有新的漏洞组件被发现啦,组件ID:Adobe Experience Manager
Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM.

Adobe 体验管理器版本6.5.13.0(以及更早版本)受到反射跨网站脚本(xSS)漏洞的影响。如果攻击者能够说服受害者访问引用易受攻击页面的 URL，那么恶意的 JavaScript 内容可能会在受害者浏览器的上下文中执行。利用这个问题需要对 AEM 的低权限访问。

有新的漏洞组件被发现啦,组件ID:Adobe Experience Manager
Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM.

Adobe 体验管理器版本6.5.13.0(以及更早版本)受到反射跨网站脚本(xSS)漏洞的影响。如果攻击者能够说服受害者访问引用易受攻击页面的 URL，那么恶意的 JavaScript 内容可能会在受害者浏览器的上下文中执行。利用这个问题需要对 AEM 的低权限访问。

有新的漏洞组件被发现啦,组件ID:Apache
Apache Pulsar Brokers and Proxies create an internal Pulsar Admin Client that does not verify peer TLS certificates, even when tlsAllowInsecureConnection is disabled via configuration. The Pulsar Admin Client's intra-cluster and geo-replication HTTPS connections are vulnerable to man in the middle attacks, which could leak authentication data, configuration data, and any other data sent by these clients. An attacker can only take advantage of this vulnerability by taking control of a machine 'between' the client and the server. The attacker must then actively manipulate traffic to perform the attack. This issue affects Apache Pulsar Broker and Proxy versions 2.7.0 to 2.7.4; 2.8.0 to 2.8.3; 2.9.0 to 2.9.2; 2.10.0; 2.6.4 and earlier.

Apache Pulsar Brokers 和 Proxy 创建一个内部 Pulsar Admin Client，它不验证对等 TLS 证书，即使通过配置禁用了 tlsAllowInsecureConnection。Pulsar Admin Client 的集群内部和地理复制 HTTPS 连接容易受到中间攻击者的攻击，这可能泄露身份验证数据、配置数据和这些客户机发送的任何其他数据。攻击者只能通过控制客户端和服务器之间的机器来利用这个漏洞。然后攻击者必须主动操纵流量来执行攻击。这个问题影响到 Apache Pu

有新的漏洞组件被发现啦,组件ID:Apache
TLS hostname verification cannot be enabled in the Pulsar Broker's Java Client, the Pulsar Broker's Java Admin Client, the Pulsar WebSocket Proxy's Java Client, and the Pulsar Proxy's Admin Client leaving intra-cluster connections and geo-replication connections vulnerable to man in the middle attacks, which could leak credentials, configuration data, message data, and any other data sent by these clients. The vulnerability is for both the pulsar+ssl protocol and HTTPS. An attacker can only take advantage of this vulnerability by taking control of a machine 'between' the client and the server. The attacker must then actively manipulate traffic to perform the attack by providing the client with a cryptographically valid certificate for an unrelated host. This issue affects Apache Pulsar Broker, Proxy, and WebSocket Proxy versions 2.7.0 to 2.7.4; 2.8.0 to 2.8.3; 2.9.0 to 2.9.2; 2.10.0; 2.6.4 and earlier.

在 Pulsar Broker 的 Java Client、 Pulsar Broker 的 Java Admin Client、 Pulsar WebSocket 

有新的漏洞组件被发现啦,组件ID:Apache
Delayed TLS hostname verification in the Pulsar Java Client and the Pulsar Proxy make each client vulnerable to a man in the middle attack. Connections from the Pulsar Java Client to the Pulsar Broker/Proxy and connections from the Pulsar Proxy to the Pulsar Broker are vulnerable. Authentication data is sent before verifying the server’s TLS certificate matches the hostname, which means authentication data could be exposed to an attacker. An attacker can only take advantage of this vulnerability by taking control of a machine 'between' the client and the server. The attacker must then actively manipulate traffic to perform the attack by providing the client with a cryptographically valid certificate for an unrelated host. Because the client sends authentication data before performing hostname verification, an attacker could gain access to the client’s authentication data. The client eventually closes the connection when it verifies the hostname and identifies the targeted h

有新的漏洞组件被发现啦,组件ID:Apache
Improper Input Validation vulnerability in Proxy component of Apache Pulsar allows an attacker to make TCP/IP connection attempts that originate from the Pulsar Proxy's IP address. When the Apache Pulsar Proxy component is used, it is possible to attempt to open TCP/IP connections to any IP address and port that the Pulsar Proxy can connect to. An attacker could use this as a way for DoS attacks that originate from the Pulsar Proxy's IP address. It hasn’t been detected that the Pulsar Proxy authentication can be bypassed. The attacker will have to have a valid token to a properly secured Pulsar Proxy. This issue affects Apache Pulsar Proxy versions 2.7.0 to 2.7.4; 2.8.0 to 2.8.2; 2.9.0 to 2.9.1; 2.6.4 and earlier.

