CVE-2022-45347

Apache ShardingSphere-Proxy prior to 5.3.0 when using MySQL as database backend didn't cleanup the database session completely after client authentication failed, which allowed an attacker to execute normal commands by constructing a special MySQL client. This vulnerability has been fixed in Apac...

Authentication flaw

Apache ShardingSphere-Proxy prior to 5.3.0 when using MySQL as database backend didn't cleanup the database session completely after client authentication failed, which allowed an attacker to execute normal commands by constructing a special MySQL client. This vulnerability has been fixed in Apac...

CVE-2022-45347

The CVE-2022-45347 issue affects Apache ShardingSphere-Proxy prior to 5.3.0 when using MySQL as the backend. The root cause is incomplete cleanup of the database session after client authentication fails, which could allow an attacker to issue normal commands by connecting with a crafted MySQL cl...

CVE-2022-45347 Apache ShardingSphere-Proxy: MySQL authentication bypass

Apache ShardingSphere-Proxy prior to 5.3.0 when using MySQL as database backend didn't cleanup the database session completely after client authentication failed, which allowed an attacker to execute normal commands by constructing a special MySQL client. This vulnerability has been fixed in Apac...

Zerobot Botnet Emerges as a Growing Threat with New Exploits and Capabilities

The Zerobot DDoS botnet has received substantial updates that expand on its ability to target more internet-connected devices and scale its network. Microsoft Threat Intelligence Center MSTIC is tracking the ongoing threat under the moniker DEV-1061, its designation for unknown, emerging, or...

Microsoft research uncovers new Zerobot capabilities

Botnet malware operations are a constantly evolving threat to devices and networks. Threat actors target Internet of Things IoT devices for recruitment into malicious operations as IoT devices’ configurations often leave them exposed, and the number of internet-connected devices continue to grow...

Apache Traffic Server Cross-Site Scripting Vulnerability (CNVD-2023-03922)

Apache Traffic Server ATS is a set of scalable HTTP proxy and cache servers from the Apache Foundation. Apache Traffic Server suffers from a cross-site scripting vulnerability that can be exploited by attackers to cause cross-site scripting and cache poisoning attacks...

CVE-2022-46421

CVE-2022-46421 involves the Apache Airflow Hive Provider (Apache Software Foundation) and is a Command Injection vulnerability caused by improper neutralization of special elements. The issue affects the Hive Provider: before 5.0.0 . The available documents describe the vulnerability type and aff...

Open Redirect

libapache2-mod-auth-openidc is vulnerable to open redirect. When provided with a logout parameter to the redirect URI, the existing code in oidcvalidateredirecturl does not properly check for URLs that start with /\t, leading to an open redirect...

CVE-2022-47500

CVE-2022-47500 affects the Apache Helix UI component. The issue is an Open Redirect caused by an improperly designed forward component used for UI embedding, impacting all Apache Helix UI releases from 0.8.0 through 1.0.4. The documented remediation is to upgrade to version 1.1.0, which addresses...

K11509465: Apache mod_http2 vulnerability CVE-2018-1302

Security Advisory Description When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usua...

K16847: Apache vulnerabilities CVE-2014-8109, CVE-2014-3581, CVE-2014-3583

Security Advisory Description Description CVE-2014-8109 modlua.c in the modlua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which...

K59333944: Apache mod_proxy_ftp vulnerability CVE-2020-1934

Security Advisory Description In Apache HTTP Server 2.4.0 to 2.4.41, modproxyftp may use uninitialized memory when proxying to a malicious FTP server. CVE-2020-1934 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has...

CVE-2022-32531

Removed by vendor...

CVE-2022-32531

The CVE-2022-32531 issue affects the Apache Bookkeeper Java Client. Affected software: BookKeeper Java Client prior to versions 4.14.6 and 4.15.0. Root cause: the client does not close the connection to the bookkeeper server when TLS hostname verification fails, enabling a potential MITM conditio...

SOUND4 IMPACT/FIRST/PULSE/Eco 2.x Cross Site Request Forgery

SOUND4 IMPACT/FIRST/PULSE/Eco =2.x Cross-Site Request Forgery Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: FM/HD Radio Processing: Impact/Pulse/First Version 2: 1.1/2.15 Impact/Pulse/First Version 1: 2.1/1.69 Impact/Pulse Eco 1.16 Voice...

SOUND4 IMPACT/FIRST/PULSE/Eco 2.x Information Disclosure

SOUND4 IMPACT/FIRST/PULSE/Eco =2.x Index of /log Information Disclosure Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: FM/HD Radio Processing: Impact/Pulse/First Version 2: 1.1/2.15 Impact/Pulse/First Version 1: 2.1/1.69 Impact/Pulse Eco 1....

SOUND4 IMPACT/FIRST/PULSE/Eco 2.x Radio Steam Disclosure

SOUND4 IMPACT/FIRST/PULSE/Eco =2.x Unauthenticated Radio Stream Disclosure Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: FM/HD Radio Processing: Impact/Pulse/First Version 2: 1.1/2.15 Impact/Pulse/First Version 1: 2.1/1.69 Impact/Pulse Eco...

SOUND4 IMPACT/FIRST/PULSE/Eco 2.x traceroute.php Conditional Command Injection

SOUND4 IMPACT/FIRST/PULSE/Eco =2.x traceroute.php Conditional Command Injection Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: FM/HD Radio Processing: Impact/Pulse/First Version 2: 1.1/2.15 Impact/Pulse/First Version 1: 2.1/1.69 Impact/Puls...

SOUND4 IMPACT/FIRST/PULSE/Eco 2.x Unauthenticated Factory Reset

SOUND4 IMPACT/FIRST/PULSE/Eco =2.x restorefactory.cgi Unauthenticated Factory Reset Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: FM/HD Radio Processing: Impact/Pulse/First Version 2: 1.1/2.15 Impact/Pulse/First Version 1: 2.1/1.69...