Unauthorized Access Vulnerability in Damon's Big Data Analytics Platform

Wuhan Damon Database Co., Ltd. is specialized in providing big data platform architecture consulting, data technology solution planning, product deployment and implementation in one big data platform company. Unauthorized access vulnerability exists in Damon Big Data Analytics Platform, which can...

The vulnerability of the Snowflake Golang driver for working with the cloud-based data processing and storage platform allows a perpetrator to execute arbitrary code.

The vulnerability of the Snowflake Golang driver for working with cloud-based data processing and storage platforms is related to the lack of measures to clean incoming data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

Sql injection

rudder-server is part of RudderStack, an open source Customer Data Platform CDP. Versions of rudder-server prior to 1.3.0-rc.1 are vulnerable to SQL injection. This issue may lead to Remote Code Execution RCE due to the rudder role in PostgresSQL having superuser permissions by default. Version...

CVE-2023-30625 rudder-server vulnerable to SQL Injection

rudder-server is part of RudderStack, an open source Customer Data Platform CDP. Versions of rudder-server prior to 1.3.0-rc.1 are vulnerable to SQL injection. This issue may lead to Remote Code Execution RCE due to the rudder role in PostgresSQL having superuser permissions by default. Version...

CVE-2023-28069

Dell Streaming Data Platform prior to 1.4 contains Open Redirect vulnerability. A remote unauthenticated attacker can phish the legitimate user to redirect to malicious website leading to information disclosure and launch of phishing attacks...

Open redirect

Dell Streaming Data Platform prior to 1.4 contains Open Redirect vulnerability. A remote unauthenticated attacker can phish the legitimate user to redirect to malicious website leading to information disclosure and launch of phishing attacks...

CVE-2023-28069

Dell Streaming Data Platform prior to 1.4 contains Open Redirect vulnerability. A remote unauthenticated attacker can phish the legitimate user to redirect to malicious website leading to information disclosure and launch of phishing attacks...

CVE-2023-28069

Dell Streaming Data Platform prior to 1.4 contains an Open Redirect vulnerability. A remote unauthenticated attacker can lure legitimate users to a phishing site by redirecting them, potentially causing information disclosure and phishing attacks. Affected product: Dell Streaming Data Platform, v...

CVE-2023-28069

Dell Streaming Data Platform prior to 1.4 contains Open Redirect vulnerability. A remote unauthenticated attacker can phish the legitimate user to redirect to malicious website leading to information disclosure and launch of phishing attacks...

Dell EMC Streaming Data Platform 输入验证错误漏洞

Dell EMC Streaming Data Platform is a platform for ingesting, storing, and analyzing continuous streaming data in real-time from Dell, Inc. The Dell EMC Streaming Data Platform suffers from an input validation error vulnerability that stems from the inclusion of an open redirection vulnerability...

PT-2023-21530 · Dell · Dell Emc Streaming Data Platform

Name of the Vulnerable Software and Affected Versions: Dell Streaming Data Platform versions prior to 1.4 Description: The issue allows a remote unauthenticated attacker to phish legitimate users, redirecting them to malicious websites. This can lead to information disclosure and the launch of...

AtroCore 代码问题漏洞

AtroCore is an open source data platform, data management and middleware software from AtroCore, Inc. A security vulnerability exists in AtroCore version 1.5.25 that stems from the presence of an unauthenticated file upload vulnerability...

Input validation

Pimcore is an open source data and experience management platform. Prior to version 10.5.19, quoting is not done properly in UUID DAO model. There is the theoretical possibility to inject custom SQL if the developer is using this methods with input data and not doing proper input validation in...

The vulnerability of the GE Proficy Historian industrial data management platform, related to deficiencies in access control, allows a intruder to gain unauthorized access to protected information.

The vulnerability of the GE Proficy Historian industrial data management platform is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...

CVE-2022-36031

Directus is a free and open-source data platform for headless content management. The Directus process can be aborted by having an authorized user update the filenamedisk value to a folder and accessing that file through the /assets endpoint. This vulnerability has been patched and release v9.15....

Double free

Directus is a free and open-source data platform for headless content management. The Directus process can be aborted by having an authorized user update the filenamedisk value to a folder and accessing that file through the /assets endpoint. This vulnerability has been patched and release v9.15....

CVE-2022-36031

Directus CVE-2022-36031 affects the Directus data platform. The issue arises when an authorized (non-admin) user with permission to update the filename_disk field on directus_files changes the value to a folder and then accesses that file via the /assets endpoint, causing the Directus process to ...

Remote Code Execution Vulnerability in Damon 7 Database Kirin Edition

Wuhan Damon Database Co., Ltd. is specialized in providing big data platform architecture consulting, data technology solution planning, product deployment and implementation in one big data platform company. A remote code execution vulnerability exists in Damon 7 Database Kirin Edition, which ca...

Security Bulletin: Cloudera Data Platform Private Cloud Base with IBM products have log messages vulnerable to arbitrary code execution, denial of service, remote code execution, and SQL injection due to Apache Log4j vulnerabilities

Summary Cloudera Data Platform Private Cloud Base with IBM products are affected by multiple Apache Log4j 1.x, 2.x vulnerabilities. Log messages are vulnerable to arbitrary code execution CVE-2022-23302, CVE-2021-44832, denial of service CVE-2021-45105, default file permissions CVE-2022-21704,...

The vulnerability of the Kylin data processing platform, related to the lack of measures for cleaning incoming data, allows a perpetrator to execute arbitrary commands.

The vulnerability of the Kylin data processing platform is related to the lack of measures for cleaning incoming data. Exploiting this vulnerability allows an attacker to execute arbitrary commands...