32 matches found
CVE-2023-45859
In Hazelcast through 4.1.10, 4.2 through 4.2.8, 5.0 through 5.0.5, 5.1 through 5.1.7, 5.2 through 5.2.4, and 5.3 through 5.3.2, some client operations don't check permissions properly, allowing authenticated users to access data stored in the cluster...
EUVD-2022-4434
Malicious code in bioql PyPI...
EUVD-2022-7594
Malicious code in bioql PyPI...
EUVD-2023-1474
Malicious code in bioql PyPI...
cloud.piranha.extension:piranha-extension-hazelcast (>=23.6.0 <=23.11.0), com.bucket4j:bucket4j-hazelcast (>=8.5.0 <=8.9.0) +508 more potentially affected by CVE-2023-45859 via com.hazelcast:hazelcast (>=5.3.0 <=5.3.4)
com.hazelcast:hazelcast MAVEN version =5.3.0, =23.6.0, =8.5.0, =8.5.0, =1.1.15, =3.1.7, =5.3.0, =5.3.0, =5.3.0, =5.3.0, =5.3.0, =5.3.0, =5.3.0, =5.3.0, =5.3.0, =5.3.0, =5.3.4 and more Source cves: CVE-2023-45859 Source advisory: OSV:GHSA-XH6M-7CR7-XX66...
cloud.piranha.extension:piranha-extension-hazelcast (>=22.12.0 <=23.4.0), cloud.piranha:debug (>=22.12.0 <=23.1.0) +210 more potentially affected by CVE-2023-45859 via com.hazelcast:hazelcast (>=5.2.0 <=5.2.4)
com.hazelcast:hazelcast MAVEN version =5.2.0, =22.12.0, =22.12.0, =23.1.0 - cn.vertxup:aeon-ambient =0.9.0 - cn.vertxup:aeon-aurora =0.9.0 - cn.vertxup:aeon-code =0.9.0 - cn.vertxup:aeon-cosmos =0.9.0 - cn.vertxup:aeon-ecology =0.9.0 - cn.vertxup:aeon-edge =0.9.0 - cn.vertxup:aeon-eternal =0.9.0 ...
cloud.piranha.extension:piranha-extension-hazelcast (>=21.11.0 <=22.2.0), cn.vertxup:infix-mysql (=0.8.1) +124 more potentially affected by CVE-2023-45859 via com.hazelcast:hazelcast (>=5.0 <=5.0.5)
com.hazelcast:hazelcast MAVEN version =5.0, =21.11.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.8.1 and more Source cves: CVE-2023-45859 Source advisory: OSV:GHSA-XH6M-7CR7-XX66...
am.ik.hazelcast:hazelcast-dns-service-discovery (=1.0.0), br.com.ingenieux:jbake-maven-plugin (>=0.0.3 <=0.0.9) +1281 more potentially affected by CVE-2023-45859 via com.hazelcast:hazelcast (>=1.7 <=4.1.10)
com.hazelcast:hazelcast MAVEN version =1.7, =0.0.3, =20.3.0, =24.2.0, =20.3.0, =2.23.5, =2.23.5, =23.1.0, =2.23.0, =2.23.5, =2.23.5, =2.23.5, =3.1.13, =3.1.295 - ch.mobi.mobitor:mobitor-doc =3.1.13 - cloud.configs:ConfigsCloudClient =1.1 and more Source cves: CVE-2023-45859 Source advisory:...
com.hazelcast:hazelcast-distribution (>=4.2 <=4.2.8), de.muenchen.oss.digiwf:digiwf-coverage (>=0.18.1 <=1.13.4) +69 more potentially affected by CVE-2023-45859 via com.hazelcast:hazelcast-all (>=4.2 <=4.2.8)
com.hazelcast:hazelcast-all MAVEN version =4.2, =4.2, =0.18.1, =0.18.1, =4.0.0, =4.0.0, =4.0.0, =0.13.0, =0.13.0, =0.15.0, =0.15.0, =0.16.0, =4.4.108, =1.3.158, =1.3.158, =1.3.158, =1.3.170 and more Source cves: CVE-2023-45859 Source advisory: OSV:GHSA-XH6M-7CR7-XX66...
cn.taketoday:today-aop (>=4.0.0-Draft.1 <=4.0.0-Draft.3), cn.taketoday:today-context (>=3.0.0.RELEASE <=3.0.5.RELEASE) +189 more potentially affected by CVE-2023-45859 via com.hazelcast:hazelcast-all (>=1.9.3.1 <=4.1.10)
com.hazelcast:hazelcast-all MAVEN version =1.9.3.1, =4.0.0-Draft.1, =3.0.0.RELEASE, =0.1.1.BETA, =0.1.5.BETA, =1.0.3, =1.0.3, =1.0.3, =2.0.2.1-RELEASE, =2.0.2.1-RELEASE, =2.0.2.1-RELEASE, =2.0.2.1-RELEASE, =2.0.2.1-RELEASE, =2.0.2.1-RELEASE, =2.0.3-RELEASE and more Source cves: CVE-2023-45859...
PT-2024-13294 · Atlassian +1 · Confluence Data Center/Server +4
Name of the Vulnerable Software and Affected Versions: Hazelcast versions 4.1.10 and earlier, 4.2 through 4.2.8, 5.0 through 5.0.5, 5.1 through 5.1.7, 5.2 through 5.2.4, and 5.3 through 5.3.2 Bitbucket Data Center and Server versions 7.21.0, 8.3.0, 8.4.0, 8.5.0, 8.6.0, 8.7.0, 8.8.0, 8.9.0, 8.10.0...
