USN-7614-1 pcs vulnerabilities

Cedric Buissart discovered that pcs did not correctly handle certain parameters. An attacker could possibly use this issue to leak sensitive information or elevate their privileges. This issue only affected Ubuntu 16.04 LTS. CVE-2018-1086 Ondrej Mular discovered that pcs did not correctly handle...

RHEL 6 : pcs (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - pcs: Cross-Site Request Forgery in web UI CVE-2016-0720 - Session fixation vulnerability in pcsd in pcs...

SUSE CVE-2021-47307

In the Linux kernel, the following vulnerability has been resolved: cifs: prevent NULL deref in cifscomposemountoptions The optional @ref parameter might contain an NULL nodename, so prevent dereferencing it in cifscomposemountoptions. Addresses-Coverity: 1476408 "Explicit null dereferenced"...

DEBIAN-CVE-2021-47307

In the Linux kernel, the following vulnerability has been resolved: cifs: prevent NULL deref in cifscomposemountoptions The optional @ref parameter might contain an NULL nodename, so prevent dereferencing it in cifscomposemountoptions. Addresses-Coverity: 1476408 "Explicit null dereferenced"...

UBUNTU-CVE-2021-47307

In the Linux kernel, the following vulnerability has been resolved: cifs: prevent NULL deref in cifscomposemountoptions The optional @ref parameter might contain an NULL nodename, so prevent dereferencing it in cifscomposemountoptions. Addresses-Coverity: 1476408 "Explicit null dereferenced"...

Trust Boundary Violation

Overview Affected versions of this package are vulnerable to Trust Boundary Violation via the creation of a custom PersistentVolume that matches the name of a worker node. An attacker can gain unauthorized access to the root HCP worker node's volume by exploiting this flaw. Note: The name of the...

Trust Boundary Violation

Overview Affected versions of this package are vulnerable to Trust Boundary Violation via the creation of a custom PersistentVolume that matches the name of a worker node. An attacker can gain unauthorized access to the root HCP worker node's volume by exploiting this flaw. Note: The name of the...

Trust Boundary Violation

Overview Affected versions of this package are vulnerable to Trust Boundary Violation via the creation of a custom PersistentVolume that matches the name of a worker node. An attacker can gain unauthorized access to the root HCP worker node's volume by exploiting this flaw. Note: The name of the...

Trust Boundary Violation

Overview Affected versions of this package are vulnerable to Trust Boundary Violation via the creation of a custom PersistentVolume that matches the name of a worker node. An attacker can gain unauthorized access to the root HCP worker node's volume by exploiting this flaw. Note: The name of the...

PT-2023-23229 · Apache · Apache Inlong

Name of the Vulnerable Software and Affected Versions: Apache InLong versions 1.4.0 through 1.6.0 Description: The issue affects Apache InLong, allowing attackers to change the immutable name and type of nodes. This can be exploited by attackers, but there is no information provided about the...

Sensitive Information in Error Messages in Apache Airflow

Generation of Error Message Containing Sensitive Information vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.5.2. The traceback contains information that might be useful for a potential attacker to better target their attack Python/Airflow...

SUSE CVE-2019-11291

Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior to v3.8.1, and RabbitMQ for PCF, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain two endpoints, federation and shovel, which do not properly sanitize user input. A remote authenticated malicious use...

CVE-2023-0591

ubireaderextractfiles is vulnerable to path traversal when run against specifically crafted UBIFS files, allowing the attacker to overwrite files outside of the extraction directory provided the process has write access to that file or directory. This is due to the fact that a node name...

The vulnerability of the Administrative Console Framework software platform of IBM Spectrum Protect Plus allows a perpetrator to execute arbitrary code.

The vulnerability of the Administrative Console Framework service of the IBM Spectrum Protect Plus software data protection platform lies in the lack of measures to neutralize special elements entered by the user during syntax analysis of the node name parameter. Exploiting this vulnerability...

HashiCorp Consul 安全漏洞

HashiCorp Consul is a suite of distributed, highly available data center-aware solutions from HashiCorp USA. The product is used to connect and configure applications across dynamically distributed infrastructures. A security vulnerability exists in HashiCorp Consul versions 1.8.1, 1.11.81.12.4,...

PT-2022-11486 · Hashicorp +3 · Hashicorp Consul +3

Name of the Vulnerable Software and Affected Versions: HashiCorp Consul versions 1.8.1 through 1.11.8 HashiCorp Consul version 1.12.4 HashiCorp Consul version 1.13.1 Description: The issue arises from improper validation of node or segment names prior to their interpolation and usage in JWT claim...

Thingsboard 跨站脚本漏洞

Thingsboard is a Java-based platform for IOT devices for monitoring, management, and data collection from the Thingsboard team. A security vulnerability exists in Thingsboard version 3.3.1, which can be exploited by an attacker to put a script payload into the name of a rule node when creating th...

Thingsboard 跨站脚本漏洞

Thingsboard is a Java-based platform for IOT devices for monitoring, management, and data collection from the Thingsboard team. A security vulnerability exists in Thingsboard version 3.3.1, which can be exploited by an attacker to put a script payload into the name of a rule node when creating th...

GHSA-9PF7-F47Q-MWPQ Cross-site Scripting in RabbitMQ

Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior to v3.8.1, and RabbitMQ for PCF, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain two endpoints, federation and shovel, which do not properly sanitize user input. A remote authenticated malicious use...

GHSA-C82R-QG3W-Q5MV Apache Solr insecure inter-node communication

Apache Solr uses a PKI based mechanism to secure inter-node communication when security is enabled. It is possible to create a specially crafted node name that does not exist as part of the cluster and point it to a malicious node. This can trick the nodes in cluster to believe that the malicious...