Apache Pulsar 代理组件的不正确的输入验证漏洞允许攻击者尝试从 Pulsar 代理的 IP 地址进行 TCP/IP 连接。当使用 Apache Pulsar 代理组件时，可以尝试打开到 Pulsar 代理可以连接到的任何 IP 地址和端口的 TCP/IP 连接。攻击者可以利用这种方式来攻击源自 Pulsar 代理的 IP 地址的 DoS 攻击。它尚未检测到脉冲星代理身份验证可以绕过。攻击者必须有一个有效的令牌到一个适当安全的脉冲星代理。这个问题影响到 Apache Pulsar Proxy 版本2.7.0到2.7.4; 

有新的漏洞组件被发现啦,组件ID:Apache
** UNSUPPORTED WHEN ASSIGNED ** An Improper Restriction of XML External Entity Reference vulnerability in RPCRouterServlet of Apache SOAP allows an attacker to read arbitrary files over HTTP. This issue affects Apache SOAP version 2.2 and later versions. It is unknown whether previous versions are also affected. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

在 Apache SOAP 的 RPCRouterServlet 中对 XML 外部实体引用漏洞的不当限制允许攻击者通过 HTTP 读取任意文件。这个问题影响到 Apache SOAP 2.2版本和更高版本。以前的版本是否也受到影响尚不清楚。注意: 此漏洞仅影响维护人员不再支持的产品。

有新的漏洞组件被发现啦,组件ID:ZCMS
ZZCMS 2022 was discovered to contain a SQL injection vulnerability via the keyword parameter at /admin/baojia_list.php.

通过/admin/baojia _ list.php 的关键字参数，发现 ZZCMS 2022包含 SQL 注入漏洞。

有新的漏洞组件被发现啦,组件ID:ZCMS
ZZCMS 2022 was discovered to contain a SQL injection vulnerability via the component /admin/sendmailto.php?tomail=&groupid=.

通过组件/admin/sendmailto.php? tomail = & groupid = 发现 ZZCMS 2022包含 SQL 注入漏洞。

有新的漏洞组件被发现啦,组件ID:ZCMS
ZZCMS 2022 was discovered to contain a full path disclosure vulnerability via the page /admin/index.PHP? _server.

通过 page/admin/index.PHP? _ server 发现 ZZCMS 2022包含完整路径公开漏洞。

有新的漏洞组件被发现啦,组件ID:ZCMS
An absolute path traversal vulnerability in ZZCMS 2022 allows attackers to obtain sensitive information via a crafted GET request sent to /one/siteinfo.php.

ZZCMS 2022中的绝对路径遍历漏洞允许攻击者通过发送到/one/siteinfo.php 的手工 GET 请求获取敏感信息。

有新的漏洞组件被发现啦,组件ID:Apache
Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14.

Apache XML Graphics 的 Batik 中的服务器端请求伪造(SSRF)漏洞允许攻击者使用 Jar URL 访问文件。这个问题影响到 Apache XML Graphics Batik 1.14。

有新的漏洞组件被发现啦,组件ID:Apache
Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14.

ApacheXMLGraphics 的 Batik 中的服务器端请求伪造(SSRF)漏洞允许攻击者获取外部资源。这个问题影响到 Apache XML Graphics Batik 1.14。

有新的漏洞组件被发现啦,组件ID:Apache
Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14.

