CVE-2022-45462: Apache DolphinScheduler prior to 2.0.5 have command execution vulnerability

Alarm instance management has command injection when there is a specific command configured. It is only for logged-in users. We recommend you upgrade to version 2.0.6 or higher. More detail https://lists.apache.org/thread/2f126y32bf1v3mvxkdgt2jr5j3l1t01w

Continue ReadingCVE-2022-45462: Apache DolphinScheduler prior to 2.0.5 have command execution vulnerability

Multiple Vulnerabilities in Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center Analyzer and Hitachi Ops Center Viewpoint

Server-Side Request Forgery (SSRF) vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Data Center Analytics, Analytics probe components), Hitachi Ops Center Analyzer on Linux (Hitachi Ops Center Analyzer detail view,…

Continue ReadingMultiple Vulnerabilities in Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center Analyzer and Hitachi Ops Center Viewpoint

A remote code execution (RCE) vulnerability in non-default configurations of Fluentd allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads.

Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. A remote code execution (RCE) vulnerability in non-default configurations of…

Continue ReadingA remote code execution (RCE) vulnerability in non-default configurations of Fluentd allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads.

Bypassing Cloudflare Zero Trust Secure Web Gateway Policies using warp-cli set-custom-endpoint command

It was possible to bypass policies configured for Zero Trust Secure Web Gateway by using warp-cli 'set-custom-endpoint' subcommand. Using this command with an unreachable endpoint caused the WARP Client to…

Continue ReadingBypassing Cloudflare Zero Trust Secure Web Gateway Policies using warp-cli set-custom-endpoint command