drools <=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.java. The Validator class is not used correctly, resulting in the XXE injection vulnerability.
References
https://nvd.nist.gov/vuln/detail/CVE-2021-414…
Affected versions of this crate did not properly check the length of an enum when using enum_map! macro, trusting user-provided length.
When the LENGTH in the Enum trait does not match the array length in the EnumArray trait, this can result in the ini…
Reference returned by some methods of Ref (and similar types) may outlive the Ref and escape the lock.
This causes undefined behavior and may result in a segfault.
More information in dashmap#167 issue.
References
https://github.com/xacrimon/dashmap/i…
Impact
Unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires an environment variable to be set in a different thread than the affected functions. This may occur without the user’s know…
Affected versions of this crate called some methods using auto-ref. The affected code looked like this.
let mut arr = $crate::__core::mem::MaybeUninit::uninit();
let mut vec = $crate::__ArrayVec::<T>::new(arr.as_mut_ptr() as *mut T);
In this cas…
Impact
This vulnerability allows attackers who have control over a given apps update server / update storage to serve maliciously crafted update packages that pass the code signing validation check but contain malicious code in some components.
Please …
Impact
This vulnerability allows a renderer with JS execution to obtain access to a new renderer process with nodeIntegrationInSubFrames enabled which in turn allows effective access to ipcRenderer.
Please note the misleadingly named nodeIntegrationInS…
Affects: Notebook and Lab between 6.4.0?(potentially earlier) and 6.4.11 (currently latest). Jupyter Server <=1.16.0. If I am correct about the responsible code it will affect Jupyter-Server 1.17.0 and 2.0.0a0 as well.
Description: If notebook serve…
Impact
What kind of vulnerability is it? Who is impacted?
Authenticated requests to the notebook server with ContentsManager.allow_hidden = False only prevented listing the contents of hidden directories, not accessing individual hidden files or files …
The optional ShellUserGroupProvider in Apache NiFi 1.10.0 to 1.16.2 and Apache NiFi Registry 0.6.0 to 1.16.2 does not neutralize arguments for group resolution commands, allowing injection of operating system commands on Linux and macOS platforms. The …