Apache XML Graphics 的 Batik 中的服务器端请求伪造(SSRF)漏洞允许攻击者通过 jar 协议加载 URL。这个问题影响到 Apache XML Graphics Batik 1.14。

有新的漏洞组件被发现啦,组件ID:Apache
In 0.10.0 or older versions of Apache Pinot, Pinot query endpoint and realtime ingestion layer has a vulnerability in unprotected environments due to a groovy function support. In order to avoid this, we disabled the groovy function support by default from Pinot release 0.11.0. See https://docs.pinot.apache.org/basics/releases/0.11.0

在0.10.0或更老版本的 Apache Pinot 中，由于 Groovy 函数支持，Pinot 查询端点和实时摄入层在不受保护的环境中有一个漏洞。为了避免这种情况，我们在缺省情况下禁用了 Pinot 发行版0.11.0中的 groovy 函数支持。Https://docs.pinot.apache.org/basics/releases/0.11.0

有新的漏洞组件被发现啦,组件ID:Jenkins
Jenkins CONS3RT Plugin 1.0.0 and earlier stores Cons3rt API token unencrypted in job config.xml files on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.

Jenkins CONS3RT Plugin 1.0.0和更早的版本将 CONS3RT API 令牌未加密地存储在作业 config.xml 文件中，存储在 Jenkins 控制器上，用户可以通过访问 Jenkins 控制器文件系统查看它。

有新的漏洞组件被发现啦,组件ID:Jenkins
Missing permission checks in Jenkins CONS3RT Plugin 1.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

在 Jenkins CONS3RT Plugin 1.0.0及更早版本中缺少权限检查允许具有整体/读权限的攻击者使用通过另一种方法获得的攻击者指定的凭据 ID 连接到攻击者指定的 HTTP 服务器，捕获存储在 Jenkins 中的凭据。

有新的漏洞组件被发现啦,组件ID:Jenkins
A cross-site request forgery (CSRF) vulnerability in Jenkins CONS3RT Plugin 1.0.0 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Jenkins CONs3RT Plugin 1.0.0及更早版本中的一个跨站请求伪造(CSRF)漏洞允许攻击者使用通过另一种方法获得的攻击者指定的凭据 ID 连接到攻击者指定的 HTTP 服务器，捕获存储在 Jenkins 中的凭据。

有新的漏洞组件被发现啦,组件ID:Jenkins
Missing permission checks in Jenkins CONS3RT Plugin 1.0.0 and earlier allows users with Overall/Read permission to enumerate credentials ID of credentials stored in Jenkins.

在 Jenkins CONS3RT Plugin 1.0.0及更早版本中缺少权限检查允许具有整体/读权限的用户枚举存储在 Jenkins 中的凭据的凭据 ID。

有新的漏洞组件被发现啦,组件ID:Jenkins
A missing permission check in Jenkins Apprenda Plugin 2.2.0 and earlier allows users with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

Jenkins Apprenda Plugin 2.2.0及更早版本中缺少的权限检查允许具有“全面/阅读”权限的用户枚举存储在 Jenkins 中的凭据 ID。

有新的漏洞组件被发现啦,组件ID:Jenkins
A missing permission check in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Jenkins SCM HttpClient Plugin 1.5及更早版本中缺少的权限检查允许具有整体/读权限的攻击者使用通过另一种方法获得的攻击者指定的凭据 ID 连接到攻击者指定的 HTTP 服务器，捕获存储在 Jenkins 中的凭据。

有新的漏洞组件被发现啦,组件ID:Jenkins
A cross-site request forgery (CSRF) vulnerability in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Jenkins SCM HttpClient Plugin 1.5及更早版本中的一个跨站请求伪造(CSRF)漏洞允许攻击者使用通过另一种方法获得的攻击者指定的凭据 ID 连接到攻击者指定的 HTTP 服务器，捕获存储在 Jenkins 中的凭据。

有新的漏洞组件被发现啦,组件ID:Jenkins
Jenkins BigPanda Notifier Plugin 1.4.0 and earlier does not mask the BigPanda API key on the global configuration form, increasing the potential for attackers to observe and capture it.

Jenkins BigPanda Notifier Plugin1.4.0及更早版本没有掩盖全局配置表单上的 BigPanda API 键，增加了攻击者观察和捕获它的可能性。

有新的漏洞组件被发现啦,组件ID:Jenkins
Jenkins BigPanda Notifier Plugin 1.4.0 and earlier stores the BigPanda API key unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.

