Remote code execution

Apache Flume versions 1.4.0 through 1.9.0 are vulnerable to a remote code execution RCE attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI to allow only the use of the java...

CVE-2022-25167

Apache Flume (versions 1.4.0–1.9.0) is vulnerable to remote code execution when a JMS Source is configured with a JNDI LDAP data source URI and an attacker controls the target LDAP server. The underlying issue is the JNDI usage, which can be exploited to run arbitrary code on the target. Remediat...

Apache Flume 安全漏洞

Apache Flume is a distributed, reliable and available service from the Apache Foundation. A remote code execution vulnerability exists in Apache Flume, which stems from the configuration of a JMS source with a JNDI LDAP data source URI, and could be exploited by an attacker to cause a remote code...

CVE-2022-1814

creationtimestamp| type| source ---|---|--- 2022-06-13 16:16:56+00:00| seen| https://t.me/cibsecurity/44268...

Security Bulletin: IBM Event Streams is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44832)

Summary There is a vulnerability in the Apache Log4j open source library. The library is used by IBM Event Streams. Vulnerability Details CVEID: CVE-2021-44832 DESCRIPTION: Apache Log4j could allow a remote attacker with permission to modify the logging configuration file to execute arbitrary cod...

CVE-2022-32275

creationtimestamp| type| source ---|---|--- 2022-06-06 22:30:08+00:00| seen| https://t.me/cibsecurity/43869 2022-06-08 13:37:04+00:00| seen| https://t.me/bhhub/892 2022-06-08 13:37:04+00:00| published-proof-of-concept| https://t.me/bhhub/793 2024-10-12 06:49:41+00:00| seen|...

CVE-2022-29184

creationtimestamp| type| source ---|---|--- 2022-05-21 00:31:08+00:00| seen| https://t.me/cibsecurity/43097...

OESA-2022-1641 perl-DBI security update

The DBI is the standard database interface module for Perl.It defines a set of methods, variables and conventions that providea consistent database interface independent of the actual database being used.It is important to remember that the DBI is just an interface.The DBI is a layer of "glue"...

CVE-2021-44832

Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a dat...

CVE-2022-1403

creationtimestamp| type| source ---|---|--- 2022-04-29 20:25:11+00:00| seen| https://t.me/cibsecurity/41678...

SQL Injection

Overview blazer is an allows you to explore your data with SQL. Easily create charts and dashboards, and share them with your team. Affected versions of this package are vulnerable to SQL Injection by allowing specific variable values to modify the query rather than just the variable. This can...

CVE-2021-32985 AVEVA System Platform Origin Validation Error

AVEVA System Platform versions 2017 through 2020 R2 P01 does not properly verify that the source of data or communication is valid...

CVE-2021-32970

creationtimestamp| type| source ---|---|--- 2022-04-02 02:26:06+00:00| seen| https://t.me/cibsecurity/40048...

The vulnerability of Blink’s web page display mechanism in Google Chrome browser allows attackers to expose protected information.

The vulnerability of Blink’s web page rendering mechanism in Google Chrome browsers is related to a lack of mechanisms for verifying the source of data. Exploiting this vulnerability allows a malicious actor to disclose protected information through a specially created HTML page...

The vulnerability of Google Chrome’s browser password managers allows attackers to expose protected information.

The vulnerability of Google Chrome’s browser password managers is related to a lack of mechanisms for verifying the source of data. Exploiting this vulnerability allows a malicious actor to disclose sensitive information through a specially created web page...

OESA-2022-1599 grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB and OpenTSDB. Security Fixes: Grafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML content thru the Grafana datasource or plugin prox...

CVE-2022-26500

creationtimestamp| type| source ---|---|--- 2022-03-14 13:38:49+00:00| seen| https://t.me/ptswarm/115 2022-03-15 17:19:30+00:00| seen| https://t.me/cKure/9039 2022-03-16 14:51:00+00:00| exploited| https://t.me/itsecnews/315 2022-03-17 23:21:50+00:00| seen| https://t.me/cibsecurity/39170 2023-06-1...

CVE-2022-21702

Grafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML content thru the Grafana datasource or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site Scripting XSS attack. The...

UBUNTU-CVE-2022-21702

Grafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML content thru the Grafana datasource or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site Scripting XSS attack. The...

CVE-2022-21702

Grafana CVE-2022-21702 is an XSS vulnerability in the data source proxy and plugin proxy paths. Affected: Grafana HTTP-based datasources configured with Server as Access Mode and a URL, and HTTP-based app plugins configured with a URL (versions up to 8.3.4; back-end plugin resources also mentione...