Upgraded Q -> 2 from #308 [1676219092947]

Judge has assessed an item in Issue 308 as 2 risk. The relevant finding follows: 03 Upgradeable contract is missing a gap50 storage variable to allow for new storage variables in later versions --- The text was updated successfully, but these errors were encountered: All reactions...

GHSA-G8R4-P96J-XFXC Grav's Twig processing allowing dangerous PHP functions by default

Impact Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privileges on the instance. Patches The issue was...

CVE-2018-11770

From version 1.3.0 onward, Apache Spark's standalone master exposes a REST API for job submission, in addition to the submission mechanism used by spark-submit. In standalone, the config property 'spark.authenticate.secret' establishes a shared secret for authenticating requests to submit jobs vi...

Authentication flaw

From version 1.3.0 onward, Apache Spark's standalone master exposes a REST API for job submission, in addition to the submission mechanism used by spark-submit. In standalone, the config property 'spark.authenticate.secret' establishes a shared secret for authenticating requests to submit jobs vi...

CVE-2018-11770

From version 1.3.0 onward, Apache Spark's standalone master exposes a REST API for job submission, in addition to the submission mechanism used by spark-submit. In standalone, the config property 'spark.authenticate.secret' establishes a shared secret for authenticating requests to submit jobs vi...

Avotus mm File Retrieval attempt

The script attempts to force the remote Avotus CDR mm service to include the file /etc/passwd across the network. OpenVAS Vulnerability Test $Id: avotusmm.nasl 8023 2017-12-07 08:36:26Z teissa $ Description: Avotus mm File Retrieval attempt Authors: Anonymous Copyright: Copyright C 2004 Anonymous...