Lucene search
K

231 matches found

RedhatCVE
RedhatCVE
โ€ขadded 2025/05/22 11:39 p.m.โ€ข1 views

CVE-2022-41401

OpenRefine = v3.5.2 contains a Server-Side Request Forgery SSRF vulnerability, which permits unauthorized users to exploit the system, potentially leading to unauthorized access to internal resources and sensitive file disclosure...

6.5CVSS6.3AI score0.01162EPSS
Exploits1References1
RedhatCVE
RedhatCVE
โ€ขadded 2025/05/22 5:10 a.m.โ€ข11 views

CVE-2019-3580

OpenRefine through 3.1 allows arbitrary file write because Directory Traversal can occur during the import of a crafted project file...

7.5CVSS7AI score0.01853EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
โ€ขadded 2025/03/06 12:0 a.m.โ€ข4 views

Linux Distros Unpatched Vulnerability : CVE-2024-49760

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenRefine is a free, open source tool for working with messy data. The load-language command expects a lang parameter from which it constructs the path of the...

7.1CVSS6.9AI score0.00597EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
โ€ขadded 2025/03/06 12:0 a.m.โ€ข6 views

Linux Distros Unpatched Vulnerability : CVE-2024-47880

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the export- rows command can be used in such a way that it reflects...

8.1CVSS6.5AI score0.00361EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
โ€ขadded 2025/03/06 12:0 a.m.โ€ข8 views

Linux Distros Unpatched Vulnerability : CVE-2024-47879

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, lack of cross- site request forgery protection on the...

8.8CVSS5.5AI score0.00389EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
โ€ขadded 2025/03/05 12:0 a.m.โ€ข11 views

Linux Distros Unpatched Vulnerability : CVE-2024-47881

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenRefine is a free, open source tool for working with messy data. Starting in version 3.4-beta and prior to version 3.8.3, in the database extension, the...

8.8CVSS9.2AI score0.00658EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
โ€ขadded 2025/03/05 12:0 a.m.โ€ข4 views

Linux Distros Unpatched Vulnerability : CVE-2024-23833

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenRefine is a free, open source power tool for working with messy data and improving it. A jdbc attack vulnerability exists in OpenRefineversion=3.7.7 where a...

7.5CVSS7.6AI score0.00991EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
โ€ขadded 2025/03/05 12:0 a.m.โ€ข6 views

Linux Distros Unpatched Vulnerability : CVE-2024-47878

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the /extension/gdata/authorized endpoint includes the state GET...

8.1CVSS6.2AI score0.00441EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
โ€ขadded 2025/03/05 12:0 a.m.โ€ข5 views

Linux Distros Unpatched Vulnerability : CVE-2024-47882

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the built-in Something went wrong! error page includes the exception...

6.1CVSS6.5AI score0.00487EPSS
Exploits1References2
Ubuntu
Ubuntu
โ€ขadded 2025/02/10 3:32 a.m.โ€ข22 views

USN-7260-1: OpenRefine vulnerabilities

It was discovered that OpenRefine did not properly handle opening tar files. If a user or application were tricked into opening a crafted tar file, an attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. CVE-2023-37476 It was discovered that...

9.8CVSS7.8AI score0.45473EPSS
Exploits8
OSV
OSV
โ€ขadded 2025/02/10 3:32 a.m.โ€ข3 views

USN-7260-1 openrefine vulnerabilities

It was discovered that OpenRefine did not properly handle opening tar files. If a user or application were tricked into opening a crafted tar file, an attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. CVE-2023-37476 It was discovered that...

9.8CVSS5.7AI score0.45473EPSS
Exploits8References11
Tenable Nessus
Tenable Nessus
โ€ขadded 2025/02/10 12:0 a.m.โ€ข10 views

Ubuntu 22.04 LTS / 24.04 LTS / 24.10 : OpenRefine vulnerabilities (USN-7260-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 24.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7260-1 advisory. It was discovered that OpenRefine did not properly handle opening tar files. If a user or application were tricked into opening a...

9.8CVSS7.6AI score0.45473EPSS
Exploits8References11
OpenVAS
OpenVAS
โ€ขadded 2025/02/10 12:0 a.m.โ€ข6 views

Ubuntu: Security Advisory (USN-7260-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.3AI score0.45473EPSS
Exploits8References2
RedhatCVE
RedhatCVE
โ€ขadded 2025/02/05 8:33 a.m.โ€ข11 views

CVE-2024-47880

OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the export-rows command can be used in such a way that it reflects part of the request verbatim, with a Content-Type header also taken from the request. An attacker could lead a user to a malicious page th...

8.1CVSS6.9AI score0.00361EPSS
Exploits1References1
RedhatCVE
RedhatCVE
โ€ขadded 2025/02/05 8:23 a.m.โ€ข9 views

CVE-2024-47883

The OpenRefine fork of the MIT Simile Butterfly server is a modular web application framework. The Butterfly framework uses the java.net.URL class to refer to what are expected to be local resource files, like images or templates. This works: "opening a connection" to these URLs opens the local...

9.1CVSS7.3AI score0.01602EPSS
Exploits1References1
RedhatCVE
RedhatCVE
โ€ขadded 2025/02/05 8:22 a.m.โ€ข5 views

CVE-2024-47878

OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the /extension/gdata/authorized endpoint includes the state GET parameter verbatim in a...

8.1CVSS8AI score0.00441EPSS
Exploits1References1
RedhatCVE
RedhatCVE
โ€ขadded 2025/02/05 8:16 a.m.โ€ข11 views

CVE-2024-47881

OpenRefine is a free, open source tool for working with messy data. Starting in version 3.4-beta and prior to version 3.8.3, in the database extension, the "enableloadextension" property can be set for the SQLite integration, enabling an attacker to load local or remote extension DLLs and so run...

8.8CVSS7.2AI score0.00658EPSS
Exploits1References1
RedhatCVE
RedhatCVE
โ€ขadded 2025/02/05 7:37 a.m.โ€ข9 views

CVE-2024-23833

OpenRefine is a free, open source power tool for working with messy data and improving it. A jdbc attack vulnerability exists in OpenRefineversion=3.7.7 where an attacker may construct a JDBC query which may read files on the host filesystem. Due to the newer MySQL driver library in the latest...

7.5CVSS7AI score0.00991EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
โ€ขadded 2024/11/26 12:0 a.m.โ€ข27 views

The vulnerability of the database extension of the OpenRefine software for extracting and cleaning tabular data allows a hacker to execute arbitrary code.

The vulnerability of the database extension of the OpenRefine software for extracting and cleaning tabular data is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

10CVSS8.2AI score0.00658EPSS
Exploits1References4Affected Software1
Information Security Automation
Information Security Automation
โ€ขadded 2024/11/20 10:15 p.m.โ€ข19 views

November Linux Patch Wednesday

November Linux Patch Wednesday. I was happy in October that the number of vulnerabilities was gradually decreasing to an acceptable level, and in November I got a peak again. A total of 803 vulnerabilities. Of these, 567 are in the Linux Kernel. Kind of crazy. 2 vulnerabilities in Chromium with...

9.1CVSS7.4AI score0.01602EPSS
Exploits5
Rows per page
Query Builder