19 matches found
Improper Validation of Array Index
Overview Affected versions of this package are vulnerable to Improper Validation of Array Index via the NGAP message handling process. An attacker can cause the application to panic and potentially crash by sending specially crafted messages with invalid PDU Session IDs. Remediation Upgrade...
Improper Validation of Array Index
Overview Affected versions of this package are vulnerable to Improper Validation of Array Index via the NGAP message handling process. An attacker can cause the application to panic and potentially crash by sending specially crafted messages with invalid PDU Session IDs. Remediation Upgrade...
NULL Pointer Dereference
Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the ULNASTransport message handler when processing malformed messages that lack a Request Type. An attacker can cause the application to panic and potentially disrupt service by sending specially crafted...
CVE-2023-49566
In Apache Linkis =1.5.0, due to the lack of effective filtering of parameters, an attacker configuring malicious db2 parameters in the DataSource Manager Module will result in jndi injection. Therefore, the parameters in the DB2 URL should be blacklisted. This attack requires the attacker to obta...
records-mover Injection vulnerability
A weakness has been identified in bluelabsio records-mover up to 1.5.4. The affected element is an unknown function of the component Table Object Handler. This manipulation causes SQL Injection. The attack needs to be launched locally. Upgrading to version 1.6.0 is sufficient to fix this issue...
GHSA-P3JP-7GJ7-H6PR records-mover Injection vulnerability
A weakness has been identified in bluelabsio records-mover up to 1.5.4. The affected element is an unknown function of the component Table Object Handler. This manipulation causes SQL Injection. The attack needs to be launched locally. Upgrading to version 1.6.0 is sufficient to fix this issue...
CVE-2023-7333 bluelabsio records-mover Table Object sql injection
A weakness has been identified in bluelabsio records-mover up to 1.5.4. The affected element is an unknown function of the component Table Object Handler. This manipulation causes sql injection. The attack needs to be launched locally. Upgrading to version 1.6.0 is sufficient to fix this issue...
PT-2026-1689
Name of the Vulnerable Software and Affected Versions bluelabsio records-mover versions up to 1.5.4 Description A weakness exists in bluelabsio records-mover. The issue is related to a SQL injection affecting the Table Object Handler component through an unknown function. Exploitation requires...
CVE-2024-35164
The terminal emulator of Apache Guacamole 1.5.5 and older does not properly validate console codes received from servers via text-based protocols like SSH. If a malicious user has access to a text-based connection, a specially-crafted sequence of console codes could allow arbitrary code to be...
CVE-2024-27182
In Apache Linkis = 1.5.0, Arbitrary file deletion in Basic management services on A user with an administrator account could delete any file accessible by the Linkis system user . Users are recommended to upgrade to version 1.6.0, which fixes this issue...
Improper Isolation or Compartmentalization
Overview promptflow-tools is a Prompt flow built-in tools Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization due to improper isolation or compartmentalization in the handling of Jinja templates. Remediation Upgrade promptflow-tools to version 1.6.0 or...
CVE-2024-39928
Summary of CVE-2024-39928 (Apache Linkis Spark EngineConn) Affected software: Apache Linkis Spark EngineConn in versions up to 1.5.0 (engine component referenced as EngineConn/Spark EngineConn). Vulnerability: Random string generation for Py4j token uses Commons Lang’s RandomStringUtils, enabling...
PT-2024-28740 · Apache · Spark Engineconn +2
Name of the Vulnerable Software and Affected Versions: Apache Linkis versions 1.3.0 through 1.5.0 Description: A Random string security vulnerability exists in Spark EngineConn, where the random string generated by the Token when starting Py4j uses Commons Lang's RandomStringUtils. Recommendation...
CVE-2024-8164
A vulnerability was determined in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. This affects the function rename of the file /Admin/Http/Controllers/FileManagerController.php. This manipulation of the argument newname causes unrestricted upload. The attack can be initiated remotely...
CVE-2024-8165
A vulnerability was identified in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. This vulnerability affects the function exportZip of the file /admin/filemanager/export. Such manipulation of the argument path leads to path traversal. The attack can be launched remotely. The exploit i...
CVE-2024-8163
A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. Affected by this issue is the function destroyFiles of the file /admin/filemanager/files. The manipulation of the argument files results in path traversal. It is possible to launch the attack remotely. The...
PT-2022-20493 · Kctf · Kctf
Name of the Vulnerable Software and Affected Versions: kCTF versions prior to 1.6.0 Description: The kCTF cluster set-src-ip-ranges feature was broken, allowing traffic from any IP. This issue has been patched in version 1.6.0. As a workaround for private challenge testing, users can mark...
Arbitrary Code Execution
Overview ruby-jss is a provides native ruby access to the REST APIs of Jamf Pro, an enterprise/education tool for managing Apple devices, from jamf.com. Affected versions of this package are vulnerable to Arbitrary Code Execution. The Pixar ruby-jss gem allows remote attackers to execute arbitrar...
PT-2020-7588 · Docker · Docker
Name of the Vulnerable Software and Affected Versions: Docker versions prior to 1.6.0 Description: An issue was found where some programs and scripts in Docker are downloaded via HTTP and then executed or used in unsafe ways. This poses a risk due to the lack of encryption and authentication in...