Lucene search
K

74 matches found

NVD
NVD
added 2023/01/31 10:15 a.m.33 views

CVE-2022-44644

In Apache Linkis =1.3.0 when used with the MySQL Connector/J in the data source module, an authenticated attacker could read arbitrary local files by connecting a rogue MySQL server, By adding allowLoadLocalInfile to true in the JDBC parameter. Therefore, the parameters in the JDBC URL should be...

6.5CVSS6.2AI score0.01161EPSS
Exploits0References1
Prion
Prion
added 2023/01/31 10:15 a.m.20 views

Code injection

In Apache Linkis =1.3.0 when used with the MySQL Connector/J in the data source module, an authenticated attacker could read arbitrary local files by connecting a rogue MySQL server, By adding allowLoadLocalInfile to true in the JDBC parameter. Therefore, the parameters in the JDBC URL should be...

4CVSS6.2AI score0.01161EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/01/31 10:15 a.m.22 views

Deserialization of untrusted data

In Apache Linkis =1.3.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures new datasource with a MySQL data source and malicious parameters. Therefore, the parameter...

6.5CVSS8.9AI score0.01949EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/01/31 9:40 a.m.37 views

CVE-2022-44644 Apache Linkis (incubating): The DatasourceManager module has a Local File Read Vulnerability

In Apache Linkis =1.3.0 when used with the MySQL Connector/J in the data source module, an authenticated attacker could read arbitrary local files by connecting a rogue MySQL server, By adding allowLoadLocalInfile to true in the JDBC parameter. Therefore, the parameters in the JDBC URL should be...

6.3AI score0.01161EPSS
Exploits0References1
OSV
OSV
added 2023/01/31 9:40 a.m.16 views

CVE-2022-44644 Apache Linkis (incubating): The DatasourceManager module has a Local File Read Vulnerability

In Apache Linkis =1.3.0 when used with the MySQL Connector/J in the data source module, an authenticated attacker could read arbitrary local files by connecting a rogue MySQL server, By adding allowLoadLocalInfile to true in the JDBC parameter. Therefore, the parameters in the JDBC URL should be...

6.5CVSS6.7AI score0.01161EPSS
Exploits0References3
CVE
CVE
added 2023/01/31 9:40 a.m.75 views

CVE-2022-44644

CVE-2022-44644 — Apache Linkis local file read vulnerability . Affected: Apache Linkis

6.5CVSS6.2AI score0.01161EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/01/31 9:38 a.m.15 views

CVE-2022-44645 Apache Linkis (incubating): The DatasourceManager module has a serialization attack vulnerability

In Apache Linkis =1.3.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures new datasource with a MySQL data source and malicious parameters. Therefore, the parameter...

8.8CVSS6.6AI score0.01949EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/01/31 9:38 a.m.48 views

CVE-2022-44645 Apache Linkis (incubating): The DatasourceManager module has a serialization attack vulnerability

In Apache Linkis =1.3.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures new datasource with a MySQL data source and malicious parameters. Therefore, the parameter...

9.2AI score0.01949EPSS
Exploits0References1
CVE
CVE
added 2023/01/31 9:38 a.m.73 views

CVE-2022-44645

CVE-2022-44645 affects Apache Linkis

8.8CVSS8.9AI score0.01949EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/01/31 12:0 a.m.11 views

PT-2023-1346 · Apache +1 · Apache Linkis +1

Name of the Vulnerable Software and Affected Versions: Apache Linkis versions prior to 1.3.1 Description: The issue is related to insufficient protection of service data when handling the allowLoadLocalInfile parameter with a value of true in the MySQL Connector/J component of Apache Linkis. This...

6.8CVSS6.2AI score0.01161EPSS
Exploits0References11
OSV
OSV
added 2022/11/11 11:4 a.m.3 views

OESA-2022-2076 mysql-connector-java security update

MySQL Connector/J is a native Java driver that converts JDBC Java Database Connectivity calls into the network protocol used by the MySQL database. It lets developers working with the Java programming language easily build programs and applets that interact with MySQL and connect all corporate...

6.3CVSS6AI score0.00501EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2022/10/26 7:0 p.m.27 views

Apache Linkis subject to Remote Code Execution via deserialization

In Apache Linkis =1.2.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures a JDBC EC with a MySQL data source and malicious parameters. Therefore, the parameters in...

8.8CVSS8.7AI score0.01747EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/10/26 7:0 p.m.30 views

GHSA-3F3W-GMQF-4HJ3 Apache Linkis subject to Remote Code Execution via deserialization

In Apache Linkis =1.2.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures a JDBC EC with a MySQL data source and malicious parameters. Therefore, the parameters in...

8.8CVSS8.8AI score0.01747EPSS
Exploits0References3
NVD
NVD
added 2022/10/26 4:15 p.m.35 views

CVE-2022-39944

In Apache Linkis =1.2.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures a JDBC EC with a MySQL data source and malicious parameters. Therefore, the parameters in...

8.8CVSS0.01747EPSS
Exploits0References1
Prion
Prion
added 2022/10/26 4:15 p.m.21 views

Deserialization of untrusted data

In Apache Linkis =1.2.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures a JDBC EC with a MySQL data source and malicious parameters. Therefore, the parameters in...

6.5CVSS8.9AI score0.01747EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/10/26 12:0 a.m.33 views

CVE-2022-39944 The Apache Linkis JDBC EngineConn module has a RCE Vulnerability

In Apache Linkis =1.2.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures a JDBC EC with a MySQL data source and malicious parameters. Therefore, the parameters in...

9.1AI score0.01747EPSS
Exploits0References1
CVE
CVE
added 2022/10/26 12:0 a.m.89 views

CVE-2022-39944

Summary: CVE-2022-39944 affects Apache Linkis <= 1.2.0 when used with MySQL Connector/J, enabling a deserialization vulnerability that can lead to remote code execution if an attacker has write access to a database and provides malicious parameters in a JDBC EC with a MySQL data source. The is...

8.8CVSS8.9AI score0.01747EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2022/10/26 12:0 a.m.15 views

CVE-2022-39944 The Apache Linkis JDBC EngineConn module has a RCE Vulnerability

In Apache Linkis =1.2.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures a JDBC EC with a MySQL data source and malicious parameters. Therefore, the parameters in...

8.8CVSS7.8AI score0.01747EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2022/09/09 7:12 a.m.4 views

mysql-connector-java: unauthorized access to critical

MySQL Connector/J has no security check when external general entities are included in XML sources, consequently, there exists an XML External EntityXXE vulnerability. A successful attack can access critical data and gain full control/access to all MySQL Connectors' accessible data without any...

7.9CVSS7.2AI score0.07318EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2022/07/07 2:19 p.m.3 views

mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors

Vulnerability in the MySQL Connectors product of Oracle MySQL component: Connector/J. Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful...

6.6CVSS7.3AI score0.0132EPSS
Exploits0References5
Rows per page
Query Builder