Pentaho Data Integration & Analytics Security Vulnerabilities

Malicious code in glovo-data-platform-importer-brain (PyPI)

-= Per source details. Do not edit below this...

Malicious code in glovo-data-platform-declarative-airflow (PyPI)

-= Per source details. Do not edit below this...

Malicious code in glovo-data-platform-declarative (PyPI)

-= Per source details. Do not edit below this...

Malicious code in forenitz (PyPI)

-= Per source details. Do not edit below this...

Malicious code in forenity (PyPI)

-= Per source details. Do not edit below this...

Malicious code in forenith (PyPI)

-= Per source details. Do not edit below this...

Malicious code in forenitq (PyPI)

-= Per source details. Do not edit below this...

Malicious code in data-platform-observability-validation (PyPI)

-= Per source details. Do not edit below this...

Malicious code in data-platform-observability-core (PyPI)

-= Per source details. Do not edit below this...

Malicious code in data-platform-importer-brain (PyPI)

-= Per source details. Do not edit below this...

Malicious code in data-platform-dbt (PyPI)

-= Per source details. Do not edit below this...

Malicious code in data-platform-airflow-recipes (PyPI)

-= Per source details. Do not edit below this...

Malicious code in data-platform-airflow-operators (PyPI)

-= Per source details. Do not edit below this...

From Top Dogs to Unified Pack

Embracing a consolidated security ecosystem Authored by Ralph Wascow Cybersecurity is as unpredictable as it is rewarding. Each day often presents a new set of challenges and responsibilities, particularly as organizations accelerate digital transformation efforts. This means you and your cyber...

Malicious code in systemrobotassistant (npm)

-= Per source details. Do not edit below this...

Malicious code in sw-google-analytics (npm)

-= Per source details. Do not edit below this...

Malicious code in sun-flare (npm)

-= Per source details. Do not edit below this...

Malicious code in pattern.json (npm)

-= Per source details. Do not edit below this...

Malicious code in mytardis-data-module (npm)

-= Per source details. Do not edit below this...

Malicious code in item-shop-data-client (npm)

-= Per source details. Do not edit below this...

Security Bulletin: IBM Jazz for Service Management is vulnerable due to Apache camel-core-3.2.0.jar ( CVE-2024-22371)

Summary IBM Jazz for Service Management is vulnerable due to Apache camel-core-3.2.0.jar. Exposure of sensitive data by crafting a malicious EventFactory and providing a custom ExchangeCreatedEvent that exposes sensitive data. Vulnerability Details ** CVEID: CVE-2024-22371 DESCRIPTION: **Apache...

Malicious code in eslint-plugin-shein-soc-raw (npm)

-= Per source details. Do not edit below this...

Malicious code in cndpjs (npm)

-= Per source details. Do not edit below this...

Malicious code in cdnpjs (npm)

-= Per source details. Do not edit below this...

CloudBrute - Awesome Cloud Enumerator

A tool to find a company (target) infrastructure, files, and apps on the top cloud providers (Amazon, Google, Microsoft, DigitalOcean, Alibaba, Vultr, Linode). The outcome is useful for bug bounty hunters, red teamers, and penetration testers alike. The complete writeup is available. here...

Malicious code in basencrypt (npm)

-= Per source details. Do not edit below this...

Malicious code in basecrypt (npm)

-= Per source details. Do not edit below this...

Malicious code in apollo-federation-integration-testsuite (npm)

-= Per source details. Do not edit below this...

Malicious code in apm-web-vitals (npm)

-= Per source details. Do not edit below this...

Malicious code in am-packages (npm)

-= Per source details. Do not edit below this...

Malicious code in analytics (npm)

-= Per source details. Do not edit below this...

Malicious code in sheinoutmobile (npm)

-= Per source details. Do not edit below this...

Malicious code in vue3-renderer (npm)

-= Per source details. Do not edit below this...

Malicious code in vue-renderer (npm)

-= Per source details. Do not edit below this...

Malicious code in types (npm)

-= Per source details. Do not edit below this...

Malicious code in shared (npm)

-= Per source details. Do not edit below this...

Malicious code in cli (npm)

-= Per source details. Do not edit below this...

Malicious code in builder (npm)

-= Per source details. Do not edit below this...

