### Impact A [vulnerability](https://www.cve.org/CVERecord?id=CVE-2022-24785) in an upstream library means an authenticated attacker can abuse locale input to execute arbitrary commands from a file th ...
Continue Reading
June 16, 2022
### Impact The /api/v2/config endpoint exposes message bus credentials to local unauthenticated users. In security-enabled mode, message bus credentials are supposed to be kept in the EdgeX secret st ...
Continue Reading
June 16, 2022
### Impact A path traversal issue was found in the (g *GitArtifactReader).Read() API. Read() calls into (g *GitArtifactReader).readFromRepository() that opens and reads the file that contains the trig ...
Continue Reading
June 16, 2022
### Impact Several `HandleRoute` endpoints make use of the deprecated `ioutil.ReadAll()`. `ioutil.ReadAll()` reads all the data into memory. As such, an attacker who sends a large request to the Argo ...
Continue Reading
June 16, 2022
`rdiff` performs a diff of two provided strings or files. As part of its reading code it uses the return value of a `Read` instance to set the length of its internal character vector. If the `Read` im ...
Continue Reading
June 16, 2022
In the affected versions of the crate, `AtomicBucket` unconditionally implements `Send`/`Sync` traits. Therefore, users can create a data race to the inner `T: !Sync` by using the `AtomicBucket::data_ ...
Continue Reading
June 16, 2022
Affected version of this crate, which is a required dependency in com-impl, provides a faulty implementation of the `IUnknown::QueryInterface` method. `QueryInterface` implementation must call `IUnkno ...
Continue Reading
June 16, 2022
Affects: Notebook and Lab between 6.4.0?(potentially earlier) and 6.4.11 (currently latest). Jupyter Server Read More ...
Continue Reading
June 16, 2022
Back to Main
