Lucene search
+L

219 matches found

euvd
euvd
added 2025/10/03 8:7 p.m.9 views

EUVD-2023-38098

Malicious code in bioql PyPI...

8.8CVSS8.4AI score0.00524EPSS
Exploits0References1
redos
redos
added 2025/09/23 12:0 a.m.5 views

ROS-20250923-06

A vulnerability in the Apache Cassandra distributed database management system is related to improper privilege handling. Exploitation of the vulnerability could allow a remote attacker to compromise the confidentiality, integrity, and availability of protected information. impact the...

8.8CVSS6.4AI score0.00469EPSS
Exploits0
veracode
veracode
added 2025/09/19 8:6 a.m.5 views

Privilege Defined With Unsafe Actions

org.apache.cassandra, cassandra-all is vulnerable to Privilege Defined With Unsafe Actions. The vulnerability is due to unsafe actions on a system resource, which allow a user with MODIFY permission on all keyspaces to escalate privileges to superuser within an Apache Cassandra cluster...

8.8CVSS6.8AI score0.00469EPSS
Exploits0References3Affected Software1
nvd
nvd
added 2025/08/25 2:15 p.m.5 views

CVE-2025-26467

Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on...

8.8CVSS0.00469EPSS
Exploits0References1
osv
osv
added 2025/08/25 2:15 p.m.8 views

AZL-66698 CVE-2025-26467 affecting package cassandra 5.0.0-2

Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on...

8.8CVSS5.7AI score0.00469EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/08/25 2:6 p.m.2 views

CVE-2025-26467 Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions (4.0.16 only)

Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on...

7.3AI score0.00469EPSS
Exploits0References1
cvelist
cvelist
added 2025/08/25 2:6 p.m.14 views

CVE-2025-26467 Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions (4.0.16 only)

Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on...

0.00469EPSS
Exploits0References1
cnnvd
cnnvd
added 2025/08/25 12:0 a.m.7 views

Apache Cassandra 安全漏洞

Apache Cassandra is a distributed Nosql database from the Apache USA Foundation. A security vulnerability exists in Apache Cassandra versions 3.0.30, 3.11.17, 4.0.16, 4.1.7, and 5.0.2, which stems from an improperly defined privilege that could lead to elevation of privilege...

8.8CVSS6.4AI score0.00469EPSS
Exploits0References2
osv
osv
added 2025/02/20 7:10 p.m.18 views

BIT-CASSANDRA-2024-27137 Apache Cassandra: unrestricted deserialization of JMX authentication credentials

In Apache Cassandra it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and passwords used to access the JMX interface. The attacker can then use these...

5.3CVSS5.4AI score0.00276EPSS
Exploits0References3
cnvd
cnvd
added 2025/02/18 12:0 a.m.14 views

Apache Cassandra Authorization Issues Vulnerability

Apache Cassandra is a distributed Nosql database from the American Apache Apache Foundation. Apache Cassandra suffers from an authorization issue vulnerability that stems from the inclusion of an incorrect authorization, which can be exploited by an attacker to access a datacenter or IP/CIDR grou...

5.4CVSS6.6AI score0.01056EPSS
Exploits0References1
bdu_fstec
bdu_fstec
added 2025/02/14 12:0 a.m.15 views

The vulnerability of the distributed database management system Apache Cassandra lies in its insecure handling of privileges, allowing attackers to elevate their own privileges.

The vulnerability of the distributed database management system Apache Cassandra lies in the insecure management of privileges. Exploiting this vulnerability can allow a malicious actor to increase their privileges remotely...

9CVSS7.5AI score0.00964EPSS
Exploits0References4Affected Software1
osv
osv
added 2025/02/13 5:16 p.m.9 views

GHSA-MRQP-Q7VX-V2CX Instaclustr Cassandra-Lucene-Index allows bypass of Cassandra RBAC

Summary / Details Systems running the Instaclustr fork of Stratio's Cassandra-Lucene-Index plugin versions 4.0-rc1-1.0.0 through 4.0.16-1.0.0 and 4.1.0-1.0.0 through 4.1.8-1.0.0, installed into Apache Cassandra version 4.x, are susceptible to a vulnerability which when successfully exploited coul...

8.8CVSS8.6AI score0.00559EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2025/02/10 12:0 a.m.7 views

PT-2025-24459

Name of the Vulnerable Software and Affected Versions: Apache Cassandra versions 3.0.30 Apache Cassandra versions 3.11.17 Apache Cassandra versions 4.0.16 Apache Cassandra versions 4.1.7 Apache Cassandra versions 5.0.2 Description: A privilege escalation issue exists in Apache Cassandra where a...

8.8CVSS7.9AI score0.00964EPSS
Exploits0References13
osv
osv
added 2025/02/06 7:9 a.m.11 views

BIT-CASSANDRA-2025-23015 Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions

Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on...

8.8CVSS8AI score0.00964EPSS
Exploits0References5
osv
osv
added 2025/02/06 7:8 a.m.9 views

BIT-CASSANDRA-2025-24860 Apache Cassandra: CassandraNetworkAuthorizer and CassandraCIDRAuthorizer can be bypassed allowing access to different network regions

Incorrect Authorization vulnerability in Apache Cassandra allowing users to access a datacenter or IP/CIDR groups they should not be able to when using CassandraNetworkAuthorizer or CassandraCIDRAuthorizer. Users with restricted data center access can update their own permissions via data control...

5.4CVSS5.6AI score0.01056EPSS
Exploits0References4
veracode
veracode
added 2025/02/06 3:38 a.m.14 views

Privilege Defined With Unsafe Actions

org.apache.cassandra, cassandra-all is vulnerable to Privilege Defined With Unsafe Actions. The vulnerability is due to unsafe actions on a system resource, which allow a user with MODIFY permission on all keyspaces to escalate privileges to superuser within an Apache Cassandra cluster...

8.8CVSS6.9AI score0.00964EPSS
Exploits0References8Affected Software1
github
github
added 2025/02/04 12:30 p.m.21 views

Apache Cassandra: CassandraNetworkAuthorizer and CassandraCIDRAuthorizer can be bypassed allowing access to different network regions

Incorrect Authorization vulnerability in Apache Cassandra allowing users to access a datacenter or IP/CIDR groups they should not be able to when using CassandraNetworkAuthorizer or CassandraCIDRAuthorizer. Users with restricted data center access can update their own permissions via data control...

5.4CVSS6.8AI score0.01056EPSS
Exploits0References5Affected Software1
github
github
added 2025/02/04 12:30 p.m.23 views

Apache Cassandra: unrestricted deserialization of JMX authentication credentials

In Apache Cassandra it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and passwords used to access the JMX interface. The attacker can then use these...

5.3CVSS5AI score0.00276EPSS
Exploits0References4Affected Software1
github
github
added 2025/02/04 12:30 p.m.22 views

Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions

Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on...

8.8CVSS7AI score0.00964EPSS
Exploits0References8Affected Software1
osv
osv
added 2025/02/04 12:30 p.m.3 views

GHSA-3CJF-FWCQ-XH22 Apache Cassandra: CassandraNetworkAuthorizer and CassandraCIDRAuthorizer can be bypassed allowing access to different network regions

Incorrect Authorization vulnerability in Apache Cassandra allowing users to access a datacenter or IP/CIDR groups they should not be able to when using CassandraNetworkAuthorizer or CassandraCIDRAuthorizer. Users with restricted data center access can update their own permissions via data control...

5.4CVSS5.8AI score0.01056EPSS
Exploits0References5
Rows per page
Query Builder