CVE-2022-45283

GPAC MP4box v2.0.0 was discovered to contain a stack overflow in the smilparsetimelist parameter at /scenegraph/svgattributes.c...

Apache Airflow 操作系统命令注入漏洞

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is characterized by scalability and dynamic monitoring. A security vulnerability exists in Apache Airflow Spark Provider versions prior to 4.0.0...

org.apache.hama:hama-examples (>=0.4.0-incubating <=0.7.1), org.apache.hama:hama-graph (>=0.4.0-incubating <=0.7.1) +3 more potentially affected by CVE-2022-45470 via org.apache.hama:hama-core (>=0.4.0-incubating <=0.7.1)

org.apache.hama:hama-core MAVEN version =0.4.0-incubating, =0.4.0-incubating, =0.4.0-incubating, =0.7.0, =0.5.0, =0.7.0, =0.7.1 Source cves: CVE-2022-45470 Source advisory: OSV:GHSA-4WFH-48V4-3R84...

nuvola - Tool To Dump And Perform Automatic And Manual Security Analysis On Aws Environments Configurations And Services

nuvola with the lowercase n is a tool to dump and perform automatic and manual security analysis on AWS environments configurations and services using predefined, extensible and custom rules created using a simple Yaml syntax. The general idea behind this project is to create an abstracted digita...

foreman: foreman: OAuth secret exposure via unauthenticated access to the GraphQL API

A disclosure of sensitive information flaw was found in foreman via the GraphQL API. If the introspection feature is enabled, it is possible for attackers to retrieve sensitive admin authentication keys which could result in a compromise of the entire product's API...

Wiz and Google Cloud’s Security Command Center: Modern threat detection and response rooted in risk prioritization

Fully understand the impact and architecture behind any threat to streamline and speed effective response with a first-of-its-kind integration combining the Wiz Security Graph’s deep cloud and multi-cloud risk context with Google Cloud’s Security Command Center’s advanced threat detection...

PT-2022-35070 · Xilinx · Xilinx Vipp

Name of the Vulnerable Software and Affected Versions: Xilinx VIPP versions prior to v6.0.3 Description: A refcount leak was discovered in the xvip graph dma init function. The actual impact and attack plausibility have not yet been proven. This issue was introduced in Linux Kernel version v4.1 a...

PT-2022-35846 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v4.14.296 Description: A refcount leak was discovered in the xvip graph dma init function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions prior to...

PT-2022-35769 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v4.19.262 Description: A refcount leak was discovered in the xvip graph dma init function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions prior to...

Oracle Database Server (Oct 2022 CPU)

The 19c and 21c versions of Oracle Database Server installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2022 CPU advisory. - Vulnerability in the Oracle Database - Machine Learning Numpy component of Oracle Database Server. The supported version that ...

The vulnerability of the Juniper GraphQL execution environment library, related to an uncontrolled recursion, allows a attacker to cause a service failure.

The vulnerability of the Juniper GraphQL execution environment library is related to an uncontrolled recursion. Exploiting this vulnerability could allow a malicious actor to cause service failures...

Vulnerabilities fixed in Oracle Database Server

Vulnerabilities have been fixed in Oracle Database Server. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to sensitive data Orac...

If L1GraphTokenGateway's outboundTransfer is called by a contract, the entire msg.value is blackholed, whether the ticket got redeemed or not.

Lines of code Vulnerability details The outboundTransfer function in L1GraphTokenGateway is used to transfer user's Graph tokens to L2. To do that it eventually calls the standard Arbitrum Inbox's createRetryableTicket. The issue is that it passes caller's address in the submissionRefundAddress a...

saleor 输入验证错误漏洞

Github saleor is a headless GraphQL commerce platform that delivers a super-fast, dynamic, personalized shopping experience. Beautiful online store, anywhere, on any device. saleor suffers from an input validation error vulnerability that stems from a number of GraphQL mutations that do not...

PT-2022-24863 · Saleor · Saleor

Name of the Vulnerable Software and Affected Versions: Saleor versions prior to 3.1.24 Saleor versions prior to 3.2.14 Saleor versions prior to 3.3.26 Saleor versions prior to 3.4.24 Saleor versions prior to 3.5.23 Saleor versions prior to 3.6.18 Saleor versions prior to 3.7.17 Description: The...

The vulnerability of the OGNL expression transformation class implementation in the Apache Struts software platform allows a hacker to execute arbitrary code.

The vulnerability of the OGNL expression transformation class implementation in the Apache Struts software platform is related to incorrect code generation during the processing of the includeParams attribute. Exploiting this vulnerability allows an attacker to execute arbitrary code by sending a...

GHSA-7J3M-8G3C-9QQQ TensorFlow vulnerable to null-dereference in `mlir::tfg::TFOp::nameAttr`

Impact When mlir::tfg::TFOp::nameAttr receives null type list attributes, it crashes. cpp StatusOr GraphDefImporter::ArgNumTypeconst NamedAttrList &attrs, const OpDef::ArgDef &argdef, SmallVectorImpl &types // Check whether a type list attribute is specified. if !argdef.typelistattr.empty if auto...

cruddl 安全漏洞

cruddl is an open source library from AEB Germany. Used to create a GraphQL API for your database , using GraphQL SDL for your architecture modeling . cruddl has a security vulnerability , an attacker can use this vulnerability can be able to inject arbitrary AQL queries , these queries will be...

PYSEC-2022-43064

The User-Defined Functions UDF feature in TigerGraph 3.6.0 allows installation of a query in the GSQL query language without proper validation. Consequently, an attacker can execute arbitrary C++ code. NOTE: the vendor's position is "GSQL was behaving as expected."...

dBmonster - Track WiFi Devices With Their Recieved Signal Strength

With dBmonster you are able to scan for nearby WiFi devices and track them trough the signal strength dBm of their sent packets sniffed with TShark. These dBm values will be plotted to a graph with matplotlib. It can help you to identify the exact location of nearby WiFi devices use a directional...