Lucene search
K

11235 matches found

Github Security Blog
Github Security Blog
added 2023/02/07 9:30 p.m.60 views

Apache Kafka Connect vulnerable to Deserialization of Untrusted Data

A possible security vulnerability has been identified in Apache Kafka Connect API. This requires access to a Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config and a SASL-based security protocol, which has been possible on Kafka...

8.8CVSS8.6AI score0.95302EPSS
Exploits7References6Affected Software1
NVD
NVD
added 2023/02/07 8:15 p.m.21 views

CVE-2023-25194

A possible security vulnerability has been identified in Apache Kafka Connect API. This requires access to a Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config and a SASL-based security protocol, which has been possible on Kafka...

8.8CVSS8.8AI score0.95302EPSS
Exploits7References3
Prion
Prion
added 2023/02/07 8:15 p.m.29 views

Deserialization of untrusted data

A possible security vulnerability has been identified in Apache Kafka Connect API. This requires access to a Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config and a SASL-based security protocol, which has been possible on Kafka...

6.5CVSS8.6AI score0.95302EPSS
Exploits7References3Affected Software1
UbuntuCve
UbuntuCve
added 2023/02/07 8:15 p.m.94 views

CVE-2023-25194

A possible security vulnerability has been identified in Apache Kafka Connect API. This requires access to a Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config and a SASL-based security protocol, which has been possible on Kafka...

8.8CVSS7.1AI score0.95302EPSS
Exploits7References3
Metasploit
Metasploit
added 2023/02/07 7:49 p.m.349 views

ManageEngine ServiceDesk Plus Unauthenticated SAML RCE

This exploits an unauthenticated remote code execution vulnerability that affects Zoho ManageEngine ServiceDesk Plus versions 14003 and below CVE-2022-47966. Due to a dependency to an outdated library Apache Santuario version 1.4.1, it is possible to execute arbitrary code by providing a crafted...

9.8CVSS9.7AI score0.99753EPSS
Exploits15
Vulnrichment
Vulnrichment
added 2023/02/07 7:11 p.m.9 views

CVE-2023-25194 Apache Kafka Connect API: Possible RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration using Kafka Connect

A possible security vulnerability has been identified in Apache Kafka Connect API. This requires access to a Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config and a SASL-based security protocol, which has been possible on Kafka...

7.5AI score0.95302EPSS
Exploits7References3
Cvelist
Cvelist
added 2023/02/07 7:11 p.m.25 views

CVE-2023-25194 Apache Kafka Connect API: Possible RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration using Kafka Connect

A possible security vulnerability has been identified in Apache Kafka Connect API. This requires access to a Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config and a SASL-based security protocol, which has been possible on Kafka...

8.9AI score0.95302EPSS
Exploits7References3
CVE
CVE
added 2023/02/07 7:11 p.m.335 views

CVE-2023-25194

CVE-2023-25194 is evidenced by multiple connected advisories detailing a SASL JAAS/JndiLoginModule-based deserialization vulnerability in Apache Kafka and Kafka Connect. An authenticated operator can inject SASL JAAS config (e.g., sasl.jaas.config via producer/consumer/admin overrides) to point t...

8.8CVSS8.8AI score0.95302EPSS
Exploits7References3Affected Software1
RedHat Linux
RedHat Linux
added 2023/02/07 3:52 p.m.53 views

Important: Red Hat Security Advisory: git security update

An update for git is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

9.8CVSS7.6AI score0.56334EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2023/02/07 3:42 p.m.75 views

Important: Red Hat Security Advisory: git security update

An update for git is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

9.8CVSS7.6AI score0.56334EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/02/07 12:0 a.m.27 views

RHEL 8 : git (RHSA-2023:0628)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0628 advisory. Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a...

9.8CVSS8.7AI score0.56334EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2023/02/07 12:0 a.m.39 views

RHEL 9 : git (RHSA-2023:0627)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0627 advisory. Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a...

9.8CVSS8.7AI score0.56334EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2023/02/07 12:0 a.m.38 views

ManageEngine ServiceDesk Plus Unauthenticated RCE (CVE-2022-47966)

Binary data manageengineservicedeskcve-2022-47966.nbin...

9.8CVSS9.2AI score0.99753EPSS
Exploits15References2
RedHat Linux
RedHat Linux
added 2023/02/06 7:49 p.m.42 views

Important: Red Hat Security Advisory: git security update

An update for git is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

9.8CVSS7.6AI score0.56334EPSS
Exploits0References3
Rockylinux
Rockylinux
added 2023/02/06 7:26 p.m.55 views

git security update

An update is available for git. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Git is a distributed revision control system with a decentralized architecture. A...

9.8CVSS9.4AI score0.56334EPSS
Exploits0
OSV
OSV
added 2023/02/06 7:26 p.m.17 views

RLSA-2023:0611 Important: git security update

Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to wo...

9.8CVSS10AI score0.56334EPSS
Exploits0References3
Rockylinux
Rockylinux
added 2023/02/06 7:25 p.m.48 views

git security update

An update is available for git. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Git is a distributed revision control system with a decentralized architecture. A...

9.8CVSS9.4AI score0.56334EPSS
Exploits0
OSV
OSV
added 2023/02/06 7:25 p.m.24 views

RLSA-2023:0610 Important: git security update

Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to wo...

9.8CVSS10AI score0.56334EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2023/02/06 4:46 p.m.39 views

Important: Red Hat Security Advisory: git security update

An update for git is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

9.8CVSS7.6AI score0.56334EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2023/02/06 4:45 p.m.42 views

Important: Red Hat Security Advisory: git security update

An update for git is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...

9.8CVSS7.6AI score0.56334EPSS
Exploits0References3
Rows per page
Query Builder