Jenkins BigPanda Notifier Plugin 1.4.0及更早版本将 BigPanda API 密钥未加密地存储在 Jenkins 控制器的全局配置文件中，用户可以通过访问 Jenkins 控制器文件系统查看这些密钥。

有新的漏洞组件被发现啦,组件ID:Jenkins
A missing permission check in Jenkins Worksoft Execution Manager Plugin 10.0.3.503 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Jenkins Worksoft Execution Manager Plugin 10.0.3.503及更早版本中缺少的权限检查允许具有整体/读权限的攻击者使用通过另一种方法获得的攻击者指定的凭据 ID 连接到攻击者指定的 URL，捕获存储在 Jenkins 中的凭据。

有新的漏洞组件被发现啦,组件ID:Jenkins
A cross-site request forgery (CSRF) vulnerability in Jenkins Worksoft Execution Manager Plugin 10.0.3.503 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Jenkins Worksoft Execution Manager Plugin 10.0.3.503及更早版本中的一个跨站请求伪造(CSRF)漏洞允许攻击者使用通过另一种方法获得的攻击者指定的凭据 ID 连接到攻击者指定的 URL，捕获存储在 Jenkins 中的凭据。

有新的漏洞组件被发现啦,组件ID:Jenkins
Jenkins View26 Test-Reporting Plugin 1.0.7 and earlier does not perform hostname validation when connecting to the configured View26 server that could be abused using a man-in-the-middle attack to intercept these connections.

Jenkins View26测试报告插件1.0.7及更早版本在连接到已配置的 View26服务器时不执行主机名验证，因为使用中间人攻击来拦截这些连接可能会被滥用。

有新的漏洞组件被发现啦,组件ID:Jenkins
Jenkins SmallTest Plugin 1.0.4 and earlier does not perform hostname validation when connecting to the configured View26 server that could be abused using a man-in-the-middle attack to intercept these connections.

Jenkins SmallTest Plugin 1.0.4及更早版本在连接到已配置的 View26服务器时不执行主机名验证，这可能会被滥用，使用中间人攻击拦截这些连接。

有新的漏洞组件被发现啦,组件ID:Jenkins
A missing permission check in Jenkins extreme-feedback Plugin 1.7 and earlier allows attackers with Overall/Read permission to discover information about job names attached to lamps, discover MAC and IP addresses of existing lamps, and rename lamps.

Jenkins 极端反馈插件1.7及更早版本中缺少的权限检查允许具有“全面/阅读”权限的攻击者发现与灯具相关的作业名信息，发现现有灯具的 MAC 和 IP 地址，并重命名灯具。

有新的漏洞组件被发现啦,组件ID:Jenkins
Jenkins RQM Plugin 2.8 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

Jenkins RQM Plugin 2.8及更早版本没有配置其 XML 解析器以防止 XML 外部实体(XXE)攻击。

有新的漏洞组件被发现啦,组件ID:Jenkins
Jenkins Walti Plugin 1.0.1 and earlier does not escape the information provided by the Walti API, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide malicious API responses from Walti.

Jenkins Walti 插件1.0.1及更早版本的插件不能逃脱 Walti API 提供的信息，导致存储跨网站脚本(XSS)漏洞可被能够从 Walti 提供恶意 API 响应的攻击者利用。

有新的漏洞组件被发现啦,组件ID:Jenkins
Jenkins DotCi Plugin 2.40.00 and earlier does not escape the GitHub user name parameter provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site scripting (XSS) vulnerability.

Jenkins DotCi Plugin 2.40.00及更早版本的插件没有逃脱在构建原因中显示提交通知时提供的 GitHub 用户名参数，导致存储跨网站脚本(XSS)漏洞。

有新的漏洞组件被发现啦,组件ID:Jenkins
A missing permission check in Jenkins DotCi Plugin 2.40.00 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository for attacker-specified commits.

Jenkins DotCi Plugin 2.40.00及更早版本中缺少的权限检查允许未经身份验证的攻击者为攻击者指定的提交触发对应于攻击者指定的存储库的作业构建。

有新的漏洞组件被发现啦,组件ID:Jenkins
Jenkins DotCi Plugin 2.40.00 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.

Jenkins DotCi Plugin 2.40.00及更早版本没有配置其 YAML 解析器以防止任意类型的实例化，从而导致远程代码执行漏洞。

有新的漏洞组件被发现啦,组件ID:Jenkins
A cross-site request forgery (CSRF) vulnerability in Jenkins Security Inspector Plugin 117.v6eecc36919c2 and earlier allows attackers to replace the generated report stored in a per-session cache and displayed to authorized users at the .../report URL with a report based on attacker-specified report generation options.

