CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

455 matches found

Veracode•added 2024/07/16 5:32 a.m.•13 views

Arbitrary File Read

org.apache.linkis: linkis-common is vulnerable to Arbitrary File Read. The vulnerability is due to a lack of effective filtering of parameters, allowing an attacker with an authorized linkis account to configure malicious MySQL JDBC parameters in the DataSource Manager Module which results in...

6.5CVSS6.4AI score0.0031EPSS

Exploits0References3Affected Software1

Veracode•added 2024/07/16 5:0 a.m.•10 views

Remote Code Execution (RCE)

org.apache.linkis: linkis-datasource is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper deserialization of untrusted data in the data source management module when adding a MySQL data source. If an attacker obtains an authorized linkis account, they can exploit JRMP ...

8.8CVSS8.9AI score0.03947EPSS

Exploits0References4Affected Software1

Rockylinux•added 2024/07/15 12:17 p.m.•23 views

cloud-init bug fix update

An update is available for cloud-init. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The cloud-init packages provide a set of init scripts for cloud instances...

7.2AI score

Exploits0

OSV•added 2024/07/15 9:36 a.m.•12 views

GHSA-7QPC-4XX9-X5QW Apache Linkis DataSource's JDBC Datasource Module with DB2 has JNDI Injection vulnerability

In Apache Linkis =1.5.0, due to the lack of effective filteringof parameters, an attacker configuring malicious db2 parameters in the DataSource Manager Module will result in jndi injection. Therefore, the parameters in the DB2 URL should be blacklisted. This attack requires the attacker to obtai...

8.8CVSS8.7AI score0.00708EPSS

Exploits0References5

Github Security Blog•added 2024/07/15 9:36 a.m.•17 views

Apache Linkis DataSource's JDBC Datasource Module with DB2 has JNDI Injection vulnerability

8.8CVSS7AI score0.00708EPSS

Exploits0References5Affected Software1

OSV•added 2024/07/15 9:36 a.m.•14 views

GHSA-F22J-9J59-33J4 Apache Linkis DataSource allows arbitrary file reading

In Apache Linkis = 1.4.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will trigger arbitrary file reading. Therefore, the parameters in the Mysql JDBC URL should be blacklisted. This attack requires...

7.1CVSS6.3AI score0.0031EPSS

Exploits0References5

Github Security Blog•added 2024/07/15 9:36 a.m.•24 views

Apache Linkis DataSource remote code execution vulnerability

In Apache Linkis = 1.8.0241. Or users upgrade Linkis to version 1.6.0...

8.8CVSS7.8AI score0.03947EPSS

Exploits0References4Affected Software1

Github Security Blog•added 2024/07/15 9:36 a.m.•17 views

Apache Linkis DataSource allows arbitrary file reading

6.5CVSS6.7AI score0.0031EPSS

Exploits0References5Affected Software1

OSV•added 2024/07/15 9:36 a.m.•12 views

GHSA-JJVC-V8GW-5255 Apache Linkis DataSource remote code execution vulnerability

In Apache Linkis = 1.8.0241. Or users upgrade Linkis to version 1.6.0...

7.7CVSS8.9AI score0.03947EPSS

Exploits0References4

NVD•added 2024/07/15 8:15 a.m.•14 views

CVE-2023-49566

In Apache Linkis =1.5.0, due to the lack of effective filtering of parameters, an attacker configuring malicious db2 parameters in the DataSource Manager Module will result in jndi injection. Therefore, the parameters in the DB2 URL should be blacklisted. This attack requires the attacker to...

8.8CVSS0.00708EPSS

Exploits0References2

OSV•added 2024/07/15 8:15 a.m.•19 views

CVE-2023-49566

In Apache Linkis =1.5.0, due to the lack of effective filtering of parameters, an attacker configuring malicious db2 parameters in the DataSource Manager Module will result in jndi injection. Therefore, the parameters in the DB2 URL should be blacklisted. This attack requires the attacker to...

