Security Bulletin: A Kafka vulnerability affects IBM Operations Analytics Predictive Insights (CVE-2022-34917 )

Summary Kafka vulnerability affects IBM Operations Analytics Predictive Insights CVE-2022-34917. Kafka is used by IBM Operations Analytics Predictive Insight in the data ingestion and processing services. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2022-34917...

Security Bulletin: An Apache-Spark vulnerability affects IBM Operations Analytics Predictive Insights (PVR0342171 )

Summary An Apache-Spark vulnerability affects IBM Operations Analytics Predictive Insights PVR0342171. Apache-Spark is used by IBM Operations Analytics Predictive Insight in the data processing services. The vulnerabilities have been addressed. Vulnerability Details Refer to the security bulletin...

Russian Software Company Pretending to Be American

Computer code developed by a company called Pushwoosh is in about 8,000 Apple and Google smartphone apps. The company pretends to be American when it is actually Russian. According to company documents publicly filed in Russia and reviewed by Reuters, Pushwoosh is headquartered in the Siberian to...

Apache Spark Injection Vulnerability

Apache Spark, a large-scale data processing engine from the Apache Foundation that supports acyclic data streaming and in-memory computing, is vulnerable to injection. An attacker could exploit this vulnerability to execute arbitrary JavaScript code in a user's web browser...

CVE-2022-39273

FlyteAdmin's CVE-2022-39273 describes a vulnerability in the default OAuth2 authorization server configuration. When ExternalAuthorizationServer is not specified, the default clientid hashes and a hardcoded hashed password in Flyte Admin (and propagated to the Propeller configmap in Helm charts) ...

CVE-2022-39273 Default OAuth Authorization Server secret in FlyteAdmin

FlyteAdmin is the control plane for the data processing platform Flyte. Users who enable the default Flyte’s authorization server without changing the default clientid hashes will be exposed to the public internet. In an effort to make enabling authentication easier for Flyte administrators, the...

CVE-2022-39236

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Starting with version 17.1.0-rc.1, improperly formed beacon events can disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the...

CVE-2022-39236

CVE-2022-39236 affects the Matrix JavaScript SDK (matrix-js-sdk). Starting with version 17.1.0-rc.1, improperly formed beacon events (MSC3488) can disrupt or impede the matrix-js-sdk’s operation, potentially preventing safe data processing. The SDK may appear functional while excluding or corrupt...

Carlo Gavazzi UWP SQL注入漏洞

Carlo Gavazzi UWP is a monitoring and control Universal Web Platform from Carlo Gavazzi. It is used for applications such as building automation, energy efficiency performance management and parking lot guidance. A SQL injection vulnerability exists in Carlo Gavazzi UWP 3.0, which can be exploite...

CVE-2022-39236

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Starting with version 17.1.0-rc.1, improperly formed beacon events can disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the...

CVE-2022-39236

Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Starting with version 17.1.0-rc.1, improperly formed beacon events can disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the...

Security feature bypass

Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the AOS-CX LLDP service and/or the management plane of the switch in ArubaOS-CX Switches versions:...

Apache Hadoop Parameter Injection Vulnerability

Apache Hadoop is an open source distributed system infrastructure from the Apache Foundation. The product is capable of distributed processing of large amounts of data and is highly reliable, scalable, and fault-tolerant. Apache Hadoop has a security vulnerability that stems from its...

CVE-2022-2458

An XML external entity injectionXXE vulnerability was found in Business Central. This flaw allows an attacker to interfere with an application's processing of XML data. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. T...

Apache Spark Command Injection Vulnerability

Apache Spark is a large-scale data processing engine that supports acyclic data streaming and in-memory computing from the Apache Foundation. Apache Spark suffers from a command injection vulnerability that can be exploited by an attacker to cause arbitrary shell commands to be executed as the us...

Apache NiFi Command Injection Vulnerability

Apache NiFi is a data processing and distribution system from the Apache Foundation, USA. The Apache NiFi Registry is one of the registries used to store and manage versioning processes. injection vulnerability. The vulnerability stems from the failure of the network system or product to properly...

Intel Processors Denial of Service Vulnerability

Intel Processors Intel processors are American Intel Intel companies that provide interpretation of computer instructions and processing of data in computer software. A denial of service vulnerability exists in Intel Processors that originates from incorrect input authentication. An authenticated...

Apache Hadoop Elevation of Privilege Vulnerability (CNVD-2022-51055)

Apache Hadoop is an open source distributed systems infrastructure from the Apache Foundation. The product is capable of distributed processing of large amounts of data and is highly reliable, scalable, and fault-tolerant. an elevation of privilege vulnerability exists in Apache Hadoop, which ste...

ROS-20220530-03

Vulnerability of Array method of Mozilla Firefox and Mozilla Firefox ESR browsers and Thunderbird mail client is related to code generation errors. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary JavaScript code. remotely to execute arbitrary...

GSD-2022-1002523 data processing in LG F4DV910H2 version possibly all washers in the F4DV series

In the LG F4DV910H2 washing machine, possibly all washers in the F4DV series, a data processing vulnerability exists in the WiFi card and/or software that can be attacked via simply sending a large amount of WiFi network traffic on the WiFi network the washer is attached to, resulting in the wash...