17 matches found
EUVD-2024-41577
Malicious code in bioql PyPI...
EUVD-2024-41578
Malicious code in bioql PyPI...
CVE-2024-45745
TopQuadrant TopBraid EDG before version 8.0.1 allows an authenticated attacker to upload an XML DTD file and execute JavaScript to read local files or access URLs XXE. Fixed in 8.0.1 bug fix: TBS-6721...
CVE-2024-45745
TopQuadrant TopBraid EDG before version 8.0.1 allows an authenticated attacker to upload an XML DTD file and execute JavaScript to read local files or access URLs XXE. Fixed in 8.0.1 bug fix: TBS-6721...
CVE-2024-45744
TopQuadrant TopBraid EDG stores external credentials insecurely. An authenticated attacker with file system access can read edg-setup.properites and obtain the secret to decrypt external passwords stored in edg-vault.properties. An authenticated attacker could gain file system access using a...
CVE-2024-45744
TopQuadrant TopBraid EDG stores external credentials insecurely. An authenticated attacker with file system access can read edg-setup.properites and obtain the secret to decrypt external passwords stored in edg-vault.properties. An authenticated attacker could gain file system access using a...
CVE-2024-45745
TopQuadrant TopBraid EDG before version 8.0.1 is vulnerable to an XXE-style flaw: an authenticated attacker can upload an XML DTD file and execute JavaScript to read local files or access URLs. The root cause is an XML DTD handling/upload feature that allows external entity resolution. Impact is ...
CVE-2024-45745 TopQuadrant TopBraid EDG JavaScript console XXE
TopQuadrant TopBraid EDG before version 8.0.1 allows an authenticated attacker to upload an XML DTD file and execute JavaScript to read local files or access URLs XXE. Fixed in 8.0.1 bug fix: TBS-6721...
CVE-2024-45745 TopQuadrant TopBraid EDG JavaScript console XXE
TopQuadrant TopBraid EDG before version 8.0.1 allows an authenticated attacker to upload an XML DTD file and execute JavaScript to read local files or access URLs XXE. Fixed in 8.0.1 bug fix: TBS-6721...
CVE-2024-45744 TopQuadrant TopBraid EDG password manager stores external credentials insecurely
TopQuadrant TopBraid EDG stores external credentials insecurely. An authenticated attacker with file system access can read edg-setup.properites and obtain the secret to decrypt external passwords stored in edg-vault.properties. An authenticated attacker could gain file system access using a...
CVE-2024-45744
TopQuadrant TopBraid EDG stores external credentials in edg-vault.properties and reads secrets from edg-setup.properties, enabling an authenticated attacker with file-system access to decrypt external passwords. Affected from at least v7.1.3; attacker access may be gained via another vulnerabilit...
CVE-2024-45744 TopQuadrant TopBraid EDG password manager stores external credentials insecurely
TopQuadrant TopBraid EDG stores external credentials insecurely. An authenticated attacker with file system access can read edg-setup.properites and obtain the secret to decrypt external passwords stored in edg-vault.properties. An authenticated attacker could gain file system access using a...
PT-2024-31743
Name of the Vulnerable Software and Affected Versions: TopBraid EDG versions prior to 7.3 TopBraid EDG versions 7.1.3 Description: TopBraid EDG stores external credentials insecurely, allowing an authenticated attacker with file system access to read edg-setup.properties and obtain the secret to...
TopQuadrant TopBraid EDG 安全漏洞
TopQuadrant TopBraid EDG is a knowledge graph creation and management tool from TopQuadrant. A security vulnerability exists in TopQuadrant TopBraid EDG version 7.1.3, which originates when an authenticated attacker with file system access can obtain the key to decrypt an external password stored...
PT-2024-31744
Name of the Vulnerable Software and Affected Versions: TopQuadrant TopBraid EDG versions prior to 8.0.1 Description: The issue allows an authenticated attacker to upload an XML DTD file and execute JavaScript, enabling them to read local files or access URLs, which is an example of an XML Externa...
TopQuadrant TopBraid EDG 安全漏洞
TopQuadrant TopBraid EDG is a knowledge graph creation and management tool from TopQuadrant. A security vulnerability exists in TopQuadrant TopBraid EDG versions prior to 8.0.1, which originated from a vulnerability that allows an authenticated attacker to upload an XML DTD file and execute...
TopQuadrant TopBraid EDG Insecure External Password Storage and XXE Vulnerabilities
RISK EVALUATION TopQuadrant TopBraid EDG stores credentials for external services insecurely and processes untrusted XML entities. An authenticated attacker could obtain credentials for remote services, read local files, or access URLs. 2. RECOMMENDED PRACTICES Upgrade to TopQuadrant TopBraid...