Lucene search
K

346 matches found

Veracode
Veracode
added 2024/09/13 9:4 a.m.8 views

Code Injection

refuelautolabel is vulnerable to Code Injection. The vulnerability caused by improper use of the eval function to process CSV files in classification tasks. If a maliciously crafted CSV file containing Python code is provided, the eval function executes this code, leading to arbitrary code...

7.8CVSS7.2AI score0.00349EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2024/09/13 5:52 a.m.11 views

Code Injection

MindsDB is vulnerable to Code Injection. The vulnerability is due to the unsafe use of the eval function, which directly executes input Python code without proper validation. It allows an attackers to inject and execute arbitrary code via the 'SELECT WHERE' clause...

8.8CVSS7.7AI score0.02148EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2024/09/12 3:33 p.m.21 views

MindsDB Eval Injection vulnerability

An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for list creation. If such a query i...

8.8CVSS7.7AI score0.00864EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2024/09/12 1:15 p.m.43 views

CVE-2024-45851

An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for list item creation. If such a...

8.8CVSS0.00864EPSS
Exploits1References1
NVD
NVD
added 2024/09/12 1:15 p.m.68 views

CVE-2024-45850

An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for site column creation. If such a...

8.8CVSS0.00864EPSS
Exploits1References1
NVD
NVD
added 2024/09/12 1:15 p.m.47 views

CVE-2024-45849

An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for list creation. If such a query i...

8.8CVSS0.00864EPSS
Exploits1References1
NVD
NVD
added 2024/09/12 1:15 p.m.34 views

CVE-2024-45847

An arbitrary code execution vulnerability exists in versions 23.11.4.2 up to 24.7.4.1 of the MindsDB platform, when one of several integrations is installed on the server. If a specially crafted ‘UPDATE’ query containing Python code is run against a database created with the specified integration...

8.8CVSS0.00851EPSS
Exploits1References1
NVD
NVD
added 2024/09/12 1:15 p.m.35 views

CVE-2024-45846

An arbitrary code execution vulnerability exists in versions 23.10.3.0 up to 24.7.4.1 of the MindsDB platform, when the Weaviate integration is installed on the server. If a specially crafted ‘SELECT WHERE’ clause containing Python code is run against a database created with the Weaviate engine,...

8.8CVSS0.02148EPSS
Exploits1References1
OSV
OSV
added 2024/09/12 1:15 p.m.5 views

CVE-2024-27320

An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its classification tasks handle provided CSV files. If a victim user creates a classification task using a maliciously crafted CSV file containing Python code, the code...

7.8CVSS6.2AI score0.00349EPSS
Exploits0References1
OSV
OSV
added 2024/09/12 1:15 p.m.35 views

PYSEC-2024-81

An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for list item creation. If such a...

8.8CVSS8.8AI score0.00864EPSS
Exploits1References3
OSV
OSV
added 2024/09/12 1:15 p.m.32 views

PYSEC-2024-80

An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for site column creation. If such a...

8.8CVSS8.8AI score0.00864EPSS
Exploits1References3
OSV
OSV
added 2024/09/12 1:1 p.m.21 views

CVE-2024-45851

An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for list item creation. If such a...

8.8CVSS8.8AI score0.00864EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2024/09/12 1:1 p.m.18 views

CVE-2024-45851

An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for list item creation. If such a...

8.8CVSS7.7AI score0.00864EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/09/12 1:1 p.m.37 views

CVE-2024-45851

An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for list item creation. If such a...

8.8CVSS0.00864EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/09/12 1:0 p.m.11 views

CVE-2024-45850

An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for site column creation. If such a...

8.8CVSS7.6AI score0.00864EPSS
Exploits1References1
CVE
CVE
added 2024/09/12 1:0 p.m.58 views

CVE-2024-45850

The CVE-2024-45850 entry describes an arbitrary code execution vulnerability in MindsDB versions 23.10.5.0 through 24.7.4.1 when the Microsoft SharePoint integration is installed. The issue arises in databases created with the SharePoint engine: an ‘INSERT’ query used for site column creation can...

8.8CVSS8.8AI score0.00864EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2024/09/12 1:0 p.m.14 views

CVE-2024-45850

An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for site column creation. If such a...

8.8CVSS8.8AI score0.00864EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/09/12 1:0 p.m.61 views

CVE-2024-45850

An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for site column creation. If such a...

8.8CVSS0.00864EPSS
Exploits1References1
OSV
OSV
added 2024/09/12 12:59 p.m.17 views

CVE-2024-45849

An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for list creation. If such a query i...

8.8CVSS8.8AI score0.00864EPSS
Exploits1References4
CVE
CVE
added 2024/09/12 12:59 p.m.59 views

CVE-2024-45849

The MindsDB CVE-2024-45849 vulnerability is confirmed to be an arbitrary code execution via the Microsoft SharePoint integration. A specially crafted INSERT query on databases created with the SharePoint engine can inject Python code that is passed to eval() and executed on the server. Affected v...

8.8CVSS8AI score0.00864EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder