Wiz now integrates with Oracle Cloud Infrastructure, bringing a graph-based cloud security approach to all major providers

Fortune 500’s Avery Dennison among enterprises that operate securely on OCI and other cloud infrastructure with Wiz...

Red Hat stackrox 安全漏洞

Red Hat stackrox is a full lifecycle Kubernetes security solution from Red Hat. It allows you to detect, manage, and mitigate security risks, such as misconfigurations, and vulnerabilities CVEs. A security vulnerability exists in Red Hat stackrox that stems from improper stackrox cleanup. An...

Improper Privilege Management in Neo4j Graph Database

A failure in resetting the security context in some transaction actions in Neo4j Graph Database 4.2 could allow authenticated users to execute commands with elevated privileges...

GHSA-2W4H-F44W-968F Improper Privilege Management in Neo4j Graph Database

A failure in resetting the security context in some transaction actions in Neo4j Graph Database 4.2 could allow authenticated users to execute commands with elevated privileges...

Excessive memory allocation in graph URLs leads to denial of service in Jenkins

Jenkins renders several different graphs for features like agent and label usage statistics, memory usage, or various plugin-provided statistics. Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not limit the graph size provided as query parameters. This allows attackers to request or to...

GHSA-CXQW-VJCR-GP5G Excessive memory allocation in graph URLs leads to denial of service in Jenkins

Jenkins renders several different graphs for features like agent and label usage statistics, memory usage, or various plugin-provided statistics. Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not limit the graph size provided as query parameters. This allows attackers to request or to...

Jenkins Dependency Graph Viewer Plugin contains Cross-site Scripting

A stored cross site scripting vulnerability in Jenkins Dependency Graph Viewer Plugin 0.13 and earlier allowed attackers able to configure jobs in Jenkins to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins...

GHSA-4WJ7-RH5H-5QMR Jenkins Dependency Graph Viewer Plugin contains Cross-site Scripting

A stored cross site scripting vulnerability in Jenkins Dependency Graph Viewer Plugin 0.13 and earlier allowed attackers able to configure jobs in Jenkins to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins...

GHSA-VVFJ-P4JF-J8RM Missing permission check in Jenkins Static Analysis Utilities Plugin

A missing permission check in Jenkins Static Analysis Utilities Plugin 1.95 and earlier in the DefaultGraphConfigurationViewdoSave form handler method allowed attackers with Overall/Read permission to change the per-job default graph configuration for all users...

GHSA-3V9F-4VFF-RX42 Jenkins Static Analysis Utilities Plugin is vulnerable to Cross-site request forgery vulnerability

Jenkins analysis-core Plugin has the capability to allow other plugins to display trend graphs for their static analysis results. analysis-core Plugin provides the configuration form for the default settings of each graph. The configuration form and form submission handler did not perform a...

Security update for cacti, cacti-spine (moderate)

openSUSE Security Update: Security update for cacti, cacti-spine Announcement ID: openSUSE-SU-2022:0145-1 Rating: moderate References: 1192408 1196692 Cross-References: CVE-2022-0730 CVSS scores: CVE-2022-0730 NVD : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux...

CVE-2019-16723

In Cacti through 1.2.6, authenticated users may bypass authorization checks for viewing a graph via a direct graphjson.php request with a modified localgraphid parameter...

Null pointer dereference

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, multiple TensorFlow operations misbehave in eager mode when the resource handle provided to them is invalid. In graph mode, it would have been impossible to perform these API calls, but...

new packages: js-d3-flame-graph

An update is available for js-d3-flame-graph. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

GHSA-383P-XQXX-RRMP Denial of service in Apache Struts

Apache Struts 2.0.0 through 2.3.24.1 does not properly cache method references when used with OGNL before 3.0.12, which allows remote attackers to cause a denial of service block access to a web site via unspecified vectors...

Improper Input Validation in OpenSymphony XWork

ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict pound sign references to context objects, which allows remote attackers to execute Object-Graph Navigation Language OGNL statements and...

GHSA-WXW2-2MX5-C5QF Improper Input Validation in OpenSymphony XWork

ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict pound sign references to context objects, which allows remote attackers to execute Object-Graph Navigation Language OGNL statements and...

GHSA-864W-R5QJ-H6FJ Apache Struts forced double OGNL evaluation

Apache Struts 2.x before 2.3.29 allows remote attackers to execute arbitrary code via a "%" sequence in a tag attribute, aka forced double OGNL evaluation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0785...

Jenkins Dependency Graph Viewer plugin vulnerable to missing permission checks

Jenkins Dependency Graph Viewer plugin 0.12 and earlier did not perform permission checks for the API endpoint that modifies the dependency graph, allowing anyone with Overall/Read permission to modify this data...

GHSA-VHH3-MVC4-HHQ6 Jenkins Dependency Graph Viewer plugin vulnerable to missing permission checks

Jenkins Dependency Graph Viewer plugin 0.12 and earlier did not perform permission checks for the API endpoint that modifies the dependency graph, allowing anyone with Overall/Read permission to modify this data...