8064 matches found
CVE-2023-29246
An attacker who has gained access to an admin account can perform RCE via null-byte injection Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0...
CVE-2023-29032
Summary of CVE-2023-29032 (Apache OpenMeetings) Multiple connected sources corroborate a vulnerability in Apache OpenMeetings affecting versions 3.1.3 through 7.1.0, caused by an authorization/privilege-management issue that enables an attacker to impersonate another user. The core impact is impr...
CVE-2023-29246
CVE-2023-29246 affects Apache OpenMeetings 2.0.0–7.1.0. A code execution vulnerability arises from improper input validation, enabling RCE via null-byte injection once an admin account is compromised. Several sources corroborate the affected product/version range and the RCE impact. Mitigation in...
SUSE SLES12 Security Update : cfengine, cfengine-masterfiles (SUSE-SU-2023:2126-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2126-1 advisory. - Northern.tech CFEngine Enterprise 3.15.4 before 3.15.5 has Insecure Permissions that may allow unauthorized local users to have a...
Apache Airflow Elevation of Privilege Vulnerability
Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. An elevation of privilege vulnerability exists in Apache Airflow versions prior to...
Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2023-1847)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2023-31039
Security vulnerability in Apache bRPC = 1.5.0, download link: https://dist.apache.org/repos/dist/release/brpc/1.5.0/ https://dist.apache.org/repos/dist/release/brpc/1.5.0/ 2. If you are using an old version of bRPC and hard to upgrade, you can apply this patch: ...
CVE-2023-31039
Security vulnerability in Apache bRPC = 1.5.0, download link: https://dist.apache.org/repos/dist/release/brpc/1.5.0/ https://dist.apache.org/repos/dist/release/brpc/1.5.0/ 2. If you are using an old version of bRPC and hard to upgrade, you can apply this patch: ...
Design/Logic Flaw
Security vulnerability in Apache bRPC = 1.5.0, download link: https://dist.apache.org/repos/dist/release/brpc/1.5.0/ https://dist.apache.org/repos/dist/release/brpc/1.5.0/ 2. If you are using an old version of bRPC and hard to upgrade, you can apply this patch: ...
CVE-2023-31039 Apache bRPC: ServerOptions.pid_file may cause arbitrary code execution
Security vulnerability in Apache bRPC = 1.5.0, download link: https://dist.apache.org/repos/dist/release/brpc/1.5.0/ https://dist.apache.org/repos/dist/release/brpc/1.5.0/ 2. If you are using an old version of bRPC and hard to upgrade, you can apply this patch: ...
CVE-2023-31039 Apache bRPC: ServerOptions.pid_file may cause arbitrary code execution
Security vulnerability in Apache bRPC = 1.5.0, download link: https://dist.apache.org/repos/dist/release/brpc/1.5.0/ https://dist.apache.org/repos/dist/release/brpc/1.5.0/ 2. If you are using an old version of bRPC and hard to upgrade, you can apply this patch: ...
CVE-2023-31038 Apache Log4cxx: SQL injection when using ODBC appender
SQL injection in Log4cxx when using the ODBC appender to send log messages to a database. No fields sent to the database were properly escaped for SQL injection. This has been the case since at least version 0.9.0released 2003-08-06 Note that Log4cxx is a C++ framework, so only C++ applications...
Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2023-1780)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Apache Ranger Hive Plugin missing permissions check
An Incorrect Permission Assignment for Critical Resource vulnerability was found in the Apache Ranger Hive Plugin. Any user with SELECT privilege on a database can alter the ownership of the table in Hive when Apache Ranger Hive Plugin is enabled This issue affects Apache Ranger Hive Plugin: from...
GHSA-VJR2-WPFH-5R9P Apache Ranger Hive Plugin missing permissions check
An Incorrect Permission Assignment for Critical Resource vulnerability was found in the Apache Ranger Hive Plugin. Any user with SELECT privilege on a database can alter the ownership of the table in Hive when Apache Ranger Hive Plugin is enabled This issue affects Apache Ranger Hive Plugin: from...
CVE-2021-40331
An Incorrect Permission Assignment for Critical Resource vulnerability was found in the Apache Ranger Hive Plugin. Any user with SELECT privilege on a database can alter the ownership of the table in Hive when Apache Ranger Hive Plugin is enabled This issue affects Apache Ranger Hive Plugin: from...
CVE-2021-40331
An Incorrect Permission Assignment for Critical Resource vulnerability was found in the Apache Ranger Hive Plugin. Any user with SELECT privilege on a database can alter the ownership of the table in Hive when Apache Ranger Hive Plugin is enabled This issue affects Apache Ranger Hive Plugin: from...
CVE-2023-31207
Transmission of credentials within query parameters in Checkmk = 2.1.0p26, = 2.0.0p35, and = 2.2.0b6 beta may cause the automation user's secret to be written to the site Apache access log...
CVE-2023-31207
Transmission of credentials within query parameters in Checkmk = 2.1.0p26, = 2.0.0p35, and = 2.2.0b6 beta may cause the automation user's secret to be written to the site Apache access log...
CVE-2023-31207
Transmission of credentials within query parameters in Checkmk = 2.1.0p26, = 2.0.0p35, and = 2.2.0b6 beta may cause the automation user's secret to be written to the site Apache access log...