217 matches found
Quorum onQ 安全漏洞
Quorum onQ is a backup solution from Quorum. A security vulnerability exists in Quorum onQ version v.6.0.0.5.2064, which originates from a cross-site scripting vulnerability that allows remote attackers to obtain sensitive information via the msg parameter in the Login page...
CVE-2024-44449
CVE-2024-44449 affects Quorum onQ OS 6.0.0.5.2064. The vulnerability is a Cross Site Scripting (reflected) in the Login page, where the msg parameter can expose sensitive information. Root cause is a reflected XSS vector in the Login API endpoint. Impact is information disclosure via the logged-i...
CVE-2024-44449
Cross Site Scripting vulnerability in Quorum onQ OS v.6.0.0.5.2064 allows a remote attacker to obtain sensitive information via the msg parameter in the Login page...
CVE-2024-44449
Cross Site Scripting vulnerability in Quorum onQ OS v.6.0.0.5.2064 allows a remote attacker to obtain sensitive information via the msg parameter in the Login page...
PT-2025-2676 · Quorum · Quorum Onq Os
Name of the Vulnerable Software and Affected Versions: Quorum onQ OS version 6.0.0.5.2064 Description: The issue allows a remote attacker to obtain sensitive information via the msg parameter in the "Login page" API endpoint. This is a Cross Site Scripting vulnerability. Recommendations: For Quor...
Quorum onQ OS 6.0.0.5.2064 Cross Site Scripting
Quorum onQ OS version 6.0.0.5.2064 suffers from a cross site scripting vulnerability. + Credits: Shahnawaz Shaikh, Security Researcher at Cybergate Defense LLC + twitter.com/striv3r Vendor https://quorum.com/about/ Product Quorum onQ OS - 6.0.0.5.2064 Vulnerability Type Reflected Cross Site...
Quorum onQ OS 6.0.0.5.2064 Cross Site Scripting Vulnerability
Vendor https://quorum.com/about/ Product Quorum onQ OS - 6.0.0.5.2064 Vulnerability Type Reflected Cross Site Scripting XSS Affected Component Login page get parameter 'msg' is vulnerable to Reflected Cross site scripting CVE Reference CVE-2024-44449 Security Issue Cross Site Scripting...
pcs security update
0.10.18-2.0.1 - Replace HAM-logo.png with a generic one 0.10.18-2 - Fixed CVE-2024-25126, CVE-2024-26141, CVE-2024-26146 in bundled dependency rack Resolves: RHEL-26445, RHEL-26447, RHEL-26449 0.10.18-1 - Rebased to the latest sources see CHANGELOG.md Resolves: RHEL-7741 0.10.17-6 - Rebased to th...
zookeeper: Authorization Bypass in Apache ZooKeeper
A flaw was found in Apache ZooKeeper. Authorization bypass through user-controlled key is available iff SASL Quorum Peer authentication is enabled in ZooKeeper via quorum.auth.enableSasl=true configuration. A malicious user could bypass the authentication controller by using a non-existing instan...
Security Bulletin: IBM Event Streams is affected by authorization bypass through user-controlled key vulnerability ( CVE-2023-44981).
Summary This security vulnerability in Apache ZooKeeper could allow an attacker to bypass security restrictions on the system, caused by a flaw when SASL Quorum Peer authentication is enabled in ZooKeeper quorum.auth.enableSasl=true. This bulletin identifies the steps to take to address the...
BIT-ZOOKEEPER-2023-44981 Apache ZooKeeper: Authorization bypass in SASL Quorum Peer Authentication
Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled in ZooKeeper quorum.auth.enableSasl=true, the authorization is done by verifying that the instance part in SASL authentication ID is listed in zoo.cfg server list. The...
zookeeper: Authorization Bypass in Apache ZooKeeper
A flaw was found in Apache ZooKeeper. Authorization bypass through user-controlled key is available iff SASL Quorum Peer authentication is enabled in ZooKeeper via quorum.auth.enableSasl=true configuration. A malicious user could bypass the authentication controller by using a non-existing instan...
zookeeper: Authorization Bypass in Apache ZooKeeper
A flaw was found in Apache ZooKeeper. Authorization bypass through user-controlled key is available iff SASL Quorum Peer authentication is enabled in ZooKeeper via quorum.auth.enableSasl=true configuration. A malicious user could bypass the authentication controller by using a non-existing instan...
USN-6559-1: ZooKeeper vulnerabilities
It was discovered that ZooKeeper incorrectly handled authorization for the getACL command. A remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. CVE-2019-0201 Damien Diederen discovered that ZooKeeper...
Upgraded Q -> 2 from #286 [1704653766013]
Judge has assessed an item in Issue 286 as 2 risk. The relevant finding follows: L-02 Quorum for existing piece cannot be changed L-03 Token inflation gives advantage to new pieces --- The text was updated successfully, but these errors were encountered: All reactions...
FreeBSD : apache -- Apache ZooKeeper: Authorization bypass in SASL Quorum Peer Authentication (2bc376c0-977e-11ee-b4bc-b42e991fc52e)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 2bc376c0-977e-11ee-b4bc-b42e991fc52e advisory. - Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Pe...
Security Bulletin: Due to the use of Apache ZooKeeper, IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library is vulnerable to security bypass.
Summary Apache ZooKeeper is used by IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library. CVE-2023-44981 Vulnerability Details CVEID:CVE-2023-44981 DESCRIPTION: Apache ZooKeeper could allow a remote attacker to bypass security restrictions, caused by a flaw when SASL Quorum Peer...
zookeeper: Authorization Bypass in Apache ZooKeeper
A flaw was found in Apache ZooKeeper. Authorization bypass through user-controlled key is available iff SASL Quorum Peer authentication is enabled in ZooKeeper via quorum.auth.enableSasl=true configuration. A malicious user could bypass the authentication controller by using a non-existing instan...
Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Apache ZooKeeper
Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Apache ZooKeeper. Vulnerability Details CVEID: CVE-2023-44981 DESCRIPTION: Apache ZooKeeper could allow a remote attacker to bypass security restrictions, caused by a flaw when SASL Quorum Peer...
Debian DSA-5544-1 : zookeeper - security update
The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5544 advisory. Damien Diederen discovered that SASL quorum peer authentication within Zookeeper, a service for maintaining configuration information, was insufficiently enforced in...