8 matches found
EUVD-2022-0769
Malicious code in bioql PyPI...
BIT-CASSANDRA-2020-17516
Apache Cassandra versions 2.1.0 to 2.1.22, 2.2.0 to 2.2.19, 3.0.0 to 3.0.23, and 3.11.0 to 3.11.9, when using 'dc' or 'rack' internodeencryption setting, allows both encrypted and unencrypted internode connections. A misconfigured node or a malicious user can use the unencrypted connection despit...
SUSE CVE-2020-17516
Apache Cassandra versions 2.1.0 to 2.1.22, 2.2.0 to 2.2.19, 3.0.0 to 3.0.23, and 3.11.0 to 3.11.9, when using 'dc' or 'rack' internodeencryption setting, allows both encrypted and unencrypted internode connections. A misconfigured node or a malicious user can use the unencrypted connection despit...
Authentication Bypass in Apache Cassandra
Apache Cassandra versions 2.1.0 to 2.1.22, 2.2.0 to 2.2.19, 3.0.0 to 3.0.23, and 3.11.0 to 3.11.9, when using 'dc' or 'rack' internodeencryption setting, allows both encrypted and unencrypted internode connections. A misconfigured node or a malicious user can use the unencrypted connection despit...
CVE-2020-17516
Apache Cassandra versions 2.1.0 to 2.1.22, 2.2.0 to 2.2.19, 3.0.0 to 3.0.23, and 3.11.0 to 3.11.9, when using 'dc' or 'rack' internodeencryption setting, allows both encrypted and unencrypted internode connections. A misconfigured node or a malicious user can use the unencrypted connection despit...
CVE-2020-17516
CVE-2020-17516 affects Apache Cassandra versions 2.1.0–2.1.22, 2.2.0–2.2.19, 3.0.0–3.0.23, and 3.11.0–3.11.9 when using internode_encryption (dc/rack). A misconfigured node or a malicious user could use an unencrypted internode connection to bypass mutual TLS, potentially exposing or altering int...
PT-2021-10094 · Apache · Apache Cassandra
Name of the Vulnerable Software and Affected Versions: Apache Cassandra versions 2.1.0 through 2.1.22 Apache Cassandra versions 2.2.0 through 2.2.19 Apache Cassandra versions 3.0.0 through 3.0.23 Apache Cassandra versions 3.11.0 through 3.11.9 Description: The issue allows both encrypted and...
CVE-2020-17516
Apache Cassandra versions 2.1.0 to 2.1.22, 2.2.0 to 2.2.19, 3.0.0 to 3.0.23, and 3.11.0 to 3.11.9, when using 'dc' or 'rack' internodeencryption setting, allows both encrypted and unencrypted internode connections. A misconfigured node or a malicious user can use the unencrypted connection despit...