363 matches found
PT-2023-32177 · Knime · Knime Analytics Platform
Name of the Vulnerable Software and Affected Versions: KNIME Analytics Platform versions prior to 5.2.0 Description: The issue is related to an unsafe default configuration that allows for a cross-site scripting attack. When KNIME Analytics Platform is used as an executor for either KNIME Server ...
SecurityCouncilMemberSyncAction.perform is not exclusively can be scheduled from SecurityCouncilManager's operations
Lines of code Vulnerability details Impact SecurityCouncilMemberSyncAction.perform is a crucial function that will be triggered by upgrade executor via delegate call after the whole election process or after current members do some update add/remove/replace/rotate to update security council...
L1SCMgmtActivationAction does not check executor role of new and prev emergency security council
Lines of code Vulnerability details Proof of Concept GovernanceChainSCMgmtActivationAction.sol checks that the newEmergencySecurityCouncil has a upgradeExecutor role whereas the prevEmergencySecurityCouncil does not have a upgradeExecutor role. GovernanceChainSCMgmtActivationAction.sol // confirm...
The upgrade executor is granted the canceller role instead of the new emergency security council.
Lines of code Vulnerability details Impact In L1SCMgmtActivationAction.sol, the perform function is not granting role to the new emergency security council. It instead grants it to the upgrade executor. This logic doesn't align with the function inline comment and can prevent the perform function...
the unfollow contract does random unfollow process of random follow token.
Lines of code Vulnerability details Impact in the FollowNft.sol we have to unfollow function this function is supposed to do unfollow process but as you see the followTokenId variable just returns one random follow id with profile id through mapping and there is no option to select which follow n...
CVE-2023-39023
university compass v2.2.0 and below was discovered to contain a code injection vulnerability in the component org.compass.core.executor.DefaultExecutorManager.configure. This vulnerability is exploited via passing an unchecked argument...
CVE-2023-39023
university compass v2.2.0 and below was discovered to contain a code injection vulnerability in the component org.compass.core.executor.DefaultExecutorManager.configure. This vulnerability is exploited via passing an unchecked argument...
CVE-2023-39023
university compass v2.2.0 and below was discovered to contain a code injection vulnerability in the component org.compass.core.executor.DefaultExecutorManager.configure. This vulnerability is exploited via passing an unchecked argument...
University Compass 代码注入漏洞
University Compass is a college counseling application from University Compass, Inc. A security vulnerability exists in University Compass v2.2.0 and earlier versions, which stems from the inclusion of a code injection vulnerability in the component...
CVE-2023-39023
university compass v2.2.0 and below was discovered to contain a code injection vulnerability in the component org.compass.core.executor.DefaultExecutorManager.configure. This vulnerability is exploited via passing an unchecked argument...
CVE-2023-39023
university compass v2.2.0 and below was discovered to contain a code injection vulnerability in the component org.compass.core.executor.DefaultExecutorManager.configure. This vulnerability is exploited via passing an unchecked argument...
Users do not get charged for the value their proposal will need
Lines of code Vulnerability details Impact Depending on whether the destination chain InterchainProposalExecutor's native token balance the transaction will either steal funds or will fail. Proof of Concept Users can provide an amount of native tokens they want to send to the call they will make ...
GHSA-C5VJ-WP4V-MMVX Hazelcast Executor Services don't check client permissions properly
Impact In Hazelcast Platform, 5.0 through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, and Hazelcast IMDG all versions up to 4.2.z, Executor Services don't check client permissions properly, allowing authenticated users to execute tasks on members without the required permissions granted...
Hazelcast Executor Services don't check client permissions properly
Impact In Hazelcast Platform, 5.0 through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, and Hazelcast IMDG all versions up to 4.2.z, Executor Services don't check client permissions properly, allowing authenticated users to execute tasks on members without the required permissions granted...
CVE-2023-33265
In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, executor services don't check client permissions properly, allowing authenticated users to execute tasks on members without the required permissions granted...
CVE-2023-33265
In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, executor services don't check client permissions properly, allowing authenticated users to execute tasks on members without the required permissions granted...
CVE-2023-33265
In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, executor services don't check client permissions properly, allowing authenticated users to execute tasks on members without the required permissions granted...
Design/Logic Flaw
In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, executor services don't check client permissions properly, allowing authenticated users to execute tasks on members without the required permissions granted...
CVE-2023-33265
In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, executor services don't check client permissions properly, allowing authenticated users to execute tasks on members without the required permissions granted...
CVE-2023-33265
Hazelcast vulnerability CVE-2023-33265 affects Hazelcast Platform/IMDG versions 5.0.4 or earlier, 5.1 up to 5.1.6, and 5.2 up to 5.2.3. The root cause is that executor services do not properly enforce client permissions, allowing authenticated users to execute tasks on cluster members without the...