Lucene search
+L

149 matches found

RedhatCVE
RedhatCVE
added 2021/03/03 7:47 p.m.18 views

CVE-2018-25004

An improper input validation flaw causing a denial-of-service found in MongoDB. An attacker can perform a specific type of query which issues a generic explain command on a find query causing denial-of-service. The highest threat from this vulnerability is to the system availability...

4.9CVSS2.6AI score0.01004EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2021/03/02 12:0 a.m.9 views

MongoDB DoS Vulnerability (SERVER-38275) - Linux

MongoDB is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mongodb:mongodb"; if...

4.9CVSS5AI score0.01004EPSS
Exploits0References1
OSV
OSV
added 2021/03/01 5:15 p.m.4 views

UBUNTU-CVE-2018-25004

A user authorized to performing a specific type of query may trigger a denial of service by issuing a generic explain command on a find query. This issue affects MongoDB Server v4.0 versions prior to 4.0.6 and MongoDB Server v3.6 versions prior to 3.6.11...

4.9CVSS5.8AI score0.01004EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2021/03/01 12:0 a.m.8 views

PT-2021-8843 · Mongodb · Mongodb Server +1

Name of the Vulnerable Software and Affected Versions: MongoDB Server versions prior to 4.0.6 MongoDB Server versions prior to 3.6.11 Description: A user authorized to perform a specific type of query may trigger a denial of service by issuing a generic explain command on a find query...

4.9CVSS7.4AI score0.01004EPSS
Exploits0References11
CNNVD
CNNVD
added 2021/03/01 12:0 a.m.6 views

Mongodb Server 输入验证错误漏洞

MongoDB is a document-oriented database management system from the U.S.-based MongoDB, Inc. An input validation error vulnerability exists in MongoDB Server v4.0 versions prior to 4.0.6, which originates from a user authorized to perform a specific type of query may be able to trigger a denial of...

4.9CVSS5.3AI score0.01004EPSS
Exploits0References3
RubySec
RubySec
added 2020/08/04 12:0 a.m.19 views

CSRF Vulnerability with Non-Session Based Authentication

The PgHero dashboard is vulnerable to CSRF with non-session based authentication methods. Impact The PgHero dashboard is vulnerable to cross-site request forgery CSRF. This affects the Docker image, Linux packages, and in specific cases, the Ruby gem. The Ruby gem is vulnerable with non-session...

8.1CVSS2.8AI score0.00465EPSS
Exploits0References1Affected Software1
Veracode
Veracode
added 2020/04/10 12:53 a.m.36 views

Denial Of Service (DoS)

mysql is vulnerable to denial of service. A flaw in the way MySQL processed EXPLAIN statements for some complex SELECT queries could allow a remote, authenticated attacker to crash mysqld...

4CVSS4.4AI score0.1144EPSS
Exploits1References28Affected Software1
Github Security Blog
Github Security Blog
added 2018/11/21 10:24 p.m.39 views

Moderate severity vulnerability that affects org.apache.hive:hive-jdbc

In Apache Hive 2.3.3, 3.1.0 and earlier, Hive "EXPLAIN" operation does not check for necessary authorization of involved entities in a query. An unauthorized user can do "EXPLAIN" on arbitrary table or view and expose table metadata and statistics...

4.3CVSS2.5AI score0.01988EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2018/11/21 10:24 p.m.13 views

GHSA-JMF4-PQ78-F8VJ Moderate severity vulnerability that affects org.apache.hive:hive-jdbc

In Apache Hive 2.3.3, 3.1.0 and earlier, Hive "EXPLAIN" operation does not check for necessary authorization of involved entities in a query. An unauthorized user can do "EXPLAIN" on arbitrary table or view and expose table metadata and statistics...

4.3CVSS6AI score0.01988EPSS
Exploits0References4
Veracode
Veracode
added 2018/11/09 7:12 a.m.25 views

Information Disclosure

hive-exec is vulnerable to an information disclosure.The library does not properly handle permissions of entities in an EXPLAIN operation, allowing a malicious user to use the operation to gain access to sensitive information in an arbitrary table, view, metadata or statistics...

