Lucene search
K

164 matches found

Positive Technologies
Positive Technologies
added 2023/09/06 12:0 a.m.6 views

PT-2023-4965 · Cisco · Cisco Hyperflex Hx Data Platform

Name of the Vulnerable Software and Affected Versions: Cisco HyperFlex HX Data Platform versions 5.0 through 5.5 Description: The issue is related to improper input validation of parameters in an HTTP request, allowing an unauthenticated, remote attacker to redirect a user to a malicious web page...

10CVSS6.7AI score0.0048EPSS
Exploits0References11
Packet Storm
Packet Storm
added 2023/07/31 12:0 a.m.313 views

Rudder Server SQL Injection / Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Rudder Server SQLI Remote Code Execution', 'Description' = %q This Metasploit module exploits a SQL injection vulnerability in RudderStack's...

8.8CVSS7.1AI score0.85825EPSS
Exploits4
CNVD
CNVD
added 2023/07/19 12:0 a.m.13 views

Unauthorized Access Vulnerability in Damon's Big Data Analytics Platform

Wuhan Damon Database Co., Ltd. is specialized in providing big data platform architecture consulting, data technology solution planning, product deployment and implementation in one big data platform company. Unauthorized access vulnerability exists in Damon Big Data Analytics Platform, which can...

6.7AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2023/06/22 12:0 a.m.7 views

The vulnerability of the Snowflake Golang driver for working with the cloud-based data processing and storage platform allows a perpetrator to execute arbitrary code.

The vulnerability of the Snowflake Golang driver for working with cloud-based data processing and storage platforms is related to the lack of measures to clean incoming data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

8.5CVSS7.6AI score0.01962EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2023/06/16 5:15 p.m.40 views

Sql injection

rudder-server is part of RudderStack, an open source Customer Data Platform CDP. Versions of rudder-server prior to 1.3.0-rc.1 are vulnerable to SQL injection. This issue may lead to Remote Code Execution RCE due to the rudder role in PostgresSQL having superuser permissions by default. Version...

6.5CVSS9.1AI score0.85825EPSS
Exploits4References8Affected Software1
Vulnrichment
Vulnrichment
added 2023/06/16 4:4 p.m.11 views

CVE-2023-30625 rudder-server vulnerable to SQL Injection

rudder-server is part of RudderStack, an open source Customer Data Platform CDP. Versions of rudder-server prior to 1.3.0-rc.1 are vulnerable to SQL injection. This issue may lead to Remote Code Execution RCE due to the rudder role in PostgresSQL having superuser permissions by default. Version...

8.8CVSS8.6AI score0.85825EPSS
Exploits4References8
NVD
NVD
added 2023/04/05 8:15 a.m.18 views

CVE-2023-28069

Dell Streaming Data Platform prior to 1.4 contains Open Redirect vulnerability. A remote unauthenticated attacker can phish the legitimate user to redirect to malicious website leading to information disclosure and launch of phishing attacks...

6.1CVSS6.2AI score0.00428EPSS
Exploits0References1
Prion
Prion
added 2023/04/05 8:15 a.m.21 views

Open redirect

Dell Streaming Data Platform prior to 1.4 contains Open Redirect vulnerability. A remote unauthenticated attacker can phish the legitimate user to redirect to malicious website leading to information disclosure and launch of phishing attacks...

4.9CVSS5.5AI score0.00428EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/04/05 7:41 a.m.25 views

CVE-2023-28069

Dell Streaming Data Platform prior to 1.4 contains Open Redirect vulnerability. A remote unauthenticated attacker can phish the legitimate user to redirect to malicious website leading to information disclosure and launch of phishing attacks...

6.1CVSS6.4AI score0.00428EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/04/05 7:41 a.m.7 views

CVE-2023-28069

Dell Streaming Data Platform prior to 1.4 contains Open Redirect vulnerability. A remote unauthenticated attacker can phish the legitimate user to redirect to malicious website leading to information disclosure and launch of phishing attacks...