PTC Creo Elements/Direct License Server

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: PTC Equipment: Creo Elements/Direct License Server Vulnerability: Missing Authorization 2. RISK EVALUATION Successful exploitation of this vulnerability could allow unauthenticated remote...

ABB Ability System 800xA

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Low attack complexity Vendor: ABB Equipment: 800xA Base Vulnerabilities: Improper Input Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could cause services to crash and restart. 3. TECHNICAL DETAILS 3.1...

Security Bulletin: Apache James and Bouncy Castle vulnerabilities in Apache Solr and Logstash shipped with IBM Operations Analytics - Log Analysis (CVE-2023-33202,CVE-2024-21742,CVE-2024-29857,CVE-2024-30172,CVE-2024-34447)

Summary There are potential denial of service and bypass security restrictions vulnerabilities in Apache James Mime4J and Bouncy Castle Crypto Package, which are used by Apache Solr and Logstash in IBM Operations Analytics - Log Analysis Vulnerability Details ** CVEID: CVE-2024-34447 DESCRIPTION:.....

Security Bulletin: ThreeTen Backport vulnerability has been identified in Apache Solr shipped with IBM Operations Analytics - Log Analysis (CVE-2024-23081,CVE-2024-23082)

Summary There is a potential denial of service vulnerability in ThreeTen Backport that is used by Apache Solr in IBM Operations Analytics - Log Analysis Vulnerability Details ** CVEID: CVE-2024-23082 DESCRIPTION: **ThreeTen Backport is vulnerable to a denial of service, caused by an integer...

Cybersecurity in the SMB space — a growing threat

Small and medium-sized businesses (SMBs) are increasingly targeted by cybercriminals. Despite adopting digital technology for remote work, production, and sales, SMBs often lack robust cybersecurity measures. SMBs face significant cybersecurity challenges due to limited resources and expertise....

How to Cut Costs with a Browser Security Platform

Browser security is becoming increasingly popular, as organizations understand the need to protect at the point of risk - the browser. Network and endpoint solutions are limited in their ability to protect from web-borne threats like phishing websites or malicious browser extensions. They also do.....

New Cyberthreat 'Boolka' Deploying BMANAGER Trojan via SQLi Attacks

A previously undocumented threat actor dubbed Boolka has been observed compromising websites with malicious scripts to deliver a modular trojan codenamed BMANAGER. "The threat actor behind this campaign has been carrying out opportunistic SQL injection attacks against websites in various countries....

Security Bulletin: Apache Commons Configuration vulnerability has been identified in Apache Solr shipped with IBM Operations Analytics - Log Analysis (CVE-2024-29131,CVE-2024-29133)

Summary There is a potential out-of-bounds write vulnerability in Apache Commons Configuration that is used by Apache Solr in IBM Operations Analytics - Log Analysis Vulnerability Details ** CVEID: CVE-2024-29131 DESCRIPTION: **Apache Commons Configuration could allow a remote attacker to execute.....

Security Bulletin: IBM Event Streams is vulnerable to a denial of service attack due to the jose4j component ( CVE-2023-51775).

Summary IBM Event Streams is vulnerable to a a denial of service attack due to the jose4j component. The jose4j library is used in event streams for secure handling of JSON Web Tokens (JWTs), enabling encryption, decryption, and validation of tokens to ensure secure authentication and data...

Security Bulletin: IBM Event Streams is vulnerable to a cross-site request forgery due to the Axios component (CVE-2023-45857).

Summary IBM Event Streams is vulnerable to XSS vulnerability due to Axios component . Axios is a promise-based HTTP library that lets developers make requests to either their own or a third-party server to fetch data. Vulnerability Details ** CVEID: CVE-2023-45857 DESCRIPTION: **Axios is...

Security Bulletin: IBM Event Streams is vulnerable to a denial of service attack due to Okio component ( CVE-2023-3635).

Summary IBM Event Streams is vulnerable to a denial of service attack due to Okio GzipSource component used in our strimzi-kafka-bridge. Okio is used in kafka to efficiently handle byte streams and improve data serialization/deserialization and network communication performance. Vulnerability...

CVE-2024-3249

The Zita Elementor Site Library plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the import_xml_data, xml_data_import, import_option_data, import_widgets, and import_customizer_settings functions in all versions up to, and including,...