Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-38368: PSIRT Advisories — aviatrix_docs documentation

An issue was discovered in Aviatrix Gateway before 6.6.5712 and 6.7.x before 6.7.1376. Because Gateway API functions mishandle authentication, an authenticated VPN user can inject arbitrary commands.

CVE
#csrf#vulnerability#web#mac#windows#linux#php#rce#ldap#aws#hard_coded_credentials#auth#ssl

Aviatrix Product Security Team continually tests the software product, looking for vulnerabilities and weaknesses. If you have a security issue to report, please open a support ticket at Aviatrix Support Portal at https://support.aviatrix.com. Any such findings are fed back to Aviatrix’s development teams and serious issues are described along with protective solutions in the advisories below.

Please note the below Aviatrix Security recommendations and communication plans: - Aviatrix strongly recommend customers to stay on the latest release to resolve features and bug issues. All fixes are in the new release; we do not patch older release versions. - Customers are strongly recommended to perform image migration 2x a year. The migration process provides the latest system level security patch - All known software vulerabilities are submitted to Mitre for CVE-ID references by Aviatrix Systems - Avitrix publish Field Notices and send alerts to Controller Admin in the Controller console when security related issues are published

23. Aviatrix Controller and Gateways - Unauthorized Access¶

Date 08/02/2022

Risk Rating High for Gateways.

Description Gateway APIs contain functions that are inappropriately authenticated and would allow an authenticated VPN user to inject arbitrary commands.

Impact A successful attack would allow an authenticated VPN user to execute arbitrary comments against Aviatrix gateways.

Affected Products Aviatrix Gateways

Solution Upgrade your Aviatrix Controller and gateway software to:

  • 6.6.5712 or later
  • 6.7.1376 or later

Acknowledgement Aviatrix would like to thank Thomas Wallin from Splunk for the responsible disclosure of this issue.

22. Remote Code Execution¶

Date 05/27/2022

Risk Rating AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H (10.0)

Description Several vulnerabilities could be combined by an attacker to abuse a Gateway command mechanism that would allow arbitrary remote code execution. This vulnerability is not known to be exploited.

Impact An unauthenticated attacker to run arbitrary commands against Aviatrix gateways.

Affected Products Aviatrix Controller and Gateways.

Solution: Upgrade your controller and gateway software to:

  • 6.4.3057
  • 6.5.3233
  • 6.6.5612
  • 6.7.1185

21. Post-Auth Remote Code Execution¶

Date 04/11/2022

Risk Rating High

Description TLDAP APIs contain functions that are inappropriately sanitized, and would allow an authenticated malicious user to inject arbitrary commands.

Impact A local user to the controller UI could execute arbitrary code.

Affected Products Aviatrix Controller.

Solution: Upgrade your controller and gateway software to:

  • 6.4.3049
  • 6.5.3166
  • 6.6.5545

20. Aviatrix Controller and Gateways - Privilege Escalation¶

Date 02/03/2022

Risk Rating Medium

Description The publicly disclosed CVE-2021-4034 and CVE-2022-0185 are local privilege escalation vulnerabilities disclosed in the past two weeks. When successfully executed, an attack exploiting these vulnerabilities can cause a local privilege escalation giving unprivileged users administrative rights on the target machine. The Aviatrix Gateway, Controller, and Copilot are all running vulnerable versions of the Linux packages. However, in order to successfully exploit these vulnerabilities, an attacker requires local access to our systems and no vulnerability known to us today would allow such attack.

Impact A local user to our appliances can escalate his privileges to root.

Affected Products Aviatrix Controller and Gateways.

Solution

  • Upgrade Copilot to Release 1.6.3.
  • Apply security patch [AVI-2022-0001 - CVE-2021-4034 and CVE-2022-0185 Privilege Escalation Patches] to controllers.

19. Aviatrix Controller and Gateways - Unauthorized Access¶

Date 01/11/2022

Risk Rating High for Gateways, medium for Controller.

Description On the Aviatrix Controller, a successful attack would allow an unauthenticated remote attacker partial access to configuration information and allow them to disrupt the service. On the gateway, a successful attack would allow an unauthenticated network-adjacent attacker (i.e.: an attacker present on the gateway’s VPC) access to its API.

