Lucene search
K

226 matches found

Vulnrichment
Vulnrichment
added 2023/05/08 5:45 p.m.5 views

CVE-2023-30840 On a compromised node, the fluid-csi service account can be used to modify node specs

Fluid is an open source Kubernetes-native distributed dataset orchestrator and accelerator for data-intensive applications. Starting in version 0.7.0 and prior to version 0.8.6, if a malicious user gains control of a Kubernetes node running fluid csi pod controlled by the csi-nodeplugin-fluid...

5.8CVSS7.7AI score0.00236EPSS
Exploits0References4
OSV
OSV
added 2023/05/08 5:45 p.m.32 views

CVE-2023-30840 On a compromised node, the fluid-csi service account can be used to modify node specs

Fluid is an open source Kubernetes-native distributed dataset orchestrator and accelerator for data-intensive applications. Starting in version 0.7.0 and prior to version 0.8.6, if a malicious user gains control of a Kubernetes node running fluid csi pod controlled by the csi-nodeplugin-fluid...

5.8CVSS7.6AI score0.00236EPSS
Exploits0References6
CVE
CVE
added 2023/05/08 5:45 p.m.54 views

CVE-2023-30840

Fluid CVE-2023-30840 affects versions 0.7.0 up to before 0.8.6. If an attacker gains control of a Kubernetes node running the fluid-csi pod, they can use the fluid-csi service account to modify node specs across the cluster, circumventing limited permissions and potentially elevating privileges t...

7.8CVSS6.6AI score0.00236EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2023/05/08 5:45 p.m.43 views

CVE-2023-30840 On a compromised node, the fluid-csi service account can be used to modify node specs

Fluid is an open source Kubernetes-native distributed dataset orchestrator and accelerator for data-intensive applications. Starting in version 0.7.0 and prior to version 0.8.6, if a malicious user gains control of a Kubernetes node running fluid csi pod controlled by the csi-nodeplugin-fluid...

5.8CVSS8AI score0.00236EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/05/08 12:0 a.m.5 views

Fluid 安全漏洞

Fluid is an open source Kubernetes native distributed dataset orchestrator and gas pedal from the Cloud Native Computing Foundation for data-intensive applications such as Big Data and AI applications. A security vulnerability exists in Fluid versions 0.7.0 through 0.8.6, which stems from the...

7.8CVSS7.3AI score0.00236EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/05/08 12:0 a.m.7 views

PT-2023-8928 · Fluid · Fluid

Name of the Vulnerable Software and Affected Versions: Fluid versions 0.7.0 through 0.8.5 Description: The issue is related to improper authorization in Fluid, an open-source Kubernetes-native distributed dataset orchestrator and accelerator for data-intensive applications. If a malicious user...

7.8CVSS7.3AI score0.00236EPSS
Exploits0References12
OSV
OSV
added 2023/03/27 9:48 p.m.18 views

GHSA-8648-H559-8H42 Fluid Components TYPO3 extension vulnerable to Cross-Site Scripting

All versions of Fluid Components before 3.5.0 were susceptible to Cross-Site Scripting. Version 3.5.0 of the extension fixes this issue. Due to the nature of the problem, some changes in your project's Fluid templates might be necessary to prevent unwanted double-escaping of HTML markup...

6.1CVSS6.1AI score0.00512EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2023/03/27 9:48 p.m.26 views

Fluid Components TYPO3 extension vulnerable to Cross-Site Scripting

All versions of Fluid Components before 3.5.0 were susceptible to Cross-Site Scripting. Version 3.5.0 of the extension fixes this issue. Due to the nature of the problem, some changes in your project's Fluid templates might be necessary to prevent unwanted double-escaping of HTML markup...

6.1CVSS5.9AI score0.00512EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2023/03/27 12:0 a.m.5 views

PT-2023-21841 · Unknown · Fluid Components

Name of the Vulnerable Software and Affected Versions: fluid components extension versions prior to 3.5.0 Description: The issue allows Cross-Site Scripting XSS via a component argument parameter, specifically in certain content use cases that may be edge cases. All versions of the Fluid Componen...

