CVE-2024-46997 DataEase's H2 datasource has a remote command execution risk

DataEase is an open source data visualization analysis tool. Prior to version 2.10.1, an attacker can achieve remote command execution by adding a carefully constructed h2 data source connection string. The vulnerability has been fixed in v2.10.1...

UBUNTU-CVE-2024-6322

Access control for plugin data sources protected by the ReqActions json field of the plugin.json is bypassed if the user or service account is granted associated access to any other data source, as the ReqActions check was not scoped to each specific datasource. The account must have prior query...

Oracle Linux 8 : grafana (ELSA-2024-5291)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-5291 advisory. 9.2.10-17 - Allow for mssql datasource in selinux policy - Resolves RHEL-43435 Tenable has extracted the preceding description block directly from the...

grafana security update

9.2.10-17 - Allow for mssql datasource in selinux policy - Resolves RHEL-43435...

Apache Linkis code issue vulnerability (CNVD-2024-33595)

Apache Linkis is a middleware product of the U.S. Apache Apache Foundation, which can establish an effective connection between upper-tier applications and the underlying data engine. Apache Linkis 1.6.0 before the version of the code problem vulnerability , the vulnerability stems from the lack ...

JNDI Injection

org.apache.linkis: linkis-common is vulnerable to JNDI Injection. The vulnerability is due to insufficient filtering of db2 parameters, allowing an attacker with access to an authorized Linkis account to configure malicious parameters in the DataSource Manager Module which results in JNDI Injecti...

Arbitrary File Read

org.apache.linkis: linkis-common is vulnerable to Arbitrary File Read. The vulnerability is due to a lack of effective filtering of parameters, allowing an attacker with an authorized linkis account to configure malicious MySQL JDBC parameters in the DataSource Manager Module which results in...

Remote Code Execution (RCE)

org.apache.linkis: linkis-datasource is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper deserialization of untrusted data in the data source management module when adding a MySQL data source. If an attacker obtains an authorized linkis account, they can exploit JRMP ...

cloud-init bug fix update

An update is available for cloud-init. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The cloud-init packages provide a set of init scripts for cloud instances...

GHSA-7QPC-4XX9-X5QW Apache Linkis DataSource's JDBC Datasource Module with DB2 has JNDI Injection vulnerability

In Apache Linkis =1.5.0, due to the lack of effective filteringof parameters, an attacker configuring malicious db2 parameters in the DataSource Manager Module will result in jndi injection. Therefore, the parameters in the DB2 URL should be blacklisted. This attack requires the attacker to obtai...

Apache Linkis DataSource's JDBC Datasource Module with DB2 has JNDI Injection vulnerability

In Apache Linkis =1.5.0, due to the lack of effective filteringof parameters, an attacker configuring malicious db2 parameters in the DataSource Manager Module will result in jndi injection. Therefore, the parameters in the DB2 URL should be blacklisted. This attack requires the attacker to obtai...

Apache Linkis DataSource allows arbitrary file reading

In Apache Linkis = 1.4.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will trigger arbitrary file reading. Therefore, the parameters in the Mysql JDBC URL should be blacklisted. This attack requires...

Apache Linkis DataSource remote code execution vulnerability

In Apache Linkis = 1.8.0241. Or users upgrade Linkis to version 1.6.0...

GHSA-F22J-9J59-33J4 Apache Linkis DataSource allows arbitrary file reading

In Apache Linkis = 1.4.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will trigger arbitrary file reading. Therefore, the parameters in the Mysql JDBC URL should be blacklisted. This attack requires...

GHSA-JJVC-V8GW-5255 Apache Linkis DataSource remote code execution vulnerability

In Apache Linkis = 1.8.0241. Or users upgrade Linkis to version 1.6.0...

CVE-2023-41916

In Apache Linkis =1.4.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will trigger arbitrary file reading. Therefore, the parameters in the Mysql JDBC URL should be blacklisted. This attack requires...

CVE-2023-49566

In Apache Linkis =1.5.0, due to the lack of effective filtering of parameters, an attacker configuring malicious db2 parameters in the DataSource Manager Module will result in jndi injection. Therefore, the parameters in the DB2 URL should be blacklisted. This attack requires the attacker to...

CVE-2023-49566

In Apache Linkis =1.5.0, due to the lack of effective filtering of parameters, an attacker configuring malicious db2 parameters in the DataSource Manager Module will result in jndi injection. Therefore, the parameters in the DB2 URL should be blacklisted. This attack requires the attacker to...

CVE-2023-49566 Apache Linkis DataSource: JDBC Datasource Module with DB2 has JNDI Injection vulnerability

In Apache Linkis =1.5.0, due to the lack of effective filtering of parameters, an attacker configuring malicious db2 parameters in the DataSource Manager Module will result in jndi injection. Therefore, the parameters in the DB2 URL should be blacklisted. This attack requires the attacker to...

CVE-2023-49566

CVE-2023-49566 affects Apache Linkis 1.5.0 and earlier, specifically the DataSource Manager Module where DB2 URL parameters can be crafted to trigger a JNDI injection due to insufficient filtering. The attack requires an attacker with an authorized Linkis account and can enable exploitation throu...