GitHub

Impact
Several vulnerabilities have been reported in the time and chrono crates related to handling of calls to localtime_r. You can follow some of the discussions here and here, and the associated CVE here. In our case, the issue with the dependency w…

The HTMLSanitizer class in html-sanitizer.ts in all released versions of the Aurelia framework 1.x repository is vulnerable to XSS. The sanitizer only attempts to filter SCRIPT elements, which makes it feasible for remote attackers to conduct XSS attac…

Froala WYSIWYG HTML Editor is a lightweight WYSIWYG HTML Editor written in JavaScript that enables rich text editing capabilities for web applications. A DOM-based cross-site scripting (XSS) vulnerability exists in versions before 3.2.3 because HTML co…

CakePHP before 4.0.6 mishandles CSRF token generation. This might be remotely exploitable in conjunction with XSS.
References

https://nvd.nist.gov/vuln/detail/CVE-2020-15400
https://bakery.cakephp.org/2020/04/18/cakephp_406_released.html
https://baker…

Impact
The simplifyBroadcast function in the MLIR-TFRT infrastructure in TensorFlow is vulnerable to a segfault (hence, denial of service), if called with scalar shapes.
size_t maxRank = 0;
for (auto shape : llvm::enumerate(shapes)) {
auto foun…

Impact
TensorFlow’s type inference can cause a heap OOB read as the bounds checking is done in a DCHECK (which is a no-op during production):
if (node_t.type_id() != TFT_UNSET) {
int ix = input_idx[i];
DCHECK(ix < node_t.args_size())
<&…

Impact
A GraphDef from a TensorFlow SavedModel can be maliciously altered to cause a TensorFlow process to crash due to encountering a StatusOr value that is an error and forcibly extracting the value from it:
if (op_reg_data->type_ctor != nullptr…

While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associ…

A flaw was found in the Ansible Engine when using module_args. Tasks executed with check mode (–check-mode) do not properly neutralize sensitive data exposed in the event data. This flaw allows unauthorized users to read this data. The highest threat …

SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Starting version 1.0.0 and prior to version 1.3.3, a check was added if the destination file is under a destination directory. However, it is not enforced that _baseDirectory ends with sla…