» 2023 » 7월

Apache NiFi 0.0.2 through 1.22.0 include Processors and Controller Services that support HTTP URL references for retrieving drivers, which allows an authenticated and authorized user to configure a location that enables custom code execution. The resolution introduces a new Required Permission for referencing remote resources, restricting configuration of these components to privileged users. The permission prevents unprivileged users from configuring Processors and Controller Services annotated with the new Reference Remote Resources restriction. Upgrading to Apache NiFi 1.23.0 is the recommended mitigation.

Source: CVE-2023-36542

CVE-2023-2313

Posted on 2023년 7월 29일2023년 7월 29일 by admin

CVE-2023-2313

Inappropriate implementation in Sandbox in Google Chrome on Windows prior to 112.0.5615.49 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a malicious file. (Chromium security severity: High)

Source: CVE-2023-2313

CVE-2023-2314

Posted on 2023년 7월 29일2023년 7월 29일 by admin

CVE-2023-2314

Insufficient data validation in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)

Source: CVE-2023-2314

CVE-2022-4922

Posted on 2023년 7월 29일2023년 7월 29일 by admin

CVE-2022-4922

Inappropriate implementation in Blink in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Source: CVE-2022-4922