au.csiro.aehrc.variant-spark:variant-spark_2.11 (=0.1.0), bio.ferlab:datalake-commons_2.12 (>=0.1.0 <=13.0.0) +259 more potentially affected by CVE-2022-21126 via com.github.samtools:htsjdk (>=1.128 <=3.0.0)

com.github.samtools:htsjdk MAVEN version =1.128, =0.1.0, =0.0.1, =0.0.21, =0.1.0, =0.1.0, =0.0.26, =0.1.0, =0.1.3, =1.0.0, =0.1.0, =0.1.3, =1.0.0, =0.1.0, =0.1.3, =0.3.0 and more Source cves: CVE-2022-21126 Source advisory: OSV:GHSA-96VH-4RFP-C42C...

Octopus Server 日志信息泄露漏洞

Octopus Server is an automated deployment platform. An information disclosure vulnerability exists in Octopus Server versions 2022.2.6729 and later through 2022.2.7965 and 2022.3.348 and later through 2022.3.9163. An attacker can exploit this vulnerability to obtain sensitive information...

com.webank.wedatasphere.dss:dolphinscheduler-prod-metrics (>=1.1.0 <=1.2.2), org.apache.dolphinscheduler:dolphinscheduler-alert (>=1.2.0 <=2.0.0-alpha) +10 more potentially affected by CVE-2022-26885 via org.apache.dolphinscheduler:dolphinscheduler-common (>=1.2.0 <=2.0.5)

org.apache.dolphinscheduler:dolphinscheduler-common MAVEN version =1.2.0, =1.1.0, =1.2.0, =2.0.1, =1.2.0, =1.2.0, =2.0.0, =2.0.2, =1.3.5, =1.2.0, =1.3.0, =1.3.6, =1.3.9, =2.0.5 Source cves: CVE-2022-26885 Source advisory: OSV:GHSA-JVC3-WJF6-7C6C...

GHSA-8JH9-WQPF-Q52C sweetalert2 v8.19.1 and above contains hidden functionality

sweetalert2 versions 8.19.1 and up until 9.0.0 are vulnerable to hidden functionality that was introduced by the maintainer. The package outputs audio and/or video messages that do not pertain to the functionality of the package and is not included in versions below 8.19.1. Workaround Users who a...

GHSA-457R-CQC8-9VJ9 sweetalert2 v10.16.10 and above contains hidden functionality

sweetalert2 versions 10.16.10 and up until 11.0.0 are vulnerable to hidden functionality that was introduced by the maintainer. The package outputs audio and/or video messages that do not pertain to the functionality of the package and is not included in versions 10.0.0 - 10.16.9. Workaround Use ...

GHSA-QQ6H-5G6J-Q3CM sweetalert2 v11.4.9 and above contains hidden functionality

sweetalert2 versions 11.4.9 and above are vulnerable to hidden functionality that was introduced by the maintainer. The package outputs audio and/or video messages that do not pertain to the functionality of the package and is not included in versions 11.0.0 - 11.4.8. Workaround Use a version...

Maarch RM 安全漏洞

Maarch RM is an electronic filing system from Maarch. Streamline your certification processes, scientific and technical control in an efficient and optimized way. An Access Control Error vulnerability exists in Maarch RM 2.8.0 and later, versions prior to 2.8.6, which stems from an application...

PT-2022-28273 · Unknown · Sweetalert2

Name of the Vulnerable Software and Affected Versions: sweetalert2 versions 11.4.9 and above Description: The issue concerns hidden functionality introduced by the maintainer, causing the package to output audio and/or video messages unrelated to its intended functionality. Recommendations: For...

@aeppic/install-build-server (>=1.2.0 <=1.9.8), @aeppic/install-repository-server (>=1.2.2 <=2.0.2) +141 more potentially affected by CVE-2022-41919 via fastify (>=3.0.0 <=3.29.3)

fastify NPM version =3.0.0, =1.2.0, =1.2.2, =0.0.68, =0.0.5, =1.0.0, =2.0.0, =1.1.1, =1.0.0, =1.0.0, =1.0.0, =4.23.1, =2.7.0, =1.0.0, =1.3.0 - @bronosorg/graph-indexer-service =1.0.0 and more Source cves: CVE-2022-41919 Source advisory: OSV:GHSA-3FJJ-P79J-C9HH...