6.1CVSS6AI score0.00512EPSS
Exploits1References8
Friends Of PHP
Friends Of PHP
added 2023/03/22 12:31 p.m.28 views

TYPO3-EXT-SA-2023-003: Cross-Site Scripting in extension "Fluid Components" (fluid_components)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2023-003...

5.8CVSS6.1AI score0.00512EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
added 2023/03/22 12:31 p.m.32 views

TYPO3-EXT-SA-2023-003: Cross-Site Scripting in extension "Fluid Components" (fluid_components)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2023-003...

6.1CVSS7.2AI score0.00512EPSS
Exploits1Affected Software1
Snyk
Snyk
added 2023/03/14 8:19 a.m.3 views

Malicious Package

Overview office-fluid-container is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...

9.8CVSS7.1AI score
Exploits0References3
ICS
ICS
added 2022/12/13 12:0 a.m.41 views

Siemens Simcenter STAR-CCM+

​​As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services ...

7.8CVSS7.8AI score0.00206EPSS
Exploits0References12
vulnersOsv
vulnersOsv
added 2022/11/04 12:0 p.m.5 views

@dstanesc/shared-property-map (>=0.0.9 <=0.0.11), @fluid-experimental/partial-checkout (>=0.51.0 <=2.0.0-internal.2.0.4) +10 more potentially affected by CVE-2022-41714 via fastest-json-copy (=1.0.1)

fastest-json-copy NPM version =1.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on fastest-json-copy and may be impacted: - @dstanesc/shared-property-map =0.0.9, =0.51.0, =0.51.0, =0.51.0, =0.51.0, =0.51.0, =0.51.0, =0.51.0, =0.51.0, =0.51.0, =2.0.0,...

5.3CVSS6AI score0.00615EPSS
Exploits1
Schneier on Security
Schneier on Security
added 2022/10/03 11:25 a.m.15 views

Detecting Deepfake Audio by Modeling the Human Acoustic Tract

This is interesting research: In this paper, we develop a new mechanism for detecting audio deepfakes using techniques from the field of articulatory phonetics. Specifically, we apply fluid dynamics to estimate the arrangement of the human vocal tract during speech generation and show that...

0.8AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2022/08/10 12:0 a.m.7 views

The vulnerability of the Fluid Core component in the Oracle PeopleSoft Enterprise PeopleTools business application suite allows a hacker to gain read, modify, add, or delete access to data.

The vulnerability of the Fluid Core component in the Oracle PeopleSoft Enterprise PeopleTools business application suite exists due to insufficient validation of input data. Exploiting this vulnerability allows an attacker, operating remotely, to gain access to read, modify, add, or delete data...

6.4CVSS6.8AI score0.00558EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2022/08/09 12:0 a.m.22 views

Siemens Simcenter STAR-CCM Information Disclosure Vulnerability

Simcenter STAR-CCM is a multiphysics computational fluid dynamics CFD software used to simulate products operating under real-world conditions. an information disclosure vulnerability exists in Siemens Simcenter STAR-CCM due to the use of a public license server where the affected application...

7.5CVSS0.9AI score0.00534EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2022/07/19 10:15 p.m.5 views

CVE-2022-21520

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: Fluid Core. Supported versions that are affected are 8.58 and 8.59. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise...

6.1CVSS6.9AI score0.00558EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/07/19 10:15 p.m.3 views

CVE-2022-21520

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: Fluid Core. Supported versions that are affected are 8.58 and 8.59. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise...

6.1CVSS5.8AI score0.00558EPSS
Exploits0References1
CNVD
CNVD
added 2021/12/15 12:0 a.m.3 views

Simcenter STAR-CCM+ Viewer File Parsing Vulnerability

Simcenter STAR-CCM+ is a multi-physics computational fluid dynamics CFD software for simulation and Simcenter STAR-CCM+ Viewer is a lightweight viewer. The Simcenter STAR-CCM+ Viewer file parsing vulnerability can be exploited by an attacker to execute code in the context of the current process...

7.8CVSS7.1AI score0.00814EPSS
Exploits0References1
Rows per page
Query Builder