58 matches found
CVE-2024-23833
OpenRefine is a free, open source power tool for working with messy data and improving it. A jdbc attack vulnerability exists in OpenRefineversion=3.7.7 where an attacker may construct a JDBC query which may read files on the host filesystem. Due to the newer MySQL driver library in the latest...
Apache InLong Code Issue Vulnerability (CNVD-2024-08088)
Apache InLong is the U.S. Apache Apache Foundation's one-stop massive data integration framework. Provides automated, secure and reliable data transfer capabilities. Apache InLong has a code issue vulnerability that stems from the presence of a deserialization vulnerability. An attacker can explo...
Arbitrary File Read
org.apache.inlong: manager-pojo is vulnerable to Arbitrary File Read. The vulnerability is caused due to lack of validation performed while deserializing untrusted data. An attacker can perform an arbitrary file read using mysql driver...
CVE-2023-51785
Deserialization of Untrusted Data vulnerability in Apache InLong.This issue affects Apache InLong: from 1.7.0 through 1.9.0, the attackers can make a arbitrary file read attack using mysql driver. Users are advised to upgrade to Apache InLong's 1.10.0 or cherry-pick 1 to solve it. 1 ...
Deserialization of untrusted data
Deserialization of Untrusted Data vulnerability in Apache InLong.This issue affects Apache InLong: from 1.7.0 through 1.9.0, the attackers can make a arbitrary file read attack using mysql driver. Users are advised to upgrade to Apache InLong's 1.10.0 or cherry-pick 1 to solve it. 1 ...
CVE-2023-51785 Apache InLong: Arbitrary File Read Vulnerability in Apache InLong Manager
Deserialization of Untrusted Data vulnerability in Apache InLong.This issue affects Apache InLong: from 1.7.0 through 1.9.0, the attackers can make a arbitrary file read attack using mysql driver. Users are advised to upgrade to Apache InLong's 1.10.0 or cherry-pick 1 to solve it. 1 ...
CVE-2023-51785 Apache InLong: Arbitrary File Read Vulnerability in Apache InLong Manager
Deserialization of Untrusted Data vulnerability in Apache InLong.This issue affects Apache InLong: from 1.7.0 through 1.9.0, the attackers can make a arbitrary file read attack using mysql driver. Users are advised to upgrade to Apache InLong's 1.10.0 or cherry-pick 1 to solve it. 1 ...
Apache Druid < 0.20.2 RCE
Apache Druid allows users to read data from other database systems using JDBC. This functionality is to allow trusted users with the proper permissions to set up lookups or submit ingestion tasks. The MySQL JDBC driver supports certain properties, which, if left unmitigated, can allow an attacker...
SUSE CVE-2014-9906
Use-after-free vulnerability in DBD::mysql before 4.029 allows attackers to cause a denial of service program crash or possibly execute arbitrary code via vectors related to a lost server connection...
SUSE CVE-2015-8949
Use-after-free vulnerability in the mylogin function in DBD::mysql before 4.03301 allows attackers to have unspecified impact by leveraging a call to mysqlerrno after a failure of mylogin...
SUSE CVE-2016-1251
There is a vulnerability of type use-after-free affecting DBD::mysql aka DBD-mysql or the Database Interface DBI MySQL driver for Perl 3.x and 4.x before 4.041 when used with mysqlserverprepare=1...
SUSE CVE-2016-7412
ext/mysqlnd/mysqlndwireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNEDFLAG flag, which allows remote MySQL servers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact via crafted field metadata...
GHSA-G2QW-6VRR-V6PQ Apache Jena vulnerable to Deserialization of Untrusted Data
Apache Jena SDB 3.17.0 and earlier is vulnerable to a JDBC Deserialisation attack if the attacker is able to control the JDBC URL used or cause the underlying database server to return malicious data. The mySQL JDBC driver in particular is known to be vulnerable to this class of attack. As a resu...
UBUNTU-CVE-2022-45136
Apache Jena SDB 3.17.0 and earlier is vulnerable to a JDBC Deserialisation attack if the attacker is able to control the JDBC URL used or cause the underlying database server to return malicious data. The mySQL JDBC driver in particular is known to be vulnerable to this class of attack. As a resu...
PT-2022-27413 · Apache +1 · Apache Jena Tdb 2 +2
Name of the Vulnerable Software and Affected Versions: Apache Jena SDB versions 3.17.0 and earlier Description: The issue allows for a JDBC Deserialisation attack if the attacker can control the JDBC URL used or cause the underlying database server to return malicious data. The mySQL JDBC driver ...
Data Source Name Injection
Description TiDB Importer uses Go MySQL Driver for connecting to MySQL servers. This driver utilizes Data Source Name DSN strings for describing database connections with the following format: username:password@protocoladdress/dbname?param=value The driver has a built-in protection against LOCAL...
PT-2021-5951 · Apache · Apache Kylin
Name of the Vulnerable Software and Affected Versions: Apache Kylin 2 versions 2.6.6 and prior Apache Kylin 3 versions 3.1.2 and prior Description: The issue is related to the MySQL JDBC driver in Apache Kylin, which can allow an attacker to execute arbitrary code from a malicious MySQL server...
Arbitrary code execution in Apache Druid
Apache Druid allows users to read data from other database systems using JDBC. This functionality is to allow trusted users with the proper permissions to set up lookups or submit ingestion tasks. The MySQL JDBC driver supports certain properties, which, if left unmitigated, can allow an attacker...
EulerOS Virtualization for ARM 64 3.0.2.0 : perl-DBD-MySQL (EulerOS-SA-2021-1053)
According to the version of the perl-DBD-MySQL package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - There is a vulnerability of type use-after-free affecting DBD::mysql aka DBD-mysql or the Database Interface DBI...
EulerOS 2.0 SP2 : perl-DBD-MySQL (EulerOS-SA-2020-2381)
According to the version of the perl-DBD-MySQL package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - There is a vulnerability of type use-after-free affecting DBD::mysql aka DBD-mysql or the Database Interface DBI MySQL driver for Perl 3.x a...