Impact Access to configuration information and disruption of service.

Affected Products Aviatrix Controller, Gateways and Copilot.

Solution Upgrade your controller and gateway software to:

  • 6.4.2995 or later.
  • 6.5.2898 or later.

18. Aviatrix Controller - Remote file execution¶

Date 10/04/2021

Risk Rating Critical

Description The Aviatrix Controller legacy API had a vulnerability allowing an unauthenticated attacker to upload arbitrary files, including .php scripts, to the filesystem. These uploaded scripts will be processed by the web frontend, allowing an attacker to run code of their choosing.

Impact Remote file execution

Affected Product Aviatrix Controller prior to the fixed versions.

Solution The vulnerability has been fixed in:

  • UserConnect-6.2-1804.2043 or later
  • UserConnect-6.3-1804.2490 or later
  • UserConnect-6.4-1804.2838 or later
  • UserConnect-6.5-1804.1922 or later

CVE-ID CVE-2021-40870

Acknowledgement Aviatrix would like to thank the team at Tradecraft (https://www.wearetradecraft.com/) for the responsible disclosure of these issues.

17. OpenVPN - Abitrary File Write¶

Date 8/10/2020

Risk Rating High

Description The VPN service write logs to a location that is writable

Impact Unauthorized file permission

Affected Product Aviatrix OpenVPN R2.8.2 or earlier

Solution Aviatrix OpenVPN OpenVPN 2.10.8 - May 14 2020 or later

CVE-ID TBD

Acknowledgement Aviatrix is pleased to thank Rich Mirch, Senior Adversarial Engineer - TeamARES from Critical Start, Inc. for reporting this vulnerability under responsible disclosure.

16. Bypass htaccess security control¶

Date 8/10/2020

Risk Rating Low

Description The htaccess control to prevent requests to a cert directory can be bypassed to download files.

Impact Excessive Permission

Affected Product Controller 5.3.1516

Solution Controller R5.4.1290 (8/5/2020) or later

CVE-ID TBD

Acknowledgement Aviatrix would like to thank Rich Mirch, Senior Adversarial Engineer - TeamARES from Critical Start, Inc. for reporting this vulnerability under responsible disclosure.

15. Insecure File Permissions¶

Date 8/10/2020

Risk Rating Medium

Description Several world writable files and directories were found

Impact Excessive Permission

Affected Product Controller 5.3.1516

Solution Controller R5.4.1290 (8/5/2020) or later

CVE-ID TBD

Acknowledgement Aviatrix would like to thank Rich Mirch, Senior Adversarial Engineer - TeamARES from Critical Start, Inc. for reporting this vulnerability under responsible disclosure.

14. Bypass Htaccess Security Control¶

Date 8/10/2020

Risk Rating Low

Description The htaccess control to prevent requests to directories can be bypassed for file downloading.

Impact Unauthorized file download

Affected Product Aviatrix Controller 5.3 or earlier

Solution Controller & Gateway upgrade R5.4.1290 (8/5/2020) or later

CVE-ID CVE-2020-26549

Acknowledgement Aviatrix would like to thank Rich Mirch, Senior Adversarial Engineer - TeamARES from Critical Start, Inc. for reporting this vulnerability under responsible disclosure.

13. Insecure sudo rule¶

Date 8/10/2020

Risk Rating Medium

Description A user account has permission to execute all commands access as any user on the system.

Impact Excessive permission

Affected Product Aviatrix Controller 5.3 or earlier

Solution Controller & Gateway upgrade R5.4.1290 (8/5/2020) or later

CVE-ID CVE-2020-26548

Acknowledgement Aviatrix would like to thank Rich Mirch, Senior Adversarial Engineer - TeamARES from Critical Start, Inc. for reporting this vulnerability under responsible disclosure.

