Lucene search
+L

92 matches found

GithubExploit
GithubExploit
added 2022/02/24 11:7 a.m.755 views

Exploit for Incorrect Permission Assignment for Critical Resource in Apache Cassandra

CVE-2021-44521 Automated PoC of CVE-2021-44521 Credits to orig...

9.1CVSS9.5AI score0.54889EPSS
Exploits7
GithubExploit
GithubExploit
added 2022/02/24 11:7 a.m.13 views

Exploit for Incorrect Permission Assignment for Critical Resource in Apache Cassandra

CVE-2021-44521 Automated PoC of CVE-2021-44521 Credits to orig...

9.1CVSS7.4AI score0.54889EPSS
Exploits7
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/23 10:41 p.m.21 views

Security Bulletin: Datastax Enterprise with IBM is vulnerable to exploiting Apache Cassandra User-Defined Functions for Remote Code Execution

Summary In Datastax Enterprise with IBM, a remote code execution RCE security vulnerability in Apache Cassandra exists and has been assigned to CVE-2021-44521. Vulnerability Details CVEID: CVE-2021-44521 DESCRIPTION: Apache Cassandra could allow a remote authenticated attacker to execute arbitrar...

9.1CVSS2.3AI score0.54889EPSS
Exploits7Affected Software1
hivepro
hivepro
added 2022/02/18 12:40 p.m.56 views

Apache Cassandra database affected by easily exploitable Remote code execution

THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here Apache Cassandra is a database software being used by many companies such as Uber, Facebook, Netflix, Twitter, Instagram, Spotify, Instacart, Reddit, and Accenture. A remote code execution flaw CVE-2021-44521 is reported whi...

8.5CVSS0.6AI score0.54889EPSS
Exploits7
ThreatPost
ThreatPost
added 2022/02/16 4:3 p.m.340 views

High-Severity RCE Bug Found in Popular Apache Cassandra Database

Researchers have shared details about a now-patched, high-severity security bug in the Apache Cassandra open-source NoSQL distributed database that’s easy to exploit and, if left unpatched, could enable attackers to gain remote code execution RCE. The bug, which involves how Cassandra creates...

9.1CVSS9.3AI score0.54889EPSS
Exploits7References11
RedhatCVE
RedhatCVE
added 2022/02/12 2:23 a.m.49 views

CVE-2021-44521

A flaw was found in Cassandra that allows users with certain permissions to execute user-defined functions to create scripts and run remote code execution. This flaw allows an attacker to gain unwanted access and also execute actions against Cassandra...

9.1CVSS6.6AI score0.54889EPSS
Exploits7References3
OSV
OSV
added 2022/02/12 12:0 a.m.3 views

GHSA-8FFC-79XG-29W8 Apache Cassandra vulnerable to Code Injection due to unsafe configuration

When running Apache Cassandra with the following configuration: enableuserdefinedfunctions: true enablescripteduserdefinedfunctions: true enableuserdefinedfunctionsthreads: false it is possible for an attacker to execute arbitrary code on the host. The attacker would need to have enough permissio...

9.1CVSS6.2AI score0.54889EPSS
Exploits7References7
Github Security Blog
Github Security Blog
added 2022/02/12 12:0 a.m.69 views

Apache Cassandra vulnerable to Code Injection due to unsafe configuration

When running Apache Cassandra with the following configuration: enableuserdefinedfunctions: true enablescripteduserdefinedfunctions: true enableuserdefinedfunctionsthreads: false it is possible for an attacker to execute arbitrary code on the host. The attacker would need to have enough permissio...

9.1CVSS2.5AI score0.54889EPSS
Exploits7References7Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/02/11 1:15 p.m.3 views

CVE-2021-44521

When running Apache Cassandra with the following configuration: enableuserdefinedfunctions: true enablescripteduserdefinedfunctions: true enableuserdefinedfunctionsthreads: false it is possible for an attacker to execute arbitrary code on the host. The attacker would need to have enough permissio...

9.1CVSS7.9AI score0.54889EPSS
Exploits7References6Affected Software1
OSV
OSV
added 2022/02/11 1:15 p.m.7 views

CVE-2021-44521

When running Apache Cassandra with the following configuration: enableuserdefinedfunctions: true enablescripteduserdefinedfunctions: true enableuserdefinedfunctionsthreads: false it is possible for an attacker to execute arbitrary code on the host. The attacker would need to have enough permissio...

