload prior to 0.5.0b3.dev32. The Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the user agent to send those cookies in plaintext over an HTTP session. This issue is...
Apache Superset vulnerable to Cross-site Scripting
Dashboard rendering does not sufficiently sanitize the content of markdown components leading to possible XSS attack vectors that can be performed by authenticated users with create dashboard permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0...
Apache Superset has Improper Access Control
When explicitly enabling the feature flag DASHBOARDCACHE disabled by default, the system allowed for an unauthenticated user to access dashboard configuration metadata using a REST API Get endpoint. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0...
Apache Superset vulnerable to Injection
An authenticated attacker with write CSS template permissions can create a record with specific HTML tags that will not get properly escaped by the toast message displayed when a user deletes that specific CSS template record. This issue affects Apache Superset version 1.5.2 and prior versions an...
pgAdmin 4 Open Redirect vulnerability
Open redirect vulnerability in pgAdmin 4 versions prior to v6.14 allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL...
pyLoad vulnerable to Improper Restriction of Rendered UI Layers or Frames
Improper Restriction of Rendered UI Layers or Frames in GitHub repository pyload/pyload prior to 0.5.0b3.dev33...
Graphite Web Cross-site Scripting vulnerability
A vulnerability was found in Graphite Web and classified as problematic. This issue affects some unknown processing of the component Template Name Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be...
Apache Superset is vulnerable to Cross-Site Scripting (XSS)
Upload data forms do not correctly render user input leading to possible XSS attack vectors that can be performed by authenticated users with database connection update permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0...
Pyload Insufficient Session Expiration vulnerability
Pyload 0.5.0b3.dev35 has an Insufficient Session Expiration vulnerability. A patch is available and anticipated to be part of version 0.5.0b3.dev36...
sviehb/jefferson vulnerable to path traversal
A vulnerability has been found in the sviehb/jefferson JFFS2 filesystem extraction tool. This vulnerability affects unknown code of the file src/scripts/jefferson. The manipulation leads to path traversal. The attack can be initiated remotely. Upgrading to version 0.4 is able to address this issu...
Apache Superset Open Redirect vulnerability
An authenticated attacker with update datasets permission could change a dataset link to an untrusted site, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0...
Graphite Web Cross-site Scripting vulnerability
A vulnerability was found in Graphite Web. It has been classified as problematic. Affected is an unknown function of the component Absolute Time Range Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the publi...
binwalk vulnerable to UNIX Symbolic Link (Symlink) Following
A vulnerability, which was classified as problematic, was found in ReFirm Labs binwalk up to 2.3.2. Affected is an unknown function of the file src/binwalk/modules/extractor.py of the component Archive Extraction Handler. The manipulation leads to symlink following. It is possible to launch the...
OS Command Injection in Apache Airflow
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Apache Airflow Hive Provider, Apache Airflow allows an attacker to execute arbtrary commands in the task execution context, without write access to DAG files. This issue affects Hive Provider...
Tensorflow vulnerable to Out-of-Bounds Read
ImpactWhen the BaseCandidateSamplerOp function receives a value in trueclasses larger than rangemax, a heap oob vuln occurs.pythontf.rawops.ThreadUnsafeUnigramCandidateSampler trueclasses=0x100000,1, numtrue = 2, numsampled = 2, unique = False, rangemax = 2, seed = 2, seed2 = 2 PatchesWe have...
pyRdfa3 Cross-site Scripting vulnerability
A vulnerability was found in RDFlib pyrdfa3 and classified as problematic. This issue affects the function getoption of the file pyRdfa/init.py. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the patch is ffd1d62dd50d5f4190013b39cedcdfbd81f3ce3e...