‼ CVE-2023-22888 ‼
📖 Read
via "National Vulnerability Database".
Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to cause a service disruption by manipulating the run_id parameter. This vulnerability is considered low since it requires an authenticated user to exploit it. It is recommended to upgrade to a version that is not affected📖 Read
via "National Vulnerability Database".
‼ CVE-2023-35908 ‼
📖 Read
via "National Vulnerability Database".
Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows unauthorized read access to a DAG through the URL. It is recommended to upgrade to a version that is not affected📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45855 ‼
📖 Read
via "National Vulnerability Database".
SpringEL injection in the metrics source in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-37582 ‼
📖 Read
via "National Vulnerability Database".
The RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023-33246 issue was not completely fixed in version 5.1.1. When NameServer address are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function on the NameServer component to execute commands as the system users that RocketMQ is running as. It is recommended for users to upgrade their NameServer version to 5.1.2 or above for RocketMQ 5.x or 4.9.7 or above for RocketMQ 4.x to prevent these attacks.📖 Read
via "National Vulnerability Database".
❤1
‼ CVE-2023-31007 ‼
📖 Read
via "National Vulnerability Database".
Improper Authentication vulnerability in Apache Software Foundation Apache Pulsar Broker allows a client to stay connected to a broker after authentication data expires if the client connected through the Pulsar Proxy when the broker is configured with authenticateOriginalAuthData=false or if a client connects directly to a broker with a specially crafted connect command when the broker is configured with authenticateOriginalAuthData=false.This issue affects Apache Pulsar: through 2.9.4, from 2.10.0 through 2.10.3, 2.11.0.2.9 Pulsar Broker users should upgrade to at least 2.9.5.2.10 Pulsar Broker users should upgrade to at least 2.10.4.2.11 Pulsar Broker users should upgrade to at least 2.11.1.3.0 Pulsar Broker users are unaffected.Any users running the Pulsar Broker for 2.8.* and earlier should upgrade to one of the above patched versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-30428 ‼
📖 Read
via "National Vulnerability Database".
Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar Broker's Rest Producer allows authenticated user with a custom HTTP header to produce a message to any topic using the broker's admin role.This issue affects Apache Pulsar Brokers: from 2.9.0 through 2.9.5, from 2.10.0 before 2.10.4, 2.11.0.The vulnerability is exploitable when an attacker can connect directly to the Pulsar Broker. If an attacker is connecting through the Pulsar Proxy, there is no known way to exploit this authorization vulnerability.There are two known risks for affected users. First, an attacker could produce garbage messages to any topic in the cluster. Second, an attacker could produce messages to the topic level policies topic for other tenants and influence topic settings that could lead to exfiltration and/or deletion of messages for other tenants.2.8 Pulsar Broker users and earlier are unaffected.2.9 Pulsar Broker users should upgrade to one of the patched versions.2.10 Pulsar Broker users should upgrade to at least 2.10.4.2.11 Pulsar Broker users should upgrade to at least 2.11.1.3.0 Pulsar Broker users are unaffected.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43758 ‼
📖 Read
via "National Vulnerability Database".
Adobe Media Encoder versions 22.0, 15.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious MP4 file.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-33668 ‼
📖 Read
via "National Vulnerability Database".
DigiExam up to v14.0.2 lacks integrity checks for native modules, allowing attackers to access PII and takeover accounts on shared computers.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38065 ‼
📖 Read
via "National Vulnerability Database".
In JetBrains TeamCity before 2023.05.1 stored XSS while viewing the build log was possible📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38068 ‼
📖 Read
via "National Vulnerability Database".
In JetBrains YouTrack before 2023.1.16597 captcha was not properly validated for Helpdesk forms📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38061 ‼
📖 Read
via "National Vulnerability Database".
In JetBrains TeamCity before 2023.05.1 stored XSS when using a custom theme was possible📖 Read
via "National Vulnerability Database".
‼ CVE-2020-20021 ‼
📖 Read
via "National Vulnerability Database".
An issue discovered in MikroTik Router v6.46.3 and earlier allows attacker to cause denial of service via misconfiguration in the SSH daemon.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38067 ‼
📖 Read
via "National Vulnerability Database".
In JetBrains TeamCity before 2023.05.1 build parameters of the "password" type could be written to the agent log📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44696 ‼
📖 Read
via "National Vulnerability Database".
Adobe Prelude version 22.1.1 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious JPEG file.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38064 ‼
📖 Read
via "National Vulnerability Database".
In JetBrains TeamCity before 2023.05.1 build chain parameters of the "password" type could be written to the agent log📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38063 ‼
📖 Read
via "National Vulnerability Database".
In JetBrains TeamCity before 2023.05.1 stored XSS while running custom builds was possible📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43757 ‼
📖 Read
via "National Vulnerability Database".
Adobe Media Encoder versions 22.0, 15.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious 3GP ?file📖 Read
via "National Vulnerability Database".
‼ CVE-2023-38062 ‼
📖 Read
via "National Vulnerability Database".
In JetBrains TeamCity before 2023.05.1 parameters of the "password" type could be shown in the UI in certain composite build configurations📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2023-3595 ‼
📖 Read
via "National Vulnerability Database".
Where this vulnerability exists in the Rockwell Automation 1756 EN2* and 1756 EN3* Ethernet/IP communication products, it could allow a malicious user to perform remote code execution with persistence on the target system through maliciously crafted CIP messages. This includes the ability to modify, deny, and exfiltrate data passing through the device.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43759 ‼
📖 Read
via "National Vulnerability Database".
Adobe Media Encoder versions 22.0, 15.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious MP4 file.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43760 ‼
📖 Read
via "National Vulnerability Database".
Adobe Media Encoder versions 22.0, 15.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious MOV file.📖 Read
via "National Vulnerability Database".