8.8CVSS6.9AI score

Exploits0References2

NVD•added 2024/07/15 8:15 a.m.•17 views

CVE-2023-41916

In Apache Linkis =1.4.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will trigger arbitrary file reading. Therefore, the parameters in the Mysql JDBC URL should be blacklisted. This attack requires...

6.5CVSS0.0031EPSS

Exploits0References2

CVE•added 2024/07/15 7:56 a.m.•57 views

CVE-2023-49566

CVE-2023-49566 affects Apache Linkis 1.5.0 and earlier, specifically the DataSource Manager Module where DB2 URL parameters can be crafted to trigger a JNDI injection due to insufficient filtering. The attack requires an attacker with an authorized Linkis account and can enable exploitation throu...

8.8CVSS8.8AI score0.00708EPSS

Exploits0References2Affected Software1

Cvelist•added 2024/07/15 7:56 a.m.•18 views

CVE-2023-49566 Apache Linkis DataSource: JDBC Datasource Module with DB2 has JNDI Injection vulnerability

In Apache Linkis =1.5.0, due to the lack of effective filtering of parameters, an attacker configuring malicious db2 parameters in the DataSource Manager Module will result in jndi injection. Therefore, the parameters in the DB2 URL should be blacklisted. This attack requires the attacker to...

0.00708EPSS

Exploits0References1

Vulnrichment•added 2024/07/15 7:56 a.m.•16 views

CVE-2023-49566 Apache Linkis DataSource: JDBC Datasource Module with DB2 has JNDI Injection vulnerability

In Apache Linkis =1.5.0, due to the lack of effective filtering of parameters, an attacker configuring malicious db2 parameters in the DataSource Manager Module will result in jndi injection. Therefore, the parameters in the DB2 URL should be blacklisted. This attack requires the attacker to...

7.1AI score0.00708EPSS

Exploits0References1

Cvelist•added 2024/07/15 7:55 a.m.•29 views

CVE-2023-46801 Apache Linkis DataSource: DataSource Remote code execution vulnerability

In Apache Linkis = 1.8.0241. Or users upgrade Linkis to version 1.6.0...

0.03947EPSS

Exploits0References1

Cvelist•added 2024/07/15 7:53 a.m.•27 views

CVE-2023-41916 Apache Linkis DataSource: DatasourceManager module has a JDBC parameter judgment logic vulnerability that allows for arbitrary file reading

In Apache Linkis =1.4.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will trigger arbitrary file reading. Therefore, the parameters in the Mysql JDBC URL should be blacklisted. This attack requires...

0.0031EPSS

Exploits0References1

CVE•added 2024/07/15 7:53 a.m.•60 views

CVE-2023-41916

CVE-2023-41916 affects Apache Linkis DataSource Manager: inadequate filtering of parameters allows an authorized attacker to configure malicious MySQL JDBC parameters and trigger arbitrary file reads in Linkis

6.5CVSS6.3AI score0.0031EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2024/07/13 12:0 a.m.•3 views

PT-2024-5102 · Apache · Apache Linkis

Name of the Vulnerable Software and Affected Versions: Apache Linkis versions =1.5.0 Description: The issue is related to the lack of effective filtering of parameters in the DataSource Manager Module of Apache Linkis. This allows an attacker to configure malicious db2 parameters, resulting in jn...

9CVSS7.3AI score0.00708EPSS

Exploits0References10

Positive Technologies•added 2024/07/13 12:0 a.m.•3 views

PT-2024-4766 · Apache · Apache Linkis

Name of the Vulnerable Software and Affected Versions: Apache Linkis version 1.4.0 Description: The issue is related to the lack of effective filtering of parameters in the DataSource Manager Module of Apache Linkis, allowing an attacker to configure malicious Mysql JDBC parameters and trigger...

7.1CVSS7.1AI score0.0031EPSS

Exploits0References10

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by