Lucene search
+L

70 matches found

VulnCheck KEV
VulnCheck KEV
added 2023/08/28 12:0 a.m.4 views

VulnCheck KEV: CVE-2023-33246

Several components of Apache RocketMQ, including NameServer, Broker, and Controller, are exposed to the extranet and lack permission verification. An attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running...

9.8CVSS7.5AI score0.96604EPSS
Exploits11References1
Veracode
Veracode
added 2023/07/21 10:22 a.m.28 views

Arbitrary Code Injection

org.apache.rocketmq, rocketmq-namesrv is vulnerable to Remote Code Execution RCE. The vulnerability exists because the library allows updating the config path at runtime, allowing an attacker to inject and execute malicious code through the update configuration function by forging the RocketMQ...

9.8CVSS7.4AI score0.96604EPSS
Exploits11References5Affected Software1
CNVD
CNVD
added 2023/07/14 12:0 a.m.28 views

Apache RocketMQ Code Injection Vulnerability

Apache RocketMQ is the United States Apache Apache Foundation of a lightweight data processing platform and messaging engine. Apache RocketMQ suffers from a code injection vulnerability that originates from an extranet leak of the NameServer address and lack of privilege authentication, which can...

9.8CVSS7.7AI score0.90427EPSS
Exploits1References1
Prion
Prion
added 2023/07/12 10:15 a.m.25 views

Design/Logic Flaw

The RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023-33246 issue was not completely fixed in version 5.1.1. When NameServer address are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the...

7.5CVSS9.5AI score0.96604EPSS
Exploits11References2Affected Software1
Cvelist
Cvelist
added 2023/07/12 9:26 a.m.37 views

CVE-2023-37582 Apache RocketMQ: Possible remote code execution when using the update configuration function

The RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023-33246 issue was not completely fixed in version 5.1.1. When NameServer address are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the...

9.9AI score0.90427EPSS
Exploits1References2
OSV
OSV
added 2023/07/12 9:26 a.m.34 views

CVE-2023-37582 Apache RocketMQ: Possible remote code execution when using the update configuration function

The RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023-33246 issue was not completely fixed in version 5.1.1. When NameServer address are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the...

9.8CVSS7.4AI score0.90427EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/07/12 12:0 a.m.20 views

PT-2023-4093 · Apache · Rocketmq

Name of the Vulnerable Software and Affected Versions: RocketMQ versions prior to 4.9.7 RocketMQ versions prior to 5.1.2 Description: The vulnerability in the RocketMQ NameServer component allows for remote command execution. This issue arises when NameServer addresses are exposed on the extranet...

10CVSS7.9AI score0.90427EPSS
Exploits1References18
OSV
OSV
added 2023/07/06 9:15 p.m.9 views

GHSA-X3CQ-8F32-5F63 Apache RocketMQ may have remote code execution vulnerability when using update configuration function

For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution. Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by...

9.8CVSS7.5AI score0.96604EPSS
Exploits11References11
Openbugbounty
Openbugbounty
added 2023/06/01 3:24 a.m.3 views

extranet.rossini1969.it Cross Site Scripting vulnerability OBB-3370312

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.1AI score
Exploits0
Veracode
Veracode
added 2023/05/25 2:4 a.m.37 views

Remote Code Execution (RCE)

RocketMQ is vulnerable to Remote Code Execution RCE. The vulnerability exists because the library allows updating the config path at runtime, allowing an attacker to inject and execute malicious code through the update configuration function by forging the RocketMQ protocol content, which also...

9.8CVSS7.5AI score0.96604EPSS
Exploits11References9Affected Software3
ATTACKERKB
ATTACKERKB
added 2023/05/24 12:0 a.m.43 views

CVE-2023-33246

For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution. Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by...

9.8CVSS9.9AI score0.96604EPSS
In wildExploits11References7
Openbugbounty
Openbugbounty
added 2023/05/18 7:15 p.m.17 views

extranet.ac-grenoble.fr Cross Site Scripting vulnerability OBB-3353845

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.1AI score
Exploits0
Openbugbounty
Openbugbounty
added 2023/04/19 12:21 a.m.8 views

extranet.acs.clients.zentech.gr Cross Site Scripting vulnerability OBB-3266991

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

5.9AI score
Exploits0
Openbugbounty
Openbugbounty
added 2023/04/14 3:36 a.m.6 views

extranet.acs.clients.zentech.gr Cross Site Scripting vulnerability OBB-3260695

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

5.9AI score
Exploits0
Openbugbounty
Openbugbounty
added 2023/03/12 6:36 p.m.11 views

extranet.rossini1969.it Cross Site Scripting vulnerability OBB-3219189

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Exploits0
Openbugbounty
Openbugbounty
added 2022/06/05 5:6 p.m.12 views

extranet.rossini1969.it Cross Site Scripting vulnerability OBB-2636818

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2021/09/22 1:9 p.m.14 views

extranet.curaviva-bl.ch Cross Site Scripting vulnerability OBB-2146559

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Exploits0
Openbugbounty
Openbugbounty
added 2020/09/27 8:2 a.m.15 views

extranet.intercariforef.org Cross Site Scripting vulnerability OBB-1367127

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Exploits0
Cvelist
Cvelist
added 2019/07/29 2:12 p.m.35 views

CVE-2019-1126

A security feature bypass vulnerability exists in Active Directory Federation Services ADFS which could allow an attacker to bypass the extranet lockout policy.To exploit this vulnerability, an attacker could run a specially crafted application, which would allow an attacker to launch a password...

6.4AI score0.04948EPSS
Exploits0References1
OSV
OSV
added 2019/07/15 7:15 p.m.3 views

CVE-2019-1126

A security feature bypass vulnerability exists in Active Directory Federation Services ADFS which could allow an attacker to bypass the extranet lockout policy.To exploit this vulnerability, an attacker could run a specially crafted application, which would allow an attacker to launch a password...

5.3CVSS5.8AI score0.04948EPSS
Exploits0References1
Rows per page
Query Builder