361 matches found
BIT-TENSORFLOW-2022-41883 Out of bounds segmentation fault due to unequal op inputs in Tensorflow
TensorFlow is an open source platform for machine learning. When ops that have specified input sizes receive a differing number of inputs, the executor will crash. We have patched the issue in GitHub commit f5381e0e10b5a61344109c1b7c174c68110f7629. The fix will be included in TensorFlow 2.11. We...
Uncaught Exception in Macro Expecting Native Function to Exist
The query executor would panic when executing a query containing a call to a built-in SurrealDB function that did not exist. This could occur accidentally in situations where the version of the SurrealDB client was newer than the SurrealDB server or when a pre-parsed query was provided to the...
GHSA-6WR5-JMPR-MJCX Uncaught Exception in Macro Expecting Native Function to Exist
The query executor would panic when executing a query containing a call to a built-in SurrealDB function that did not exist. This could occur accidentally in situations where the version of the SurrealDB client was newer than the SurrealDB server or when a pre-parsed query was provided to the...
XXL-JOB Code Issue Vulnerability
XXL-JOB is a distributed task scheduling platform based on the java language from the Xu Xue Li XXL-JOB community. A code issue vulnerability exists in xxl-job 2.4.1 and earlier versions, which stems from running a low-privilege user-controlled executor for RCE...
CVE-2024-24113
xxl-job = 2.4.1 has a Server-Side Request Forgery SSRF vulnerability, which causes low-privileged users to control executor to RCE...
Improper Handling of Insufficient Privileges (Leaky Vessels)
Overview Affected versions of this package are vulnerable to Improper Handling of Insufficient Privileges Leaky Vessels via APIs for running interactive containers based on built images. It is possible to use these APIs to ask BuildKit to run a container with elevated privileges. Normally, runnin...
CVE-2023-48804
In TOTOLINK X6000R V9.4.0cu.852B20230719, the shttpd file, sub4119A0 function obtains fields from the front-end through Uci Set The Str function when passed to the CsteSystem function creates a command execution vulnerability...
Privilege Escalation
org.apache.hadoop, hadoop-yarn-server-nodemanager is vulnerable to Privilege Escalation. The vulnerability is caused by making the rpath of container-executor binary of Apache Hadoop configurable from $ORIGIN/ to $ORIGIN/:../lib/native/. This is the path through which .so files are loaded. This c...
Apache Hadoop allows local user to gain root privileges
Relative library resolution in linux container-executor binary in Apache Hadoop 3.3.1-3.3.4 on Linux allows local user to gain root privileges. If the YARN cluster is accepting work from remote authenticated users, this MAY permit remote users to gain root privileges. Hadoop 3.3.0 updated the "...
CVE-2023-26031
Relative library resolution in linux container-executor binary in Apache Hadoop 3.3.1-3.3.4 on Linux allows local user to gain root privileges. If the YARN cluster is accepting work from remote authenticated users, this MAY permit remote users to gain root privileges. Hadoop 3.3.0 updated the "...
Command injection
Relative library resolution in linux container-executor binary in Apache Hadoop 3.3.1-3.3.4 on Linux allows local user to gain root privileges. If the YARN cluster is accepting work from remote authenticated users, this MAY permit remote users to gain root privileges. Hadoop 3.3.0 updated the "...
CVE-2023-26031 Privilege escalation in Apache Hadoop Yarn container-executor binary on Linux systems
Relative library resolution in linux container-executor binary in Apache Hadoop 3.3.1-3.3.4 on Linux allows local user to gain root privileges. If the YARN cluster is accepting work from remote authenticated users, this MAY permit remote users to gain root privileges. Hadoop 3.3.0 updated the "...
CVE-2023-26031 Privilege escalation in Apache Hadoop Yarn container-executor binary on Linux systems
Relative library resolution in linux container-executor binary in Apache Hadoop 3.3.1-3.3.4 on Linux allows local user to gain root privileges. If the YARN cluster is accepting work from remote authenticated users, this MAY permit remote users to gain root privileges. Hadoop 3.3.0 updated the "...
the function _validateExecutionRequest checks the valid excutor account by the address of account given in call data instead of msg.sender which is realy easily exploitble
Lines of code Vulnerability details Impact the function validateExecutionRequest checks the valid excutor account by the address of account given in call data instead of msg.sender which is realy easily exploitable if you look at the function function validateExecutionRequestExecutionRequest...
Executor can effectively bypass _checkSubAccountSecurityConfig by adding a new Module
Lines of code Vulnerability details Impact An Executor is an account authorized to perform module execution on a subAccount through the ExecutorPlugin. Gnosis Safe Modules manage to bypass the entire guard logic Safe 1.5 has that new guard hook, but there's also no hook logic done in Brahma. For...
Console account cannot execute a transaction on a sub account unless it registers itself as an executor
Lines of code Vulnerability details The Executor is an account authorized to make module transactions on a subAccount via ExecutorPlugin. The executor is assigned/registered by the subaccount created by the console account. But the console account itself cannot execute the transaction & is...
CVE-2023-5562
An unsafe default configuration in KNIME Analytics Platform before 5.2.0 allows for a cross-site scripting attack. When KNIME Analytics Platform is used as an executor for either KNIME Server or KNIME Business Hub several JavaScript-based view nodes do not sanitize the data that is displayed by...
Cross site scripting
An unsafe default configuration in KNIME Analytics Platform before 5.2.0 allows for a cross-site scripting attack. When KNIME Analytics Platform is used as an executor for either KNIME Server or KNIME Business Hub several JavaScript-based view nodes do not sanitize the data that is displayed by...
PT-2023-32177 · Knime · Knime Analytics Platform
Name of the Vulnerable Software and Affected Versions: KNIME Analytics Platform versions prior to 5.2.0 Description: The issue is related to an unsafe default configuration that allows for a cross-site scripting attack. When KNIME Analytics Platform is used as an executor for either KNIME Server ...
SecurityCouncilMemberSyncAction.perform is not exclusively can be scheduled from SecurityCouncilManager's operations
Lines of code Vulnerability details Impact SecurityCouncilMemberSyncAction.perform is a crucial function that will be triggered by upgrade executor via delegate call after the whole election process or after current members do some update add/remove/replace/rotate to update security council...