100 matches found
Microsoft Common Data Model SDK Security Vulnerability
Microsoft Common Data Model SDK is a software application from Microsoft Corporation USA. A security vulnerability exists in Microsoft Common Data Model SDK. An attacker could exploit this vulnerability to cause a denial of service. The following products and versions are affected: Microsoft Comm...
Prometheus Sensitive Endpoint Detected
Prometheus is an open-source monitoring solution which is designed to record metrics in a dimensional data model to make it available through its own PromQL query language or built-in visualization capabilities. Prometheus offer multiple libraries named 'Exporters' to help exporting these endpoin...
GHSA-3X49-G6RC-C284 LiteDB may deserialize bad JSON on object type using _type
Impact LiteDB use a special field in JSON documents to cast diferent types from BsonDocument do POCO classes. When instance of an object are not the same of class, BsonMapper use a special field type string info with full class name with assembly to be loaded and fit in your model. If your end-us...
Modelina 代码注入漏洞
Modelina is the asyncapi personal developer's library for generating data models based on input such as AsyncAPI, OpenAPI or JSON schema documents. A code injection vulnerability exists in versions of Modelina prior to 1.0.0 that stems from vulnerability to code injection attacks...
CVE-2022-43569
In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can inject and store arbitrary scripts that can lead to persistent cross-site scripting XSS in the object name of a Data Model...
CVE-2022-43569
In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can inject and store arbitrary scripts that can lead to persistent cross-site scripting XSS in the object name of a Data Model...
Cross site scripting
In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can inject and store arbitrary scripts that can lead to persistent cross-site scripting XSS in the object name of a Data Model...
CVE-2022-43569 Persistent Cross-Site Scripting via a Data Model object name in Splunk Enterprise
In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can inject and store arbitrary scripts that can lead to persistent cross-site scripting XSS in the object name of a Data Model...
CVE-2022-43569
CVE-2022-43569 affects Splunk Enterprise versions prior to 8.1.12, 8.2.9, and 9.0.2. An authenticated user can inject and store arbitrary scripts resulting in persistent cross-site scripting (XSS) in the object name of a Data Model. Remediation per sources: upgrade to 8.1.12 or later, 8.2.9 or la...
CVE-2022-43569 Persistent Cross-Site Scripting via a Data Model object name in Splunk Enterprise
In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can inject and store arbitrary scripts that can lead to persistent cross-site scripting XSS in the object name of a Data Model...
PT-2022-26972 · Splunk · Splunk Enterprise
Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 8.1.12 Splunk Enterprise versions prior to 8.2.9 Splunk Enterprise versions prior to 9.0.2 Description: The issue allows an authenticated user to inject and store arbitrary scripts, leading to persistent...
Splunk 跨站脚本漏洞
Splunk is a suite of data collection and analysis software from Splunk, Inc. in the United States. The software is primarily used to collect, index, and analyze and the data it generates, including data generated by all IT systems and infrastructures physical, virtual machines, and cloud. A...
Vulnerabilities fixed in Oracle Database Server
Vulnerabilities have been fixed in Oracle Database Server. The vulnerabilities allow a malicious party to carry out attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution User rights Access to sensitive data Orac...
Malicious Package
Overview redux-data-model-documentation is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if...
Malicious code in redux-data-model-documentation (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 53b5812f64dc0e890eccf730c2030854531411dc41a95fa540bd122043cbcc01 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-5728 Malicious code in redux-data-model-documentation (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 53b5812f64dc0e890eccf730c2030854531411dc41a95fa540bd122043cbcc01 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Security Bulletin: IBM Unified Data Model for Healthcare is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44228)
Summary There is a vulnerability in the Apache Log4j open source library used by IBM Unified Data Model for Healthcare. This affects the Industry Models - Glossary Tools optional component. The fix includes Apache Log4j v2.15. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j...
Security Bulletin: IBM Data Model for Energy and Utilities is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44228)
Summary There is a vulnerability in the Apache Log4j open source library is used by IBM Data Model for Energy and Utilities. This affects the Industry Models - Glossary Tools optional component. The fix includes Apache Log4j v2.15. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache...
Oracle Primavera Unifier (Jul 2021 CPU)
The 17.12, 18.8, 19.12, and 20.12 versions of Primavera Unifier installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2021 CPU advisory. - Security-in-Depth issue in the Oracle Spatial and Graph Network Data Model jackson-databind component of Oracle...
A/B Testing, Now with EdgeKV
This blog was co-authored by Tim Vereecke, Josh Johnson, and Medhat Yakan This is a blog series about building an A/B test with EdgeWorkers and EdgeKV. Read part one here. In our previous blog, we wrote the base code for our A/B test and stored the data locally. Although this may be convenient fo...