Important: Red Hat Security Advisory: Kiali 2.17.2 for Red Hat OpenShift Service Mesh 3.2

Kiali 2.17.2 for Red Hat OpenShift Service Mesh 3.2 Kiali 2.17.2, for Red Hat OpenShift Service Mesh 3.2, provides observability for the service mesh by offering a visual representation of the mesh topology and metrics, helping users monitor, trace, and manage efficiently. Security Fixes:...

EUVD-2023-57559

Malicious code in bioql PyPI...

Moderate: Red Hat Security Advisory: Custom Metrics Autoscaler Operator for Red Hat OpenShift 2.17.2-1 Update

Custom Metrics Autoscaler Operator for Red Hat OpenShift updates. The following updates for the Custom Metric Autoscaler operator for Red Hat OpenShift are now available: custom-metrics-autoscaler-adapter-container custom-metrics-autoscaler-admission-webhooks-container...

MLflow Uncontrolled Resource Consumption vulnerability

In mlflow/mlflow version 2.17.2, the /graphql endpoint is vulnerable to a denial of service attack. An attacker can create large batches of queries that repeatedly request all runs from a given experiment. This can tie up all the workers allocated by MLFlow, rendering the application unable to...

CVE-2025-0453

In mlflow/mlflow version 2.17.2, the /graphql endpoint is vulnerable to a denial of service attack. An attacker can create large batches of queries that repeatedly request all runs from a given experiment. This can tie up all the workers allocated by MLFlow, rendering the application unable to...

CVE-2025-0453 Denial of Service through Batched Queries in GraphQL in mlflow/mlflow

In mlflow/mlflow version 2.17.2, the /graphql endpoint is vulnerable to a denial of service attack. An attacker can create large batches of queries that repeatedly request all runs from a given experiment. This can tie up all the workers allocated by MLFlow, rendering the application unable to...

MLflow 安全漏洞

MLflow is an open source platform from MLflow that simplifies machine learning development, including tracking experiments, packaging code into repeatable runs, and sharing and deploying models. A security vulnerability exists in MLflow version 2.17.2, which stems from a possible denial-of-servic...

CVE-2024-50500

Missing Authorization vulnerability in By Averta Shortcodes and extra features for Phlox theme allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.17.2...

CVE-2024-50500 WordPress Phlox Core Elements plugin <= 2.17.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in averta Shortcodes and extra features for Phlox theme auxin-elements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shortcodes and extra features for Phlox theme: from n/a through = 2.17.4...

CVE-2023-40281

EC-CUBE 2.11.0 to 2.17.2-p1 contain a cross-site scripting vulnerability in "mail/template" and "products/product" of Management page. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the other administrator or the user who accessed the website using t...

JVN#46993816: EC-CUBE 2 series vulnerable to cross-site scripting

EC-CUBE 2 series provided by EC-CUBE CO.,LTD. contains a cross-site scripting vulnerability CWE-79 in "mail/template" and "products/product" of Management page. Impact An arbitrary script may be executed on the web browser of the other administrator or the user who accessed the website using the...

CVE-2023-33544

hawtio 2.17.2 is vulnerable to Path Traversal. it is possible to input malicious zip files, which can result in the high-risk files after decompression being stored in any location, even leading to file overwrite...

CVE-2023-33544

hawtio 2.17.2 is vulnerable to Path Traversal. it is possible to input malicious zip files, which can result in the high-risk files after decompression being stored in any location, even leading to file overwrite...

CVE-2023-33544

hawtio 2.17.2 is vulnerable to Path Traversal. it is possible to input malicious zip files, which can result in the high-risk files after decompression being stored in any location, even leading to file overwrite...

Hawt Hawtio 路径遍历漏洞

Hawt Hawtio is a modular web console program for managing Java content. A security vulnerability exists in Hawt Hawtio version 2.17.2 that stems from the presence of a path traversal vulnerability. An attacker can exploit the vulnerability to input a malicious unzipped file, resulting in the file...

PT-2023-24377 · Hawtio · Hawtio

Name of the Vulnerable Software and Affected Versions: hawtio version 2.17.2 Description: The issue allows an attacker to input malicious zip files, which can result in high-risk files after decompression being stored in any location, potentially leading to file overwrite. This is due to a Path...

Git Submodule - Arbitrary Code Execution Vulnerability

Exploit for linux platform in category local exploits These releases fix a security flaw CVE-2018-17456, which allowed an attacker to execute arbitrary code by crafting a malicious .gitmodules file in a project cloned with --recurse-submodules. When running "git clone --recurse-submodules", Git...

Security fix for the ALT Linux 10 package git version 2.17.2-alt1

Sept. 27, 2018 Dmitry V. Levin 2.17.2-alt1 - 2.17.1 - 2.17.2 fixes: CVE-2018-17456...

Regular Expression Denial of Service

Overview Version of is-my-json-valid before 1.4.1 or 2.17.2 are vulnerable to regular expression denial of service ReDoS via the email validation function. Recommendation Update to version 1.4.1, 2.17.2 or later. References - GitHub PR 159 - GitHub Commit b3051b2 - HackerOne Report - GitHub Advis...

CVE-2015-1324

CVE-2015-1324 affects Ubuntu’s Apport before 2.17.2-0ubuntu1.1 (Ubuntu 15.04) and older packages on 14.04/14.10/12.04 releases. The issue arises from incorrect handling of permissions when generating core dumps for setuid binaries, enabling local users to write to arbitrary files and gain root pr...