Lucene search
K

78 matches found

OSV
OSV
added 2022/05/17 2:41 a.m.1 views

GHSA-H24P-QWF4-84Q8 Apache Hadoop's LinuxContainerExecutor runs docker commands as root with insufficient input validation

In Apache Hadoop 2.8.0, 3.0.0-alpha1, and 3.0.0-alpha2, the LinuxContainerExecutor runs docker commands as root with insufficient input validation. When the docker feature is enabled, authenticated users can run commands as root. This issue is fixed in versions 2.8.1 and 3.0.0-alpha3...

7.5CVSS7.2AI score0.01795EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/17 2:41 a.m.34 views

Apache Hadoop's LinuxContainerExecutor runs docker commands as root with insufficient input validation

In Apache Hadoop 2.8.0, 3.0.0-alpha1, and 3.0.0-alpha2, the LinuxContainerExecutor runs docker commands as root with insufficient input validation. When the docker feature is enabled, authenticated users can run commands as root. This issue is fixed in versions 2.8.1 and 3.0.0-alpha3...

8.5CVSS5.2AI score0.01795EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2021/12/18 12:15 p.m.37 views

Code injection

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 and 2.3.1 did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue wa...

4.3CVSS7.5AI score0.99999EPSS
Exploits20References13Affected Software115
Cvelist
Cvelist
added 2021/11/16 9:5 a.m.33 views

CVE-2021-25976 Piranha CMS - Site-wide Cross-Site Request Forgery (CSRF)

In PiranhaCMS, versions 4.0.0-alpha1 to 9.2.0 are vulnerable to cross-site request forgery CSRF when performing various actions supported by the management system, such as deleting a user, deleting a role, editing a post, deleting a media folder etc., when an ID is known...

8.1CVSS8.3AI score0.00441EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2021/09/09 5:11 p.m.6 views

com.barchart.http:barchart-http-handlers (>=1.0.6 <=1.0.7), com.barchart.http:barchart-http-server (>=1.0.6 <=1.0.7) +14 more potentially affected by CVE-2021-37137 via io.netty:netty (>=4.0.0.Alpha1 <=4.0.0.Alpha8)

io.netty:netty MAVEN version =4.0.0.Alpha1, =1.0.6, =1.0.6, =0.3, =0.3, =0.2, =1.3.0, =1.0.0.Alpha1, =1.0.0.Alpha2 and more Source cves: CVE-2021-37137 Source advisory: OSV:GHSA-9VJP-V76F-G363...

7.5CVSS6.7AI score0.0628EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2021/08/02 12:50 p.m.15 views

CVE-2021-20332 MongoDB Rust Driver may publish events containing authentication-related data to a connection pool event listener configured by an application

Specific MongoDB Rust Driver versions can include credentials used by the connection pool to authenticate connections in the monitoring event that is emitted when the pool is created. The user's logging infrastructure could then potentially ingest these events and unexpectedly leak the credential...

4.2CVSS4.4AI score0.00308EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2019/11/20 1:38 a.m.38 views

user/group information can be corrupted across storing in fsimage and reading back from fsimage

In Apache Hadoop 3.1.0 to 3.1.1, 3.0.0-alpha1 to 3.0.3, 2.9.0 to 2.9.1, and 2.0.0-alpha to 2.8.4, the user/group information can be corrupted across storing in fsimage and reading back from fsimage...

7.5CVSS0.9AI score0.06554EPSS
Exploits0References13Affected Software1
The Hacker News
The Hacker News
added 2019/09/18 9:15 a.m.141 views

Warning: Researcher Drops phpMyAdmin Zero-Day Affecting All Versions

A cybersecurity researcher recently published details and proof-of-concept for an unpatched zero-day vulnerability in phpMyAdmin—one of the most popular applications for managing the MySQL and MariaDB databases. phpMyAdmin is a free and open source administration tool for MySQL and MariaDB that's...

6.5CVSS6.9AI score0.10182EPSS
Exploits5
vulnersOsv
vulnersOsv
added 2019/08/01 7:18 p.m.8 views

br.jus.stf.digital:core (>=2.0.0 <=2.3.1), cloud.altemista.fwk.microservices:cloud-altemistafwk-core-microservices-zipkin-conf (>=3.0.0.RELEASE <=3.0.1.RELEASE) +983 more potentially affected by CVE-2019-10184 via io.undertow:undertow-servlet (>=1.0.0.Alpha1 <=2.0.22.Final)

io.undertow:undertow-servlet MAVEN version =1.0.0.Alpha1, =2.0.0, =3.0.0.RELEASE, =0.0.1-jdk1.8-RELEASES, =0.0.1-jdk1.8-RELEASES, =0.1.4-jdk1.8-RELEASES, =0.0.4, =0.2.7, =0.0.1, =0.0.1, =0.0.1, =0.2.0, =0.7.0 and more Source cves: CVE-2019-10184 Source advisory: OSV:GHSA-W69W-JVC7-WJGV...

