73 matches found
EUVD-2015-3695
Malware in sbrugna...
EUVD-2010-0037
Malware in sbrugna...
EUVD-2018-0590
Malware in sbrugna...
EUVD-2024-1157
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2025-39880
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libceph: fix invalid accesses to cephconnectionv1info There is a place where generic code in messenger.c is reading and another place where it is writing to...
UBUNTU-CVE-2025-39880
In the Linux kernel, the following vulnerability has been resolved: libceph: fix invalid accesses to cephconnectionv1info There is a place where generic code in messenger.c is reading and another place where it is writing to con-v1 union member without checking that the union member is active i.e...
BIT-NIFI-2020-13940
In Apache NiFi 1.0.0 to 1.11.4, the notification service manager and various policy authorizer and user group provider objects allowed trusted administrators to inadvertently configure a potentially malicious XML file. The XML file has the ability to make external calls to services via XXE...
Linux Distros Unpatched Vulnerability : CVE-2015-3659
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The SQLite authorizer in the Storage functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8...
PT-2025-39137
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue within the libceph component related to invalid accesses to ceph connection v1 info. Specifically, generic code in messenger.c reads and writes to the...
cn.herodotus.engine:message-spring-boot-starter (>=2.7.3.4 <=3.0.0-M2), com.airbus-cyber-security.graylog:graylog-plugin-aggregation-count (>=4.0.0 <=4.1.1) +179 more potentially affected by CVE-2025-27819 via org.apache.kafka:kafka_2.13 (>=2.4.0 <=3.3.2)
org.apache.kafka:kafka2.13 MAVEN version =2.4.0, =2.7.3.4, =4.0.0, =4.0.0, =4.0.0, =4.0.1, =2.10.6.9, =2.10.6.9, =2.10.6.9, =2.10.6.9, =2.10.6.9, =2.10.6.9, =2.10.6.9, =2.10.6.9, =1.0.0, =1.2.0 - com.cerner.c...
CVE-2020-13940
In Apache NiFi 1.0.0 to 1.11.4, the notification service manager and various policy authorizer and user group provider objects allowed trusted administrators to inadvertently configure a potentially malicious XML file. The XML file has the ability to make external calls to services via XXE...
CVE-2010-0005
query.py in the query interface in ViewVC before 1.1.3 does not reject configurations that specify an unsupported authorizer for a root, which might allow remote attackers to bypass intended access restrictions via a query...
GHSA-5FC3-PQF2-57CX Apache IoTDB Discloses Sensitive Information via Log Files
Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Log File vulnerability in the OpenIdAuthorizer of Apache IoTDB. This issue affects Apache IoTDB: from 0.10.0 through 1.3.3, from 2.0.1-beta before 2.0.2. Users are recommended to upgrade to version...
The vulnerability of the CassandraNetworkAuthorizer and CassandraCIDRAuthorizer components of the distributed Apache Cassandra database management system allows attackers to enhance their privileges.
The vulnerability of the CassandraNetworkAuthorizer and CassandraCIDRAuthorizer components of the distributed Apache Cassandra database management system is related to deficiencies in the authentication mechanism. Exploiting this vulnerability could allow a malicious actor to enhance their...
AZL-56433 CVE-2025-24860 affecting package cassandra 5.0.0-2
Incorrect Authorization vulnerability in Apache Cassandra allowing users to access a datacenter or IP/CIDR groups they should not be able to when using CassandraNetworkAuthorizer or CassandraCIDRAuthorizer. Users with restricted data center access can update their own permissions via data control...
Malicious code in cognito_authorizer (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...
PT-2025-5589 · Apache · Apache Cassandra
Name of the Vulnerable Software and Affected Versions: Apache Cassandra versions 4.0.0 through 4.0.15 Apache Cassandra versions 4.1.0 through 4.1.7 Apache Cassandra versions 5.0.0 through 5.0.2 Description: The issue allows users to access a datacenter or IP/CIDR groups they should not be able to...
MAL-2025-197 Malicious code in jazz_token-authorizer (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c3bd3fcfec7eb7354597369d7c1b2496841dbeabc3876ca1c150802f8bc3221f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in jazz_token-authorizer (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c3bd3fcfec7eb7354597369d7c1b2496841dbeabc3876ca1c150802f8bc3221f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2024-49756 AshPostgres empty, atomic, non-bulk actions, policy bypass for side-effects vulnerability.
AshPostgres is the PostgreSQL data layer for Ash Framework. Starting in version 2.0.0 and prior to version 2.4.10, in certain very specific situations, it was possible for the policies of an update action to be skipped. This occurred only on "empty" update actions no changing fields, and would...