CVE-2023-25561

DataHub is an open-source metadata platform. In the event a system is using Java Authentication and Authorization Service JAAS authentication and that system is given a configuration which contains an error, the authentication for the system will fail open and allow an attacker to login using any...

EUVD-2018-12334

Malware in sbrugna...

EUVD-2022-1890

Malicious code in bioql PyPI...

EUVD-2024-2267

Malicious code in bioql PyPI...

Apache Kafka 安全漏洞

Apache Kafka is an open source distributed streaming platform from the Apache USA Foundation. The platform is capable of fetching real-time data for building applications that react in real-time to changes in data streams. A security vulnerability exists in Apache Kafka that stems from a...

CVE-2024-54660

A JNDI injection issue was discovered in Cloudera JDBC Connector for Hive before 2.6.26 and JDBC Connector for Impala before 2.6.35. Attackers can inject malicious parameters into the JDBC URL, triggering JNDI injection during the process when the JDBC Driver uses this URL to connect to the...

CVE-2024-54660

CVE-2024-54660 affects Cloudera JDBC Connector for Hive (before 2.6.26) and JDBC Connector for Impala (before 2.6.35). The issue is a JNDI injection triggered by untrusted values in the JAAS-using krbJAASFile parameter within the JDBC URL during connection, allowing potential remote code executio...

CVE-2023-25561

DataHub is an open-source metadata platform. In the event a system is using Java Authentication and Authorization Service JAAS authentication and that system is given a configuration which contains an error, the authentication for the system will fail open and allow an attacker to login using any...

Authentication flaw

DataHub is an open-source metadata platform. In the event a system is using Java Authentication and Authorization Service JAAS authentication and that system is given a configuration which contains an error, the authentication for the system will fail open and allow an attacker to login using any...

CVE-2023-25561 Login fail open on JAAS misconfiguration in DataHub

DataHub is an open-source metadata platform. In the event a system is using Java Authentication and Authorization Service JAAS authentication and that system is given a configuration which contains an error, the authentication for the system will fail open and allow an attacker to login using any...

PT-2023-20159

Name of the Vulnerable Software and Affected Versions DataHub affected versions not specified Description The issue occurs when a system using Java Authentication and Authorization Service JAAS authentication encounters a configuration error, causing authentication to fail open. This allows an...

Apache Karaf Code Issue Vulnerability

Apache Karaf is the United States Apache Apache Foundation for the deployment of applications and components of a lightweight OSGi Java Dynamic Modular System container. A code issue vulnerability exists in Apache Karaf versions prior to 4.2.9. In Karaf, JAAS is used for JMX authentication and AC...

IBM WebSphere Application Server Liberty Information Disclosure Vulnerability (CNVD-2018-17070)

IBM WebSphere Application Server WAS is an application server product developed and distributed by IBM in the U.S. It is a platform for Java EE and Web services applications and the foundation of the IBM WebSphere software platform.Liberty is a dynamic server profile for WAS. An information...

OpenJDK: LdapLoginModule incorrect userDN extraction (JAAS, 8161743)

It was discovered that the JAAS component of OpenJDK did not use the correct way to extract user DN from the result of the user search LDAP query. A specially crafted user LDAP entry could cause the application to use an incorrect DN...

Ubuntu: Security Advisory (USN-3194-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-3194-1: OpenJDK 7 vulnerabilities

Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly use this flaw to obtain clear text data from long encrypted sessions. This update moves those algorithms to the legacy algorithm set and causes...

USN-3179-1: OpenJDK 8 vulnerabilities

Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly use this flaw to obtain clear text data from long encrypted sessions. This update moves those algorithms to the legacy algorithm set and causes...

Apache ActiveMQ 5.x < 5.10.1 Multiple Vulnerabilities

Binary data 8961.prm...

Apache ActiveMQ Java Authentication and Authorization Service Certificate Acquisition Vulnerability

Apache ActiveMQ is the United States Apache Apache Software Foundation developed a set of open source messaging middleware , which supports Java messaging services , clustering , Spring Framework and so on. Apache ActiveMQ 5.10.1 before version 5.x of the Java Authentication and Authorization...

DEBIAN-CVE-2015-6524

The LDAPLoginModule implementation in the Java Authentication and Authorization Service JAAS in Apache ActiveMQ 5.x before 5.10.1 allows wildcard operators in usernames, which allows remote attackers to obtain credentials via a brute force attack. NOTE: this identifier was SPLIT from CVE-2014-361...