CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

72 matches found

IBM Security Bulletins•added 2025/03/26 4:10 a.m.•74 views

Security Bulletin: IBM Cloud Pak for Network Automation 2.7.3 addresses multiple security vulnerabilities

Summary IBM Cloud Pak for Network Automation 2.7.3 addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2024-30260 DESCRIPTION: Node.js undici module could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw wit...

9.8CVSS9.9AI score0.87555EPSS

Exploits6Affected Software1

BDU FSTEC•added 2024/12/05 12:0 a.m.•1 views

The vulnerability of the R package in the Apache Arrow data analysis and processing system allows a hacker to execute arbitrary code.

The vulnerability of the Apache Arrow data analysis and processing system’s R package is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

10CVSS8.5AI score0.01855EPSS

Exploits0References8Affected Software1

NVD•added 2024/11/28 5:15 p.m.•38 views

CVE-2024-52338

Deserialization of untrusted data in IPC and Parquet readers in the Apache Arrow R package versions 4.0.0 through 16.1.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources for example, user-supplied input files. This...

9.8CVSS0.01855EPSS

Exploits0References3

OSV•added 2024/11/28 5:15 p.m.•12 views

PYSEC-2024-161

9.8CVSS7.6AI score0.01855EPSS

Exploits0References3

OSV•added 2024/11/28 5:15 p.m.•10 views

CVE-2024-52338

9.8CVSS7.3AI score

Exploits0References3

Vulnrichment•added 2024/11/28 4:31 p.m.•18 views

CVE-2024-52338 Apache Arrow R package: Arbitrary code execution when loading a malicious data file

7.1AI score0.01855EPSS

Exploits0References2

CVE•added 2024/11/28 4:31 p.m.•144 views

CVE-2024-52338

CVE-2024-52338 affects the Apache Arrow R package (versions 4.0.0–16.1.0). Deserialization of untrusted IPC/Parquet data allows arbitrary code execution. Affected users reading Arrow IPC, Feather, or Parquet data from untrusted sources are vulnerable. Upgrade to 17.0.0 or later to fix the issue. ...

9.8CVSS7.1AI score0.01855EPSS

Exploits0References3Affected Software1

Cvelist•added 2024/11/28 4:31 p.m.•30 views

CVE-2024-52338 Apache Arrow R package: Arbitrary code execution when loading a malicious data file

0.01855EPSS

Exploits0References2

CNNVD•added 2024/11/28 12:0 a.m.•1 views

Apache Arrow 代码问题漏洞

Apache Arrow is a cross-language development platform for in-memory data processing from the Apache USA Foundation. The platform supports programming languages such as C, C++, C, Go and Java, and provides features such as inter-process communication. A code issue vulnerability exists in Apache...

9.8CVSS9.5AI score0.01855EPSS

Exploits0References1

CNVD•added 2024/07/25 12:0 a.m.•8 views

Apache Arrow Rust Object Store Log Message Disclosure Vulnerability

Apache Arrow is a cross-language development platform for in-memory data processing from the U.S. Apache Apache Foundation. The platform supports programming languages such as C, C++, C, Go and Java, and provides features such as inter-process communication. A log message disclosure vulnerability...

7.5CVSS6.4AI score0.00285EPSS

Exploits0References1

Github Security Blog•added 2024/07/23 6:31 p.m.•24 views

Apache Arrow Rust Object Store: AWS WebIdentityToken exposure in log files

Exposure of temporary credentials in logs in Apache Arrow Rust Object Store objectstore crate, version 0.10.1 and earlier on all platforms using AWS WebIdentityTokens. On certain error conditions, the logs may contain the OIDC token passed to AssumeRoleWithWebIdentity...

7.5CVSS7.1AI score0.00285EPSS

Exploits0References7Affected Software1

OSV•added 2024/07/23 5:15 p.m.•3 views

CVE-2024-41178

7.5CVSS5.7AI score0.00285EPSS

Exploits0References2

Vulnrichment•added 2024/07/23 4:50 p.m.•27 views

CVE-2024-41178 Apache Arrow Rust Object Store: AWS WebIdentityToken exposure in log files

6.7AI score0.00285EPSS

Exploits0References2

Cvelist•added 2024/07/23 4:50 p.m.•29 views

CVE-2024-41178 Apache Arrow Rust Object Store: AWS WebIdentityToken exposure in log files

0.00285EPSS

Exploits0References2

OSV•added 2024/07/23 12:0 p.m.•9 views

RUSTSEC-2024-0358 Apache Arrow Rust Object Store: AWS WebIdentityToken exposure in log files

Exposure of temporary credentials in logs in Apache Arrow Rust Object Store, version 0.10.1 and earlier on all platforms using AWS WebIdentityTokens. On certain error conditions, the logs may contain the OIDC token passed to AssumeRoleWithWebIdentity. This allows someone with access to the logs t...

3.8CVSS7.6AI score0.00285EPSS

Exploits0References4

CNNVD•added 2024/07/23 12:0 a.m.•3 views

Apache Arrow 日志信息泄露漏洞

7.5CVSS6.6AI score0.00285EPSS

Exploits0References3

Positive Technologies•added 2024/06/13 12:0 a.m.•3 views

PT-2024-9096

Name of the Vulnerable Software and Affected Versions: Apache Arrow R package versions 4.0.0 through 16.1.0 Description: The issue is related to the deserialization of untrusted data in IPC and Parquet readers, which allows arbitrary code execution. An application is vulnerable if it reads Arrow...

10CVSS9.6AI score0.01855EPSS

Exploits0References31

Tenable Nessus•added 2023/11/28 12:0 a.m.•17 views

Fedora 39 : python-geopandas (2023-1c5e667fd0)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-1c5e667fd0 advisory. Update to latest version; fix CVE-2023-47248 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Ness...

9.8CVSS7.3AI score0.84819EPSS

Exploits0References2

CNVD•added 2023/11/13 12:0 a.m.•8 views

Apache Arrow Deserialization Vulnerability

9.8CVSS7AI score0.84819EPSS

Exploits0References1

CNNVD•added 2023/11/09 12:0 a.m.•3 views

Apache Arrow 代码问题漏洞

9.8CVSS7.5AI score0.84819EPSS

Exploits0References9

Rows per page