15 matches found
CVE-2023-36467
AWS data.all is an open source development framework to help users build a data marketplace on Amazon Web Services. data.all versions 1.2.0 through 1.5.1 do not prevent remote code execution when a user injects Python commands into the ‘Template’ field when configuring a data pipeline. The issue...
Linux Distros Unpatched Vulnerability : CVE-2024-36467
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An authenticated user with API access e.g.: user with default User role, more specifically a user with access to the user.update API endpoint is enough to be ab...
CVE-2024-36467
An authenticated user with API access e.g.: user with default User role, more specifically a user with access to the user.update API endpoint is enough to be able to add themselves to any group e.g.: Zabbix Administrators, except to groups that are disabled or having restricted GUI access...
CVE-2024-36467
An authenticated user with API access e.g.: user with default User role, more specifically a user with access to the user.update API endpoint is enough to be able to add themselves to any group e.g.: Zabbix Administrators, except to groups that are disabled or having restricted GUI access...
CVE-2024-36467
An authenticated user with API access e.g.: user with default User role, more specifically a user with access to the user.update API endpoint is enough to be able to add themselves to any group e.g.: Zabbix Administrators, except to groups that are disabled or having restricted GUI access...
CVE-2024-36467 Authentication privilege escalation via user groups due to missing authorization checks
An authenticated user with API access e.g.: user with default User role, more specifically a user with access to the user.update API endpoint is enough to be able to add themselves to any group e.g.: Zabbix Administrators, except to groups that are disabled or having restricted GUI access...
CVE-2024-36467 Authentication privilege escalation via user groups due to missing authorization checks
An authenticated user with API access e.g.: user with default User role, more specifically a user with access to the user.update API endpoint is enough to be able to add themselves to any group e.g.: Zabbix Administrators, except to groups that are disabled or having restricted GUI access...
CVE-2023-36467
creationtimestamp| type| source ---|---|--- 2023-06-28 18:13:22+00:00| seen| https://t.me/cibsecurity/65624...
CVE-2023-36467
CVE-2023-36467 concerns AWS data.all, an open-source data marketplace framework. The connected sources confirm that versions 1.2.0 through 1.5.1 are vulnerable to remote code execution when an authenticated user injects Python commands into the Template field during data pipeline configuration. T...
CVE-2023-36467 AWS data.all vulnerable to RCE through user injection of Python Commands
AWS data.all is an open source development framework to help users build a data marketplace on Amazon Web Services. data.all versions 1.2.0 through 1.5.1 do not prevent remote code execution when a user injects Python commands into the ‘Template’ field when configuring a data pipeline. The issue...
CVE-2022-36467
H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow via the function EditMacList.d...
CVE-2022-36467
CVE-2022-36467 affects H3C B5 Mini B5MiniV100R005; a stack overflow is triggered in the EditMacList.d function. The records indicate a likely impact to availability and integrity with a CVSS v3.1 base score of 7.8 (HIGH) via local access and low privileges, no user interaction required. Connected...
CVE-2020-36467
creationtimestamp| type| source ---|---|--- 2021-08-08 12:35:43+00:00| seen| https://t.me/cibsecurity/26980...
CVE-2020-36467
An issue was discovered in the cgc crate through 2020-12-10 for Rust. Ptr::get returns more than one mutable reference to the same object...
CVE-2020-36467
The CVE-2020-36467 entry concerns the Rust crate cgc . The root cause is that Ptr::get returns multiple mutable references to the same object, violating alias rules. Multiple connected sources describe this issue and note potential data races when the crate is used across threads. The records ref...