OpenSearch -- Log4Shell

OpenSearch reports: CVE-2021-45105 for Log4j was issued after the release of OpenSearch 1.2.2. This CVE advises upgrading to Log4j 2.17.0. While there has been no observed reproduction of the issue described in CVE-2021-45105 in OpenSearch, we have released OpenSearch 1.2.3 which updates Log4j to...

OpenSearch -- Log4Shell

OpenSearch reports: CVE-2021-45046 was issued shortly following the release of OpenSearch 1.2.1. This new CVE advises upgrading from Log4j 2.15.0 used in OpenSearch 1.2.1 to Log4j 2.16.0. Out of an abundance of caution, the team is releasing OpenSearch 1.2.2 which includes Log4j 2.16.0. While the...

Privilege Escalation

github.com/opensearch-project/opensearch-cli is vulnerable to Privilege Escalation. The vulnerability exists due to the weak file path permission in the configuration file, allowing an attacker to read or write any file on the file path...

FreeBSD : OpenSearch -- Log4Shell (4b1ac5a3-5bd4-11ec-8602-589cfc007716)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 4b1ac5a3-5bd4-11ec-8602-589cfc007716 advisory. - Apache Log4j2 2.10 this behavior can be mitigated by setting system property log4j2.formatMsgNoLookup...

CVE-2021-44833

The CLI 1.0.0 for Amazon AWS OpenSearch has weak permissions for the configuration file...

CVE-2021-44833

The CLI 1.0.0 for Amazon AWS OpenSearch has weak permissions for the configuration file...

Design/Logic Flaw

The CLI 1.0.0 for Amazon AWS OpenSearch has weak permissions for the configuration file...

CVE-2021-44833

The CLI 1.0.0 for Amazon AWS OpenSearch has weak permissions for the configuration file...

CVE-2021-44833

The CVE-2021-44833 entry affects the OpenSearch CLI 1.0.0 for Amazon OpenSearch, with weak permissions on the configuration file. The issue is described as a file‑permission weakness that can expose or alter configuration data, contributing to HIGH impact across confidentiality, integrity, and av...

OpenSearch Web browser 安全漏洞

OpenSearch Web browser is a Web browser. openSearch Web browser 1.0.0 has a security vulnerability that stems from the application's weak permissions on configuration files. No detailed vulnerability details are currently available...

OpenSearch -- Log4Shell

OpenSearch reports: A recently published security issue CVE-2021-44228 affects several versions of the broadly-used Apache Log4j library. Some software in the OpenSearch project includes versions of Log4j referenced in this CVE. While, at time of writing, the team has not found a reproduceable...

CVE-2020-8954

OpenSearch Web browser 1.0.4.9 allows Intent Scheme Hijacking.a link that opens another app in the browser can be manipulated...

CVE-2020-8954

OpenSearch Web browser 1.0.4.9 allows Intent Scheme Hijacking.a link that opens another app in the browser can be manipulated...

Buffer overflow

OpenSearch Web browser 1.0.4.9 allows Intent Scheme Hijacking.a link that opens another app in the browser can be manipulated...

CVE-2020-8954

OpenSearch Web browser 1.0.4.9 allows Intent Scheme Hijacking.a link that opens another app in the browser can be manipulated...

CVE-2020-8954

OpenSearch Web browser 1.0.4.9 is affected by an Intent Scheme Hijacking vulnerability. The description indicates that a link in the browser that opens another app can be manipulated, enabling potential redirection to unintended applications. The provided documents do not include further technica...

DEBIAN-CVE-2016-10245

Insufficient sanitization of the query parameter in templates/html/searchopensearch.php could lead to reflected cross-site scripting or iframe injection...

UBUNTU-CVE-2016-10245

Insufficient sanitization of the query parameter in templates/html/searchopensearch.php could lead to reflected cross-site scripting or iframe injection...

CVE-2016-10245

Insufficient sanitization of the query parameter in templates/html/searchopensearch.php could lead to reflected cross-site scripting or iframe injection...

openSUSE Security Update : MozillaThunderbird (openSUSE-2019-251)

This update for MozillaThunderbird to version 60.5.1 fixes the following issues : Security vulnerabilities addressed MSFA 2019-03 MSFA 2018-31 MFSA 2019-06 bsc1122983 bsc1119105 bsc1125330 : - CVE-2018-18356: Fixed a Use-after-free in Skia. - CVE-2019-5785: Fixed an Integer overflow in Skia. -...