Lucene search
K

26 matches found

OSV
OSV
added 2022/02/01 1:15 p.m.15 views

CVE-2021-41571

In Apache Pulsar it is possible to access data from BookKeeper that does not belong to the topics accessible by the authenticated user. The Admin API get-message-by-id requires the user to input a topic and a ledger id. The ledger id is a pointer to the data, and it is supposed to be a valid it f...

6.5CVSS6.2AI score
Exploits0References3
Cvelist
Cvelist
added 2022/02/01 12:40 p.m.34 views

CVE-2021-41571 Pulsar Admin API allows access to data from other tenants using getMessageById API

In Apache Pulsar it is possible to access data from BookKeeper that does not belong to the topics accessible by the authenticated user. The Admin API get-message-by-id requires the user to input a topic and a ledger id. The ledger id is a pointer to the data, and it is supposed to be a valid it f...

6.4AI score0.01775EPSS
Exploits1References3
CVE
CVE
added 2022/02/01 12:40 p.m.93 views

CVE-2021-41571

CVE-2021-41571 affects Apache Pulsar. The vulnerability arises from improper validation of the ledger id in the Admin API get-message-by-id, allowing a user to read BookKeeper data for tenants other than their own via the topic- and ledger-id context. Affected versions include Pulsar 2.8.0 and ol...

6.5CVSS6.2AI score0.01775EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2022/02/01 12:0 a.m.5 views

PT-2022-11431 · Apache · Apache Pulsar

Name of the Vulnerable Software and Affected Versions: Apache Pulsar versions prior to 2.8.1 Apache Pulsar versions prior to 2.7.4 Apache Pulsar versions prior to 2.6.5 Description: The issue allows access to data from BookKeeper that does not belong to the topics accessible by the authenticated...

6.5CVSS6.1AI score0.01775EPSS
Exploits1References14
CNNVD
CNNVD
added 2022/01/31 12:0 a.m.4 views

Apache Pulsar 输入验证错误漏洞

Apache Pulsar is the United States Apache Apache Foundation for cloud environments, set of messages, storage, lightweight functional computing as one of the distributed message flow platform. The software supports multi-tenant, persistent storage, multi-machine room cross-region data replication,...

6.5CVSS5.7AI score0.01775EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2019/08/26 12:0 a.m.24 views

Fedora 29 : nfdump (2019-9013b5e75d)

2019-08-14 - Fix compile issues - Fix output buffer size for lzo1xdecompresssafe 2019-08-07 - Fix VerifyExtensionMap 179 2019-08-06 - Fix compile errors 2019-08-05 - Fix nfdump.1 man page. 175 - Fix off by 1 array. 173 - Fix use after free in ModifyCompressFile - Add bound checks in AddExporterSt...

7.8CVSS7.3AI score0.02709EPSS
Exploits1References3
Rows per page
Query Builder