926 matches found
CVE-2023-30562
A GRE dataset file within Systems Manager can be tampered with and distributed to PCUs...
Code injection
A GRE dataset file within Systems Manager can be tampered with and distributed to PCUs...
CVE-2023-30562
CVE-2023-30562 involves BD Alaris Guardrails Editor (GRE) datasets in Systems Manager lacking data integrity verification. The GRE dataset file within Systems Manager can be tampered with and distributed to PCUs, enabling potential modification of PCU behavior. Affected components per the CVE lis...
CVE-2023-30562 Lack of Dataset Integrity Checking
A GRE dataset file within Systems Manager can be tampered with and distributed to PCUs...
CVE-2023-30562 Lack of Dataset Integrity Checking
A GRE dataset file within Systems Manager can be tampered with and distributed to PCUs...
BD Alaris System with Guardrails Suite MX 数据伪造问题漏洞
The BD Alaris System with Guardrails Suite MX is a medical device from Biddy Medical BD. A security vulnerability exists in the BD Alaris System with Guardrails Suite MX, which stems from a GRE dataset file in Systems Manager that can be tampered with and distributed to PCUs...
PT-2023-22790 · Unknown · Systems Manager
Name of the Vulnerable Software and Affected Versions: Systems Manager affected versions not specified Description: A GRE dataset file within Systems Manager can be tampered with and distributed to PCUs. Recommendations: At the moment, there is no information about a newer version that contains a...
Apache Superset Server-Side Request Forgery vulnerability
A malicious actor who has been authenticated and granted specific permissions in Apache Superset may use the import dataset feature in order to conduct Server-Side Request Forgery attacks and query internal resources on behalf of the server where Superset is deployed. This vulnerability exists in...
GHSA-FXJG-28FM-PFXH Apache Superset Server-Side Request Forgery vulnerability
A malicious actor who has been authenticated and granted specific permissions in Apache Superset may use the import dataset feature in order to conduct Server-Side Request Forgery attacks and query internal resources on behalf of the server where Superset is deployed. This vulnerability exists in...
CVE-2023-22834
The Contour Service was not checking that users had permission to create an analysis for a given dataset. This could allow an attacker to clutter up Compass folders with extraneous analyses, that the attacker would otherwise not have permission to create...
CVE-2023-22834
The Contour Service was not checking that users had permission to create an analysis for a given dataset. This could allow an attacker to clutter up Compass folders with extraneous analyses, that the attacker would otherwise not have permission to create...
CVE-2023-22834 The contour service was not checking that users had permission to create an analysis for a given dataset
The Contour Service was not checking that users had permission to create an analysis for a given dataset. This could allow an attacker to clutter up Compass folders with extraneous analyses, that the attacker would otherwise not have permission to create...
CVE-2023-22834 The contour service was not checking that users had permission to create an analysis for a given dataset
The Contour Service was not checking that users had permission to create an analysis for a given dataset. This could allow an attacker to clutter up Compass folders with extraneous analyses, that the attacker would otherwise not have permission to create...
PT-2023-18716 · Unknown · Contour Service
Name of the Vulnerable Software and Affected Versions: Contour Service affected versions not specified Description: The issue concerns a lack of permission checking in the Contour Service, allowing an attacker to create analyses for datasets they do not have permission for. This could lead to...
Ubuntu: Security Advisory (USN-6161-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
DEBIAN-CVE-2023-35852
In Suricata before 6.0.13 when there is an adversary who controls an external source of rules, a dataset filename, that comes from a rule, may trigger absolute or relative directory traversal, and lead to write access to a local filesystem. This is addressed in 6.0.13 by requiring...
UBUNTU-CVE-2023-35852
In Suricata before 6.0.13 when there is an adversary who controls an external source of rules, a dataset filename, that comes from a rule, may trigger absolute or relative directory traversal, and lead to write access to a local filesystem. This is addressed in 6.0.13 by requiring...
GHSA-JX7Q-XXMW-44VF .NET Elevation of Privilege Vulnerability
Microsoft Security Advisory CVE-2023-24936: .NET Elevation of Privilege Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update the...
dotnet: Bypass restrictions when deserializing a DataSet or DataTable from XML
A flaw was found in dotnet. This issue can allow bypass restrictions when deserializing a DataSet or DataTable from XML...
dotnet: Bypass restrictions when deserializing a DataSet or DataTable from XML
A flaw was found in dotnet. This issue can allow bypass restrictions when deserializing a DataSet or DataTable from XML...