CVE-2024-49588 – Multiple authenticated SQL injections in oracle-sidecar
https://notcve.org/view.php?id=CVE-2024-49588
Multiple endpoints in `oracle-sidecar` in versions 0.347.0 to 0.543.0 were found to be vulnerable to SQL injections. • https://cwe.mitre.org/data/definitions/89.html https://palantir.safebase.us/?tcuUid=b5724367-8b86-436a-8ef2-4480ec41cc2c • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-30970 – Gotham table and Forward App Path traversal
https://notcve.org/view.php?id=CVE-2023-30970
Gotham Table service and Forward App were found to be vulnerable to a Path traversal issue allowing an authenticated user to read arbitrary files on the file system. Se descubrió que el servicio Gotham Table y Forward App eran vulnerables a un problema de path traversal que permitía a un usuario autenticado leer archivos arbitrarios en el sistema de archivos. • https://palantir.safebase.us/?tcuUid=69be99ef-ad24-4339-9017-c8bf70789c72 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-36: Absolute Path Traversal •
CVE-2023-30954 – Gotham Video Broken Authentication
https://notcve.org/view.php?id=CVE-2023-30954
The Gotham video-application-server service contained a race condition which would cause it to not apply certain acls new videos if the source system had not yet initialized. El servicio del servidor de aplicaciones de vídeo de Gotham contenía una condición de ejecución que provocaría que no aplicara ciertas ACL a nuevos vídeos si el sistema fuente aún no se había inicializado. • https://palantir.safebase.us/?tcuUid=d2366a3e-a92c-476e-8a7a-7db60e4be567 • CWE-285: Improper Authorization CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2023-30967 – Gotham Orbital Simulator path traversal
https://notcve.org/view.php?id=CVE-2023-30967
Gotham Orbital-Simulator service prior to 0.692.0 was found to be vulnerable to a Path traversal issue allowing an unauthenticated user to read arbitrary files on the file system. Se descubrió que el servicio Gotham Orbital-Simulator anterior a 0.692.0 era vulnerable a un problema de Path Traversal que permitía a un usuario no autenticado leer archivos arbitrarios en el sistema de archivos. • https://palantir.safebase.us/?tcuUid=8fd5809f-26f8-406e-b36f-4a6596a19d79 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-287: Improper Authentication •
CVE-2023-30969 – Palantir Tiles missing authentication on API endpoints
https://notcve.org/view.php?id=CVE-2023-30969
The Palantir Tiles1 service was found to be vulnerable to an API wide issue where the service was not performing authentication/authorization on all the endpoints. Se descubrió que el servicio Palantir Tiles1 era vulnerable a un problema en toda la API en el que el servicio no realizaba autenticación/autorización en todos los endpoints. • https://palantir.safebase.us/?tcuUid=afcbc9b2-de62-44b9-b28b-2ebf0684fbf7 • CWE-284: Improper Access Control CWE-862: Missing Authorization •