Security Bulletin: IBM Workload Scheduler potentially affected by a vulnerability found in Json-smart library (CVE-2023-1370)

Summary IBM Workload Scheduler is potentially affected by a vulnerability found in Json-smart library that can cause a stack exhaustion stack overflow and software crash. Specifically, the following plugins can suffer from this issue: Azure Storage Job Executor, Azure Resource Manager Job Executo...

OperatorProposal.sol: Leftover ETH is not refunded to the msg.sender

Lines of code Vulnerability details Impact The OperatorProposal contract is a type of proposal that allows to execute operations on contracts that implement the IOperator interface. Upon execution of the proposal it might be necessary that the executor provides ETH. This is true especially when...

Web applications and Project Loom

Introduction Project Loom aims to bring "easy-to-use, high-throughput, lightweight concurrency" to the JRE. One feature introduced by Project Loom is virtual threads. In this blog post, we'll be exploring what virtual threads mean for web applications using some simple web applications deployed o...

SUSE CVE-2013-1362

Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In Executor NRPE before 2.14 might allow remote attackers to execute arbitrary shell commands via "$" shell metacharacters, which are processed by bash...

SUSE CVE-2014-2913

Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin Executor NRPE 2.15 and earlier allows remote attackers to execute arbitrary commands via a newline character in the -a option to libexec/checknrpe. NOTE: this issue is disputed by multiple parties. It has been reported that the...

SUSE CVE-2022-23578

Tensorflow is an Open Source Machine Learning Framework. If a graph node is invalid, TensorFlow can leak memory in the implementation of ImmutableExecutorState::Initialize. Here, we set item-kernel to nullptr but it is a simple OpKernel pointer so the memory that was previously allocated to it...

CVE-2023-23076

OS Command injection vulnerability in Support Center Plus 11 via Executor in Action when creating new schedules...

CVE-2023-23076

OS Command injection vulnerability in Support Center Plus 11 via Executor in Action when creating new schedules...

Command injection

OS Command injection vulnerability in Support Center Plus 11 via Executor in Action when creating new schedules...

PT-2023-18835 · Unknown · Supportcenter Plus

Name of the Vulnerable Software and Affected Versions: Support Center Plus version 11 Description: The issue is an OS Command injection vulnerability in Support Center Plus via Executor in Action when creating new schedules. Recommendations: For Support Center Plus version 11, consider disabling...

ZOHO ManageEngine SupportCenter Plus 操作系统命令注入漏洞

ZOHO ManageEngine SupportCenter Plus is a Web-based customer support software from ZOHO, Inc. It is used to allow organizations to efficiently manage customer requests, their account and contact information, service contracts, and provide an exceptional customer experience in the process. A...

CVE-2023-23076

OS Command injection vulnerability in Support Center Plus 11 via Executor in Action when creating new schedules...

CVE-2023-23076

CVE-2023-23076 affects ManageEngine SupportCenter Plus 11, where an OS command injection via the Executor in Action when creating new schedules allows unauthenticated or network-based exploitation (cvss3.1: 9.8). For affected versions, multiple sources indicate remediation through upgrading to Su...

SUSE-SU-2023:0010-1 Security update for saphanabootstrap-formula

This update for saphanabootstrap-formula fixes the following issues: - Version bump 0.13.1 revert changes to spec file to re-enable SLES RPM builds CVE-2022-45153: Fixed privilege escalation for arbitrary users in hana/hacluster.sls bsc1205990 - Version bump 0.13.0 pass sid to sudoers in a SLES12...

ai.api.libai.speech:libai-speech-gcp (>=1.4.9 <=1.6.12), ai.apiverse:apipulse (>='1.0.3' <=1.0.20) +17584 more potentially affected by CVE-2022-45688 via org.json:json (>=20070829 <=20220924)

org.json:json MAVEN version =20070829, =1.4.9, ='1.0.3', =1.4.2, =1.4.2, =1.4.2, =1.4.2, =1.4.2, =0.5.0, =0.5.0, =0.5.0, =0.5.8, =0.5.0, =0.5.7, =0.5.0, =0.8.7 and more Source cves: CVE-2022-45688 Source advisory: OSV:GHSA-3VQJ-43W4-2Q58...

Relayer/executor-already-set Error in CrossChainRelayerArbitrum Contract

Lines of code Vulnerability details Summary The setExecutor function in the CrossChainRelayerArbitrum contract improperly reverts when the executor variable has already been set. Impact This bug could prevent the CrossChainRelayerArbitrum contract from properly setting the executor variable,...

the executor can execute fake cross-chain function call

Lines of code Vulnerability details Impact The caller on relayer side can be rugged if the executor call the executeCall on execution side directly to use consume the nonce and fake cross-chain function call. Proof of Concept The expected behavior is that: the relayer relays a cross-chain request...

CVE-2022-41883

TensorFlow is an open source platform for machine learning. When ops that have specified input sizes receive a differing number of inputs, the executor will crash. We have patched the issue in GitHub commit f5381e0e10b5a61344109c1b7c174c68110f7629. The fix will be included in TensorFlow 2.11. We...

CVE-2022-41883

TensorFlow is an open source platform for machine learning. When ops that have specified input sizes receive a differing number of inputs, the executor will crash. We have patched the issue in GitHub commit f5381e0e10b5a61344109c1b7c174c68110f7629. The fix will be included in TensorFlow 2.11. We...

Google TensorFlow 缓冲区错误漏洞

Google TensorFlow is an end-to-end open source platform for machine learning from Google Google. Google TensorFlow is vulnerable to a buffer overflow vulnerability that originates when an operation with a specified input size receives a different number of inputs, and the executor will crash. No...