12. Cleartext Ecryption Key Storage¶

Date 8/10/2020

Risk Rating High

Description Encrypted key values are stored in cleartext in a readable file

Impact Access to read key in encrypted format

Affected Product Aviatrix Controller 5.3 or earlier

Solution Controller & Gateway upgrade R5.3.1151 (6/4/2020) or later Migration required to the latest AMI Software Version 050120 (Aug 13, 2020)

CVE-ID CVE-2020-26551

Acknowledgement Aviatrix would like to thank Rich Mirch, Senior Adversarial Engineer - TeamARES from Critical Start, Inc. for reporting this vulnerability under responsible disclosure.

11. Pre-Auth Account Takeover¶

Date 8/10/2020

Risk Rating Critical

Description An API file does not require a valid session and allows for updates of account email addresses.

Impact Access to unauthorized files

Affected Product Aviatrix Controller 5.3 or earlier

Solution Controller & Gateway upgrade R5.4.1290 (8/5/2020) or later

CVE-ID CVE-2020-26552

Acknowledgement Aviatrix is pleased to thank Rich Mirch, Senior Adversarial Engineer - TeamARES from Critical Start, Inc. for reporting this vulnerability under responsible disclosure.

10. Post-Auth Remote Code Execution¶

Date 8/10/2020

Risk Rating High

Description Several APIs contain functions that allow arbitrary files to be uploaded to the web tree.

Impact Access to unauthorized files

Affected Product Aviatrix Controller 5.3 or earlier

Solution Controller & Gateway upgrade R6.0.2483 (8/4/2020) or later

CVE-ID CVE-2020-26553

Acknowledgement Aviatrix is pleased to thank Rich Mirch, Senior Adversarial Engineer - TeamARES from Critical Start, Inc. for reporting this vulnerability under responsible disclosure.

9. Pre-Auth Remote Code Execution¶

Date 8/10/2020

Risk Rating Critical

Description An API file does not require a valid session ID and allows arbitrary files to be uploaded to the web tree.

Impact Access to unauthorized files

Affected Product Aviatrix Controller 5.3 or earlier

Solution Controller & Gateway upgrade R6.0.2483 (8/4/2020) or later

CVE-ID CVE-2020-26553

Acknowledgement Aviatrix is pleased to thank Rich Mirch, Senior Adversarial Engineer - TeamARES from Critical Start, Inc. for reporting this vulnerability under responsible disclosure.

8. Insufficiently Protected Credentials¶

Date 8/10/2020

Risk Rating Critical

Description An encrypted file containing credentials to unrelated systems is protected by a weak key.

Impact Encryption key may not meet the latest security standard

Affected Product Aviatrix Controller 5.3 or earlier

Solution Controller & Gateway upgrade R5.3.1151 (6/4/2020) or later

CVE-ID CVE-2020-26550

Acknowledgement Aviatrix would like to thank Rich Mirch, Senior Adversarial Engineer - TeamARES from Critical Start, Inc. for reporting this vulnerability under responsible disclosure.

7. Observable Response Discrepancy from API¶

Date 5/19/2020

Risk Rating Medium

Description The Aviatrix Cloud Controller appliance is vulnerable to a user enumeration vulnerability.

Impact A valid username could be used for brute force attack.

Affected Product Aviatrix Controller 5.3 or earlier

Solution Controller & Gateway upgrade 5.4.1204 (5/8/2020) or later

CVE-ID CVE-2020-13413

Acknowledgement Aviatrix is pleased to thank Rich Mirch, Senior Adversarial Engineer - TeamARES from Critical Start, Inc. for reporting this vulnerability under responsible disclosure.

6. OpenVPN Client - Elevation of Privilege¶

Date 5/19/2020

Risk Rating High

Description The Aviatrix VPN client on Linux, macOS, and Windows is vulnerable to an Elevation of Privilege vulnerability. This vulnerability was previously reported (CVE-2020-7224), and a patch was released however the fix is incomplete.

Impact This would impact dangerous OpenSSL parameters code execution that are not authorized. Impacts macOS, Linux and Windows clients.

