ghsa

### Impact An issue was discovered in the default implementations of the `VolatileMemory::{get_atomic_ref, aligned_as_ref, aligned_as_mut, get_ref, get_array_ref}` trait functions, which allows out-of-bounds memory access if the `VolatileMemory::get_slice` function returns a `VolatileSlice` whose length is less than the function’s `count` argument. No implementations of `get_slice` provided in `vm_memory` are affected. Users of custom `VolatileMemory` implementations may be impacted if the custom implementation does not adhere to `get_slice`'s documentation. ### Patches The issue started in version 0.1.0 but was fixed in version 0.12.2 by inserting a check that verifies that the `VolatileSlice` returned by `get_slice` is of the correct length. ### Workarounds Not Required ### References https://github.com/rust-vmm/vm-memory/commit/aff1dd4a5259f7deba56692840f7a2d9ca34c9c8 https://crates.io/crates/vm-memory/0.12.2

### Impact The specification of the GG18 threshold ECDSA signature protocol contains a vulnerability allowing an attacker to recover the shared secret key. If a participant generates a Paillier modulus `N` containing small factors (less than `2^100`) they can interact with other participants in the signing protocol to steal their secret key shares in as little as sixteen signing attempts. The master key can then be reconstructed from these shares. ### Patches The implementation of GG18 in tss-lib did not prove that `N` is biprime or that it doesn't contain small factors. The fixed implementation adds the following proofs from the CGGMP21 threshold ECDSA protocol to the key generation: - Paillier-Blum Modulus (`N` is the product of two primes) - No Small Factor (both factors of `N` are greater than `2^256`) These proofs apply to both the Paillier encryption modulus `N`, and the modulus `NTilde` used in MTA proofs. To address the issue in the resharing protocol, an additional round...

An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker to execute arbitrary code via the evaluate function in the numexpr library.

SQL injection vulnerability in DataEase v.1.18.9 allows a remote attacker to obtain sensitive information via a crafted string outside of the blacklist function.

An issue in hjson-java up to v3.0.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted JSON string to string a `StringIndexOutOfBoundsException`.

Improper Access Control in GitHub repository usememos/memos prior to 0.13.2. As of commit `c9aa2eeb9` access tokens which fail validation are rejected.

Improper Input Validation in GitHub repository usememos/memos prior to 0.13.2.

Improper Privilege Management in GitHub repository usememos/memos prior to 0.13.2.

### Impact `DDFFileParser` and `DefaultDDFFileValidator` (and so `ObjectLoader`) are vulnerable to [XXE Attacks](https://owasp.org/www-community/vulnerabilities/XML_External_Entity_(XXE)_Processing). [DDF file](https://github.com/eclipse-leshan/leshan/wiki/Adding-new-objects#the-lwm2m-model) is a LWM2M format used to store LWM2M object description. Leshan users are impacted only if they parse untrusted DDF files (e.g. if they let external users provide their own model), in that case they MUST upgrade to fixed version. If you parse only trusted DDF file and validate only with trusted xml schema, upgrading is not mandatory. ### Patches This is fixed in **v1.5.0** and **2.0.0-M13**. ### Workarounds No easy way. Eventually writing your own `DDFFileParser`/`DefaultDDFFileValidator` (and so `ObjectLoader`) creating a `DocumentBuilderFactory` with : ```java // For DDFFileParser DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); factory.setFeature(XMLConstants.FEATU...

An issue in Archive v3.3.7 allows attackers to execute a path traversal via extracting a crafted zip file.