Withdrawn Advisory
This advisory has been withdrawn because it does not discuss a particular vulnerability in the code of ansi_term.
Original Description
The maintainer has adviced this crate is deprecated and will not receive any maintenance.
The crat…
[shopware/shopware] Shopware contains sensitive data in backend customer module
Impact
The request for the customer detail view in the backend administration contained sensitive data like the hashed password and the session ID.
Patches
We recommend updating to the current version 5.7.15. You can get the update to 5.7.15 regularly …
[shopware/shopware] Shopware access control list bypassed via crafted specific URLs
Impact
If backend admin controllers are called with a certain notation, the ACL could be bypassed. Users could execute actions, which they are normally not able to do.
Patches
We recommend updating to the current version 5.7.15. You can get the update …
[github.com/moby/moby] Moby supplementary group permissions not set up properly, allowing attackers to bypass primary group restrictions
Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where supplementary groups are not set up properly. If an attacker has direct access to a container and manipulates their supp…
[github.com/pandatix/go-cvss] Go-CVSS has Out-of-bounds Read vulnerability in ParseVector function
Impact
When a full CVSS v2.0 vector string is parsed using ParseVector, an Out-of-Bounds Read is possible due to a lack of tests. The Go module will then panic.
Patches
The problem is patched in tag v0.4.0, by the commit d9d478ff0c13b8b09ace030db9262f3…
[tensorflow-cpu] TensorFlow vulnerable to `CHECK` failure in tf.reshape via overflows
Impact
The implementation of tf.reshape op in TensorFlow is vulnerable to a denial of service via CHECK-failure (assertion failure) caused by overflowing the number of elements in a tensor:
import tensorflow as tf
tf.reshape(tensor=[[1]],shape=tf.cons…
[tensorflow] TensorFlow vulnerable to `CHECK` failure in `SobolSample` via missing validation
Impact
The implementation of SobolSampleOp is vulnerable to a denial of service via CHECK-failure (assertion failure) caused by assuming input(0), input(1), and input(2) to be scalar.
import tensorflow as tf
tf.raw_ops.SobolSample(dim=tf.constant([1,0]…
[indy-node] Hyperledger indy-node vulnerable to denial of service
Impact
An attacker can max out the number of client connections allowed by the ledger that was deployed using guidance provided in the indy-node repository, leaving the ledger unable to be used for its intended purpose.
The ledger content will not be i…
[github.com/goharbor/harbor] Harbor fails to validate the user permissions when updating a robot account
Impact
Harbor fails to validate the user permissions when updating a robot account that
belongs to a project that the authenticated user doesn’t have access to. API call:
PUT /robots/{robot_id}
By sending a request that attempts to update a robot accou…
[github.com/goharbor/harbor] Harbor fails to validate the user permissions when updating tag immutability policies
Impact
Harbor fails to validate the user permissions when updating tag immutability policies – API call:
PUT /projects/{project_name_or_id}/immutabletagrules/{immutable_rule_id}
By sending a request to update a tag immutability policy with an id that…