Improper Authorization
com.hazelcast:hazelcast is vulnerable to Improper Authorization. The issue exists within the SQL mapping for the CSV File Source connector. The vulnerability is due to inadequate permission checking, allowing unauthorized clients to access data from files stored on a member's filesystem. Attacker...
am.ik.hazelcast:hazelcast-dns-service-discovery (=1.0.0), br.com.ingenieux:jbake-maven-plugin (>=0.0.3 <=0.0.9) +1406 more potentially affected by CVE-2023-45860 via com.hazelcast:hazelcast (>=1.7 <=5.1.7)
com.hazelcast:hazelcast MAVEN version =1.7, =0.0.3, =20.3.0, =24.2.0, =20.3.0, =2.23.5, =2.23.5, =23.1.0, =2.23.0, =2.23.5, =2.23.5, =2.23.5, =3.1.13, =3.1.483 - ch.mobi.mobitor:mobitor-doc =3.1.13 - cloud.configs:ConfigsCloudClient =1.1 and more Source cves: CVE-2023-45860 Source advisory:...
cloud.piranha.extension:piranha-extension-hazelcast (>=23.6.0 <=23.11.0), com.bucket4j:bucket4j-hazelcast (>=8.5.0 <=8.9.0) +508 more potentially affected by CVE-2023-45860 via com.hazelcast:hazelcast (>=5.3.0 <=5.3.4)
com.hazelcast:hazelcast MAVEN version =5.3.0, =23.6.0, =8.5.0, =8.5.0, =1.1.15, =3.1.7, =5.3.0, =5.3.0, =5.3.0, =5.3.0, =5.3.0, =5.3.0, =5.3.0, =5.3.0, =5.3.0, =5.3.0, =5.3.4 and more Source cves: CVE-2023-45860 Source advisory: OSV:GHSA-8H4X-XVJP-VF99...
am.ik.hazelcast:hazelcast-dns-service-discovery (=1.0.0), br.com.ingenieux:jbake-maven-plugin (>=0.0.3 <=0.0.9) +1376 more potentially affected by CVE-2023-33265 via com.hazelcast:hazelcast (>=1.7 <=5.0.4)
com.hazelcast:hazelcast MAVEN version =1.7, =0.0.3, =20.3.0, =24.2.0, =20.3.0, =2.23.5, =2.23.5, =23.1.0, =2.23.0, =2.23.5, =2.23.5, =2.23.5, =3.1.13, =3.1.483 - ch.mobi.mobitor:mobitor-doc =3.1.13 - cloud.configs:ConfigsCloudClient =1.1 and more Source cves: CVE-2023-33265 Source advisory:...
cloud.piranha.extension:piranha-extension-hazelcast (>=22.12.0 <=23.4.0), cloud.piranha:debug (>=22.12.0 <=23.1.0) +201 more potentially affected by CVE-2023-33265 via com.hazelcast:hazelcast (>=5.2.0 <=5.2.3)
com.hazelcast:hazelcast MAVEN version =5.2.0, =22.12.0, =22.12.0, =23.1.0 - cn.vertxup:aeon-ambient =0.9.0 - cn.vertxup:aeon-aurora =0.9.0 - cn.vertxup:aeon-code =0.9.0 - cn.vertxup:aeon-cosmos =0.9.0 - cn.vertxup:aeon-ecology =0.9.0 - cn.vertxup:aeon-edge =0.9.0 - cn.vertxup:aeon-eternal =0.9.0 ...
cloud.piranha.extension:piranha-extension-hazelcast (>=22.5.0 <=22.11.0), cloud.piranha:debug (>=22.5.0 <=22.11.0) +142 more potentially affected by CVE-2023-33264 via com.hazelcast:hazelcast (>=5.1-BETA-1 <=5.1.5)
com.hazelcast:hazelcast MAVEN version =5.1-BETA-1, =22.5.0, =22.5.0, =8.1.1, =8.2.0, =5.1.15, =5.1.15, =1.40.0, =0.7.0, =1.1.8, =1.1.8, =1.1.8, =1.1.8, =1.1.15 - com.gitee.kamismile:gatewayweb =1.2.8 and more Source cves: CVE-2023-33264 Source advisory: OSV:GHSA-5GJ6-62G7-VMGF...
ch.mobi.mobitor:mobitor-base (>=3.1.242 <=3.1.483), cloud.piranha.extension:piranha-extension-hazelcast (>=21.6.0 <=21.10.0) +246 more potentially affected by CVE-2023-33264 via com.hazelcast:hazelcast (>=4.0-BETA-1 <=4.2.8)
com.hazelcast:hazelcast MAVEN version =4.0-BETA-1, =3.1.242, =21.6.0, =20.5.0, =1.0.2, =1.0.2, =8.10.0, =8.11.0, =8.11.0, =8.10.0, =2.3.0, =2.3.0, =2.3.0, =2.3.0, =2.3.0, =2.3.2 and more Source cves: CVE-2023-33264 Source advisory: OSV:GHSA-5GJ6-62G7-VMGF...
GHSA-5GJ6-62G7-VMGF Hazelcast vulnerable to unmasked password exposure
In Hazelcast before 5.3.0, configuration routines don't mask passwords in the member configuration properly. This allows Hazelcast Management Center users to view some of the secrets...
Hazelcast 安全漏洞
Hazelcast Hazelcast IMDG is a set of scalable open source data distribution platform of the U.S. Hazelcast company . The platform supports a variety of distributed data structures , support for distributed caching and other features . A security vulnerability exists in Hazelcast versions 5.0.4 an...