Affected Product Client VPN 2.8.2 or earlier Controller & Gateway 5.2 or earlier

Solution Client VPN upgrade to 2.10.7 Controller & Gateway upgrade to 5.3 or later In Controller, customer must configure OpenVPN minimum client version to 2.10.7

CVE-ID CVE-2020-13417

Acknowledgement Aviatrix is pleased to thank Rich Mirch, Senior Adversarial Engineer - TeamARES from Critical Start, Inc. for reporting this vulnerability under responsible disclosure.

5. Cross Site Request Forgery (CSRF)¶

Date 5/12/2020

Risk Rating Critical

Description An API call on Aviatrix Controller web interface was found missing session token check to control access.

Impact Application may be vulnerable to Cross Site Request Forgery (CSRF)

Affected Product Aviatrix Controller with software release 5.3 or earlier

Solution Controller & Gateway upgrade 5.4.1204 (5/8/2020) or later

CVE-ID CVE-2020-13412

Acknowledgement Aviatrix is pleased to thank Rich Mirch, Senior Adversarial Engineer - TeamARES from Critical Start, Inc. for reporting this vulnerability under responsible disclosure.

4. Hard Coded Credentials¶

Date 1/16/2020

Risk Rating Low

Description The Aviatrix Cloud Controller contains credentials unused by the software. This is a clean-up effort implemented to improve on operational and security maintenance.

Impact This would impact operation and maintenance complexity.

Affected Product Aviatrix Controller 5.3 or lower

Solution Controller & Gateway upgrade 5.4.1204 (5/8/2020) or later Recommended: AWS Security Group settings grants only authorized Controller Access in your environment

CVE-ID CVE-2020-13414

Acknowledgement Aviatrix is pleased to thank Rich Mirch, Senior Adversarial Engineer - TeamARES from Critical Start, Inc. for reporting this vulnerability under responsible disclosure.

3. CSRF on Password Reset¶

Date 1/16/2020

Risk Rating Medium

Description Controller Web Interface session token parameter is not required on an API call, which opens the application up to a Cross Site Request Forgery (CSRF) vulnerability.

Impact Vulnerability could lead to the unintended reset of a user’s password.

Affected Product Aviatrix Controller 5.3 or lower

Solution Upgrade 5.4.1066 (must be on version is 5.0 or above) Make sure your AWS Security Group settings limit authorized Controller Access only

CVE-ID CVE-2020-13416

2. XML Signature Wrapping in SAML¶

Date 2/26/2020

Risk Rating High

Description An attacker with any signed SAML assertion from the Identity Provider can establish a connection (even if that SAML assertion has expired or is from a user who is not authorized to access Aviatrix).

Impact Aviatrix customer using SAML

Affected Product Aviatrix Controller 5.1 or lower

Solution Aviatrix Controller 5.2 or later Plus Security Patch “SAML XML signature wrapping vulnerability”

CVE-ID CVE-2020-13415

Acknowledgement Aviatrix is pleased to thank Ioannis Kakavas from Elastic for reporting this vulnerability under responsible disclosure.

1. OpenVPN Client Arbitrary File Write¶

Date 1/16/2020

Risk Rating High

Description Aviatrix OpenVPN client through 2.5.7 or older on Linux, MacOS, and Windows is vulnerable when OpenSSL parameters are altered from the issued value set; the parameters could allow unauthorized third-party libraries to load.

Impact OpenVPN client on Linux, MacOS, and Windows

Affected Product OpenVPN Client 2.5.7

Solution Upgrade to VPN client v2.6 or later

CVE-ID CVE-2020-7224

Acknowledgement Aviatrix is pleased to thank Rich Mirch, Senior Adversarial Engineer - TeamARES from Critical Start, Inc. for reporting this vulnerability under responsible disclosure.

Related news

CISA Urges Federal Agencies to Patch Versa Director Vulnerability by September

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has placed a security flaw impacting Versa Director to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of active exploitation. The medium-severity vulnerability, tracked as CVE-2024-39717 (CVSS score: 6.6), is case of file upload bug impacting the "Change Favicon" feature that could allow a threat actor to

ExCobalt Cyber Gang Targets Russian Sectors with New GoRed Backdoor

Russian organizations have been targeted by a cybercrime gang called ExCobalt using a previously unknown Golang-based backdoor known as GoRed. "ExCobalt focuses on cyber espionage and includes several members active since at least 2016 and presumably once part of the notorious Cobalt Gang," Positive Technologies researchers Vladislav Lunin and Alexander Badayev said in a technical report

CVE-2022-22942: Security Update 3.0 356

The vmwgfx driver contains a local privilege escalation vulnerability that allows unprivileged users to gain access to files opened by other processes on the system through a dangling 'file' pointer.