7.5CVSS6.4AI score0.03478EPSS
Exploits0
OSV
OSV
added 2018/12/21 5:50 p.m.30 views

GHSA-99QR-9CC9-FV2X Moderate severity vulnerability that affects org.apache.hadoop:hadoop-main

In Apache Hadoop versions 2.6.1 to 2.6.5, 2.7.0 to 2.7.3, and 3.0.0-alpha1, if a file in an encryption zone with access permissions that make it world readable is localized via YARN's localization mechanism, that file will be stored in a world-readable location and can be shared freely with any...

7.8CVSS7.4AI score0.00347EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2017/06/14 12:0 a.m.17 views

Apache Hadoop Privilege Escalation Vulnerability (Jun 2017)

Apache Hadoop is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:hadoop"; i...

8.5CVSS7.2AI score0.01795EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2012/04/26 12:0 a.m.28 views

Yaqas CMS Alpha1 Information Disclosure

TITLE ....... Yaqas CMS Alpha1 Information Disclosure .................................... DATE ........ 25.03.2012 .......................................... AUTOHR ...... http://hauntit.blogspot.com ......................... SOFT LINK ... YAQAS - Yet Another Question & Answer System @ google...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2007/05/03 12:0 a.m.24 views

ext10-lfi.txt

ext 1.0 alpha1 feed-proxy.php Remote File Disclosure D.Script: http://yui-ext.com/deploy/ext-1.0-alpha1.zip Discovered by: Alkomandoz Hacker Homepage: http://www.asb-may.net - mohandko.com - sniper-sa.com - tryag.com V.Code In /examples/layout/feed-proxy.php...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2007/04/30 12:0 a.m.37 views

ext 1.0 alpha1 &#40;feed-proxy.php&#41; Remote File Disclosure

ext 1.0 alpha1 feed-proxy.php Remote File Disclosure D.Script: http://yui-ext.com/deploy/ext-1.0-alpha1.zip Discovered by: Alkomandoz Hacker Homepage: http://www.asb-may.net - mohandko.com - sniper-sa.com - tryag.com V.Code In /examples/layout/feed-proxy.php...

0.1AI score
Exploits0
CVE
CVE
added 2007/04/26 7:0 p.m.88 views

CVE-2007-2285

CVE-2007-2285 affects the Ext JS example component: layout/feed-proxy.php in Jack Slocum Ext 1.0 alpha1. The vulnerability is a directory traversal that allows a remote attacker to read arbitrary files by manipulating the feed parameter via "..". Public sources confirm the same description across...

7.8CVSS6.7AI score0.11771EPSS
Exploits0References7Affected Software1
seebug.org
seebug.org
added 2007/04/26 12:0 a.m.21 views

Ext 1.0 (feed-proxy.php feed) Remote File Disclosure Vulnerability

No description provided by source. ext 1.0 alpha1 feed-proxy.php Remote File Disclosure D.Script: http://yui-ext.com/deploy/ext-1.0-alpha1.zip Discovered by: Alkomandoz Hacker Homepage: http://www.asb-may.net - mohandko.com - sniper-sa.com - tryag.com V.Code In /examples/layout/feed-proxy.php...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2007/04/25 12:0 a.m.59 views

Ext 1.0 - &#039;feed-proxy.php?feed&#039; Remote File Disclosure

ext 1.0 alpha1 feed-proxy.php Remote File Disclosure D.Script: http://yui-ext.com/deploy/ext-1.0-alpha1.zip Discovered by: Alkomandoz Hacker Homepage: http://www.asb-may.net - mohandko.com - sniper-sa.com - tryag.com V.Code In /examples/layout/feed-proxy.php...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2007/04/25 12:0 a.m.15 views

Ext 1.0 - feed-proxy.php?feed Remote File Disclosure

Ext 1.0 - feed-proxy.php?feed Remote File Disclosure ext 1.0 alpha1 feed-proxy.php Remote File Disclosure D.Script: http://yui-ext.com/deploy/ext-1.0-alpha1.zip Discovered by: Alkomandoz Hacker Homepage: http://www.asb-may.net - mohandko.com - sniper-sa.com - tryag.com V.Code In...

Exploits0
Rows per page
Query Builder