Jenkins Active Directory Plugin 安全漏洞

The Jenkins Active Directory Plugin is an identity integration plugin developed under open source by Jenkins. Versions of the Jenkins Active Directory Plugin 2.41 and earlier contained a security vulnerability, which was caused by unvalidated deserialization of LDAP reference data...

Multiple Vulnerabilities in Apache Kafka

Multiple Vulnerabilities addressed in Apache Kafka CVE-2023-25194 A possible security vulnerability has been identified in Apache Kafka Connect. This requires access to a Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config and a...

MiracleLinux 7 : xstream-1.3.1-16.el7 (AXSA:2021-2499:04)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2021-2499:04 advisory. xstream: Arbitrary code execution via unsafe deserialization of Xalan xsltc.trax.TemplatesImpl CVE-2021-39139 xstream: Arbitrary code execution via...

Moderate: Red Hat Security Advisory: Red Hat build of Keycloak 26.2.11 Images Security Update

New images are available for Red Hat build of Keycloak 26.2.11 and Red Hat build of Keycloak 26.2.11 Operator, running on OpenShift Container Platform Red Hat build of Keycloak is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Ha...

TencentOS Server 4: kafka (TSSA-2025:0475)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0475 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in the Apache Kafka Client.

Summary Multiple vulnerabilities in the Apache Kafka Client that is used by IBM InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2025-27818 DESCRIPTION: A possible security vulnerability has been identified in Apache Kafka. This requires access to a alterConfig to the...

CVE-2025-58045

Dataease is an open source data analytics and visualization platform. In Dataease versions up to 2.10.12, the patch introduced to mitigate DB2 JDBC deserialization remote code execution attacks only blacklisted the rmi parameter. The ldap parameter in the DB2 JDBC connection string was not...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to kafka-clients-3.9.0.jar CVE-2025-27818, CVE-2025-27817

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to kafka-clients-3.9.0.jar CVE-2025-27818, CVE-2025-27817. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-27818 DESCRIPTION: A possible security vulnerability ha...

Security Bulletin: Arbitrary File Read and SSRF via Unrestricted URL Configuration in Apache Kafka Client SASL/OAUTHBEARER Settings, affects watsonx.data

Summary A vulnerability in Apache Kafka Client allows for arbitrary file read and Server-Side Request Forgery SSRF through misconfigured SASL/OAUTHBEARER settings, specifically the sasl.oauthbearer.token.endpoint.url and sasl.oauthbearer.jwks.endpoint.url parameters. If client configurations are...

Security Bulletin: Vulnerabilities in Apache Kafka affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerabilities in Apache Kafka have been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerabilities have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-27818 DESCRIPTIO...

CVE-2025-27818

Summary of CVE-2025-27818 (Apache Kafka): The issue involves an authenticated operator who, via alterConfig on a cluster resource (or Kafka Connect worker) and by modifying connector configs through the REST API, can set sasl.jaas.config on Kafka clients to an LDAP/JndiLoginModule path (e.g., com...

SUSE CVE-2023-25194

A possible security vulnerability has been identified in Apache Kafka Connect API. This requires access to a Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config and a SASL-based security protocol, which has been possible on Kafka...

kafka: RCE/DoS via SASL JAAS JndiLoginModule configuration in Kafka Connect

A flaw was found in Apache Kafka Connect's REST API that permits configuration of SASL property by an authenticated operator, which could allow connection to a malicious LDAP server and subsequent deserialization of malicious content. This issue could allow an authenticated attacker to cause a...

Oracle Java LDAP Deserialization Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of LDAP...