6.1CVSS6.2AI score0.00428EPSS
Exploits0References1
CVE
CVE
added 2023/04/05 7:41 a.m.38 views

CVE-2023-28069

Dell Streaming Data Platform prior to 1.4 contains an Open Redirect vulnerability. A remote unauthenticated attacker can lure legitimate users to a phishing site by redirecting them, potentially causing information disclosure and phishing attacks. Affected product: Dell Streaming Data Platform, v...

6.1CVSS5.4AI score0.00428EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/04/05 12:0 a.m.6 views

PT-2023-21530 · Dell · Dell Emc Streaming Data Platform

Name of the Vulnerable Software and Affected Versions: Dell Streaming Data Platform versions prior to 1.4 Description: The issue allows a remote unauthenticated attacker to phish legitimate users, redirecting them to malicious websites. This can lead to information disclosure and the launch of...

6.1CVSS5.4AI score0.00428EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/04/05 12:0 a.m.5 views

Dell EMC Streaming Data Platform 输入验证错误漏洞

Dell EMC Streaming Data Platform is a platform for ingesting, storing, and analyzing continuous streaming data in real-time from Dell, Inc. The Dell EMC Streaming Data Platform suffers from an input validation error vulnerability that stems from the inclusion of an open redirection vulnerability...

6.1CVSS5.7AI score0.00428EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/03/29 12:0 a.m.5 views

AtroCore 代码问题漏洞

AtroCore is an open source data platform, data management and middleware software from AtroCore, Inc. A security vulnerability exists in AtroCore version 1.5.25 that stems from the presence of an unauthenticated file upload vulnerability...

9.8CVSS8.3AI score0.00981EPSS
Exploits1References2
Prion
Prion
added 2023/03/16 5:15 p.m.20 views

Input validation

Pimcore is an open source data and experience management platform. Prior to version 10.5.19, quoting is not done properly in UUID DAO model. There is the theoretical possibility to inject custom SQL if the developer is using this methods with input data and not doing proper input validation in...

4.3CVSS7.7AI score0.00855EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/01/25 12:0 a.m.9 views

The vulnerability of the GE Proficy Historian industrial data management platform, related to deficiencies in access control, allows a intruder to gain unauthorized access to protected information.

The vulnerability of the GE Proficy Historian industrial data management platform is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...

7.8CVSS6.6AI score0.00546EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2022/08/19 9:15 p.m.20 views

CVE-2022-36031

Directus is a free and open-source data platform for headless content management. The Directus process can be aborted by having an authorized user update the filenamedisk value to a folder and accessing that file through the /assets endpoint. This vulnerability has been patched and release v9.15....

6.5CVSS0.00837EPSS
Exploits1References1
Prion
Prion
added 2022/08/19 9:15 p.m.17 views

Double free

Directus is a free and open-source data platform for headless content management. The Directus process can be aborted by having an authorized user update the filenamedisk value to a folder and accessing that file through the /assets endpoint. This vulnerability has been patched and release v9.15....

4CVSS6.5AI score0.00837EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2022/08/19 8:40 p.m.69 views

CVE-2022-36031

Directus CVE-2022-36031 affects the Directus data platform. The issue arises when an authorized (non-admin) user with permission to update the filename_disk field on directus_files changes the value to a folder and then accesses that file via the /assets endpoint, causing the Directus process to ...

6.5CVSS6.5AI score0.00837EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2022/08/10 12:0 a.m.27 views

Remote Code Execution Vulnerability in Damon 7 Database Kirin Edition

Wuhan Damon Database Co., Ltd. is specialized in providing big data platform architecture consulting, data technology solution planning, product deployment and implementation in one big data platform company. A remote code execution vulnerability exists in Damon 7 Database Kirin Edition, which ca...

8.3AI score
Exploits0
Rows per page
Query Builder