詹金斯安全检查员插件117中的跨站请求伪造(CSRF)漏洞。V6eecc36919c2及更早版本允许攻击者用基于攻击者指定的报告生成选项的报告替换存储在每会话缓存中并显示给授权用户的.../report URL 的生成的报告。

有新的漏洞组件被发现啦,组件ID:WildFly
有新的漏洞组件被发现啦,组件ID:Jenkins
Jenkins WildFly Deployer Plugin 1.0.2 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system.

Jenkins WildFly Deployer Plugin 1.0.2和更早的版本实现了允许代理进程读取 Jenkins 控制器文件系统上的任意文件的功能。

有新的漏洞组件被发现啦,组件ID:Jenkins
Jenkins Rundeck Plugin 3.6.11 and earlier does not protect access to the /plugin/rundeck/webhook/ endpoint, allowing users with Overall/Read permission to trigger jobs that are configured to be triggerable via Rundeck.

Jenkins Rundeck Plugin 3.6.11及更早版本不保护对/Plugin/Rundeck/webhook/endpoint 的访问，允许具有“全面”/“阅读”权限的用户触发配置为可通过 Rundeck 触发的作业。

有新的漏洞组件被发现啦,组件ID:Jenkins
Jenkins Rundeck Plugin 3.6.11 and earlier does not perform Run/Artifacts permission checks in multiple HTTP endpoints, allowing attackers with Item/Read permission to obtain information about build artifacts of a given job, if the optional Run/Artifacts permission is enabled.

Jenkins Rundeck Plugin 3.6.11及更早版本不在多个 HTTP 端点执行 Run/Artifact 权限检查，允许具有 Item/Read 权限的攻击者获取关于给定作业的构建构件的信息，如果启用了可选的 Run/Artifact 权限的话。

有新的漏洞组件被发现啦,组件ID:Jenkins
A cross-site request forgery (CSRF) vulnerability in Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers to replace any config.xml file on the Jenkins controller file system with an empty file by providing a crafted file name to an API endpoint.

Jenkins Build-Publisher Plugin 1.22及更早版本中的一个跨站请求伪造(CSRF)漏洞允许攻击者通过为 API 端点提供一个精心设计的文件名，将 Jenkins 控制器文件系统中的任何 config.xml 文件替换为一个空文件。

有新的漏洞组件被发现啦,组件ID:Jenkins
Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers with Item/Configure permission to create or replace any config.xml file on the Jenkins controller file system by providing a crafted file name to an API endpoint.

Jenkins Build-Publisher Plugin 1.22及更早版本允许具有 Item/Configure 权限的攻击者在 Jenkins 控制器文件系统上创建或替换任何 config.xml 文件，方法是为 API 端点提供一个精心设计的文件名。

有新的漏洞组件被发现啦,组件ID:Jenkins
Jenkins Build-Publisher Plugin 1.22 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to obtain names and URLs of Jenkins servers that the plugin is configured to publish builds to, as well as builds pending for publication to those Jenkins servers.

Jenkins Build-Publisher Plugin 1.22及更早版本不执行 HTTP 端点的权限检查，允许具有“全面/读”权限的攻击者获取该插件配置为发布构建到的 Jenkins 服务器的名称和 URL，以及等待发布到这些 Jenkins 服务器的构建。

有新的漏洞组件被发现啦,组件ID:Jenkins
Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.134 and earlier does not escape configuration options of the Execute NetStorm/NetCloud Test build step, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

Jenkins NS-nd 集成性能发布插件4.8.0.134及更早版本的插件不能逃避执行 NetStorm/NetCloud 测试构建步骤中的配置选项，导致存储跨网站脚本(XSS)漏洞可被具有 Item/Configure 权限的攻击者利用。

有新的漏洞组件被发现啦,组件ID:Jenkins
A missing permission check in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers with Overall/Read permissions to connect to an attacker-specified webserver using attacker-specified credentials.

Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129及更早版本中缺少的权限检查允许具有整体/读权限的攻击者使用攻击者指定的凭据连接到攻击者指定的 Web 服务器。

有新的漏洞组件被发现啦,组件ID:Jenkins
A cross-site request forgery (CSRF) vulnerability in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers to connect to an attacker-specified webserver using attacker-specified credentials.

Jenkins NS-nd Integration Performance Publisher Plugin 4.8.0.129及更早版本中的跨站请求伪造(CSRF)漏洞允许攻击者使用攻击者指定的凭证连接到攻击者指定的 web 服务器。

有新的漏洞组件被发现啦,组件ID:Jenkins
Jenkins Compuware Common Configuration Plugin 1.0.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

Jenkins Compuware Common Configuration Plugin 1.0.14及更早版本没有配置其 XML 解析器以防止 XML 外部实体(XXE)攻击。

有新的漏洞组件被发现啦,组件ID:Jenkins
Jenkins Anchore Container Image Scanner Plugin 1.0.24 and earlier does not escape content provided by the Anchore engine API, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control API responses by Anchore engine.

Jenkins Anchore 容器图像扫描器插件1.0.24及更早版本的插件不会逃脱 Anchore 引擎 API 提供的内容，导致存储跨网站脚本(XSS)漏洞可被攻击者利用，攻击者可以通过 Anchore 引擎控制 API 响应。

有新的漏洞组件被发现啦,组件ID:Jenkins
Jenkins 2.367 through 2.369 (both inclusive) does not escape tooltips of the l:helpIcon UI component used for some help icons on the Jenkins web UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control tooltips for this component.

Jenkins 2.367到2.369(两者都包括在内)都不能逃避用于 Jenkins web UI 上一些帮助图标的 l: help 图标 UI 组件的工具提示，导致存储的跨网站脚本(XSS)漏洞可被攻击者利用，攻击者可以控制这个组件的工具提示。

有新的漏洞组件被发现啦,组件ID:Apache
In versions of Apache InLong prior to 1.3.0, an attacker with sufficient privileges to specify MySQL JDBC connection URL parameters and to write arbitrary data to the MySQL database, could cause this data to be deserialized by Apache InLong, potentially leading to Remote Code Execution on the Apache InLong server. Users are advised to upgrade to Apache InLong 1.3.0 or newer.

在1.3.0之前的 Apache InLong 版本中，一个拥有足够权限指定 MySQL JDBC 连接 URL 参数并向 MySQL 数据库写入任意数据的攻击者，可能导致这些数据被 Apache InLong 反序列化，从而可能导致 Apache InLong 服务器上的远程代码执行。建议用户升级到 ApacheInLong 1.3.0或更新版本。

有新的漏洞组件被发现啦,组件ID:Apache
In Apache Airflow 2.3.0 through 2.3.4, there was an open redirect in the webserver's `/confirm` endpoint.

在 Apache Airflow 2.3.0到2.3.4中，在 web 服务器的“/確认”端点中有一个打开的重定向。

有新的漏洞组件被发现啦,组件ID:Apache
In Apache Airflow 2.3.0 through 2.3.4, part of a url was unnecessarily formatted, allowing for possible information extraction.

在 Apache Airflow 2.3.0到2.3.4中，URL 的一部分被不必要的格式化了，从而允许可能的信息抽取。

有新的漏洞组件被发现啦,组件ID:Apache
A security vulnerability has been identified in Apache Kafka. It affects all releases since 2.8.0. The vulnerability allows malicious unauthenticated clients to allocate large amounts of memory on brokers. This can lead to brokers hitting OutOfMemoryException and causing denial of service. Example scenarios: - Kafka cluster without authentication: Any clients able to establish a network connection to a broker can trigger the issue. - Kafka cluster with SASL authentication: Any clients able to establish a network connection to a broker, without the need for valid SASL credentials, can trigger the issue. - Kafka cluster with TLS authentication: Only clients able to successfully authenticate via TLS can trigger the issue. We advise the users to upgrade the Kafka installations to one of the 3.2.3, 3.1.2, 3.0.2, 2.8.2 versions.