Looney Tunables: New Linux Flaw Enables Privilege Escalation on Major Distributions

A new Linux security vulnerability dubbed Looney Tunables has been discovered in the GNU C library's ld.so dynamic loader that, if successfully exploited, could lead to a local privilege escalation and allow a threat actor to gain root privileges. Tracked as CVE-2023-4911 (CVSS score: 7.8), the issue is a buffer overflow that resides in the dynamic loader's processing of the GLIBC_TUNABLES

CVE-2023-33953: Security Bulletins

gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the following DOS attacks: - Unbounded memory buffering in the HPACK parser - Unbounded CPU consumption in the HPACK parser The unbounded CPU consumption is down to a copy that occurred per-input-block in the parser, and because that could be unbounded due to the memory copy bug we end up with an O(n^2) parsing loop, with n selected by the client. The unbounded memory buffering bugs: - The header size limit check was behind the string reading code, so we needed to first buffer up to a 4 gigabyte string before rejecting it as longer than 8 or 16kb. - HPACK varints have an encoding quirk whereby an infinite number of 0’s can be added at the start of an integer. gRPC’s hpack parser needed to read all of them before concluding a parse. - gRPC’s metadata overflow check was performed per frame, so ...

CVE-2023-27877: Security Bulletin: IBM Planning Analytics Cartridge for IBM Cloud Pak for Data 4.7.0 has addressed security vulnerabilities

IBM Planning Analytics Cartridge for Cloud Pak for Data 4.0 connects to a CouchDB server. An attacker can exploit an insecure password policy to the CouchDB server and collect sensitive information from the database. IBM X-Force ID: 247905.

CVE-2022-34456: DSA-2022-267: Dell EMC Metronode VS5 Security Update for Multiple Third-Party Component Vulnerabilities

Dell EMC Metro node, Version(s) prior to 7.1, contain a Code Injection Vulnerability. An authenticated nonprivileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application.

Linux, Windows and macOS Hit By New “Alchimist” Attack Framework

By Deeba Ahmed Alchimist is a single-file C2 framework discovered on a server hosting an active file listing on the root directory and a set of post-exploitation tools. This is a post from HackRead.com Read the original post: Linux, Windows and macOS Hit By New “Alchimist” Attack Framework

Feature-Rich 'Alchimist' Cyberattack Framework Targets Windows, Mac, Linux Environments

The comprehensive, multiplatform framework comes loaded with weapons, and it is likely another effort by a China-based threat group to develop an alternative to Cobalt Strike and Sliver.

New Chinese Malware Attack Framework Targets Windows, macOS, and Linux Systems

A previously undocumented command-and-control (C2) framework dubbed Alchimist is likely being used in the wild to target Windows, macOS, and Linux systems. "Alchimist C2 has a web interface written in Simplified Chinese and can generate a configured payload, establish remote sessions, deploy payload to the remote machines, capture screenshots, perform remote shellcode execution, and run

Alchimist: A new attack framework in Chinese for Mac, Linux and Windows

Cisco Talos discovered a new attack framework including a command and control (C2) tool called "Alchimist" and a new malware "Insekt" with remote administration capabilities.

CVE-2022-1941: Security Bulletins  |  Customer Care  |  Google Cloud

A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input. We recommend upgrading to versions 3.18.3, 3.19.5, 3.20.2, 3.21.6 for protobuf-cpp and 3.18.3, 3.19.5, 3.20.2, 4.21.6 for protobuf-python. Versions for 3.16 and 3.17 are no longer updated.

