EUVD-2024-0609

Malicious code in bioql PyPI...

Buffer overflow

Observable timing discrepancy vulnerability in Apache Pulsar SASL Authentication Provider can allow an attacker to forge a SASL Role Token that will pass signature verification. Users are recommended to upgrade to version 2.11.3, 3.0.2, or 3.1.1 which fixes the issue. Users should also consider...

PT-2024-3207 · Apache · Apache Pulsar

Name of the Vulnerable Software and Affected Versions: Apache Pulsar versions prior to 2.11.3 Apache Pulsar versions prior to 3.0.2 Apache Pulsar versions prior to 3.1.1 Description: The issue is related to an observable timing discrepancy vulnerability in the Apache Pulsar SASL Authentication...

Elastic Cloud Enterprise (ECE) Incorrect Authentication Vulnerability

Elastic Cloud Enterprise ECE is a suite of software packages for managing, monitoring, and configuring Elasticsearch, Kibana, and X-Pack from Elasticsearch Netherlands. Elastic Cloud Enterprise ECE suffers from an incorrect authentication vulnerability that can be exploited by an attacker to add ...