Mlflow Path Traversal Vulnerability

Mlflow is an open source platform for machine learning lifecycles. A path traversal vulnerability exists in Mlflow versions prior to 2.9.2, which stems from the ability to write arbitrary files while loading a dataset...

Apache Superset Input Validation Error Vulnerability (CNVD-2023-9666130)

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. An input validation error vulnerability exists in Apache Superset versions prior to 3.0.0. The vulnerability stems from the presence of improper input validation, which can be exploited by an...

CVE-2023-42502

An authenticated attacker with update datasets permission could change a dataset link to an untrusted site by spoofing the HTTP Host header, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset versions before 3.0.0...

CVE-2023-42502

An authenticated attacker with update datasets permission could change a dataset link to an untrusted site by spoofing the HTTP Host header, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset versions before 3.0.0...

Spoofing

An authenticated attacker with update datasets permission could change a dataset link to an untrusted site by spoofing the HTTP Host header, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset versions before 3.0.0...

CVE-2023-42502

Affected software: Apache Superset. Vulnerability: open redirect via spoofing the HTTP Host header. Root cause: authenticated attackers with update datasets permission can modify a dataset link to point to an untrusted site, causing users to be redirected when clicking that dataset. Impact: poten...

Apache Superset 输入验证错误漏洞

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. An input validation error vulnerability exists in Apache Superset versions prior to 3.0.0. The vulnerability stems from the presence of improper input validation, which can be exploited by an...

[SECURITY] Fedora 39 Update: redis-7.2.2-1.fc39

Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...

Fedora: Security Advisory for redis (FEDORA-2023-77ed1e26a4)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for redis (FEDORA-2023-8a9087f089)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Server Side Request Forgery (SSRF)

ethyca-fides is vulnerable to Server Side Request Forgery. The vulnerability arises due to application's inability to perform validation against access of internal resources. A specially crafted YAML dataset and config files allow a malicious user to perform arbitrary requests to internal systems...

Fides Code Issues Vulnerabilities

Fides is an open source privacy engineering platform for managing the implementation of data privacy requests in a runtime environment and the enforcement of privacy regulations in code. A security vulnerability exists in versions of Fides prior to 2.22.1 that stems from allowing custom...

PT-2023-29857 · Fides · Fides

Name of the Vulnerable Software and Affected Versions: Fides versions prior to 2.22.1 Description: The Fides web application is vulnerable to a Server-Side Request Forgery SSRF attack. This occurs when a malicious user uploads a specially crafted YAML dataset and config file as a ZIP file, allowi...

[SECURITY] Fedora 37 Update: redis-7.0.13-1.fc37

Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...

[SECURITY] Fedora 38 Update: redis-7.0.13-1.fc38

Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...

Chaos - Origin IP Scanning Utility Developed With ChatGPT

chaos is an 'origin' IP scanner developed by RST in collaboration with ChatGPT. It is a niche utility with an intended audience of mostly penetration testers and bug hunters. An origin-IP is a term-of-art expression describing the final public IP destination for websites that are publicly served...

PT-2023-25860 · Dataease · Dataease

Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 1.18.9 Description: DataEase is an open source data visualization analysis tool. The DataEase panel and dataset have a stored cross-site scripting vulnerability. The issue has been fixed in version 1.18.9. There are...

Directory Traversal

suricata is vulnerable to Directory Traversal. A dataset filename, that comes from a rule, may trigger absolute or relative directory traversal, and lead to write access to a local filesystem...

[SECURITY] Fedora 38 Update: redis-7.0.12-1.fc38

Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...

CVE-2023-30562

A GRE dataset file within Systems Manager can be tampered with and distributed to PCUs...