Hackers Targeting Unpatched Atlassian Confluence Servers to Deploy Crypto Miners

A now-patched critical security flaw affecting Atlassian Confluence Server that came to light a few months ago is being actively exploited for illicit cryptocurrency mining on unpatched installations. "If left unremedied and successfully exploited, this vulnerability could be used for multiple and more malicious attacks, such as a complete domain takeover of the infrastructure and the deployment

Stealthy Linux Malware Shikitega Deploying Monero Cryptominer

By Deeba Ahmed The stealthy malware leverages security flaws to gain privilege escalation and establish persistence. This is a post from HackRead.com Read the original post: Stealthy Linux Malware Shikitega Deploying Monero Cryptominer

Evasive Shikitega Linux malware drops Monero cryptominer

Categories: News Categories: Threats Researchers from the AT&T Alien Labs Resarch have discovered a stealthy new Linux malware. (Read more...) The post Evasive Shikitega Linux malware drops Monero cryptominer appeared first on Malwarebytes Labs.

Next-Gen Linux Malware Takes Over Devices With Unique Tool Set

The Shikitega malware takes over IoT and endpoint devices, exploits vulnerabilities, uses advanced encoding, abuses cloud services for C2, installs a cryptominer, and allows full remote control.

New Stealthy Shikitega Malware Targeting Linux Systems and IoT Devices

A new piece of stealthy Linux malware called Shikitega has been uncovered adopting a multi-stage infection chain to compromise endpoints and IoT devices and deposit additional payloads. "An attacker can gain full control of the system, in addition to the cryptocurrency miner that will be executed and set to persist," AT&T Alien Labs said in a new report published Tuesday. The findings add to a

CVE-2022-32427: Security Bulletin | Printerlogic

PrinterLogic Windows Client through 25.0.0.676 allows attackers to execute directory traversal. Authenticated users with prior knowledge of the driver filename could exploit this to escalate privileges or distribute malicious content.

‘PwnKit’ vulnerability exploited in the wild: How Red Hat responded

Ravie Lakshmanan's recent article CISA warns of active exploitation of 'PwnKit' Linux vulnerability in the wild articulates the vulnerability in Polkit (CVE-2021-4034) and recommends "to mitigate any potential risk of exposure to cyberattacks… that organizations prioritize timely remediation of the issues," while "federal civilian executive branch agencies, however, are required to mandatorily patch the flaws by July 18

Vulnerability Management news and publications #1

Hello everyone! In this episode, I will try to revive Security News with a focus on Vulnerability Management. On the one hand, creating such reviews requires free time, which could be spent more wisely, for example, on open source projects or original research. On the other hand, there are arguments in favor of news reviews. […]

CISA Warns of Active Exploitation of 'PwnKit' Linux Vulnerability in the Wild

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week moved to add a Linux vulnerability dubbed PwnKit to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation. The issue, tracked as CVE-2021-4034 (CVSS score: 7.8), came to light in January 2022 and concerns a case of local privilege escalation in polkit's pkexec utility, which allows an

CVE-2022-20233: Pixel Update Bulletin—June 2022  |  Android Open Source Project

In param_find_digests_internal and related functions of the Titan-M source, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-222472803References: N/A

Containers vulnerability risk assessment

Security considerations are even more important today than they were in the past. Every day we discover new vulnerabilities that impact our computer systems, and every day our computer systems become more complex. With the deluge of vulnerabilities that threaten to swamp our security teams, the question, "How much does it matter?" comes quickly to our minds. This question, "Does it matter?", has two parts:

Containers vulnerability risk assessment

Security considerations are even more important today than they were in the past. Every day we discover new vulnerabilities that impact our computer systems, and every day our computer systems become more complex. With the deluge of vulnerabilities that threaten to swamp our security teams, the question, "How much does it matter?" comes quickly to our minds. This question, "Does it matter?", has two parts:

CVE-2022-29085: DSA-2022-021: Dell Unity, Dell UnityVSA, and Dell Unity XT Security Update for Multiple Vulnerabilities

Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system. The credentials of a user with high privileges are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user.

CVE-2022-21496: Oracle Critical Patch Update Advisory - April 2022

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service ...

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907