4.3CVSS5.1AI score0.01988EPSS
Exploits0References5Affected Software1
CNVD
CNVD
added 2018/11/09 12:0 a.m.6 views

Apache Hive Hive EXPLAIN Query Unauthorized Vulnerability

Apache Hive is a set of Hadoop Distributed Systems Infrastructure based data warehouse software from the Apache Apache Software Foundation in the United States. The software provides a data integration approach and a high-level query language to support large-scale data analysis on Hadoop. A...

4.3CVSS4.9AI score0.01988EPSS
Exploits0References1
Prion
Prion
added 2018/11/08 2:29 p.m.19 views

Authorization

In Apache Hive 2.3.3, 3.1.0 and earlier, Hive "EXPLAIN" operation does not check for necessary authorization of involved entities in a query. An unauthorized user can do "EXPLAIN" on arbitrary table or view and expose table metadata and statistics...

4CVSS4.7AI score0.01988EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2018/11/08 2:0 p.m.104 views

CVE-2018-1314

CVE-2018-1314 affects Apache Hive 2.3.3, 3.1.0 and earlier. The EXPLAIN operation fails to enforce authorization on involved entities, allowing an unauthorized user to run EXPLAIN on arbitrary tables/views and disclose table metadata and statistics. Concrete references include NVD/CVE records and...

4.3CVSS4.7AI score0.01988EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2018/11/08 2:0 p.m.26 views

CVE-2018-1314

In Apache Hive 2.3.3, 3.1.0 and earlier, Hive "EXPLAIN" operation does not check for necessary authorization of involved entities in a query. An unauthorized user can do "EXPLAIN" on arbitrary table or view and expose table metadata and statistics...

4.7AI score0.01988EPSS
Exploits0References2
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.45 views

Quest Toad for Oracle Explain Plan Display ActiveX Control (QExplain2.dll 6.6.1.1115) Remote File Creation / Overwrite PoC

No description provided by source. !-- Quest Toad for Oracle Explain Plan Display ActiveX Control QExplain2.dll 6.6.1.1115 Remote File Creation / Overwrite vendor site: http://www.quest.com/ file tested: QuestToad-Development-Suite-for-Oracle110R2.exe CLSID: F7014877-6F5A-4019-A3B2-74077F2AE126...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2013/10/16 12:0 a.m.38 views

IBM DB2 10.1 < Fix Pack 3 Multiple Vulnerabilities (credentialed check)

According to its version, the installation of IBM DB2 10.1 on the remote host is affected by the following vulnerabilities : - When a multi-node configuration is used, an error exists in the Fast Communications Manager FCM that could allow denial of service attacks. CVE-2013-4032 / IC94434 - An...

5CVSS5.5AI score0.02374EPSS
Exploits0References6
NVD
NVD
added 2013/08/28 1:13 p.m.21 views

CVE-2013-4033

IBM DB2 and DB2 Connect 9.7 through FP8, 9.8 through FP5, 10.1 through FP2, and 10.5 through FP1 allow remote authenticated users to execute DML statements by leveraging EXPLAIN authority...

4.6CVSS6.4AI score0.01746EPSS
Exploits0References6
Prion
Prion
added 2013/08/28 1:13 p.m.23 views

Code injection

IBM DB2 and DB2 Connect 9.7 through FP8, 9.8 through FP5, 10.1 through FP2, and 10.5 through FP1 allow remote authenticated users to execute DML statements by leveraging EXPLAIN authority...

4.6CVSS7AI score0.01746EPSS
Exploits0References6Affected Software2
Cvelist
Cvelist
added 2013/08/28 10:0 a.m.37 views

CVE-2013-4033

IBM DB2 and DB2 Connect 9.7 through FP8, 9.8 through FP5, 10.1 through FP2, and 10.5 through FP1 allow remote authenticated users to execute DML statements by leveraging EXPLAIN authority...

6.4AI score0.01746EPSS
Exploits0References6
CVE
CVE
added 2013/08/28 10:0 a.m.325 views

CVE-2013-4033

CVE-2013-4033 affects IBM DB2 and DB2 Connect (versions 9.7 FP8, 9.8 FP5, 10.1 FP2, 10.5 FP1). An authenticated user with EXPLAIN authority can temporarily gain SELECT/INSERT/UPDATE/DELETE on a table without DATAACCESS authority, by exploiting EXPLAIN-related privileges. IBM security notices list...

4.6CVSS6.5AI score0.01746EPSS
Exploits0References6Affected Software2
Rows per page
Query Builder