Lucene search
K

173 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-3791

Malware in sbrugna...

9.8CVSS9.5AI score0.02456EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-29205

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.01303EPSS
Exploits1References2
NVD
NVD
added 2025/09/15 4:15 p.m.4 views

CVE-2025-58046

Dataease is an open-source data visualization and analysis platform. In versions up to and including 2.10.12, the Impala data source is vulnerable to remote code execution due to insufficient filtering in the getJdbc method of the io.dataease.datasource.type.Impala class. Attackers can construct...

9.8CVSS0.01303EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/09/15 4:4 p.m.3 views

CVE-2025-58046 Dataease has a JDBC attack vulnerability in the Impala datasource

Dataease is an open-source data visualization and analysis platform. In versions up to and including 2.10.12, the Impala data source is vulnerable to remote code execution due to insufficient filtering in the getJdbc method of the io.dataease.datasource.type.Impala class. Attackers can construct...

8.7CVSS8.2AI score0.01303EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/09/15 4:4 p.m.8 views

CVE-2025-58046 Dataease has a JDBC attack vulnerability in the Impala datasource

Dataease is an open-source data visualization and analysis platform. In versions up to and including 2.10.12, the Impala data source is vulnerable to remote code execution due to insufficient filtering in the getJdbc method of the io.dataease.datasource.type.Impala class. Attackers can construct...

8.7CVSS0.01303EPSS
Exploits1References2
CVE
CVE
added 2025/09/15 4:4 p.m.22 views

CVE-2025-58046

Dataease CVE-2025-58046 affects the Impala data source in versions up to 2.10.12 due to insufficient filtering in getJdbc. An attacker can craft a JDBC connection string that triggers JNDI injection and RMI deserialization, enabling remote command execution. Remediation is to upgrade to 2.10.13 o...

9.8CVSS8.2AI score0.01303EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2025/09/15 4:4 p.m.5 views

CVE-2025-58046 Dataease has a JDBC attack vulnerability in the Impala datasource

Dataease is an open-source data visualization and analysis platform. In versions up to and including 2.10.12, the Impala data source is vulnerable to remote code execution due to insufficient filtering in the getJdbc method of the io.dataease.datasource.type.Impala class. Attackers can construct...

8.7CVSS8.4AI score0.01303EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/09/15 12:0 a.m.4 views

PT-2025-37720

Name of the Vulnerable Software and Affected Versions: Dataease versions prior to 2.10.13 Dataease versions 2.10.12 and earlier Description: Dataease is a data visualization and analysis platform. Versions up to and including 2.10.12 are susceptible to remote code execution through the Impala dat...

9.8CVSS8.2AI score0.01303EPSS
Exploits1References8
CNNVD
CNNVD
added 2025/09/15 12:0 a.m.5 views

DataEase 安全漏洞

DataEase is an open source data visualization and analysis tool from DataEase Open Source. It is used to help users quickly analyze data and gain insight into business trends for business improvement and optimization. A security vulnerability exists in Dataease version 2.10.12 and earlier, which...

9.8CVSS7.1AI score0.01303EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/22 8:55 p.m.7 views

CVE-2021-28131

Impala sessions use a 16 byte secret to verify that the session is not being hijacked by another user. However, these secrets appear in the Impala logs, therefore Impala users with access to the logs can use another authenticated user's sessions with specially constructed requests. This means the...

7.5CVSS7.1AI score0.03324EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:25 a.m.8 views

CVE-2019-10084

In Apache Impala 2.7.0 to 3.2.0, an authenticated user with access to the IDs of active Impala queries or sessions can interact with those sessions or queries via a specially-constructed request and thereby potentially bypass authorization and audit mechanisms. Session and query IDs are unique an...

7.5CVSS6.9AI score0.00994EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:35 a.m.8 views

CVE-2019-14449

An issue was discovered in Cloudera Manager 5.x before 5.16.2, 6.0.x before 6.0.2, and 6.1.x before 6.1.1. Malicious impala queries can result in Cross Site Scripting XSS when viewed within this product...

5.4CVSS6.1AI score0.00521EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:10 a.m.8 views

CVE-2016-4572

In Cloudera CDH before 5.7.1, Impala REVOKE ALL ON SERVER commands do not revoke all privileges...

8.8CVSS7.2AI score0.00861EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/04/04 3:19 a.m.7 views

SUSE CVE-2017-9792

In Apache Impala incubating before 2.10.0, a malicious user with "ALTER" permissions on an Impala table can access any other Kudu table data by altering the table properties to make it "external" and then changing the underlying table mapping to point to other Kudu tables. This violates and works...

6.5CVSS7.2AI score0.01576EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/01/16 12:0 a.m.7 views

CVE-2024-54660

A JNDI injection issue was discovered in Cloudera JDBC Connector for Hive before 2.6.26 and JDBC Connector for Impala before 2.6.35. Attackers can inject malicious parameters into the JDBC URL, triggering JNDI injection during the process when the JDBC Driver uses this URL to connect to the...

9AI score0.00543EPSS
Exploits0References1
CVE
CVE
added 2025/01/16 12:0 a.m.60 views

CVE-2024-54660

CVE-2024-54660 affects Cloudera JDBC Connector for Hive (before 2.6.26) and JDBC Connector for Impala (before 2.6.35). The issue is a JNDI injection triggered by untrusted values in the JAAS-using krbJAASFile parameter within the JDBC URL during connection, allowing potential remote code executio...

8.7CVSS8AI score0.00543EPSS
Exploits0References1
OSV
OSV
added 2023/06/29 4:15 p.m.8 views

CVE-2023-35830

STW aka Sensor-Technik Wiedemann TCG-4 Connectivity Module DeploymentPackagev3.03r0-Impala and DeploymentPackagev3.04r2-Jellyfish and TCG-4lite Connectivity Module DeploymentPackagev3.04r2-Jellyfish allow an attacker to gain full remote access with root privileges without the need for...

9.8CVSS7.9AI score
Exploits0References2
CVE
CVE
added 2023/06/29 12:0 a.m.54 views

CVE-2023-35830

STW TCG-4 Connectivity Module (DeploymentPackage_v3.03r0-Impala, DeploymentPackage_v3.04r2-Jellyfish) and TCG-4lite Connectivity Module (DeploymentPackage_v3.04r2-Jellyfish) contain a vulnerability that allows an attacker to gain full remote access with root privileges without authentication, ena...

9.8CVSS9.8AI score0.01308EPSS
Exploits0References2Affected Software1
The Hacker News
The Hacker News
added 2023/04/11 9:16 a.m.2 views

Cryptocurrency Stealer Malware Distributed via 13 NuGet Packages

Cybersecurity researchers have detailed the inner workings of the cryptocurrency stealer malware that was distributed via 13 malicious NuGet packages as part of a supply chain attack targeting .NET developers. The sophisticated typosquatting campaign, which was uncovered by JFrog late last month,...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2023/04/11 9:16 a.m.25 views

Cryptocurrency Stealer Malware Distributed via 13 NuGet Packages

Cybersecurity researchers have detailed the inner workings of the cryptocurrency stealer malware that was distributed via 13 malicious NuGet packages as part of a supply chain attack targeting .NET developers. The sophisticated typosquatting campaign, which was uncovered by JFrog late last month,...

7.1AI score
Exploits0
Rows per page
Query Builder