Impact
When mlir::tfg::GraphDefImporter::ConvertNodeDef tries to convert NodeDefs without an op name, it crashes.
Status GraphDefImporter::ConvertNodeDef(OpBuilder &builder, ConversionState &s,
const Node…
[tensorflow] TensorFlow vulnerable to null dereference on MLIR on empty function attributes
Impact
When mlir::tfg::ConvertGenericFunctionToFunctionDef is given empty function attributes, it gives a null dereference.
// Import the function attributes with a `tf.` prefix to match the current
// infrastructure expectations.
for (const auto& …
[tensorflow-gpu] TensorFlow vulnerable to segfault in `Requantize`
Impact
If Requantize is given input_min, input_max, requested_output_min, requested_output_max tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack.
import tensorflow as tf
out_type = tf.quint8
inp…
[github.com/gagliardetto/binary] Binary vulnerable to Slice Memory Allocation with Excessive Size Value
Impact
What kind of vulnerability is it? Who is impacted?
The vulnerability is a memory allocation vulnerability that can be exploited to allocate slices in memory with (arbitrary) excessive size value, which can either exhaust available memory or cr…
[github.com/ElrondNetwork/elrond-go] Elrond-go has improper initialization
Impact
Read only calls between contracts can generate smart contracts results. For example, if contract A calls in read only mode contract B and the called function will make changes upon the contract’s B state, the state will be altered for contract B…
[parse-server] Parse Server vulnerable to brute force guessing of user sensitive data via search patterns
Impact
Internal fields (keys used internally by Parse Server, prefixed by _) and protected fields (user defined) can be used as query constraints. Internal and protected fields are removed by Parse Server from query results and are only returned to the…
[cell-project] `cell-project` used incorrect variance when projecting through `&Cell`
Overview
The issue lies in the implementation of the cell_project macro which used field as *const _ instead of field as *mut _.
The problem being that *const T is covariant in T while *mut T is invariant in T. Keep in mind that &Cell<T> is i…
[github.com/drakkan/sftpgo/v2] SFTPGo vulnerable to recovery codes abuse
Impact
SFTPGo WebAdmin and WebClient support login using TOTP (Time-based One Time Passwords) as a seconday authentication factor. Because TOTPs are often configured on mobile devices that can be lost, stolen or damaged, SFTPGo also supports recovery c…
[org.xwiki.platform:xwiki-platform-web-templates] XWiki Cross-Site Request Forgery (CSRF) for actions on tags
Impact
It’s possible to perform a CSRF attack for adding or removing tags on XWiki pages.
Patches
The problem has been patched in XWiki 13.10.5 and 14.3.
Workarounds
It’s possible to fix the issue without upgrading by locally modifying the documentTa…
[mozjpeg] mozjpeg DecompressScanlines::read_scanlines is Unsound
This issue and vector is similar to RUSTSEC-2020-0029 of rgb crate which mozjpeg depends on.
Affected versions of mozjpeg crate allow creating instances of any type T from bytes,
and do not correctly constrain T to the types for which it is safe to do …