86 matches found
CVE-2026-24014
Apache IoTDB DataNode’s internal RPC interface for creating Trigger instances uses the uploaded Trigger JAR name to build a file path without sufficient validation. If the internal DataNode RPC port is exposed to an untrusted network, an attacker may use path traversal sequences in the JAR name t...
CVE-2026-24012
Uncontrolled Resource Consumption vulnerability in Apache IoTDB. Some interface fails to impose reasonable limits on the time span and aggregation interval of the query. An attacker can construct a request with extreme parameters e.g., a very large time range combined with a minimal interval. Thi...
EUVD-2026-41856
Uncontrolled Resource Consumption vulnerability in Apache IoTDB. Some interface fails to impose reasonable limits on the time span and aggregation interval of the query. An attacker can construct a request with extreme parameters e.g., a very large time range combined with a minimal interval. Thi...
CVE-2026-24014 Apache IoTDB: Path Traversal in DataNode Internal RPC Trigger JAR Upload Allows Arbitrary File Write
Apache IoTDB DataNode’s internal RPC interface for creating Trigger instances uses the uploaded Trigger JAR name to build a file path without sufficient validation. If the internal DataNode RPC port is exposed to an untrusted network, an attacker may use path traversal sequences in the JAR name t...
CVE-2026-24014
CVE-2026-24014 — Apache IoTDB Path Traversal in DataNode Trigger JAR Upload : The issue arises in IoTDB’s DataNode internal RPC interface used to create Trigger instances. The JAR name is used to build a file path without sufficient validation, enabling path traversal if the RPC port is reachable...
CVE-2026-24014
Apache IoTDB DataNode’s internal RPC interface for creating Trigger instances uses the uploaded Trigger JAR name to build a file path without sufficient validation. If the internal DataNode RPC port is exposed to an untrusted network, an attacker may use path traversal sequences in the JAR name t...
PT-2026-55880
Name of the Vulnerable Software and Affected Versions Apache IoTDB versions 1.3.3 through 2.0.7 Description The internal RPC interface of the Apache IoTDB DataNode used for creating Trigger instances fails to sufficiently validate the name of the uploaded Trigger JAR when constructing a file path...
EUVD-2025-179391
Malicious code in data-node-sanitize-balance-optimize npm...
EUVD-2022-27626
Malicious code in bioql PyPI...
Security Bulletin: IBM QRadar SIEM is vulnerable to possible information disclosure (CVE-2022-22480)
Summary IBM QRadar SIEM is vulnerable to possible information disclosure due to data node rebalancing not functioning correctly. Vulnerability Details CVEID:CVE-2022-22480 DESCRIPTION: IBM QRadar SIEM data node rebalancing does not function correctly when using encrypted hosts which could result ...
SUSE CVE-2017-6440
The parsedatanode function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service memory allocation error via a crafted plist file...
IBM QRadar SIEM Information Disclosure Vulnerability (CNVD-2022-68281)
IBM QRadar SIEM is a solution from International Business Machines IBM that leverages security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user...
CVE-2022-22480
IBM QRadar SIEM 7.4 and 7.5 data node rebalancing does not function correctly when using encrypted hosts which could result in information disclosure. IBM X-Force ID: 225889...
CVE-2022-22480
IBM QRadar SIEM 7.4 and 7.5 data node rebalancing does not function correctly when using encrypted hosts which could result in information disclosure. IBM X-Force ID: 225889...
Information disclosure
IBM QRadar SIEM 7.4 and 7.5 data node rebalancing does not function correctly when using encrypted hosts which could result in information disclosure. IBM X-Force ID: 225889...
CVE-2022-22480
IBM QRadar SIEM 7.4 and 7.5 data node rebalancing does not function correctly when using encrypted hosts which could result in information disclosure. IBM X-Force ID: 225889...
CVE-2022-22480
IBM QRadar SIEM is vulnerable to information disclosure caused by data node rebalancing not functioning correctly when encrypted hosts are used. Affected versions: QRadar 7.4.0–7.4.3 Fix Pack 6 and 7.5.0–7.5.0 Update Pack 2. Remediation: upgrade to QRadar 7.4.3 Fix Pack 7 and QRadar 7.5.0 Update ...
PT-2022-15460 · Ibm · Ibm Qradar Siem
Name of the Vulnerable Software and Affected Versions: IBM QRadar SIEM versions 7.4 through 7.5 Description: The issue is related to data node rebalancing in IBM QRadar SIEM when using encrypted hosts, which does not function correctly and could result in information disclosure. Recommendations:...
IBM QRadar SIEM 安全漏洞
IBM QRadar SIEM is a solution from International Business Machines IBM that leverages security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user...
CVE-2022-22480
IBM QRadar SIEM 7.4 and 7.5 data node rebalancing does not function correctly when using encrypted hosts which could result in information disclosure. IBM X-Force ID: 225889...