CVE-2024-47187 Suricata datasets: missing hashtable random seed leads to potential DoS

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, missing initialization of the random seed for "thash" leads to datasets having predictable hash table behavior. This can lead to dataset file loading to us...

CVE-2024-47187

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, missing initialization of the random seed for "thash" leads to datasets having predictable hash table behavior. This can lead to dataset file loading to us...

[SECURITY] Fedora 40 Update: valkey-8.0.1-1.fc40

Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing s...

[SECURITY] Fedora 41 Update: valkey-8.0.1-1.fc41

Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing s...

BIT-MLFLOW-2024-0520 Remote Code Execution due to Full Controlled File Write in mlflow/mlflow

A vulnerability in mlflow/mlflow version 8.2.1 allows for remote code execution due to improper neutralization of special elements used in an OS command 'Command Injection' within the mlflow.data.httpdatasetsource.py module. Specifically, when loading a dataset from a source URL with an HTTP...

[SECURITY] Fedora 40 Update: redis-7.2.6-1.fc40

Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...

Insecure Direct Object Reference (IDOR)

org.eclipse.edc,control-plane-catalog is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to missing filtering on single dataset requests, which fails to properly verify access permissions for restricted datasets. It allows unauthorized parties to access sensitive...

CVE-2024-9202

In Eclipse Dataspace Components versions 0.1.3 to 0.9.0, the Connector component filters which datasets = data offers another party can see in a requested catalog, to ensure that only authorized parties are able to view restricted offers. However, there is the possibility to request a single...

CVE-2024-9202 EDC DataSetResolver policy filtering missing

In Eclipse Dataspace Components versions 0.1.3 to 0.9.0, the Connector component filters which datasets = data offers another party can see in a requested catalog, to ensure that only authorized parties are able to view restricted offers. However, there is the possibility to request a single...

PT-2024-39485 · Eclipse · Eclipse Dataspace Components

Name of the Vulnerable Software and Affected Versions: Eclipse Dataspace Components versions 0.1.3 through 0.9.0 Description: The issue concerns the Connector component in Eclipse Dataspace Components, which is responsible for filtering datasets that another party can see in a requested catalog...

Galaxy 信息泄露漏洞

Galaxy is an open source platform for FAIR data analysis open-sourced by the Galaxy Project. An information disclosure vulnerability exists in versions of Galaxy prior to 21.05 that stems from an attacker being able to replace the contents of a public dataset, which could result in data loss or...

llvm-ir-dataset-utils (=0.2.0), ml-compiler-opt (>=0.0.1.dev202306210145 <=0.0.1.dev202401270006) +3 more potentially affected by CVE-2024-8375 via dm-reverb (>=0.11.0 <=0.14.0)

dm-reverb PYPI version =0.11.0, =0.0.1.dev202306210145, =0.4.4, =3.0.1, =3.2.5 Source cves: CVE-2024-8375 Source advisory: OSV:GHSA-W69Q-W4H4-2FX8...

CVE-2024-45856

A cross-site scripting XSS vulnerability exists in all versions of the MindsDB platform, enabling the execution of a JavaScript payload whenever a user enumerates an ML Engine, database, project, or dataset containing arbitrary JavaScript code within the web UI...

CVE-2024-45856

A cross-site scripting XSS vulnerability exists in all versions of the MindsDB platform, enabling the execution of a JavaScript payload whenever a user enumerates an ML Engine, database, project, or dataset containing arbitrary JavaScript code within the web UI...

CVE-2024-45856

A cross-site scripting XSS vulnerability exists in all versions of the MindsDB platform, enabling the execution of a JavaScript payload whenever a user enumerates an ML Engine, database, project, or dataset containing arbitrary JavaScript code within the web UI...

PT-2024-31813 · Mindsdb · Mindsdb

Name of the Vulnerable Software and Affected Versions: MindsDB affected versions not specified Description: A cross-site scripting XSS issue exists, enabling the execution of a JavaScript payload whenever a user enumerates an ML Engine, database, project, or dataset containing arbitrary JavaScrip...

Internet Bug Bounty: CVE-2024-45498: Apache Airflow Command injection in read_dataset_event_from_classic DAG

CVE-2024-45498 was a command injection vulnerability in the readdataseteventfromclassic DAG in Apache Airflow version 2.10.0. The vulnerability allowed an attacker with user privileges to inject OS commands into the s3://output/1.txt dataset, which were then executed when the DAG was triggered...

CVE-2024-43413 Xibo CMS XSS vulnerability using DataSet HTML columns

Xibo is an open source digital signage platform with a web content management system CMS. Prior to version 4.1.0, a cross-site scripting vulnerability in Xibo CMS allows authorized users to execute JavaScript via the DataSet functionality. Users can design a DataSet with a HTML column which...

CVE-2024-43413

Xibo CMS prior to 4.1.0 is affected by an XSS vulnerability in the DataSet feature: allowing authorized users to execute JavaScript by crafting a DataSet HTML column that contains JavaScript. The JS runs on the Data Entry page and on any Layouts referencing that DataSet. In version 4.1.0 this beh...

CVE-2024-43413 Xibo CMS XSS vulnerability using DataSet HTML columns

Xibo is an open source digital signage platform with a web content management system CMS. Prior to version 4.1.0, a cross-site scripting vulnerability in Xibo CMS allows authorized users to execute JavaScript via the DataSet functionality. Users can design a DataSet with a HTML column which...