Lucene search
K

193 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.10 views

EUVD-2023-2177

Malicious code in bioql PyPI...

9.8CVSS9.3AI score0.01996EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-1393

Malicious code in bioql PyPI...

9.8CVSS9.3AI score0.0212EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.17 views

EUVD-2023-1378

Malicious code in bioql PyPI...

9.8CVSS9.3AI score0.0212EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-2332

Malicious code in bioql PyPI...

6.5CVSS6.4AI score0.00728EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2022-7003

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.01747EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/09/19 12:0 a.m.7 views

PT-2025-38621

Name of the Vulnerable Software and Affected Versions Apache Linkis versions 1.3.0 through 1.7.0 Description A flaw exists in Apache Linkis when utilizing the JDBC engine and data source functionality. Multiple rounds of URL encoding applied to the URL parameter configured on the frontend can...

7.5CVSS5.3AI score0.00744EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2025/05/23 10:35 a.m.7 views

CVE-2024-39928

In Apache Linkis = 1.5.0, a Random string security vulnerability in Spark EngineConn, random string generated by the Token when starting Py4j uses the Commons Lang's RandomStringUtils. Users are recommended to upgrade to version 1.6.0, which fixes this issue...

7.5CVSS6.8AI score0.00579EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 9:11 a.m.3 views

CVE-2024-27181

In Apache Linkis = 1.5.0, Privilege Escalation in Basic management services where the attacking user is a trusted account allows access to Linkis's Token information. Users are advised to upgrade to version 1.6.0, which fixes this issue...

8.8CVSS6.8AI score0.00664EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:6 a.m.6 views

CVE-2024-45627

In Apache Linkis 1.7.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will allow the attacker to read arbitrary files from the Linkis server. Therefore, the parameters in the Mysql JDBC URL should be...

5.9CVSS6.6AI score0.00318EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 5:2 a.m.8 views

CVE-2023-27987

In Apache Linkis =1.3.1, due to the default token generated by Linkis Gateway deployment being too simple, it is easy for attackers to obtain the default token for the attack. Generation rules should add random values. We recommend users upgrade the version of Linkis to version 1.3.2 And modify t...

9.1CVSS6.8AI score0.00811EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:35 a.m.8 views

CVE-2023-41916

In Apache Linkis =1.4.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will trigger arbitrary file reading. Therefore, the parameters in the Mysql JDBC URL should be blacklisted. This attack requires...

6.5CVSS6.8AI score0.00728EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:11 p.m.7 views

CVE-2022-39944

In Apache Linkis =1.2.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures a JDBC EC with a MySQL data source and malicious parameters. Therefore, the parameters in...

8.8CVSS7.6AI score0.01747EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:59 p.m.11 views

CVE-2022-44645

In Apache Linkis =1.3.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures new datasource with a MySQL data source and malicious parameters. Therefore, the parameter...

8.8CVSS7.7AI score0.01949EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:59 p.m.7 views

CVE-2022-44644

In Apache Linkis =1.3.0 when used with the MySQL Connector/J in the data source module, an authenticated attacker could read arbitrary local files by connecting a rogue MySQL server, By adding allowLoadLocalInfile to true in the JDBC parameter. Therefore, the parameters in the JDBC URL should be...

6.5CVSS6.4AI score0.01161EPSS
Exploits0References1
CNVD
CNVD
added 2025/02/19 12:0 a.m.10 views

Apache Linkis Input Validation Error Vulnerability

Apache Linkis is a middleware product of the U.S. Apache Apache Foundation, which can establish an effective connection between upper-tier applications and the underlying data engine. An input validation error vulnerability exists in Apache Linkis versions prior to 1.7.0, which stems from the lac...

5.9CVSS6.6AI score0.00318EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/14 12:40 p.m.7 views

CVE-2023-50740

In Apache Linkis =1.4.0, The password is printed to the log when using the Oracle data source of the Linkis data source module. We recommend users upgrade the version of Linkis to version 1.5.0...

5.3CVSS6.6AI score0.00901EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/14 10:29 a.m.9 views

CVE-2023-29216

In Apache Linkis =1.3.1, because the parameters are not effectively filtered, the attacker uses the MySQL data source and malicious parameters to configure a new data source to trigger a deserialization vulnerability, eventually leading to remote code execution. Versions of Apache Linkis = 1.3.0...

9.8CVSS7.5AI score0.0212EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/14 10:17 a.m.25 views

CVE-2023-27602

In Apache Linkis =1.3.1, The PublicService module uploads files without restrictions on the path to the uploaded files, and file types. We recommend users upgrade the version of Linkis to version 1.3.2. For versions =1.3.1, we suggest turning on the file path check switch in linkis.properties...

9.8CVSS6.7AI score0.01996EPSS
Exploits0References1
OSV
OSV
added 2025/01/14 6:31 p.m.8 views

GHSA-8CVQ-3JJP-PH9P Apache Linkis Metadata Query Service JDBC: JDBC Datasource Module with Mysql has file read vulnerability

Affected versions: - Apache Linkis Metadata Query Service JDBC 1.5.0 before 1.7.0 Description: In Apache Linkis 1.7.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will allow the attacker to read...

5.9CVSS5.6AI score0.00318EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/01/14 6:31 p.m.21 views

Apache Linkis Metadata Query Service JDBC: JDBC Datasource Module with Mysql has file read vulnerability

Affected versions: - Apache Linkis Metadata Query Service JDBC 1.5.0 before 1.7.0 Description: In Apache Linkis 1.7.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will allow the attacker to read...

5.9CVSS6.7AI score0.00318EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder