org.apache.pulsar:distribution (>=2.0.0-rc1-incubating <=2.0.1-incubating), org.apache.pulsar:pulsar-docker-image (>=2.0.0-rc1-incubating <=2.7.4) +1 more potentially affected by CVE-2022-33683 via org.apache.pulsar:pulsar-proxy (>=2.0.0-rc1-incubating <=2.7.4)

org.apache.pulsar:pulsar-proxy MAVEN version =2.0.0-rc1-incubating, =2.0.0-rc1-incubating, =2.0.0-rc1-incubating, =2.1.0-incubating, =2.11.4 Source cves: CVE-2022-33683 Source advisory: OSV:GHSA-J3QW-G67Q-7M64...

com.clever-cloud:biscuit-pulsar (>=2.3.2 <=3.2.0), com.github.shoothzj:test-pulsar (>=3.1.7 <=3.1.11) +4 more potentially affected by CVE-2022-33683 via org.apache.pulsar:pulsar-broker (>=2.9.0 <=2.9.2)

org.apache.pulsar:pulsar-broker MAVEN version =2.9.0, =2.3.2, =3.1.7, =2.9.0, =2.9.0, =2.9.0, =2.9.0, =2.9.2 Source cves: CVE-2022-33683 Source advisory: OSV:GHSA-J3QW-G67Q-7M64...

org.apache.pulsar:pulsar-server-distribution (=2.10.0) potentially affected by CVE-2022-33682 via org.apache.pulsar:pulsar-proxy (=2.10.0)

org.apache.pulsar:pulsar-proxy MAVEN version =2.10.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.pulsar:pulsar-proxy and may be impacted: - org.apache.pulsar:pulsar-server-distribution =2.10.0 Source cves: CVE-2022-33682 Source advisory:...

com.clever-cloud:biscuit-pulsar (>=2.3.2 <=3.2.0), com.github.shoothzj:test-pulsar (>=3.1.7 <=3.1.11) +4 more potentially affected by CVE-2022-33682 via org.apache.pulsar:pulsar-broker (>=2.9.0 <=2.9.2)

org.apache.pulsar:pulsar-broker MAVEN version =2.9.0, =2.3.2, =3.1.7, =2.9.0, =2.9.0, =2.9.0, =2.9.0, =2.9.2 Source cves: CVE-2022-33682 Source advisory: OSV:GHSA-JVF3-MFXV-JCQR...

com.clever-cloud:biscuit-pulsar (>=2.2.2 <=2.3.0), org.apache.pulsar:pulsar-broker-auth-athenz (>=2.8.0 <=2.8.3) +3 more potentially affected by CVE-2022-33683 via org.apache.pulsar:pulsar-broker (>=2.8.0 <=2.8.3)

org.apache.pulsar:pulsar-broker MAVEN version =2.8.0, =2.2.2, =2.8.0, =2.8.0, =2.8.0, =2.8.0, =2.8.3 Source cves: CVE-2022-33683 Source advisory: OSV:GHSA-J3QW-G67Q-7M64...

OESA-2022-1938 shim security update

Initial UEFI bootloader that handles chaining to a trusted full \ bootloader under secure boot environments. Security Fixes: The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function...

Users may not withdraw their tokens.

Lines of code Vulnerability details Impact VTVLVesting's withdraw function has a logic error that impacts the distribution. According to the NATSPEC comment, the users can withdraw their tokens which are fully claimable. However, as per the function's logic users can withdraw their tokens until a...

No check of vesting completion can break the distribution when the admin withdraws tokens

Lines of code Vulnerability details Impact VTVLVesting.sol has withdrawAdmin function to allow admins to withdraw the unallocated tokens. However, it's not controlled whether the vesting is completed. If an uncontrolled withdraw occurs in a FullPremintERC20Token contract, than it would break the...

The vulnerability in the web interface of the commutable managed distribution power supply PDU (iBoot-PDU), which allows a hacker to inject operating system commands.

The vulnerability of the iBoot-PDU web interface of a commutable managed distribution power block is related to the possibility of commands being injected. Exploiting this vulnerability could allow an attacker to inject operating system commands remotely...

Missing permission check in Jenkins build-publisher Plugin

Jenkins Build-Publisher Plugin 1.22 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to obtain names and URLs of Jenkins servers that the plugin is configured to publish builds to, as well as builds pending for publication to tho...

GHSA-3JP6-Q9CG-RVGJ Missing permission check in Jenkins build-publisher Plugin

Jenkins Build-Publisher Plugin 1.22 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to obtain names and URLs of Jenkins servers that the plugin is configured to publish builds to, as well as builds pending for publication to tho...

Critical Remote Hack Flaws Found in Dataprobe's Power Distribution Units

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday released an industrial control systems ICS advisory warning of seven security flaws in Dataprobe's iBoot-PDU power distribution unit product, mostly used in industrial environments and data centers. "Successful exploitation...

PT-2022-20957 · Dataprobe · Dataprobe Iboot Pdu

Name of the Vulnerable Software and Affected Versions: Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 Description: The affected product exposes sensitive data concerning the device. Recommendations: For versions prior to 1.42.06162022, update to version 1.42.06162022 or later to resolve t...

CVE-2022-40426

The d8s-asns for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0...

CVE-2022-38887

The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The democritus-strings package. The affected version is 0.1.0...

Code injection

The d8s-pdfs for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0...

Governance NFT Voting power can be distributed unfairly after the party purchase the NFT because voting power distribution depends on the contribution NFT burning order

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Voting power can be distributed unfairly after the party purchase the NFT because voting power distribution depends on the contribution NFT burning order. For example, the NFT is purchased at price 1.5...

GHSA-H5J3-5X63-P8JV XWiki Platform Web Templates vulnerable to Unauthorized User Registration Through the Distribution Wizard

Impact By passing a template of the distribution wizard to the xpart template, user accounts can be created even when user registration is disabled. This also circumvents any email verification. Before versions 14.2 and 13.10.4, this can also be exploited on a private wiki, thus potentially givin...

XWiki Platform Web Templates vulnerable to Unauthorized User Registration Through the Distribution Wizard

Impact By passing a template of the distribution wizard to the xpart template, user accounts can be created even when user registration is disabled. This also circumvents any email verification. Before versions 14.2 and 13.10.4, this can also be exploited on a private wiki, thus potentially givin...

Google TensorFlow 安全漏洞

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google, Inc. in the United States. A security vulnerability exists in Google TensorFlow, which stems from a denial-of-service attack triggered by an assertion failure given when tf.random.gamma receives a...