auto-wasi (=0.1.0), candid-extractor (>=0.1.0 <=0.1.2) +99 more potentially affected by CVE-2022-39393 via wasmtime (>=0.10.0 <=12.0.2)

wasmtime CARGO version =0.10.0, =0.1.0, =0.1.0, =0.1.1, =0.5.3-0, =0.4.0, =0.4.0, =0.0.0, =0.5.0, =0.0.1-alpha, =0.40.1, =0.45.0, =0.1.0, =0.3.0 - inkpad-executor =0.1.0 and more Source cves: CVE-2022-39393 Source advisory: OSV:RUSTSEC-2022-0098...

auto-wasi (=0.1.0), candid-extractor (>=0.1.0 <=0.1.2) +99 more potentially affected by CVE-2022-39392 via wasmtime (>=0.10.0 <=12.0.2)

wasmtime CARGO version =0.10.0, =0.1.0, =0.1.0, =0.1.1, =0.5.3-0, =0.4.0, =0.4.0, =0.0.0, =0.5.0, =0.0.1-alpha, =0.40.1, =0.45.0, =0.1.0, =0.3.0 - inkpad-executor =0.1.0 and more Source cves: CVE-2022-39392 Source advisory: OSV:RUSTSEC-2022-0102...

Hitachi Energy Lumada Asset Performance Management Prognostic Model Executor Service

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/public exploits are available Vendor: Hitachi Energy Equipment: Lumada Asset Performance Manager APM Vulnerabilities: Allocation of Resources Without Limits or Throttling, Code injection 2. RISK EVALUATION Successful exploitation of...

Ping Identity PingCentral 安全漏洞

Ping Identity PingCentral is a self-service delegation management software from Ping Identity, Inc. A security vulnerability exists in Ping Identity PingCentral that originates from exposing the Spring Boot executor endpoint to obtain a large amount of sensitive information...

Theonedev Onedev 授权问题漏洞

Theonedev Onedev is a JAVA-based all-in-one DevOps platform from the Theonedev team. The platform supports container build, orchestration, CI, Git management, team collaboration and other features to help developers build a simple, powerful development platform. Theonedev An authorization issue...

NounsDAOProxy.sol (with LogicV2) cannot call NounsDAOExecutor.acceptAdmin()

Lines of code Vulnerability details Impact It's designed that DAOProxy uses Executor to manage the project and treasury. So DAOProxy can call any external functions in the Executor. But it cannot acceptAdmin, and it's strange. So, DAOProxy instances applying LogicV2 will not be able to acceptAdmi...

com.hindog.grid:grid-executor-examples_2.11 (>=1.1.0 <=2.0.1) potentially affected by CVE-2021-34538 via org.apache.hive:hive (=2.1.1)

org.apache.hive:hive MAVEN version =2.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.hive:hive and may be impacted: - com.hindog.grid:grid-executor-examples2.11 =1.1.0, =2.0.1 Source cves: CVE-2021-34538 Source advisory:...

PT-2022-7154 · Apache · Apache Hadoop

Name of the Vulnerable Software and Affected Versions: Apache Hadoop versions 3.3.1 through 3.3.4 Description: The issue is related to the use of an unreliable path search in the Apache Hadoop platform, which can allow a remote attacker to execute commands with root privileges. The vulnerability ...

auto-wasi (=0.1.0), ceres-executor (>=0.1.0 <=0.2.0) +79 more potentially affected by CVE-2022-31146 via wasmtime (>=0.10.0 <=0.37.0)

wasmtime CARGO version =0.10.0, =0.1.0, =0.1.1, =0.5.3-0, =0.4.0, =0.4.0, =0.0.0, =0.40.1, =0.45.0, =0.1.0, =0.1.0, =0.1.0, =0.1.7 - lunatic-common-api =0.9.0 and more Source cves: CVE-2022-31146 Source advisory: OSV:RUSTSEC-2022-0100...

