CVE-2023-31058 Apache InLong: JDBC URL bypassing by adding blanks

Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers would bypass the 'autoDeserialize' option filtering by adding blanks. Users are advised to upgrade to Apache InLong's 1.7.0 or...

CVE-2023-31058 Apache InLong: JDBC URL bypassing by adding blanks

Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers would bypass the 'autoDeserialize' option filtering by adding blanks. Users are advised to upgrade to Apache InLong's 1.7.0 or...

Apache OpenMeetings Improper Authentication vulnerability

An attacker that has gained access to certain private information can use this to act as other user. Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 3.1.3 before 7.1.0...

GHSA-V9RM-7RV9-R3FW Apache OpenMeetings Improper Authentication vulnerability

An attacker that has gained access to certain private information can use this to act as other user. Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 3.1.3 before 7.1.0...

CVE-2023-29246

An attacker who has gained access to an admin account can perform RCE via null-byte injection Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0...

CVE-2023-28936

Attacker can access arbitrary recording/room Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0...

CVE-2023-29032

An attacker that has gained access to certain private information can use this to act as other user. Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 3.1.3 before 7.1.0...

Design/Logic Flaw

Attacker can access arbitrary recording/room Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0...

CVE-2023-28936 Apache OpenMeetings: insufficient check of invitation hash

Attacker can access arbitrary recording/room Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0...

CVE-2023-28936

CVE-2023-28936 affects Apache OpenMeetings 2.0.0 to before 7.1.0. Multiple connected entries (GHSA/OSV/NVD/CNVD) describe an insufficient authorization vulnerability that allows an attacker to access arbitrary recordings/rooms. Exploitation details are not provided in the supplied documents; no r...

CVE-2023-29032 Apache OpenMeetings: allows bypass authentication

An attacker that has gained access to certain private information can use this to act as other user. Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 3.1.3 before 7.1.0...

CVE-2023-29246 Apache OpenMeetings: allows null-byte Injection

An attacker who has gained access to an admin account can perform RCE via null-byte injection Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0...

CVE-2023-29246 Apache OpenMeetings: allows null-byte Injection

An attacker who has gained access to an admin account can perform RCE via null-byte injection Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0...

Apache Airflow vulnerable to Privilege Context Switching Error

Privilege Context Switching Error vulnerability in Apache Software Foundation Apache Airflow. This issue affects Apache Airflow: before 2.6.0...

Design/Logic Flaw

Privilege Context Switching Error vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.6.0...

CVE-2023-25754

Apache Airflow prior to 2.6.0 is affected by a Privilege Context Switching Error that can allow a local Linux user to read sensitive files (e.g., SSH keys) by abusing insecure log file permissions. The issue is described as a privilege escalation via log handling. A fix is available in Airflow 2....

CVE-2023-25754 Apache Airflow: Privilege escalation using airflow logs

Privilege Context Switching Error vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.6.0...

CVE-2023-30771

Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component on 0.13.3. iotdb-web-workbench is an optional component of IoTDB, providing a web console of the database. This problem is fixed from version 0.13.4 of...

CVE-2023-30771

Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component on 0.13.3. iotdb-web-workbench is an optional component of IoTDB, providing a web console of the database. This problem is fixed from version 0.13.4 of...

Authorization

Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component on 0.13.3. iotdb-web-workbench is an optional component of IoTDB, providing a web console of the database. This problem is fixed from version 0.13.4 of...