13 matches found
CVE-2026-34179
In Canonical LXD versions 4.12 through 6.7, the doCertificateUpdate function in lxd/certificates.go does not validate the Type field when handling PUT/PATCH requests to /1.0/certificates/fingerprint for restricted TLS certificate users, allowing a remote authenticated attacker to escalate...
EUVD-2023-31253
Malicious code in bioql PyPI...
Red Hat OpenShift AI Flaw Exposes Hybrid Cloud Infrastructure to Full Takeover
A severe security flaw has been disclosed in the Red Hat OpenShift AI service that could allow attackers to escalate privileges and take control of the complete infrastructure under certain conditions. OpenShift AI is a platform for managing the lifecycle of predictive and generative artificial...
BIT-ZOOKEEPER-2023-44981 Apache ZooKeeper: Authorization bypass in SASL Quorum Peer Authentication
Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled in ZooKeeper quorum.auth.enableSasl=true, the authorization is done by verifying that the instance part in SASL authentication ID is listed in zoo.cfg server list. The...
Debian DSA-5544-1 : zookeeper - security update
The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5544 advisory. Damien Diederen discovered that SASL quorum peer authentication within Zookeeper, a service for maintaining configuration information, was insufficiently enforced in...
Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper
Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled in ZooKeeper quorum.auth.enableSasl=true, the authorization is done by verifying that the instance part in SASL authentication ID is listed in zoo.cfg server list. The...
CVE-2023-44981
Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled in ZooKeeper quorum.auth.enableSasl=true, the authorization is done by verifying that the instance part in SASL authentication ID is listed in zoo.cfg server list. The...
Authorization
Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled in ZooKeeper quorum.auth.enableSasl=true, the authorization is done by verifying that the instance part in SASL authentication ID is listed in zoo.cfg server list. The...
CVE-2023-44981
Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled in ZooKeeper quorum.auth.enableSasl=true, the authorization is done by verifying that the instance part in SASL authentication ID is listed in zoo.cfg server list. The...
CVE-2023-44981 Apache ZooKeeper: Authorization bypass in SASL Quorum Peer Authentication
Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled in ZooKeeper quorum.auth.enableSasl=true, the authorization is done by verifying that the instance part in SASL authentication ID is listed in zoo.cfg server list. The...
apache -- Apache ZooKeeper: Authorization bypass in SASL Quorum Peer Authentication
[email protected] reports: Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled in ZooKeeper quorum.auth.enableSasl=true, the authorization is done by verifying that the instance part in SASL authentication ID is liste...
Run a Command on Multiple Servers: ClusterSSH
Run a Command on Multiple Servers How to run a command on multiple servers at once? If you maintain multiple Linux servers, there are cases where you want to run the same commands on all the servers. For example, you may want to install/upgrade packages, patch the kernel, and update configuration...
Veritas Cluster Management Console Detection
The remote host is running Veritas Cluster Management Console. Since overloading this web service may force a cluster switch, web tests will be disabled on this port. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid52504; scriptversion"1.6"; scriptcvsdate"Date:...