Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Github Security Blog
Github Security Blogadded 2023/07/06 7:24 p.m.19 views

Apache Kylin vulnerable to remote code execution

Kylin's cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu. RCE can be implemented by closing the single quotation marks around the parameter value of “-- conf=” to inject any operating system command into the comma...

9.8CVSS7.4AI score0.13594EPSS
Exploits0References5Affected Software3
Veracode
Veracodeadded 2022/10/14 9:35 a.m.26 views

Command Injection

kylin is vulnerable to command injection. The vulnerability exists when overwriting system parameters in the configuration overwrites menu which allows an attacker to send a specially crafted request using the value parameter and inject any operating system command into the system...

9.8CVSS9.1AI score0.13594EPSS
Exploits0References4Affected Software4
NVD
NVDadded 2022/10/13 1:15 p.m.13 views

CVE-2022-24697

Kylin's cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu. RCE can be implemented by closing the single quotation marks around the parameter value of “-- conf=” to inject any operating system command into the comma...

9.8CVSS0.13594EPSS
Exploits0References2
Prion
Prionadded 2022/10/13 1:15 p.m.19 views

Command injection

Kylin's cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu. RCE can be implemented by closing the single quotation marks around the parameter value of “-- conf=” to inject any operating system command into the comma...

7.5CVSS8.8AI score0.13594EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichmentadded 2022/10/13 12:0 a.m.7 views

CVE-2022-24697 Apache Kylin prior to 4.0.2 allows command injection when the configuration overwrites function overwrites system parameters

Kylin's cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu. RCE can be implemented by closing the single quotation marks around the parameter value of “-- conf=” to inject any operating system command into the comma...

9.6AI score0.13594EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2022/10/12 12:0 a.m.2 views

PT-2022-16810 · Kylin · Kylin

Name of the Vulnerable Software and Affected Versions: Kylin versions 2.6.5 and earlier Kylin versions 3.1.2 and earlier Kylin versions 4.0.1 and earlier Description: The issue is related to a command injection vulnerability in Kylin's cube designer function. This occurs when overwriting system...

9.8CVSS9.4AI score0.13594EPSS
Exploits0References14
Prion
Prionadded 2019/12/23 6:15 p.m.18 views

Design/Logic Flaw

On BIG-IP versions 15.0.0-15.0.1, 14.1.0.2-14.1.2.2, 14.0.0.5-14.0.1, 13.1.1.5-13.1.3.1, 12.1.4.1-12.1.5, 11.6.4-11.6.5, and 11.5.9-11.5.10, the access controls implemented by scp.whitelist and scp.blacklist are not properly enforced for paths that are symlinks. This allows authenticated users wi...

3.6CVSS4AI score0.00094EPSS
Exploits0References1Affected Software13
Rows per page
Query Builder