com.azure.cosmos.spark:azure-cosmos-spark_4-0_2-13 (>=4.43.0 <=4.48.0), com.github.rumbledb:rumbledb (=2.0.0) +79 more potentially affected by CVE-2025-54920 via org.apache.spark:spark-core_2.13 (=4.0.0)

org.apache.spark:spark-core2.13 MAVEN version =4.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.spark:spark-core2.13 and may be impacted: - com.azure.cosmos.spark:azure-cosmos-spark4-02-13 =4.43.0, =0.43.0-preview, =0.43.0-preview,...

EUVD-2023-38098

Malicious code in bioql PyPI...

CVE-2023-33972

Scylladb is a NoSQL data store using the seastar framework, compatible with Apache Cassandra. Authenticated users who are authorized to create tables in a keyspace can escalate their privileges to access a table in the same keyspace, even if they don't have permissions for that table. This issue...

com.baidu.hugegraph:hugegraph-cassandra (>=0.7.4 <=0.11.2), com.baidu.hugegraph:hugegraph-dist (>=0.7.4 <=0.11.2) +97 more potentially affected by CVE-2025-23015 via org.apache.cassandra:cassandra-all (>=3.10 <=3.11.17)

org.apache.cassandra:cassandra-all MAVEN version =3.10, =0.7.4, =0.7.4, =0.7.4, =0.7.4, =0.7.4, =3.8.0-bv13, =3.8.0-bv13, =3.8.0-bv13, =3.8.0-bv13, =3.8.0-bv13, =3.8.0-bv13, =3.8.0-bv13, =3.8.0-bv13, =6.5.13, =6.5.13, =6.5.248 and more Source cves: CVE-2025-23015 Source advisory:...

BIT-SCYLLADB-2023-33972 Privilege escalation from having CREATE access on a keyspace in Scylladb

Scylladb is a NoSQL data store using the seastar framework, compatible with Apache Cassandra. Authenticated users who are authorized to create tables in a keyspace can escalate their privileges to access a table in the same keyspace, even if they don't have permissions for that table. This issue...

Legba - A Multiprotocol Credentials Bruteforcer / Password Sprayer And Enumerator

Legba is a multiprotocol credentials bruteforcer / password sprayer and enumerator built with Rust and the Tokio asynchronous runtime in order to achieve better performances and stability while consuming less resources than similar tools see the benchmark below. For the building instructions, usa...

CVE-2023-33972

Scylladb is a NoSQL data store using the seastar framework, compatible with Apache Cassandra. Authenticated users who are authorized to create tables in a keyspace can escalate their privileges to access a table in the same keyspace, even if they don't have permissions for that table. This issue...

Code injection

Scylladb is a NoSQL data store using the seastar framework, compatible with Apache Cassandra. Authenticated users who are authorized to create tables in a keyspace can escalate their privileges to access a table in the same keyspace, even if they don't have permissions for that table. This issue...

CVE-2023-33972 Privilege escalation from having CREATE access on a keyspace in Scylladb

Scylladb is a NoSQL data store using the seastar framework, compatible with Apache Cassandra. Authenticated users who are authorized to create tables in a keyspace can escalate their privileges to access a table in the same keyspace, even if they don't have permissions for that table. This issue...

CVE-2023-33972 Privilege escalation from having CREATE access on a keyspace in Scylladb

Scylladb is a NoSQL data store using the seastar framework, compatible with Apache Cassandra. Authenticated users who are authorized to create tables in a keyspace can escalate their privileges to access a table in the same keyspace, even if they don't have permissions for that table. This issue...

CVE-2023-33972 Privilege escalation from having CREATE access on a keyspace in Scylladb

Scylladb is a NoSQL data store using the seastar framework, compatible with Apache Cassandra. Authenticated users who are authorized to create tables in a keyspace can escalate their privileges to access a table in the same keyspace, even if they don't have permissions for that table. This issue...

CVE-2023-33972

CVE-2023-33972 describes a privilege-escalation flaw in ScyllaDB where an authenticated user with CREATE privileges on a keyspace can access a table within the same keyspace to which they have no permissions. The underlying issue is a mismanagement of privileges at the keyspace level, enabling la...

PT-2023-5666 · Scylladb · Scylladb

Name of the Vulnerable Software and Affected Versions: Scylladb affected versions not specified Description: The issue is related to errors in privilege management in the NoSQL database management system Scylladb. Exploitation of this issue may allow a remote attacker to escalate their privileges...

Scylla Security Breach

Scylla is a ScyllaDB open source real-time big data database compatible with Apache Cassandra and Amazon DynamoDB APIs. Scylla has a security vulnerability that stems from allowing an attacker with CREATE access to elevate to higher privileges...

com.amazon.emr:hive2-shims (>=5.0.0 <=5.6.0), com.boozallen.aissemble:extensions-data-delivery-spark (>=1.13.0-rc6 <=2.0.0) +56 more potentially affected by CVE-2018-1315 via org.apache.hive:hive-exec (>=2.1.0 <=2.3.2)

org.apache.hive:hive-exec MAVEN version =2.1.0, =5.0.0, =1.13.0-rc6, =1.13.0-rc6, =1.13.0-rc6, =1.13.0-rc6, =1.13.0-rc6, =4.1.2-RELEASE, =4.0.0-preview22.0.1, =5.6.0, =4.0.00.31.1-prerelease6, =4.0.0, =4.1.0, =4.2.0 and more Source cves: CVE-2018-1315 Source advisory: OSV:GHSA-P639-XXV5-J383...