971 matches found
What's Wrong with Manufacturing?
In last year's edition of the Security Navigator we noted that the Manufacturing Industry appeared to be totally over-represented in our dataset of Cyber Extortion victims. Neither the number of businesses nor their average revenue particularly stood out to explain this. Manufacturing was also th...
[SECURITY] Fedora 36 Update: redis-6.2.11-1.fc36
Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...
[SECURITY] Fedora 37 Update: redis-7.0.9-1.fc37
Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...
PT-2023-20446 · Geoserver +1 · Geoserver +1
Name of the Vulnerable Software and Affected Versions: GeoNode versions prior to 4.0.3 Description: GeoNode is vulnerable to an XML External Entity XXE injection in the style upload functionality of GeoServer, leading to Arbitrary File Read. The issue arises from the dataset style upload view,...
SUSE CVE-2021-37650
TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for tf.rawops.ExperimentalDatasetToTFRecord and tf.rawops.DatasetToTFRecord can trigger heap buffer overflow and segmentation fault. The implementation assumes that all records in the...
SUSE CVE-2022-21736
Tensorflow is an Open Source Machine Learning Framework. The implementation of SparseTensorSliceDataset has an undefined behavior: under certain condition it can be made to dereference a nullptr value. The 3 input arguments to SparseTensorSliceDataset represent a sparse tensor. However, there are...
[SECURITY] Fedora 37 Update: redis-7.0.8-1.fc37
Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...
Security Navigator Research: Some Vulnerabilities Date Back to the Last Millennium
Vulnerability analysis results in Orange Cyberdefenses' Security Navigator show that some vulnerabilities first discovered in 1999 are still found in networks today. This is concerning. Age of VOC findings Our Vulnerability Scans are performed on a recurring basis, which provides us the opportuni...
Open Redirect
apache-superset is vulnerable to Open Redirect. The vulnerability exists due to improper data validation in the library, allowing an attacker with update dataset permission to change a dataset link to an untrusted site and redirect to the malicious URLs by clicking on a specific dataset...
CVE-2022-43721
An authenticated attacker with update datasets permission could change a dataset link to an untrusted site, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0...
CVE-2022-43721
An authenticated attacker with update datasets permission could change a dataset link to an untrusted site, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0...
CVE-2022-43721 Apache Superset: Open Redirect Vulnerability
An authenticated attacker with update datasets permission could change a dataset link to an untrusted site, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0...
CVE-2022-43721 Apache Superset: Open Redirect Vulnerability
An authenticated attacker with update datasets permission could change a dataset link to an untrusted site, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0...
CVE-2022-43721
CVE-2022-43721 is an Open Redirect vulnerability in Apache Superset. An authenticated user with update datasets permission can alter a dataset’s link to point to an untrusted site, causing users to be redirected when clicking that dataset. Affected: Superset versions ≤ 1.5.2 and 2.0.0, per multip...
PT-2023-14307 · Apache · Apache Superset
Name of the Vulnerable Software and Affected Versions: Apache Superset versions 1.5.2 and prior Apache Superset version 2.0.0 Description: An authenticated attacker with update datasets permission could change a dataset link to an untrusted site. Users could be redirected to this site when clicki...
Apache Superset 输入验证错误漏洞
Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. An input validation error vulnerability exists in Apache Superset versions 1.5.2 and earlier and 2.0.0, which originates from an authenticated attacker with update dataset privileges could change...
[SECURITY] Fedora 37 Update: redis-7.0.5-1.fc37
Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...
eziod 安全漏洞
eziod is simple image object dataset. A security vulnerability exists in eziod that originates from a code execution backdoor inserted by a third party...
wikifaces 安全漏洞
wikifaces is a downloader of the Wikipedia "People" image dataset. A security vulnerability exists in wikifaces that stems from a code execution backdoor that allows third-party injection...
GHSA-748R-5R8Q-273M Apache Superset allows authenticated users to access metadata they have no permission to
Apache Superset up to 1.5.1 allowed for authenticated users to access metadata information related to datasets they have no permission on. This metadata included the dataset name, columns and metrics...