#auth

A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apache Kafka Clients accept configuration data for setting the SASL/OAUTHBEARER connection with the brokers, including "sasl.oauthbearer.token.endpoint.url" and "sasl.oauthbearer.jwks.endpoint.url". Apache Kafka allows clients to read an arbitrary file and return the content in the error log, or sending requests to an unintended location. In applications where Apache Kafka Clients configurations can be specified by an untrusted party, attackers may use the "sasl.oauthbearer.token.endpoint.url" and "sasl.oauthbearer.jwks.endpoint.url" configuratin to read arbitrary contents of the disk and environment variables or make requests to an unintended location. In particular, this flaw may be used in Apache Kafka Connect to escalate from REST API access to filesystem/environment/URL access, which may be undesirable in certain environments, including SaaS products. Since Apache Kafka 3.9.1/4.0.0,...

Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Improper verification of cryptographic signature in App Control for Business (WDAC) allows an unauthorized attacker to bypass a security feature locally.

Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.

Improper input validation in Microsoft Office Outlook allows an authorized attacker to execute code locally.

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.

Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.