Exploit for Deserialization of Untrusted Data in Apache Kafka_Connect

SecVulList-Veraxy00 Let’s share some vulnerabilities I’ve id...

RESTEasy: creation of insecure temp files

In RESTEasy the insecure File.createTempFile is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user...

Grafana Information Disclosure Vulnerability (CNVD-2023-36311)

Grafana is Grafana open source set of open source monitoring tools that provide a visual monitoring interface . The tool is mainly used to monitor and analyze Graphite, InfluxDB and Prometheus and so on. Grafana suffers from an information disclosure vulnerability that stems from the ability to...

CVE-2023-1387

Grafana CVE-2023-1387 concerns a JWT leakage via the URL token auth_token when the url_login option is enabled (enabled by default? not specified here). Starting with Grafana 9.1, a JWT may be sent to data sources, potentially allowing an attacker with access to the data source to reuse the leake...

Grafana 安全漏洞

Grafana is Grafana open source set of open source monitoring tools that provide a visual monitoring interface . The tool is mainly used to monitor and analyze Graphite, InfluxDB and Prometheus and so on. Grafana suffers from an information disclosure vulnerability that stems from the ability to...

CVE-2023-2006

creationtimestamp| type| source ---|---|--- 2023-04-25 00:19:38+00:00| seen| https://t.me/cibsecurity/62772 2025-08-31 03:01:27+00:00| seen| MISP/ab0b745f-bbd5-338e-8b92-97dd0c757e9d...

Remote Code Execution (RCE)

org.apache.linkis:linkis-datasource is vulnerable to Remote Code Execution RCE. A remote attacker is able to upload and execute malicious code on the system, using MySQL data source and malicious parameters to configure a new data source which triggers insecure deserialization...

Apache Linkis Deserialization Vulnerability

Apache Linkis is a library of the U.S. Apache Apache Foundation. Helps to easily connect various backend compute/storage engines. Apache Linkis 1.3.1 and prior versions suffer from a deserialization vulnerability that stems from a parameter that lacks a valid filter, which can be exploited by an...

Apache Linkis DatasourceManager module has deserialization vulnerability

In Apache Linkis =1.3.1, because the parameters are not effectively filtered, the attacker can use the MySQL data source and malicious parameters to configure a new data source to trigger a deserialization vulnerability, eventually leading to remote code execution. Users should upgrade their...

GHSA-RRHF-32RQ-F28H Apache Linkis DatasourceManager module has deserialization vulnerability

In Apache Linkis =1.3.1, because the parameters are not effectively filtered, the attacker can use the MySQL data source and malicious parameters to configure a new data source to trigger a deserialization vulnerability, eventually leading to remote code execution. Users should upgrade their...

CVE-2023-29216

In Apache Linkis =1.3.1, because the parameters are not effectively filtered, the attacker uses the MySQL data source and malicious parameters to configure a new data source to trigger a deserialization vulnerability, eventually leading to remote code execution. Versions of Apache Linkis = 1.3.0...

CVE-2023-29216

In Apache Linkis =1.3.1, because the parameters are not effectively filtered, the attacker uses the MySQL data source and malicious parameters to configure a new data source to trigger a deserialization vulnerability, eventually leading to remote code execution. Versions of Apache Linkis = 1.3.0...

How the cops buy a "God view" of your location data, with Bennett Cyphers: Lock and Code S04E09

The list of people and organizations that are hungry for your location data--collected so routinely and packaged so conveniently that it can easily reveal where you live, where you work, where you shop, pray, eat, and relax--includes many of the usual suspects. Advertisers, obviously, want to sen...

Deserialization of untrusted data

In Apache Linkis =1.3.1, because the parameters are not effectively filtered, the attacker uses the MySQL data source and malicious parameters to configure a new data source to trigger a deserialization vulnerability, eventually leading to remote code execution. Versions of Apache Linkis = 1.3.0...

CVE-2023-29216 Apache Linkis DatasourceManager module has a deserialization command execution

In Apache Linkis =1.3.1, because the parameters are not effectively filtered, the attacker uses the MySQL data source and malicious parameters to configure a new data source to trigger a deserialization vulnerability, eventually leading to remote code execution. Versions of Apache Linkis = 1.3.0...

CVE-2023-29216 Apache Linkis DatasourceManager module has a deserialization command execution

In Apache Linkis =1.3.1, because the parameters are not effectively filtered, the attacker uses the MySQL data source and malicious parameters to configure a new data source to trigger a deserialization vulnerability, eventually leading to remote code execution. Versions of Apache Linkis = 1.3.0...

PT-2023-22210 · Apache · Apache Linkis

Name of the Vulnerable Software and Affected Versions: Apache Linkis versions 1.3.1 and earlier Description: The issue arises because parameters are not effectively filtered in Apache Linkis, allowing an attacker to use the MySQL data source and malicious parameters to configure a new data source...

Apache Linkis 代码问题漏洞

Apache Linkis is a library of the U.S. Apache Apache Foundation. Helps to easily connect various backend compute/storage engines. Apache Linkis 1.3.1 and prior versions suffer from a deserialization vulnerability that stems from a parameter that lacks a valid filter, which can be exploited by an...

CVE-2022-43940

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly perform an authorization check in the data source management service...

Authorization

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly perform an authorization check in the data source management service...