animl (>=1.1.2 <=1.1.4), arekit (>=0.21.0 <=0.22.1) +188 more potentially affected by CVE-2022-41911 via tensorflow-gpu (>=1.10.1 <=2.8.3)

tensorflow-gpu PYPI version =1.10.1, =1.1.2, =0.21.0, =0.23.0, =0.9.2, =1.0.0, =0.1.0, =0.0.1, =0.0.9, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - brainhance =0.0.1 and more Source cves: CVE-2022-41911 Source advisory: OSV:GHSA-PF36-R9C6-H97J...

aimodelshare (>=0.0.157 <=0.1.0), aliby (>=0.1.18 <=0.1.55) +69 more potentially affected by CVE-2022-41909 via tensorflow (>=2.9.0 <=2.9.2)

tensorflow PYPI version =2.9.0, =0.0.157, =0.1.18, =0.1.11, =0.30.0, =0.2.6, =0.0.1, =1.0.0, =0.0.0, =4.8.2, =0.9.0, =0.99.1 - cvt-tensorflow =1.1.4 and more Source cves: CVE-2022-41909 Source advisory: OSV:GHSA-RJX6-V474-2CH9...

125softnlp (=0.0.1), a2 (>=0.10.11 <=0.10.13) +4934 more potentially affected by CVE-2022-41900 via tensorflow (>=1.0.1 <=2.8.3)

tensorflow PYPI version =1.0.1, =0.10.11, =0.1.0, =0.0.0, =0.5.0, =0.1.6, =1.0.0, =2.0.0, =1.0.0, =0.0.1, =0.0.7 and more Source cves: CVE-2022-41900 Source advisory: OSV:GHSA-XVWP-H6JV-7472...

125softnlp (=0.0.1), a2 (>=0.10.11 <=0.10.13) +4934 more potentially affected by CVE-2022-41899 via tensorflow (>=1.0.1 <=2.8.3)

tensorflow PYPI version =1.0.1, =0.10.11, =0.1.0, =0.0.0, =0.5.0, =0.1.6, =1.0.0, =2.0.0, =1.0.0, =0.0.1, =0.0.7 and more Source cves: CVE-2022-41899 Source advisory: OSV:GHSA-27RC-728F-X5W2...

animl (>=1.1.2 <=1.1.4), arekit (>=0.21.0 <=0.22.1) +188 more potentially affected by CVE-2022-41886 via tensorflow-gpu (>=1.10.1 <=2.8.3)

tensorflow-gpu PYPI version =1.10.1, =1.1.2, =0.21.0, =0.23.0, =0.9.2, =1.0.0, =0.1.0, =0.0.1, =0.0.9, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - brainhance =0.0.1 and more Source cves: CVE-2022-41886 Source advisory: OSV:GHSA-54PP-C6PP-7FPX...

PT-2022-25506 · Ibm · Ibm I Access Family

Name of the Vulnerable Software and Affected Versions: IBM i Access Family versions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.0 Description: The issue allows a local authenticated attacker to execute arbitrary code on the system due to a DLL search order hijacking vulnerability. An attacker...

PT-2022-7280 · Cbeust +1 · Testng +1

Name of the Vulnerable Software and Affected Versions: cbeust testng versions 7.5.0 through 7.7.0 Description: A critical issue affects the function testngXmlExistsInJar of the file testng-core/src/main/java/org/testng/JarFileUtils.java of the component XML File Parser, leading to path traversal...

acceldata-o2a (=1.0.0), acryl-datahub-airflow-plugin (>=0.8.44.4 <=1.3.1.post1) +130 more potentially affected by CVE-2022-40127 via apache-airflow (>=1.8.2 <=2.3.4)

apache-airflow PYPI version =1.8.2, =0.8.44.4, =1.4.0.3.post4, =1.4.0.3.post3, =0.1.0rc3, =0.1.0, =0.2.9b1, =0.4.0, =0.1.0a1, =0.6.0, =0.1.1, =0.1.1, =0.2.0, =0.11.0 and more Source cves: CVE-2022-40127 Source advisory: OSV:GHSA-6PW3-8H9W-32GC...

PT-2022-35252 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions 5.15.65 through 5.15.74 Description: The issue concerns a potential security vulnerability in the Linux Kernel. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versio...

Palantir 日志信息泄露漏洞

Palantir is a data platform from Palantir, Inc. that reimagines how people use data by removing the barriers between back-end data management and front-end data analysis. A log information disclosure vulnerability exists in Palantir Foundry Code-Workbooks versions 4.144 through 4.460.0, which...

PT-2022-35403 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions v5.15.58 through v5.15.74 Description: A memory leak issue was discovered in the xhci alloc dbc function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions...