76 matches found
TIBCO Software Jaspersoft JasperReports Server Security Vulnerability
TIBCO Software Jaspersoft JasperReports Server is a report generation tool from TIBCO Software, USA. The product supports PDF, HTML, XLS, CSV and XML file output formats. A security vulnerability exists in TIBCO Software Jaspersoft JasperReports Server versions 8.0.4 through 9.0.0, which stems fr...
CVE-2023-35701
Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Hive. The vulnerability affects the Hive JDBC driver component and it can potentially lead to arbitrary code execution on the machine/endpoint that the JDBC driver client is running. The malicious user must have...
CVE-2023-4552 Java Database Connectivity (JDBC) URL Manipulation
Improper Input Validation vulnerability in OpenText AppBuilder on Windows, Linux allows Probe System Files. An authenticated AppBuilder user with the ability to create or manage existing databases can leverage them to exploit the AppBuilder server - including access to its local file system. This...
The vulnerability of the JDBC client driver of the IBM DB2 database management system allows a perpetrator to execute arbitrary code.
The vulnerability of the JDBC client driver of the IBM DB2 database management system is related to improper code generation. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...
Apache Airflow 输入验证错误漏洞
Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. A code execution vulnerability exists in Apache Airflow JDBC Provider, which can be exploited by an attacker to execute arbitrary code on a system...
UBUNTU-CVE-2023-32697
SQLite JDBC is a library for accessing and creating SQLite database files in Java. Sqlite-jdbc addresses a remote code execution vulnerability via JDBC URL. This issue impacting versions 3.6.14.1 through 3.41.2.1 and has been fixed in version 3.41.2.2...
OPENSUSE-SU-2023:0064-1 Security update for trivy
This update for trivy fixes the following issues: Update to version 0.37.3 boo1208091, CVE-2023-25165: chorehelm: update Trivy from v0.36.1 to v0.37.2 3574 ci: quote pros in c++ for semantic pr 3605 fiximage: check proxy settings from env for remote images 3604 Update to version 0.37.2: BREAKING:...
SUSE CVE-2010-4474
Unspecified vulnerability in the Java DB component in Oracle Java SE and Java for Business 6 Update 23, and, and earlier allows local users to affect confidentiality via unknown vectors related to Security, a similar vulnerability to CVE-2009-4269...
SUSE CVE-2018-2938
Vulnerability in the Java SE component of Oracle Java SE subcomponent: Java DB. Supported versions that are affected are Java SE: 6u191, 7u181 and 8u172. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. While the...
VulnCheck KEV: CVE-2021-44832
Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue...
Exploit for Incorrect Type Conversion or Cast in Amazon Amazon_Web_Services_Redshift_Java_Database_Connectivity_Driver
CVE-2022-41828 Amazon AWS Redshift JDBC Driver Remote Code...
The vulnerability of the JDBC platform integration data processing server Apache InLong’s URL address handler allows a attacker to execute arbitrary code.
The vulnerability of the JDBC URL connection handler of the Apache InLong data integration platform is related to the recovery of unreliable data in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
Amazon AWS Redshift JDBC Driver 代码问题漏洞
Amazon AWS is a cloud computing platform from the U.S.-based Amazon.com that provides a range of services including information technology infrastructure and applications such as storage, databases, computing, machine learning, and more to individuals, businesses, and governments. A security...
USN-5238-1: PostgreSQL JDBC Driver vulnerability
It was discovered that PostgreSQL JDBC Driver incorrectly handled certain requests from external entities. A remote attacker could use this vulnerability to cause a denial of service or possibly execute arbitrary code...
多款 VMware 产品代码问题漏洞
Vmware vRealize Automation and others are products of Vmware, Inc. vRealize Automation is a management tool that provides self-service, supervised multi-cloud automation. vRealize Automation is a management tool that provides self-service, supervised multi-cloud automation. vRealize Automation is...
多款 VMware 产品跨站请求伪造漏洞
Vmware vRealize Automation and others are products of Vmware, Inc. vRealize Automation is a management tool that provides self-service, supervised multi-cloud automation. vRealize Automation is a management tool that provides self-service, supervised multi-cloud automation. vRealize Automation is...
Jenkins dbCharts 插件安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. Jenkins dbCharts Plugin is vulnerable to an information disclosure...
log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender
A flaw was found in the Java logging library Apache Log4j in version 1.x. JDBCAppender in Log4j 1.x is vulnerable to SQL injection in untrusted data. This allows a remote attacker to run SQL statements in the database if the deployed application is configured to use JDBCAppender with certain...
The vulnerability of the Java-programming logging library Apache Log4j2 lies in the lack of additional JNDI control elements, allowing attackers to execute arbitrary code.
The vulnerability of the Apache Log4j2 Java-programming logging library is related to the absence of additional JNDI control elements. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using JDBC Appender...
EulerOS 2.0 SP5 : mysql-connector-java (EulerOS-SA-2021-1215)
According to the version of the mysql-connector-java package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - MySQL Connector/J is a native Java driver that converts JDBC Java Database Connectivity calls into the network protocol used by the...