com.github.kostyasha.yet-another-docker:yet-another-docker-plugin (=0.2.0), org.jenkins-ci.plugins.nodesharing:node-sharing-executor (>=2.0.0 <=2.0.3) +3 more potentially affected by CVE-2021-21631 via org.jenkins-ci.plugins:cloud-stats (>=0.1 <=0.23)

org.jenkins-ci.plugins:cloud-stats MAVEN version =0.1, =2.0.0, =0.4.8, =2.15, =2.6, =2.42 Source cves: CVE-2021-21631 Source advisory: OSV:GHSA-XV69-6RF3-W5G2...

au.com.skytix:mesos-scheduler-client (>=1.0.11 <=1.0.15), au.com.skytix:velocity-scheduler (>=1.0.34 <=1.0.40) +40 more potentially affected by CVE-2017-7687 via org.apache.mesos:mesos (>=0.9.0-incubating <=1.1.2)

org.apache.mesos:mesos MAVEN version =0.9.0-incubating, =1.0.11, =1.0.34, =2.1.7, =2.1.7, =2.2.0, =2.2.0, =2.1.2, =2.1.2, =0.18.0, =0.1.3, =0.1.3, =0.18.0, =0.18.0, =0.18.0, =0.1.0, =0.2.0 and more Source cves: CVE-2017-7687 Source advisory: OSV:GHSA-X869-784M-JMJ2...

com.cloudcoreo.plugins:cloudcoreo-deploytime (>=0.1.0 <=0.2.3), com.github.kostyasha.yet-another-docker:yet-another-docker-plugin (>=0.1.0 <=0.1.3) +7 more potentially affected by CVE-2017-2648 via org.jenkins-ci.plugins:ssh-slaves (>=1.10 <=1.13)

org.jenkins-ci.plugins:ssh-slaves MAVEN version =1.10, =0.1.0, =0.1.0, =1.2.8, =2.0.0, =1.3, =1.2.0, =2.9, =2.11, =2.8, =2.19 Source cves: CVE-2017-2648 Source advisory: OSV:GHSA-X654-4WJH-74Q6...

Puma Information Disclosure Vulnerability

Puma is a web server for highly concurrent applications from Evan Phoenix, an individual developer in the United States. Puma suffers from an information disclosure vulnerability that stems from the fact that prior to puma version 5.6.2, puma may not always call close on the response body, and...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the ActionDispatch::Executor function, which expects response bodies to be closed and will not know to reset a thread's local state for the next request in a case where a response body isn't closed, allowing for...

com.hindog.grid:grid-executor-examples_2.11 (>=1.1.0 <=2.0.1) potentially affected by CVE-2020-1926 via org.apache.hive:hive (=2.1.1)

org.apache.hive:hive MAVEN version =2.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.hive:hive and may be impacted: - com.hindog.grid:grid-executor-examples2.11 =1.1.0, =2.0.1 Source cves: CVE-2020-1926 Source advisory:...

Privilege Escalation

openzeppelin/contracts is vulnerable to privilege escalation. The vulnerability exists due to the lack of sanitization in the initializer function which allowed an actor with executor role to escalate privileges...

PYSEC-2022-142

Tensorflow is an Open Source Machine Learning Framework. If a graph node is invalid, TensorFlow can leak memory in the implementation of ImmutableExecutorState::Initialize. Here, we set item-kernel to nullptr but it is a simple OpKernel pointer so the memory that was previously allocated to it...

PYSEC-2022-87

Tensorflow is an Open Source Machine Learning Framework. If a graph node is invalid, TensorFlow can leak memory in the implementation of ImmutableExecutorState::Initialize. Here, we set item-kernel to nullptr but it is a simple OpKernel pointer so the memory that was previously allocated to it...

CVE-2022-23578

Tensorflow is an Open Source Machine Learning Framework. If a graph node is invalid, TensorFlow can leak memory in the implementation of ImmutableExecutorState::Initialize. Here, we set item-kernel to nullptr but it is a simple OpKernel pointer so the memory that was previously allocated to it...

PT-2022-16095 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.8.0 TensorFlow versions 2.7.1 and earlier TensorFlow versions 2.6.3 and earlier TensorFlow versions 2.5.3 and earlier Description: The issue arises when a graph node is invalid, causing TensorFlow to leak memory...