101 matches found
CVE-2024-35189
Fides is an open-source privacy engineering platform. The Fides webserver has a number of endpoints that retrieve ConnectionConfiguration records and their associated secrets which can contain sensitive data e.g. passwords, private keys, etc.. These secrets are stored encrypted at rest in the...
CVE-2024-35189 Sensitive Data Disclosure Vulnerability in Connection Configuration Endpoints in Fides
Fides is an open-source privacy engineering platform. The Fides webserver has a number of endpoints that retrieve ConnectionConfiguration records and their associated secrets which can contain sensitive data e.g. passwords, private keys, etc.. These secrets are stored encrypted at rest in the...
CVE-2024-35189 Sensitive Data Disclosure Vulnerability in Connection Configuration Endpoints in Fides
Fides is an open-source privacy engineering platform. The Fides webserver has a number of endpoints that retrieve ConnectionConfiguration records and their associated secrets which can contain sensitive data e.g. passwords, private keys, etc.. These secrets are stored encrypted at rest in the...
CVE-2024-35189 Sensitive Data Disclosure Vulnerability in Connection Configuration Endpoints in Fides
Fides is an open-source privacy engineering platform. The Fides webserver has a number of endpoints that retrieve ConnectionConfiguration records and their associated secrets which can contain sensitive data e.g. passwords, private keys, etc.. These secrets are stored encrypted at rest in the...
CVE-2024-35189
Fides vulnerability CVE-2024-35189 affects the BigQuery connection configuration secrets, where a bug in masking nested sensitive fields allowed plaintext exposure via API endpoints. Affected component: BigQuerySchema secrets structure containing keyfile_creds.private_key exposed in plaintext acr...
dagster-dbt (>=0.19.3 <=0.20.4), dagster-ext (>=0.0.1a11 <=0.1.0) +8 more potentially affected by unknown CVE via dbt-core (>=1.6.0 <=1.6.12)
dbt-core PYPI version =1.6.0, =0.19.3, =0.0.1a11, =1.6.0b1, =0.1.0, =0.0.1, =1.6.0, =1.3.0, =1.6.0, =0.200.0.dev5, =0.200.0.dev14 Source cves: unknown CVE Source advisory: OSV:GHSA-P72Q-H37J-3HQ7...
Malicious code in vscode-bigquery (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1fcbaeb030fbe447717dc360ccef29f0624e6c166e7ad6b8ab5670c617009abf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-6973 Malicious code in vscode-bigquery (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1fcbaeb030fbe447717dc360ccef29f0624e6c166e7ad6b8ab5670c617009abf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in google-bigquery-adapter (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4effea0e9c65fae925ae0caf8f8786d929e13689c9a04786fa4b264ee26b3689 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-3412 Malicious code in google-bigquery-adapter (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4effea0e9c65fae925ae0caf8f8786d929e13689c9a04786fa4b264ee26b3689 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
A scanning tool for open-sourced software packages? Yes, please!
The Open Source Security Foundation OpenSSF, a collective of industry leaders aimed at improving the security of open-source software OSS, recently announced the release of a prototype tool that scans for malicious packages in open source repositories. This tool, conveniently called Package...
CVE-2021-22571
A local attacker could read files from some other users' SA360 reports stored in the /tmp folder during staging process before the files are loaded in BigQuery. We recommend upgrading to version 1.0.3 or above...
CVE-2021-22571
A local attacker could read files from some other users' SA360 reports stored in the /tmp folder during staging process before the files are loaded in BigQuery. We recommend upgrading to version 1.0.3 or above...
Design/Logic Flaw
A local attacker could read files from some other users' SA360 reports stored in the /tmp folder during staging process before the files are loaded in BigQuery. We recommend upgrading to version 1.0.3 or above...
CVE-2021-22571 Information Leak in SA360-webquery-bigquery through read on /tmp
A local attacker could read files from some other users' SA360 reports stored in the /tmp folder during staging process before the files are loaded in BigQuery. We recommend upgrading to version 1.0.3 or above...
CVE-2021-22571 Information Leak in SA360-webquery-bigquery through read on /tmp
A local attacker could read files from some other users' SA360 reports stored in the /tmp folder during staging process before the files are loaded in BigQuery. We recommend upgrading to version 1.0.3 or above...
Google SA360 WebQuery to BigQuery Exporter安全漏洞
Google SA360 WebQuery to BigQuery Exporter is an open source tool for importing Search Ads 360 Webquery reports into BigQuery from Google, Inc. A security vulnerability exists in versions prior to Google SA360 WebQuery to BigQuery Exporter 1.0.3, which originates from a local attacker being able ...
LeakDB - Web-Scale NoSQL Idempotent Cloud-Native Big-Data Serverless Plaintext Credential Search
LeakDB is a tool set designed to allow organizations to build and deploy their own internal plaintext "Have I Been Pwned"-like service. The LeakDB tool set can normalize, deduplicate, index, sort, and search leaked data sets on the multi-terabyte-scale, without the need to distribute large files ...
On Becoming a Contributor to the HTTP Archive
The HTTP Archive is an open source project that tracks how the web is built. Twice a month it crawls 1.3 million web pages on desktop and emulated mobile devices, and collects technical information about each of the web pages. That information is then aggregated and made available in curated...
Capturing, Analyzing and Responding to Cyber Attacks: cyberprobe
The Cyberprobe project is an open-source distributed architecture for real-time monitoring of networks against attack. The software consists of two components: a probe, which collects data packets and forwards it over a network in standard streaming protocols. a monitor, which receives the stream...