63 matches found
EUVD-2019-0387
Malware in sbrugna...
EUVD-2018-0571
Malware in sbrugna...
EUVD-2022-5745
Malicious code in bioql PyPI...
EUVD-2022-3293
Malicious code in bioql PyPI...
EUVD-2022-2084
Malicious code in bioql PyPI...
EUVD-2022-5392
Malicious code in bioql PyPI...
Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs
Summary Multiple vulnerabilities were fixed in IBM Cloud Pak for Watson AIOps version 3.6. Vulnerability Details CVEID:CVE-2018-8023 DESCRIPTION: Apache Mesos could allow a remote attacker to obtain sensitive information, caused by a timing attack in the JSON Web Token JWT implementation. By...
GHSA-95Q3-PPPP-R683 Crash when decoding malformed HTTP requests or malformed JSON payload
When parsing a malformed JSON payload, libprocess in Apache Mesos versions 1.4.0 to 1.5.0 might crash due to an uncaught exception. Parsing chunked HTTP requests with trailers can lead to a libprocess crash too because of the mistakenly planted assertion. A malicious actor can therefore cause a...
Crash when decoding malformed HTTP requests or malformed JSON payload
When parsing a malformed JSON payload, libprocess in Apache Mesos versions 1.4.0 to 1.5.0 might crash due to an uncaught exception. Parsing chunked HTTP requests with trailers can lead to a libprocess crash too because of the mistakenly planted assertion. A malicious actor can therefore cause a...
Use after free in Apache Mesos
When handling a libprocess message wrapped in an HTTP request, libprocess in Apache Mesos before 1.1.3, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.0-dev crashes if the request path is empty, because the parser assumes the request path always starts with '/'. A malicious actor can therefore...
ae.teletronics.nlp:entityextraction (=1.3), ae.teletronics.nlp:w2vec (=1.0) +1108 more potentially affected by CVE-2017-9790 via org.apache.mesos:mesos (>=0.13.0 <=1.1.2)
org.apache.mesos:mesos MAVEN version =0.13.0, =1.1.0, =1.0.0, =0.7.0, =0.12.0, =1.2.0, =0.12.0, =1.0.0, =1.2.0, =0.17.0, =0.10.0, =0.15.0, =v1.1.0-226-g847ecff2d8e26f249422247d7665fe15f07b1744 and more Source cves: CVE-2017-9790 Source advisory: OSV:GHSA-VPCV-78CP-WHR3...
com.adobe.api.platform.runtime:mesos (=0.0.2), com.adobe.api.platform.runtime:mesos-actor (>=0.0.3 <=0.0.9) potentially affected by CVE-2017-9790 via org.apache.mesos:mesos (=1.2.1)
org.apache.mesos:mesos MAVEN version =1.2.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.mesos:mesos and may be impacted: - com.adobe.api.platform.runtime:mesos =0.0.2 - com.adobe.api.platform.runtime:mesos-actor =0.0.3, =0.0.9 Source cve...
GHSA-VPCV-78CP-WHR3 Use after free in Apache Mesos
When handling a libprocess message wrapped in an HTTP request, libprocess in Apache Mesos before 1.1.3, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.0-dev crashes if the request path is empty, because the parser assumes the request path always starts with '/'. A malicious actor can therefore...
com.adobe.api.platform.runtime:mesos (=0.0.2), com.adobe.api.platform.runtime:mesos-actor (>=0.0.3 <=0.0.9) potentially affected by CVE-2017-7687 via org.apache.mesos:mesos (=1.2.1)
org.apache.mesos:mesos MAVEN version =1.2.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.mesos:mesos and may be impacted: - com.adobe.api.platform.runtime:mesos =0.0.2 - com.adobe.api.platform.runtime:mesos-actor =0.0.3, =0.0.9 Source cve...
ae.teletronics.nlp:entityextraction (=1.3), ae.teletronics.nlp:w2vec (=1.0) +1108 more potentially affected by CVE-2017-7687 via org.apache.mesos:mesos (>=0.13.0 <=1.1.2)
org.apache.mesos:mesos MAVEN version =0.13.0, =1.1.0, =1.0.0, =0.7.0, =0.12.0, =1.2.0, =0.12.0, =1.0.0, =1.2.0, =0.17.0, =0.10.0, =0.15.0, =v1.1.0-226-g847ecff2d8e26f249422247d7665fe15f07b1744 and more Source cves: CVE-2017-7687 Source advisory: OSV:GHSA-X869-784M-JMJ2...
GHSA-X869-784M-JMJ2 Denial of service in Apache Mesos
When handling a decoding failure for a malformed URL path of an HTTP request, libprocess in Apache Mesos might crash because the code accidentally calls inappropriate function. A malicious actor can therefore cause a denial of service of Mesos masters rendering the Mesos-controlled cluster...
Docker image code execution with Apache Mesos
A specifically crafted Docker image running under the root user can overwrite the init helper binary of the container runtime and/or the command executor in Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.2, 1.6.0 to 1.6.1, and 1.7.0 to 1.7.1. A malicious actor can therefore gain...
mesos: docker image code execution
A flaw was found in Docker image running under root user, where it is possible to overwrite the init helper binary of the container runtime or the command executor in Apache Mesos. A malicious user could use this flaw to gain root-level code execution on the host...
CVE-2019-0204
A flaw was found in Docker image running under root user, where it is possible to overwrite the init helper binary of the container runtime or the command executor in Apache Mesos. A malicious user could use this flaw to gain root-level code execution on the host...
Apache Mesos Code Execution Vulnerability
Apache Mesos is the United States Apache Apache Software Foundation of a set of support for Hadoop, ElasticSearch and Spark and other application architecture of open source cluster management software. There is a security vulnerability in Apache Mesos. The vulnerability can be exploited by an...