EUVD-2022-0817

Malicious code in bioql PyPI...

CVE-2021-42767

A directory traversal vulnerability in the apoc plugins in Neo4J Graph database before 4.4.0.1 allows attackers to read local files, and sometimes create local files. This is fixed in 3.5.17, 4.2.10, 4.3.0.4, and 4.4.0.1...

GHSA-6WXG-WH7F-RQPR XML External Entity (XXE) vulnerability in apoc.import.graphml

Impact A XML External Entity XXE vulnerability found in the apoc.import.graphml procedure of APOC core plugin in Neo4j graph database. XML External Entity XXE injection occurs when the XML parser allows external entities to be resolved. The XML parser used by the apoc.import.graphml procedure was...

CVE-2022-23532 neo4j-apoc-procedures is vulnerable to path traversal

APOC Awesome Procedures on Cypher is an add-on library for Neo4j that provides hundreds of procedures and functions. A path traversal vulnerability found in the apoc.export. procedures of apoc plugins in Neo4j Graph database. The issue allows a malicious actor to potentially break out of the...

GHSA-5V8V-GWMW-QW97 org.neo4j.procedure:apoc Path Traversal Vulnerability

Impact A Path Traversal Vulnerability found in the apoc.export. procedures of apoc plugins in Neo4j Graph database. The issue allows a malicious actor to potentially break out of the expected directory. The vulnerability is such that files could only be created but not overwritten. For the...

GHSA-2W4H-F44W-968F Improper Privilege Management in Neo4j Graph Database

A failure in resetting the security context in some transaction actions in Neo4j Graph Database 4.2 could allow authenticated users to execute commands with elevated privileges...

PT-2022-11681 · Neo4J · Neo4J Graph Database

Name of the Vulnerable Software and Affected Versions: Neo4J Graph database versions 4.0.0 through 4.3.6 Neo4J Graph database versions prior to 3.5.17 Neo4J Graph database versions prior to 4.2.10 Neo4J Graph database versions prior to 4.3.0.4 Neo4J Graph database versions prior to 4.4.0.1...

Authorization

A failure in resetting the security context in some transaction actions in Neo4j Graph Database 4.2 and 4.3 could allow authenticated users to execute commands with elevated privileges...

CVE-2021-34802

CVE-2021-34802 describes a vulnerability in Neo4j Graph Database versions 4.2 and 4.3 where a failure in resetting the security context during certain transaction actions could allow authenticated users to execute commands with elevated privileges. The root cause is a security-context reset issue...

Subdomain Enumeration Tool: Amass

Amass is the subdomain enumeration tool with the greatest number of disparate data sources that performs analysis of the resolved names in order to deliver the largest number of quality results. Amass performs scraping of data sources, recursive brute forcing, crawling of web archives, permuting...