EUVD-2023-2555

Malicious code in bioql PyPI...

CVE-2022-3710

A post-auth read-only SQL injection vulnerability allows API clients to read non-sensitive configuration database contents in the API controller of Sophos Firewall releases older than version 19.5 GA...

Sensitive Data Disclosure Vulnerability in Connection Configuration Endpoints

The Fides webserver has a number of endpoints that retrieve ConnectionConfiguration records and their associated secrets which can contain sensitive data e.g. passwords, private keys, etc.. These secrets are stored encrypted at rest in the application database, and the associated endpoints are no...

CVE-2024-29018

Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. Moby's networking implementation allows for many networks, each with their own IP address range and gateway, to be defined. This feature i...

Fides Server-Side Request Forgery Vulnerability in Custom Integration Upload

Impact The Fides web application allows a custom integration to be uploaded as a ZIP file containing configuration and dataset definitions in YAML format. It was discovered that specially crafted YAML dataset and config files allow a malicious user to perform arbitrary requests to internal system...

Malicious code in miro-api-clients (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 787331785bd7ba05994172e4c86d95681d3e2e53caf8660a6832eed760fbfb68 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2022-3710

A post-auth read-only SQL injection vulnerability allows API clients to read non-sensitive configuration database contents in the API controller of Sophos Firewall releases older than version 19.5 GA...

CVE-2021-43051

The Spotfire Server component of TIBCO Software Inc.'s TIBCO Spotfire Server, TIBCO Spotfire Server, and TIBCO Spotfire Server contains a difficult to exploit vulnerability that allows malicious custom API clients with network access to execute internal API operations outside of the scope of thos...

Design/Logic Flaw

The Spotfire Server component of TIBCO Software Inc.'s TIBCO Spotfire Server, TIBCO Spotfire Server, and TIBCO Spotfire Server contains a difficult to exploit vulnerability that allows malicious custom API clients with network access to execute internal API operations outside of the scope of thos...

What does Zero Trust mean for API security?

The old mentality of building a moat around important assets and trusting anyone or anything that is already inside the castle perimeter has failed us. Attackers have developed many techniques to jump the moat and scale the castle walls to get at what they want. Thus, the new rallying cry is to...

CVE-2021-21364

swagger-codegen is an open-source project which contains a template-driven engine to generate documentation, API clients and server stubs in different languages by parsing your OpenAPI / Swagger definition. In swagger-codegen before version 2.4.19, on Unix-Like systems, the system temporary...

Design/Logic Flaw

swagger-codegen is an open-source project which contains a template-driven engine to generate documentation, API clients and server stubs in different languages by parsing your OpenAPI / Swagger definition. In swagger-codegen before version 2.4.19, on Unix like systems, the system's temporary...

Design/Logic Flaw

swagger-codegen is an open-source project which contains a template-driven engine to generate documentation, API clients and server stubs in different languages by parsing your OpenAPI / Swagger definition. In swagger-codegen before version 2.4.19, on Unix-Like systems, the system temporary...

CVE-2021-21364 Generated Code Contains Local Information Disclosure Vulnerability

swagger-codegen is an open-source project which contains a template-driven engine to generate documentation, API clients and server stubs in different languages by parsing your OpenAPI / Swagger definition. In swagger-codegen before version 2.4.19, on Unix-Like systems, the system temporary...

openSUSE Security Update : krb5 (krb5-740)

Clients sending negotiation requests with invalid flags could crash the kerberos server CVE-2009-0845. GSS-API clients could crash when reading from an invalid address space CVE-2009-0844. Invalid length checks could crash applications using the kerberos ASN.1 parser CVE-2009-0847. Under certain...