226 matches found
CVE-2023-30840 On a compromised node, the fluid-csi service account can be used to modify node specs
Fluid is an open source Kubernetes-native distributed dataset orchestrator and accelerator for data-intensive applications. Starting in version 0.7.0 and prior to version 0.8.6, if a malicious user gains control of a Kubernetes node running fluid csi pod controlled by the csi-nodeplugin-fluid...
CVE-2023-30840 On a compromised node, the fluid-csi service account can be used to modify node specs
Fluid is an open source Kubernetes-native distributed dataset orchestrator and accelerator for data-intensive applications. Starting in version 0.7.0 and prior to version 0.8.6, if a malicious user gains control of a Kubernetes node running fluid csi pod controlled by the csi-nodeplugin-fluid...
CVE-2023-30840
Fluid CVE-2023-30840 affects versions 0.7.0 up to before 0.8.6. If an attacker gains control of a Kubernetes node running the fluid-csi pod, they can use the fluid-csi service account to modify node specs across the cluster, circumventing limited permissions and potentially elevating privileges t...
CVE-2023-30840 On a compromised node, the fluid-csi service account can be used to modify node specs
Fluid is an open source Kubernetes-native distributed dataset orchestrator and accelerator for data-intensive applications. Starting in version 0.7.0 and prior to version 0.8.6, if a malicious user gains control of a Kubernetes node running fluid csi pod controlled by the csi-nodeplugin-fluid...
Fluid 安全漏洞
Fluid is an open source Kubernetes native distributed dataset orchestrator and gas pedal from the Cloud Native Computing Foundation for data-intensive applications such as Big Data and AI applications. A security vulnerability exists in Fluid versions 0.7.0 through 0.8.6, which stems from the...
PT-2023-8928 · Fluid · Fluid
Name of the Vulnerable Software and Affected Versions: Fluid versions 0.7.0 through 0.8.5 Description: The issue is related to improper authorization in Fluid, an open-source Kubernetes-native distributed dataset orchestrator and accelerator for data-intensive applications. If a malicious user...
GHSA-8648-H559-8H42 Fluid Components TYPO3 extension vulnerable to Cross-Site Scripting
All versions of Fluid Components before 3.5.0 were susceptible to Cross-Site Scripting. Version 3.5.0 of the extension fixes this issue. Due to the nature of the problem, some changes in your project's Fluid templates might be necessary to prevent unwanted double-escaping of HTML markup...
Fluid Components TYPO3 extension vulnerable to Cross-Site Scripting
All versions of Fluid Components before 3.5.0 were susceptible to Cross-Site Scripting. Version 3.5.0 of the extension fixes this issue. Due to the nature of the problem, some changes in your project's Fluid templates might be necessary to prevent unwanted double-escaping of HTML markup...
PT-2023-21841 · Unknown · Fluid Components
Name of the Vulnerable Software and Affected Versions: fluid components extension versions prior to 3.5.0 Description: The issue allows Cross-Site Scripting XSS via a component argument parameter, specifically in certain content use cases that may be edge cases. All versions of the Fluid Componen...
TYPO3-EXT-SA-2023-003: Cross-Site Scripting in extension "Fluid Components" (fluid_components)
More info at https://typo3.org/security/advisory/typo3-ext-sa-2023-003...
TYPO3-EXT-SA-2023-003: Cross-Site Scripting in extension "Fluid Components" (fluid_components)
More info at https://typo3.org/security/advisory/typo3-ext-sa-2023-003...
Malicious Package
Overview office-fluid-container is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...
Siemens Simcenter STAR-CCM+
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services ...
@dstanesc/shared-property-map (>=0.0.9 <=0.0.11), @fluid-experimental/partial-checkout (>=0.51.0 <=2.0.0-internal.2.0.4) +10 more potentially affected by CVE-2022-41714 via fastest-json-copy (=1.0.1)
fastest-json-copy NPM version =1.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on fastest-json-copy and may be impacted: - @dstanesc/shared-property-map =0.0.9, =0.51.0, =0.51.0, =0.51.0, =0.51.0, =0.51.0, =0.51.0, =0.51.0, =0.51.0, =0.51.0, =2.0.0,...
Detecting Deepfake Audio by Modeling the Human Acoustic Tract
This is interesting research: In this paper, we develop a new mechanism for detecting audio deepfakes using techniques from the field of articulatory phonetics. Specifically, we apply fluid dynamics to estimate the arrangement of the human vocal tract during speech generation and show that...
The vulnerability of the Fluid Core component in the Oracle PeopleSoft Enterprise PeopleTools business application suite allows a hacker to gain read, modify, add, or delete access to data.
The vulnerability of the Fluid Core component in the Oracle PeopleSoft Enterprise PeopleTools business application suite exists due to insufficient validation of input data. Exploiting this vulnerability allows an attacker, operating remotely, to gain access to read, modify, add, or delete data...
Siemens Simcenter STAR-CCM Information Disclosure Vulnerability
Simcenter STAR-CCM is a multiphysics computational fluid dynamics CFD software used to simulate products operating under real-world conditions. an information disclosure vulnerability exists in Siemens Simcenter STAR-CCM due to the use of a public license server where the affected application...
CVE-2022-21520
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: Fluid Core. Supported versions that are affected are 8.58 and 8.59. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise...
CVE-2022-21520
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: Fluid Core. Supported versions that are affected are 8.58 and 8.59. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise...
Simcenter STAR-CCM+ Viewer File Parsing Vulnerability
Simcenter STAR-CCM+ is a multi-physics computational fluid dynamics CFD software for simulation and Simcenter STAR-CCM+ Viewer is a lightweight viewer. The Simcenter STAR-CCM+ Viewer file parsing vulnerability can be exploited by an attacker to execute code in the context of the current process...