314 matches found
SUSE CVE-2019-12086
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint, the service has the mysql-connector-java jar 8.0.14 or earlier in the classpath, and an...
SUSE CVE-2020-2933
Vulnerability in the MySQL Connectors product of Oracle MySQL component: Connector/J. Supported versions that are affected are 5.1.48 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful...
SUSE CVE-2021-2471
Vulnerability in the MySQL Connectors product of Oracle MySQL component: Connector/J. Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful...
The vulnerability of the MySQL Connector/J component of the Apache Linkis application connection, management, and orchestration software allows a hacker to execute arbitrary code.
The vulnerability of the MySQL Connector/J component of the Apache Linkis application programming interface, which is responsible for connecting, managing, and orchestrating applications, relates to the recovery of unreliable data in memory. Exploiting this vulnerability allows a remote attacker ...
The vulnerability of the MySQL Connector/J component of the Apache Linkis application connection, management, and orchestration software allows a hacker to gain read access to arbitrary files.
The vulnerability of the MySQL Connector/J component of the Apache Linkis application programming interface, which involves connection management and orchestration, stems from insufficient protection of sensitive data when processing the AllowLoadLocalInfile parameter with a value of true...
Apache Linkis vulnerable to Exposure of Sensitive Information
In Apache Linkis =1.3.0 when used with the MySQL Connector/J, an authenticated attacker could read arbitrary local file by connecting a rogue mysql server, By adding allowLoadLocalInfile to true in the jdbc parameter. Therefore, the parameters in the jdbc url should be blacklisted. Versions of...
GHSA-H6W8-52MQ-4QXC Apache Linkis contains Deserialization of Untrusted Data
In Apache Linkis =1.3.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures new datasource with a MySQL data source and malicious parameters. Therefore, the parameter...
GHSA-RX76-XW35-6RH8 Apache Linkis vulnerable to Exposure of Sensitive Information
In Apache Linkis =1.3.0 when used with the MySQL Connector/J, an authenticated attacker could read arbitrary local file by connecting a rogue mysql server, By adding allowLoadLocalInfile to true in the jdbc parameter. Therefore, the parameters in the jdbc url should be blacklisted. Versions of...
Apache Linkis contains Deserialization of Untrusted Data
In Apache Linkis =1.3.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures new datasource with a MySQL data source and malicious parameters. Therefore, the parameter...
CVE-2022-44645
In Apache Linkis =1.3.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures new datasource with a MySQL data source and malicious parameters. Therefore, the parameter...
CVE-2022-44645
In Apache Linkis =1.3.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures new datasource with a MySQL data source and malicious parameters. Therefore, the parameter...
CVE-2022-44644
In Apache Linkis =1.3.0 when used with the MySQL Connector/J in the data source module, an authenticated attacker could read arbitrary local files by connecting a rogue MySQL server, By adding allowLoadLocalInfile to true in the JDBC parameter. Therefore, the parameters in the JDBC URL should be...
CVE-2022-44644
In Apache Linkis =1.3.0 when used with the MySQL Connector/J in the data source module, an authenticated attacker could read arbitrary local files by connecting a rogue MySQL server, By adding allowLoadLocalInfile to true in the JDBC parameter. Therefore, the parameters in the JDBC URL should be...
Deserialization of untrusted data
In Apache Linkis =1.3.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures new datasource with a MySQL data source and malicious parameters. Therefore, the parameter...
Code injection
In Apache Linkis =1.3.0 when used with the MySQL Connector/J in the data source module, an authenticated attacker could read arbitrary local files by connecting a rogue MySQL server, By adding allowLoadLocalInfile to true in the JDBC parameter. Therefore, the parameters in the JDBC URL should be...
CVE-2022-44644
CVE-2022-44644 — Apache Linkis local file read vulnerability . Affected: Apache Linkis
CVE-2022-44644 Apache Linkis (incubating): The DatasourceManager module has a Local File Read Vulnerability
In Apache Linkis =1.3.0 when used with the MySQL Connector/J in the data source module, an authenticated attacker could read arbitrary local files by connecting a rogue MySQL server, By adding allowLoadLocalInfile to true in the JDBC parameter. Therefore, the parameters in the JDBC URL should be...
CVE-2022-44644 Apache Linkis (incubating): The DatasourceManager module has a Local File Read Vulnerability
In Apache Linkis =1.3.0 when used with the MySQL Connector/J in the data source module, an authenticated attacker could read arbitrary local files by connecting a rogue MySQL server, By adding allowLoadLocalInfile to true in the JDBC parameter. Therefore, the parameters in the JDBC URL should be...
CVE-2022-44645 Apache Linkis (incubating): The DatasourceManager module has a serialization attack vulnerability
In Apache Linkis =1.3.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures new datasource with a MySQL data source and malicious parameters. Therefore, the parameter...
CVE-2022-44645
CVE-2022-44645 affects Apache Linkis