185 matches found
Hardcoded credentials
Use of Hard-coded, Security-relevant Constants in GitHub repository deepset-ai/haystack prior to 0.1.30...
haystack 安全漏洞
haystack is an open source NLP framework for interacting with your data using Transformer models and LLMs GPT-4, ChatGPT, etc.. A security vulnerability exists in haystack versions prior to 0.1.30 that stems from the use of hard-coded constants...
PT-2023-17189
Name of the Vulnerable Software and Affected Versions deepset-ai/haystack versions prior to 0.1.30 deepset-ai/haystack version 1.15.0 and prior Description The issue is related to the use of hard-coded, security-relevant constants in the GitHub repository deepset-ai/haystack. A patch is available...
CVE-2023-1712 Use of Hard-coded, Security-relevant Constants in deepset-ai/haystack
Use of Hard-coded, Security-relevant Constants in GitHub repository deepset-ai/haystack prior to 0.1.30...
CVE-2023-1712 Use of Hard-coded, Security-relevant Constants in deepset-ai/haystack
Use of Hard-coded, Security-relevant Constants in GitHub repository deepset-ai/haystack prior to 0.1.30...
SUSE CVE-2022-2785
There exists an arbitrary memory read within the Linux Kernel BPF - Constants provided to fill pointers in structs passed in to bpfsysbpf are not verified and can point anywhere, including memory not owned by BPF. An attacker with CAPBPF can arbitrarily read memory from anywhere on the system. We...
Misuse of a Boolean constant
Lines of code Vulnerability details Impact Use of Boolean constants true/false in code is indicative of flawed logic. Boolean constants in code have only a few legitimate uses. Other uses in complex expressions, as conditionals indicate either an error or, most likely, the persistence of faulty...
AZL-11015 CVE-2022-2785 affecting package kernel for versions less than 5.15.82.1-1
There exists an arbitrary memory read within the Linux Kernel BPF - Constants provided to fill pointers in structs passed in to bpfsysbpf are not verified and can point anywhere, including memory not owned by BPF. An attacker with CAPBPF can arbitrarily read memory from anywhere on the system. We...
CVE-2022-2785 Arbitrary Memory read in BPF Linux Kernel
There exists an arbitrary memory read within the Linux Kernel BPF - Constants provided to fill pointers in structs passed in to bpfsysbpf are not verified and can point anywhere, including memory not owned by BPF. An attacker with CAPBPF can arbitrarily read memory from anywhere on the system. We...
Comparison of tokens
Lines of code Vulnerability details Impact In function named getUnderlyingPrice the BaseV1Router01 contract desides price of the token by comparing tokens' symbol name with predefined constant. By passing custom token attacker can force returned value of getUnderlyingPrice function to be incorrec...
Wrong assumption of block time might cause wrong value of votingDelay, votingPeriod
Lines of code Vulnerability details Impact In NounsDAOLogic, there are some constants in the system are estimated with an assumption that block time is 15 second. These constants are used to check value of votingPeriod and votingDelay. Actually, the merge is near and after the merge blocks come...
Malicious code in wm-shared-consts (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 92dd52928f108691d1d01c6e868a6732508ac110b355d42ec67fcd2817ee676e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious Package
Overview epic-am-constants is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package...
Malicious code in mitui-util-constants (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ce013908ed04814a5fc2c6f7cbe2c53563f5f3ca29e47c8d1e6bdfa81087b151 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in babel-plugin-inline-gl-constants (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5b4230bc5ae1e029303b953ce2f3b730106c96218de4621c3189f865e9ba6447 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-1405 Malicious code in babel-plugin-inline-gl-constants (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5b4230bc5ae1e029303b953ce2f3b730106c96218de4621c3189f865e9ba6447 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in yelp-biz-action-constants (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware adc33eaf2b6527c1a5e4c4ddedb8984ebe050cd7ac3adb91d76ff09e08e5f100 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-7335 Malicious code in yelp-biz-action-constants (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware adc33eaf2b6527c1a5e4c4ddedb8984ebe050cd7ac3adb91d76ff09e08e5f100 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious Package
Overview @8x8/oxygen-constants is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
MAL-2022-54 Malicious code in @8x8/oxygen-constants (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware beffc553c7f6ee0e696c3aa46aea8df47ff607906e6fb51e52615a57e72158c7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...