PT-2024-37910 · Foreman · Foreman

Name of the Vulnerable Software and Affected Versions: foreman affected versions not specified Description: A disclosure of sensitive information flaw was found in foreman via the "GraphQL API". If the introspection feature is enabled, it is possible for attackers to retrieve sensitive admin...

Information Exposure

Overview taegis-magic is a Taegis IPython Magics Affected versions of this package are vulnerable to Information Exposure due to the exposure of inspect.currentframe.flocals in the search function in events.py, which exposes a GraphQLService object. This may include sensitive internal values such...

Important: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: golang-fips: Golang FIPS zeroed buffer CVE-2024-9355 dompurify: nesting-based mutation XSS vulnerability CVE-2024-47875 For more details about the security issues, includi...

ALSA-2024:8678 Important: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: golang-fips: Golang FIPS zeroed buffer CVE-2024-9355 dompurify: nesting-based mutation XSS vulnerability CVE-2024-47875 For more details about the security issues, includi...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection through the GraphCypherQAChain class. An attacker can manipulate, delete, or create data, disrupt services, and compromise database integrity by injecting malicious SQL commands into prompts. Note: This vulnerability impac...

PT-2024-32617 · Mattermost +1 · Mattermost +1

Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.5.x through 9.5.9 Mattermost versions 9.10.x through 9.10.2 Mattermost versions 9.11.x through 9.11.1 Description: The issue allows an attacker to generate a large response and cause an amplified GraphQL response which...

The vulnerability in the built-in GraphQL client of the Zimbra Collaboration Suite (ZCS) corporate email management system allows a attacker to perform a CSRF attack and expose sensitive information.

The vulnerability of the built-in GraphQL client of the Zimbra Collaboration Suite email management system is related to the of cross-site requests. Exploiting this vulnerability allows a malicious actor to perform a CSRF attack and expose sensitive information...

RLSA-2024:8327 Important: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: golang-fips: Golang FIPS zeroed buffer CVE-2024-9355 dompurify: nesting-based mutation XSS vulnerability CVE-2024-47875 For more details about the security issues, includi...

AskAI – Text to Security Graph Query

AskAI – Text to Security Graph Query...

Red Hat OpenShift 资源管理错误漏洞

Red Hat OpenShift is a Platform-as-a-Service PaaS cloud computing platform from Red Hat, Inc. that supports building, testing, deploying and running applications. Red Hat OpenShift suffers from a Resource Management Error vulnerability that stems from the presence of a Denial of Service DoS...

ALSA-2024:8327 Important: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: golang-fips: Golang FIPS zeroed buffer CVE-2024-9355 dompurify: nesting-based mutation XSS vulnerability CVE-2024-47875 For more details about the security issues, includi...

Exploit for SQL Injection in Langchain

Proof of Concept for Langchain CVE-2024–8309 Vulnerability...

Important: Red Hat Security Advisory: grafana security update

An update for grafana is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

PT-2024-32481 · Vesoft · Vesoft Nebulagraph

Name of the Vulnerable Software and Affected Versions: vesoft NebulaGraph versions through 3.8.0 Description: An issue was discovered in vesoft NebulaGraph that allows bypassing authentication. Recommendations: For vesoft NebulaGraph versions through 3.8.0, update to a version later than 3.8.0 to...

PT-2024-32482 · Vesoft · Vesoft Nebulagraph

Name of the Vulnerable Software and Affected Versions: vesoft NebulaGraph versions through 3.8.0 Description: An issue was discovered in vesoft NebulaGraph that allows shell command injection. Recommendations: For versions through 3.8.0, update to a version later than 3.8.0 to resolve the issue. ...

VulnCheck KEV: CVE-2021-21801

This vulnerability is present in devicegraphpage.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution...

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. A security vulnerability exists in GitLab CE/EE versions prior to 16.5 to...

media: mc: Fix graph walk in media_pipeline_start

...

PT-2024-31664 · Apache · Apache Airflow

Name of the Vulnerable Software and Affected Versions: Apache Airflow version 2.10.0 Description: The issue allows an authenticated attacker with only DAG trigger permission to execute arbitrary commands. This is related to the example DAG example inlet event extra.py shipped with Apache Airflow...

CVE-2024-44950 serial: sc16is7xx: fix invalid FIFO access with special register set

In the Linux kernel, the following vulnerability has been resolved: serial: sc16is7xx: fix invalid FIFO access with special register set When enabling access to the special register set, Receiver time-out and RHR interrupts can happen. In this case, the IRQ handler will try to read from the FIFO...