Lucene search
K

22 matches found

Nuclei
Nuclei
added yesterday32 views

Apache NiFi - Information Disclosure

Apache NiFi 1.10.0 through 2.0.0 are missing fine-grained authorization checking for Parameter Contexts, referenced Controller Services, and referenced Parameter Providers, when creating new Process Groups. Creating a new Process Group can include binding to a Parameter Context, but in cases wher...

5.4CVSS6.2AI score0.03095EPSS
Exploits0
OSV
OSV
added 2026/06/24 11:7 a.m.4 views

BIT-NIFI-2026-44914 Apache NiFi: Missing Authorization of Restricted Permissions when Replacing Flow Contents

Apache NiFi 1.12.0 through 2.9.0 are missing authorization when replacing Process Groups that include extension components with specific Required Permissions based on the Restricted annotation. The Restricted annotation indicates additional privileges required, but framework authorization did not...

7.5CVSS5.9AI score0.00393EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.6 views

PT-2026-51840

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A deadlock can occur in the send sigio and send sigurg functions when a process group receives a signal. This happens because these functions use read lock&tasklist lock to traverse the...

7.5CVSS5.8AI score0.00612EPSS
Exploits0References16
NVD
NVD
added 2026/06/22 8:17 a.m.15 views

CVE-2026-44914

Apache NiFi 1.12.0 through 2.9.0 are missing authorization when replacing Process Groups that include extension components with specific Required Permissions based on the Restricted annotation. The Restricted annotation indicates additional privileges required, but framework authorization did not...

7.5CVSS0.00393EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/22 7:38 a.m.35 views

CVE-2026-44914 Apache NiFi: Missing Authorization of Restricted Permissions when Replacing Flow Contents

Apache NiFi 1.12.0 through 2.9.0 are missing authorization when replacing Process Groups that include extension components with specific Required Permissions based on the Restricted annotation. The Restricted annotation indicates additional privileges required, but framework authorization did not...

7.5CVSS0.00393EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/22 7:38 a.m.11 views

EUVD-2026-38219

Apache NiFi 1.12.0 through 2.9.0 are missing authorization when replacing Process Groups that include extension components with specific Required Permissions based on the Restricted annotation. The Restricted annotation indicates additional privileges required, but framework authorization did not...

7.5CVSS5.9AI score0.00393EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 7:38 a.m.12 views

CVE-2026-44914

Apache NiFi 1.12.0 through 2.9.0 are missing authorization when replacing Process Groups that include extension components with specific Required Permissions based on the Restricted annotation. The Restricted annotation indicates additional privileges required, but framework authorization did not...

7.5CVSS5.9AI score0.00393EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/22 7:38 a.m.27 views

CVE-2026-44914

Apache NiFi versions 1.12.0–2.9.0 are vulnerable to missing authorization when replacing Process Groups that include extension components with the Restricted annotation. The Restricted annotation signals higher privileges, but framework authorization did not enforce restricted status during repla...

7.5CVSS5.9AI score0.00393EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.13 views

PT-2026-51284

Name of the Vulnerable Software and Affected Versions Apache NiFi versions 1.12.0 through 2.9.0 Description Authorization is missing when replacing Process Groups that include extension components with specific Required Permissions based on the Restricted annotation. The Restricted annotation...

7.5CVSS5.9AI score0.00393EPSS
Exploits0References10
OSV
OSV
added 2025/09/12 11:47 a.m.5 views

BIT-NIFI-2024-56512 Apache NiFi: Missing Complete Authorization for Parameter and Service References

Apache NiFi 1.10.0 through 2.0.0 are missing fine-grained authorization checking for Parameter Contexts, referenced Controller Services, and referenced Parameter Providers, when creating new Process Groups. Creating a new Process Group can include binding to a Parameter Context, but in cases wher...

5.4CVSS6.8AI score0.03095EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2016-2500

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Activity Manager in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not properly terminate process groups, which allows attackers...

5.5CVSS6.3AI score0.00359EPSS
Exploits0References2
RustSec
RustSec
added 2025/01/15 12:0 p.m.6 views

`root` appended to group listings

Affected versions append root to group listings, unless the correct listing has exactly 1024 groups. This affects both: - The supplementary groups of a user - The group access list of the current process If the caller uses this information for access control, this may lead to privilege escalation...

7.1CVSS6.8AI score0.00166EPSS
Exploits0Affected Software1
Github Security Blog
Github Security Blog
added 2024/12/28 6:30 p.m.18 views

Apache NiFi: Missing Complete Authorization for Parameter and Service References

Apache NiFi 1.10.0 through 2.0.0 are missing fine-grained authorization checking for Parameter Contexts, referenced Controller Services, and referenced Parameter Providers, when creating new Process Groups. Creating a new Process Group can include binding to a Parameter Context, but in cases wher...

5.4CVSS6.7AI score0.03095EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2024/12/28 4:18 p.m.14 views

CVE-2024-56512 Apache NiFi: Missing Complete Authorization for Parameter and Service References

Apache NiFi 1.10.0 through 2.0.0 are missing fine-grained authorization checking for Parameter Contexts, referenced Controller Services, and referenced Parameter Providers, when creating new Process Groups. Creating a new Process Group can include binding to a Parameter Context, but in cases wher...

2.1CVSS6.7AI score0.03095EPSS
Exploits0References1
CVE
CVE
added 2024/12/28 4:18 p.m.964 views

CVE-2024-56512

CVE-2024-56512 (Apache NiFi) affects NiFi 1.10.0–2.0.0, where creating a new Process Group omits fine‑grained authorization checks for Parameter Contexts, referenced Controller Services, and referenced Parameter Providers. As a result, authenticated users with permission to create Process Groups ...

5.4CVSS6.4AI score0.03095EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/12/28 4:18 p.m.10 views

CVE-2024-56512 Apache NiFi: Missing Complete Authorization for Parameter and Service References

Apache NiFi 1.10.0 through 2.0.0 are missing fine-grained authorization checking for Parameter Contexts, referenced Controller Services, and referenced Parameter Providers, when creating new Process Groups. Creating a new Process Group can include binding to a Parameter Context, but in cases wher...

2.1CVSS6.2AI score0.03095EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/12/28 12:0 a.m.6 views

Apache NiFi 安全漏洞

Apache NiFi is a data processing and distribution system from the Apache USA Foundation. The system is primarily used for data routing, transformation, and system brokering logic. A security vulnerability exists in Apache NiFi versions 1.10.0 to 2.0.0, which stems from a lack of fine-grained...

5.4CVSS6.5AI score0.03095EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/12/26 12:0 a.m.7 views

PT-2024-10215 · Apache · Apache Nifi

Name of the Vulnerable Software and Affected Versions: Apache NiFi versions 1.10.0 through 2.0.0 Description: The issue is related to missing fine-grained authorization checking for Parameter Contexts, referenced Controller Services, and referenced Parameter Providers when creating new Process...

5.4CVSS7AI score0.03095EPSS
Exploits0References22
CNNVD
CNNVD
added 2023/12/08 12:0 a.m.6 views

Python Security Vulnerabilities

Python is an open source, object-oriented programming language from the Python Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. A security vulnerability exists in Python version 3.12.0 that stems from the fact that when using the empty...

6.1CVSS8.3AI score0.01326EPSS
Exploits0References8
OSV
OSV
added 2016/06/13 1:59 a.m.6 views

CVE-2016-2500

Activity Manager in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not properly terminate process groups, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 19285814...

5.5CVSS7.3AI score0.00359EPSS
Exploits0References2
Rows per page
Query Builder