ApacheKafka 中发现了一个安全漏洞。它影响自2.8.0以来的所有版本。该漏洞允许未经身份验证的恶意客户机在代理上分配大量内存。这可能导致代理触发 OutOfmemory 异常并引发分布式拒绝服务攻击。示例场景:-Kafka 集群没有身份验证: 任何能够建立到代理的网络连接的客户端都可能触发这个问题。- 具有 SASL

有新的漏洞组件被发现啦,组件ID:F5
A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines (VMs) and bypassing memory isolation and confidential computing boundaries. Additionally, an attacker can build a payload which can be injected into the SMRAM memory. This issue affects: Module name: PlatformInitAdvancedPreMem SHA256: 644044fdb8daea30a7820e0f5f88dbf5cd460af72fbf70418e9d2e47efed8d9b Module GUID: EEEE611D-F78F-4FB9-B868-55907F169280 This issue affects: AMI Aptio 5.x.

潜在的攻击者可以在 PEI 阶段执行任意代码，并影响后续的引导阶段。这可能导致绕过缓解、物理内存内容公开、从任何虚拟机(VM)中发现任何秘密以及绕过内存隔离和机密计算边界。另外，攻击者可以构建一个可以注入到 SMRAM 内存中的有效负载。此问题影响: 模块名称: PlatformInitAdvancedPreMem SHA256:644044fdb8daea30a7820e0f5f88dbf5cd460af72fbf70418e9d2e47efed8d9b 模块 GUID: EE611D-F78F-4FB9-B868-55907F169280此问题影响: AMI Aptio 5.x。

有新的漏洞组件被发现啦,组件ID:Jira
有新的漏洞组件被发现啦,组件ID:Atlassian Jira
The Netic Group Export add-on before 1.0.3 for Atlassian Jira does not perform authorization checks. This might allow an unauthenticated user to export all groups from the Jira instance by making a groupexport_download=true request to a plugins/servlet/groupexportforjira/admin/ URI.

Atlassian Jira 在1.0.3之前的 Netic Group Export 附件不执行授权检查。这可能允许未经身份验证的用户通过向 plugins/servlet/groupexportforjira/admin/URI 发出 groupexport _ download = true 请求，从 Jira 实例导出所有组。

有新的漏洞组件被发现啦,组件ID:F5
TensorFlow is an open source platform for machine learning. If `SparseBincount` is given inputs for `indices`, `values`, and `dense_shape` that do not make a valid sparse tensor, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 40adbe4dd15b582b0210dfbf40c243a62f5119fa. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.

TensorFlow 是一个用于机器学习的开源平台。如果“ SparseBincount”输入的“ index”、“ value”和“集合形状”不构成有效的稀疏张量，就会产生一个 Segfault，可以用来触发分布式拒绝服务攻击攻击。我们已经在 GitHub 中修补了这个问题，提交40adbe4dd15b582b0210dfbf40c243a62f5119fa。补丁将包含在 TensorFlow 2.10.0中。我们还将在 TensorFlow 2.9.1、 TensorFlow 2.8.1和 TensorFlow 2.7.2上初选这个提交，因为它们也受到影响，并且仍然在支持范围内。对于这个问题没有已知的解决办法。

有新的漏洞组件被发现啦,组件ID:F5
TensorFlow is an open source platform for machine learning. If `FakeQuantWithMinMaxVarsPerChannel` is given `min` or `max` tensors of a rank other than one, it results in a `CHECK` fail that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 785d67a78a1d533759fcd2f5e8d6ef778de849e0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.

TensorFlow 是一个用于机器学习的开源平台。如果“ fakeQuantWithminMaxVarsperChannel”被赋予“ min”或“ max”张量的等级不是1，则会导致“ CHECK”失败，从而触发分布式拒绝服务攻击攻击。我们已经在 GitHub 中修补了这个问题，提交了785d67a78a1d533759fcd2f5e8d6ef778de849e0。补丁将包含在 TensorFlow 2.10.0中。我们还将在 TensorFlow 2.9.1、 TensorFlow 2.8.1和 TensorFlow 2.7.2上初选这个提交，因为它们也受到影响，并且仍然在支持范围内。对于这个问题没有已知的解决办法。

有新的漏洞组件被发现啦,组件ID:F5
TensorFlow is an open source platform for machine learning. If `Requantize` is given `input_min`, `input_max`, `requested_output_min`, `requested_output_max` tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit 785d67a78a1d533759fcd2f5e8d6ef778de849e0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.

