CVE-2023-22950

TigerGraph CVE-2023-22950 affects TigerGraph Enterprise Free Edition 3.x. The issue enables data loading jobs in gsql_server, created by any user with designer permissions, to read sensitive data from arbitrary locations. The core impact is sensitive data exposure (confidentiality impact H) with ...

Node.js: insecure loading of ICU data through ICU_DATA environment variable

An untrusted search path vulnerability exists in Node.js. 19.6.1, 18.14.1, 16.19.1, and 14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges...

SUSE-SU-2023:0682-1 Security update for nodejs12

This update for nodejs12 fixes the following issues: - CVE-2023-23920: Fixed insecure loading of ICU data through ICUDATA environment bsc1208487...

SUSE-SU-2023:0674-1 Security update for nodejs14

This update for nodejs14 fixes the following issues: Update to 14.21.3: - CVE-2023-23918: Fixed permissions policies that could have been bypassed via process.mainModule bsc1208481. - CVE-2023-23920: Fixed insecure loading of ICU data through ICUDATA environment bsc1208487...

SUSE-SU-2023:0607-1 Security update for nodejs14

This update for nodejs14 fixes the following issues: Update to 14.21.3: - CVE-2023-23918: Fixed permissions policies that could have been bypassed via process.mainModule bsc1208481. - CVE-2023-23920: Fixed insecure loading of ICU data through ICUDATA environment bsc1208487...

CVE-2023-23920

An untrusted search path vulnerability exists in Node.js. 19.6.1, 18.14.1, 16.19.1, and 14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges...

CVE-2023-23920

An untrusted search path vulnerability exists in Node.js. 19.6.1, 18.14.1, 16.19.1, and 14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges...

Thursday February 16 2023 Security Releases

Thursday February 16 2023 Security Releases Update 16-February-2023 Security releases available Updates are now available for the v19.x, v18.x, v16.x, and v14.x Node.js release lines for the following issues. OpenSSL Security updates This security release includes OpenSSL security updates as...

The vulnerability of the data loading function of the Web Manager application, integrated with SSL for the Wi-Fi module of Lantronix PremierWave 2050, allows a hacker to execute arbitrary commands.

The vulnerability of the data loading function of the Web Manager application in the Lantronix PremierWave 2050 Wi-Fi module exists due to the failure to take measures to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability allows a malicious actor...

CVE-2022-44011

A heap buffer overflow issue was discovered in ClickHouse server. A malicious user with ability to load data into ClickHouse server could crash the ClickHouse server by inserting a malformed CapnProto object. Fix has been pushed to version 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16, 22.3.12.19...

GHSA-RF66-HMQF-Q3FC Improper Neutralization of Input During Web Page Generation in Select2

In Select2 through 4.0.5, as used in Snipe-IT and other products, rich selectlists allow XSS. This affects use cases with Ajax remote data loading when HTML templates are used to display listbox data...

WordPress Custom Popup Builde plugin denial of service vulnerability

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. A denial of service vulnerability exists in versions of the WordPress Custom Popup Builde plugin prior to 1.3.1,...

PYSEC-2021-92

An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not properly check that the block advance was non-zero, potentially leading to an infinite loop on load...

Code Injection in uber/petastorm

Description Petastorm is an open source data access library developed at Uber ATG. This library enables single machine or distributed training and evaluation of deep learning models directly from datasets in Apache Parquet format. Petastorm supports popular Python-based machine learning ML...

CVE-2016-10744

In Select2 through 4.0.5, as used in Snipe-IT and other products, rich selectlists allow XSS. This affects use cases with Ajax remote data loading when HTML templates are used to display listbox data...

Code injection

In Select2 through 4.0.5, as used in Snipe-IT and other products, rich selectlists allow XSS. This affects use cases with Ajax remote data loading when HTML templates are used to display listbox data...

CVE-2016-10744

In Select2 through 4.0.5, as used in Snipe-IT and other products, rich selectlists allow XSS. This affects use cases with Ajax remote data loading when HTML templates are used to display listbox data...

CVE-2016-10744

In Select2 through 4.0.5, as used in Snipe-IT and other products, rich selectlists allow XSS. This affects use cases with Ajax remote data loading when HTML templates are used to display listbox data...

CVE-2016-10744

In Select2 through 4.0.5, as used in Snipe-IT and other products, rich selectlists allow XSS. This affects use cases with Ajax remote data loading when HTML templates are used to display listbox data...

CVE-2017-15308

Huawei iReader app before 8.0.2.301 has an input validation vulnerability due to insufficient validation on the URL used for loading network data. An attacker can control app access and load malicious websites created by the attacker, and the code in webpages would be loaded and run...