PT-2023-4014 · Apache · Apache Airflow

Name of the Vulnerable Software and Affected Versions: Apache Airflow versions prior to 2.6.3 Description: The issue is related to improper authorization in Apache Airflow, allowing unauthorized read access to a DAG through a specially crafted URL. This could enable a remote attacker to disclose...

EulerOS 2.0 SP11 : glibc (EulerOS-SA-2023-2290)

According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function monstartup of the file...

Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2023-2266)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Moderate: Red Hat Security Advisory: ACS 4.1 enhancement and security update

Updated images are now available for Red Hat Advanced Cluster Security RHACS. The updated image includes new features and bug fixes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detaile...

Security Bulletin: IBM Db2® Graph is vulnerable to deserialization due to Snakeyaml CVE-2022-1471

Summary Snakeyaml open source library used by IBM Db2® Graph is affected by vulnerability CVE-2022-1471 . The fix updates Snakeyaml to 2.0 Vulnerability Details CVEID:CVE-2022-1471 DESCRIPTION: SnakeYaml could allow a remote authenticated attacker to execute arbitrary code on the system, caused b...

Apache Airflow 输入验证错误漏洞

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. An arbitrary file read vulnerability exists in the Apache Airflow ODBC Provider and MSSQL Provider, which stems from the fact that getsqlalchemyconnection can...

Flea APT Targets Foreign Ministries with New Backdoor.Graphican

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Flea APT15 targeted foreign ministries with their new backdoor, Backdoor.Graphican, leveraging Microsoft Graph API and OneDrive for C&C communication. To receive real-time threat advisories, please follo...

Chinese Hacker Group 'Flea' Targets American Ministries with Graphican Backdoor

Foreign affairs ministries in the Americas have been targeted by a Chinese state-sponsored actor named Flea as part of a recent campaign that spanned from late 2022 to early 2023. The cyber attacks, per Broadcom's Symantec, involved a new backdoor codenamed Graphican. Some of the other targets...

Malicious code in assets-graph (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx e513e7556846ca62fa4d27646eef928d55f2c2954ce9caa51dd63643e2adf445 Lazarus Group targeting blockchain and cryptocurrency companies by exploiting software supply chains through malicious npm packages and social engineering...

MAL-2023-107 Malicious code in assets-graph (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx e513e7556846ca62fa4d27646eef928d55f2c2954ce9caa51dd63643e2adf445 Lazarus Group targeting blockchain and cryptocurrency companies by exploiting software supply chains through malicious npm packages and social engineering...

EulerOS Virtualization 2.11.1 : glibc (EulerOS-SA-2023-2069)

According to the versions of the glibc packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function...

CVE-2023-0921

A lack of length validation in GitLab CE/EE affecting all versions from 8.3 before 15.10.8, 15.11 before 15.11.7, and 16.0 before 16.0.2 allows an authenticated attacker to create a large Issue description via GraphQL which, when repeatedly requested, saturates CPU usage...

EulerOS Virtualization 2.9.0 : glibc (EulerOS-SA-2023-2017)

According to the versions of the glibc packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function...

Azure-AccessPermissions - Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment

Easy to use PowerShell script to enumerate access permissions in an Azure Active Directory environment. Background details can be found in the accompanied blog posts: Untangling Azure Active Directory Principals & Access Permissions Untangling Azure Active Directory Permissions II: Privileged...

PT-2023-24499 · Netbox · Netbox

Name of the Vulnerable Software and Affected Versions: Netbox version 3.5.1 Description: A vulnerability allows unauthenticated attackers to execute queries against the GraphQL database, potentially granting them access to sensitive data stored in the database. However, the vendor disputes this,...

EulerOS 2.0 SP10 : glibc (EulerOS-SA-2023-1952)

According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function monstartup of the file...

Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2023-1952)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP10 : glibc (EulerOS-SA-2023-1974)

According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function monstartup of the file...

kernel: ASoc: audio-graph-card2: Fix refcount leak bug in __graph_get_type()

In the Linux kernel, the following vulnerability has been resolved: ASoc: audio-graph-card2: Fix refcount leak bug in graphgettype We should call ofnodeput for the reference before its replacement as it returned by ofgetparent which has increased the refcount. Besides, we should also call ofnodep...

Moderate: Red Hat Security Advisory: grafana security update

An update for grafana is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...