CVE-2022-2639

creationtimestamp| type| source ---|---|--- 2022-09-02 00:38:43+00:00| seen| https://t.me/cibsecurity/49214 2022-09-06 08:37:12+00:00| published-proof-of-concept| https://t.me/proxybar/950 2022-09-11 10:35:15+00:00| published-proof-of-concept|...

CVE-2022-37129

creationtimestamp| type| source ---|---|--- 2022-09-01 02:37:18+00:00| seen| https://t.me/cibsecurity/49155 2025-10-14 10:31:54+00:00| seen| MISP/a41d8549-5384-5e1a-8c33-bf88e35b5a0a...

Remote Code Execution

flysystem is vulnerable to remote code execution. Lack of proper parameter validation in JMSMessageConsumer allows an attacker to upload and execute malicious code on the system under attack, when a configuration uses a JMS Source with a JNDI LDAP data source URI...

Remote code execution in Apache Flume

Apache Flume versions 1.4.0 through 1.10.0 are vulnerable to a remote code execution RCE attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI to allow only the use of the java...

GHSA-H9MH-MGPV-GQMV Remote code execution in Apache Flume

Apache Flume versions 1.4.0 through 1.10.0 are vulnerable to a remote code execution RCE attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI to allow only the use of the java...

CVE-2022-34916

Apache Flume versions 1.4.0 through 1.10.0 are vulnerable to a remote code execution RCE attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI to allow only the use of the java...

CVE-2022-34916

Apache Flume versions 1.4.0 through 1.10.0 are vulnerable to a remote code execution RCE attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI to allow only the use of the java...

Remote code execution

Apache Flume versions 1.4.0 through 1.10.0 are vulnerable to a remote code execution RCE attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI to allow only the use of the java...

Apache Flume 输入验证错误漏洞

Apache Flume is a distributed, reliable and available service from the Apache Foundation, USA. Used to efficiently collect, aggregate, and move large amounts of log data, versions of Apache Flume prior to 1.4.0 through 1.10.0 contain a security vulnerability that stems from vulnerability to remot...

CVE-2022-31665

creationtimestamp| type| source ---|---|--- 2022-08-05 20:20:57+00:00| seen| https://t.me/cibsecurity/47633 2022-12-08 14:11:31+00:00| seen| MISP/d3a33563-6aa9-4388-8f6a-8f738a3a01c1...

GSD-2022-1004470 perf arm-spe: Don't set data source if it's not a memory operation

perf arm-spe: Don't set data source if it's not a memory operation This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.51 by commit...

GHSA-HMVW-66JM-H9FH SQL Injection found in Dataease

Dataease v1.11.1 was discovered to contain a SQL injection vulnerability via the parameter dataSourceId. Version 1.11.2 contains a fix...

GHSA-VJMR-6PMM-RPRF Dataease v1.11.1 SQL Injection via parameter dataSourceId

Dataease v1.11.1 was discovered to contain a SQL injection vulnerability via the parameter dataSourceId. Version 1.11.2 contains a fix...

CVE-2022-31163

TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Versions prior to 0.36.1, as well as those prior to 1.2.10 when used with the Ruby data source tzinfo-data, are vulnerable to relative path traversal. With the Ruby data source,...

UBUNTU-CVE-2022-31163

TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Versions prior to 0.36.1, as well as those prior to 1.2.10 when used with the Ruby data source tzinfo-data, are vulnerable to relative path traversal. With the Ruby data source,...

DataEase 代码问题漏洞

DataEase is an open source data visualization and analysis tool. Used to help users quickly analyze data and insight into business trends , so as to achieve business improvement and optimization . DataEase v1.11.1 There is a code issue vulnerability , the vulnerability stems from the existence of...

PT-2022-20578 · Tzinfo +3 · Tzinfo +3

Name of the Vulnerable Software and Affected Versions: TZInfo versions prior to 0.3.61 TZInfo versions 1.0.0 to 1.2.9 when used with the Ruby data source TZInfo version 0.3.60 and earlier Description: The issue is related to relative path traversal in the TZInfo Ruby library, which provides acces...

Grafana -- Unauthorized file disclosure

Grafana Labs reports: On July 21, an internal security review identified an unauthorized file disclosure vulnerability in the Grafana Image Renderer plugin when HTTP remote rendering is used. The Chromium browser embedded in the Grafana Image Renderer allows for “printing” of unauthorized files i...

CVE-2022-33082

creationtimestamp| type| source ---|---|--- 2022-07-01 02:38:59+00:00| seen| https://t.me/cibsecurity/45461...

The vulnerability of the authentication mechanism for voting sessions in the software of the ImageCast X device for marking ballots allows a perpetrator to obtain an arbitrary number of ballots without authorization.

The vulnerability of the authentication mechanism for voting sessions in the ImageCast X device’s voting software is related to a lack of a mechanism for verifying the source of data. Exploiting this vulnerability could allow an intruder to obtain any number of ballots without being authorized...