UBUNTU-CVE-2022-31163

TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Versions prior to 0.36.1, as well as those prior to 1.2.10 when used with the Ruby data source tzinfo-data, are vulnerable to relative path traversal. With the Ruby data source,...

DataEase 代码问题漏洞

DataEase is an open source data visualization and analysis tool. Used to help users quickly analyze data and insight into business trends , so as to achieve business improvement and optimization . DataEase v1.11.1 There is a code issue vulnerability , the vulnerability stems from the existence of...

PT-2022-20578 · Tzinfo +3 · Tzinfo +3

Name of the Vulnerable Software and Affected Versions: TZInfo versions prior to 0.3.61 TZInfo versions 1.0.0 to 1.2.9 when used with the Ruby data source TZInfo version 0.3.60 and earlier Description: The issue is related to relative path traversal in the TZInfo Ruby library, which provides acces...

Grafana -- Unauthorized file disclosure

Grafana Labs reports: On July 21, an internal security review identified an unauthorized file disclosure vulnerability in the Grafana Image Renderer plugin when HTTP remote rendering is used. The Chromium browser embedded in the Grafana Image Renderer allows for “printing” of unauthorized files i...

CVE-2022-33082

creationtimestamp| type| source ---|---|--- 2022-07-01 02:38:59+00:00| seen| https://t.me/cibsecurity/45461...

The vulnerability of the authentication mechanism for voting sessions in the software of the ImageCast X device for marking ballots allows a perpetrator to obtain an arbitrary number of ballots without authorization.

The vulnerability of the authentication mechanism for voting sessions in the ImageCast X device’s voting software is related to a lack of a mechanism for verifying the source of data. Exploiting this vulnerability could allow an intruder to obtain any number of ballots without being authorized...

Grafana -- Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins

Grafana Labs reports: On June 26 a security researcher contacted Grafana Labs to disclose a vulnerability with the GitLab data source plugin that could leak the API key to GitLab. After further analysis the vulnerability impacts data source and plugin proxy endpoints with authentication tokens bu...

The vulnerability of the Yandex Browser lies in its data source verification mechanism’s flaws, which allows attackers to manipulate the content of the address bar.

The vulnerability of the Yandex Browser is related to deficiencies in the mechanism for verifying the source of data. Exploiting this vulnerability allows a remote attacker to manipulate the content of the address bar...

Remote Code Execution in Apache Flume

Apache Flume versions 1.4.0 through 1.9.0 are vulnerable to a remote code execution RCE attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI to allow only the use of the java...

GHSA-X5M7-RWFX-W7QM Remote Code Execution in Apache Flume

Apache Flume versions 1.4.0 through 1.9.0 are vulnerable to a remote code execution RCE attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI to allow only the use of the java...

CVE-2022-25167

Apache Flume versions 1.4.0 through 1.9.0 are vulnerable to a remote code execution RCE attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI to allow only the use of the java...

Remote code execution

Apache Flume versions 1.4.0 through 1.9.0 are vulnerable to a remote code execution RCE attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI to allow only the use of the java...

CVE-2022-25167

Apache Flume (versions 1.4.0–1.9.0) is vulnerable to remote code execution when a JMS Source is configured with a JNDI LDAP data source URI and an attacker controls the target LDAP server. The underlying issue is the JNDI usage, which can be exploited to run arbitrary code on the target. Remediat...

Apache Flume 安全漏洞

Apache Flume is a distributed, reliable and available service from the Apache Foundation. A remote code execution vulnerability exists in Apache Flume, which stems from the configuration of a JMS source with a JNDI LDAP data source URI, and could be exploited by an attacker to cause a remote code...

CVE-2022-1814

creationtimestamp| type| source ---|---|--- 2022-06-13 16:16:56+00:00| seen| https://t.me/cibsecurity/44268...

Security Bulletin: IBM Event Streams is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44832)

Summary There is a vulnerability in the Apache Log4j open source library. The library is used by IBM Event Streams. Vulnerability Details CVEID: CVE-2021-44832 DESCRIPTION: Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary cod...

CVE-2022-32275

creationtimestamp| type| source ---|---|--- 2022-06-06 22:30:08+00:00| seen| https://t.me/cibsecurity/43869 2022-06-08 13:37:04+00:00| seen| https://t.me/bhhub/892 2022-06-08 13:37:04+00:00| published-proof-of-concept| https://t.me/bhhub/793 2024-10-12 06:49:41+00:00| seen|...

CVE-2022-29184

creationtimestamp| type| source ---|---|--- 2022-05-21 00:31:08+00:00| seen| https://t.me/cibsecurity/43097...

OESA-2022-1641 perl-DBI security update

The DBI is the standard database interface module for Perl.It defines a set of methods, variables and conventions that providea consistent database interface independent of the actual database being used.It is important to remember that the DBI is just an interface.The DBI is a layer of "glue"...

CVE-2021-44832

Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a dat...