CVE-2021-27644

In Apache DolphinScheduler before 1.3.6 versions, authorized users can use SQL injection in the data source center. Only applicable to MySQL data source with internal login account password...

CVE-2021-27644

In Apache DolphinScheduler before 1.3.6 versions, authorized users can use SQL injection in the data source center. Only applicable to MySQL data source with internal login account password...

Sql injection

In Apache DolphinScheduler before 1.3.6 versions, authorized users can use SQL injection in the data source center. Only applicable to MySQL data source with internal login account password...

CVE-2021-27644

CVE-2021-27644 affects Apache DolphinScheduler prior to 1.3.6. Authorized users can trigger SQL injection in the data source center when using a MySQL data source with internal login credentials, potentially exposing or altering data in the underlying database. The related records consistently de...

CVE-2021-22402

creationtimestamp| type| source ---|---|--- 2021-10-28 16:23:35+00:00| seen| https://t.me/cibsecurity/31381...

Form Detected

The scanner has detected the presence of a form during the crawling of the target web application. Details about the form are provided in the plugin output. No source data...

CVE-2021-42228

creationtimestamp| type| source ---|---|--- 2021-10-14 20:27:53+00:00| seen| https://t.me/cibsecurity/30586...

Updated perl-DBI packages fix security vulnerability

An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the fdir attribute in the data source name DSN. CVE-2014-10402...

CVE-2021-36749

In the Druid ingestion system, the InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intended, such as the local file system, with the privileges of the Druid server process. This is not a...

CVE-2021-38163

creationtimestamp| type| source ---|---|--- 2021-09-14 16:21:47+00:00| seen| https://t.me/cibsecurity/28795 2021-09-15 14:22:34+00:00| seen| https://t.me/ptswarm/72 2021-09-16 15:55:40+00:00| seen| https://t.me/truesecator/2111 2023-06-14 21:10:04+00:00| seen|...

CVE-2021-27018

The mechanism which performs certificate validation was discovered to have a flaw that resulted in certificates signed by an internal certificate authority to not be properly validated. This issue only affects clients that are configured to utilize Tenable.sc as the vulnerability data source...

UBUNTU-CVE-2021-27018

The mechanism which performs certificate validation was discovered to have a flaw that resulted in certificates signed by an internal certificate authority to not be properly validated. This issue only affects clients that are configured to utilize Tenable.sc as the vulnerability data source...

Druid ingestion system Authenticated users can read data from other sources than intended

In the Druid ingestion system, the InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intended, such as the local file system, with the privileges of the Druid server process. This is not a...

CVE-2021-38137

creationtimestamp| type| source ---|---|--- 2021-08-06 18:32:28+00:00| seen| https://t.me/cibsecurity/26936...

USN-5030-1 libdbi-perl vulnerabilities

It was discovered that the Perl DBI module incorrectly opened files outside of the folder specified in the data source name. A remote attacker could possibly use this issue to obtain sensitive information. CVE-2014-10402 It was discovered that the Perl DBI module incorrectly handled certain long...

AVEVA System Platform 访问控制错误漏洞

AVEVA System Platform is an application from AVEVA UK. A responsive, standards-driven and scalable foundation for regulatory, enterprise SCADA, MES and IIoT applications. AVEVA System Platform is vulnerable to an Access Control Error vulnerability that arises from the software not properly...

The vulnerability of the Adobe Flash Player, related to a data source validation error, allows for the execution of arbitrary code.

The vulnerability of the Adobe Flash Player is related to a data source validation error. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

The vulnerability of software such as Google Chrome, Firefox, Firefox ESR, and Thunderbird lies in a data source confirmation error, which allows attackers to gain access to confidential data.

The vulnerability of the Google Chrome, Firefox, Firefox ESR, and Thunderbird software lies in a data source confirmation error. Exploiting this vulnerability allows an attacker to gain access to confidential data remotely...

Privilege escalation

In the Druid ingestion system, the InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intended, such as the local file system, with the privileges of the Druid server process. This is not a...

CVE-2021-26920

The CVE-2021-26920 issue affects Apache Druid’s ingestion system: the HTTP InputSource can be used by authenticated users to read data from sources other than intended (e.g., local files) with the Druid server’s privileges. This is not a privilege elevation when accessed directly, since a Local I...