TensorFlow 是一个用于机器学习的开源平台。如果“重量化”被赋予非零级的“输入 _ min”、“输入 _ max”、“请求 _ 输出 _ min”、“请求 _ 输出 _ max”张量，就会产生一个可以用来触发分布式拒绝服务攻击攻击的 Segfault。我们已经在 GitHub 中修补了这个问题，提交了785d67a78a1d533759fcd2f5e8d6ef778de849e0。补丁将包含在 TensorFlow 2.10.0中。我们还将在 TensorFlow 2.9.1、 TensorFlow 2.8.1和 TensorFlow 2.7.2上初选这个提交，因为它们也受到影响，并且仍然在支持范围内。对于这个问题没有已知的解决办法。

有新的漏洞组件被发现啦,组件ID:F5
TensorFlow is an open source platform for machine learning. When `RangeSize` receives values that do not fit into an `int64_t`, it crashes. We have patched the issue in GitHub commit 37e64539cd29fcfb814c4451152a60f5d107b0f0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.

TensorFlow 是一个用于机器学习的开源平台。当“ RangeSize”接收到与“ int64 _ t”不匹配的值时，它会崩溃。我们已经在 GitHub 中修补了这个问题，并提交了37e64539cd29fcfb814c4451152a60f5d107b0f0。补丁将包含在 TensorFlow 2.10.0中。我们还将在 TensorFlow 2.9.1、 TensorFlow 2.8.1和 TensorFlow 2.7.2上初选这个提交，因为它们也受到影响，并且仍然在支持范围内。对于这个问题没有已知的解决办法。

有新的漏洞组件被发现啦,组件ID:F5
TensorFlow is an open source platform for machine learning. When `mlir::tfg::TFOp::nameAttr` receives null type list attributes, it crashes. We have patched the issue in GitHub commits 3a754740d5414e362512ee981eefba41561a63a6 and a0f0b9a21c9270930457095092f558fbad4c03e5. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.

TensorFlow 是一个用于机器学习的开源平台。当‘ mlir: : tfg: : TFOp: : nameAttr’接收到 null 类型列表属性时，它崩溃。我们已经在 GitHub 中修补了这个问题，提交了3a754740d5414e362512ee981eefba41561a63a6和 a0f0b9a21c9270930457095092f558fbad4c03e5。补丁将包含在 TensorFlow 2.10.0中。我们还将在 TensorFlow 2.9.1、 TensorFlow 2.8.1和 TensorFlow 2.7.2上初选这个提交，因为它们也受到影响，并且仍然在支持范围内。对于这个问题没有已知的解决办法。

有新的漏洞组件被发现啦,组件ID:F5
TensorFlow is an open source platform for machine learning. When `mlir::tfg::GraphDefImporter::ConvertNodeDef` tries to convert NodeDefs without an op name, it crashes. We have patched the issue in GitHub commit a0f0b9a21c9270930457095092f558fbad4c03e5. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.

TensorFlow 是一个用于机器学习的开源平台。当‘ mlir: : tfg: : GraphDefImporter: : ConvertNodeDef’试图转换不带操作名的 NodeDefs 时，它会崩溃。我们已经在 GitHub 中修补了这个问题，提交 a0f0b9a21c9270930457095092f558fbad4c03e5。补丁将包含在 TensorFlow 2.10.0中。我们还将在 TensorFlow 2.9.1、 TensorFlow 2.8.1和 TensorFlow 2.7.2上初选这个提交，因为它们也受到影响，并且仍然在支持范围内。对于这个问题没有已知的解决办法。

有新的漏洞组件被发现啦,组件ID:F5
TensorFlow is an open source platform for machine learning. When `mlir::tfg::ConvertGenericFunctionToFunctionDef` is given empty function attributes, it crashes. We have patched the issue in GitHub commit ad069af92392efee1418c48ff561fd3070a03d7b. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.

TensorFlow 是一个用于机器学习的开源平台。当‘ mlir: : tfg: : ConvertGenericFunctionToFunctionDef’被赋予空函数属性时，它会崩溃。我们已经在 GitHub 中修补了这个问题，提交 ad069af92392efee1418c48ff561fd3070a03d7b。补丁将包含在 TensorFlow 2.10.0中。我们还将在 TensorFlow 2.9.1、 TensorFlow 2.8.1和 TensorFlow 2.7.2上初选这个提交，因为它们也受到影响，并且仍然在支持范围内。对于这个问题没有已知的解决办法。