9.1CVSS7.9AI score0.54889EPSS
Exploits7References4
Cvelist
Cvelist
added 2022/02/11 12:20 p.m.27 views

CVE-2021-44521 Remote code execution for scripted UDFs

When running Apache Cassandra with the following configuration: enableuserdefinedfunctions: true enablescripteduserdefinedfunctions: true enableuserdefinedfunctionsthreads: false it is possible for an attacker to execute arbitrary code on the host. The attacker would need to have enough permissio...

9.5AI score0.54889EPSS
Exploits7References4
CVE
CVE
added 2022/02/11 12:20 p.m.1173 views

CVE-2021-44521

CVE-2021-44521 affects Apache Cassandra when enable_user_defined_functions: true, enable_scripted_user_defined_functions: true, and enable_user_defined_functions_threads: false. The documented unsafe configuration can allow an attacker with cluster-level permissions to create user-defined functio...

9.1CVSS9.4AI score0.54889EPSS
Exploits7References4Affected Software1
Positive Technologies
Positive Technologies
added 2022/02/11 12:0 a.m.5 views

PT-2022-2317 · Apache · Apache Cassandra

Name of the Vulnerable Software and Affected Versions: Apache Cassandra versions prior to 3.0.26 Apache Cassandra versions prior to 3.11.12 Apache Cassandra versions prior to 4.0.2 Description: The issue is related to the incorrect management of code generation in Apache Cassandra, which can allo...

9.1CVSS9.4AI score0.54889EPSS
Exploits7References25
FreeBSD
FreeBSD
added 2022/02/11 12:0 a.m.36 views

cassandra3 -- arbitrary code execution

Marcus Eriksson reports: When running Apache Cassandra with the following configuration: enableuserdefinedfunctions: true enablescripteduserdefinedfunctions: true enableuserdefinedfunctionsthreads: false it is possible for an attacker to execute arbitrary code on the host. The attacker would need...

9.1CVSS2.9AI score0.54889EPSS
Exploits7References1
OSV
OSV
added 2020/12/14 9:15 p.m.6 views

CVE-2020-25234

A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V8.3, LOGO! Soft Comfort All versions V8.3. The LOGO! program files generated and used by the affected components offer the possibility to save user-defined functions UDF in a password protected way. This...

7.7CVSS7AI score0.00301EPSS
Exploits0References1
NVD
NVD
added 2020/12/14 9:15 p.m.19 views

CVE-2020-25234

A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V8.3, LOGO! Soft Comfort All versions V8.3. The LOGO! program files generated and used by the affected components offer the possibility to save user-defined functions UDF in a password protected way. This...

7.7CVSS8AI score0.00301EPSS
Exploits0References1
Prion
Prion
added 2020/12/14 9:15 p.m.21 views

Information disclosure

A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V8.3, LOGO! Soft Comfort All versions V8.3. The LOGO! program files generated and used by the affected components offer the possibility to save user-defined functions UDF in a password protected way. This...

3.6CVSS7.9AI score0.00301EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/12/14 9:5 p.m.21 views

CVE-2020-25234

A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V8.3, LOGO! Soft Comfort All versions V8.3. The LOGO! program files generated and used by the affected components offer the possibility to save user-defined functions UDF in a password protected way. This...

7.4AI score0.00301EPSS
Exploits0References1
Prion
Prion
added 2020/08/05 1:15 p.m.24 views

Remote code execution

Aerospike Community Edition 4.9.0.5 allows for unauthenticated submission and execution of user-defined functions UDFs, written in Lua, as part of a database query. It attempts to restrict code execution by disabling os.execute calls, but this is insufficient. Anyone with network access can use a...

10CVSS9.7AI score0.86749EPSS
Exploits8References6Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/10/24 12:0 a.m.8 views

The vulnerability of the UDF subsystem of the “Red Database” and Firebird database management systems allows attackers to execute arbitrary code.

The vulnerability of the UDF subsystem in the “Red Database” and Firebird database management systems is related to errors during the execution of user-defined functions. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

9CVSS6.1AI score0.03273EPSS
Exploits0References4Affected Software2
Rows per page
Query Builder