Apache IoTDB grafana-connector version 0.13.0 contains an interface without authorization, which may expose the internal structure of a database. Users should upgrade to version 0.13.1, which addresses this issue.
References
https://nvd.nist.gov/vuln/…
The os_socketaddr crate has assumed std::net::SocketAddrV4 and std::net::SocketAddrV6 have the same memory layout as the system C representation sockaddr. It has simply casted the pointers to convert the socket addresses to the system representation.
T…
Apache ShenYu Admin has insecure permissions, which may allow low-privilege administrators to modify high-privilege administrator’s passwords. This issue affects Apache ShenYu 2.4.2 and 2.4.3. Version 2.5.0 contains a patch for this issue.
References
…
A flaw was found in the python-scciclient when making an HTTPS connection to a server where the server’s certificate would not be verified. This issue opens up the connection to possible Man-in-the-middle (MITM) attacks.
References
https://nvd.nist.go…
Impact
Anyone who uses elrond-go to process blocks (historical or actual) that contains a transaction like this: MultiESDTNFTTransfer@01@54444558544b4b5955532d323631626138@00@0793afc18c8da2ca@ (mind the missing function name after the last @)
Basic fun…
Flux CLI allows users to deploy Flux components into a Kubernetes cluster via command-line. The vulnerability allows other applications to replace the Flux deployment information with arbitrary content which is deployed into the target Kubernetes clust…
Apache Geode versions up to 1.12.2 and 1.13.2 are vulnerable to a deserialization of untrusted data flaw when using JMX over RMI on Java 11. Any user wishing to protect against deserialization attacks involving JMX or RMI should upgrade to Apache Geode…
Impact
Possible ReDoS with lib input of {{ and with many repetitions of {{|
Patches
Patched in all versions above 0.2.5
Workarounds
No known work arounds.
References
OWASP: Regular expression Denial of Service – ReDoS
Wikipedia: ReDoS.
Wikipedia: Time…
Impact
The Matrix specification specifies a list of event authorization rules which must be checked when determining if an event should be accepted into a room.
In versions of Synapse up to and including v1.61, some of these rules are not correctly app…
The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-25857
https://github.com/snakeyaml/snakeyaml/c…
