EUVD-2022-7003

Malicious code in bioql PyPI...

Code Injection

org.apache.kylin, kylin is vulnerable to Code Injection. The vulnerability is due to insufficient restrictions on JDBC connection configuration, which allows execution of arbitrary remote code when altered by someone with admin permissions...

Arbitrary Code Injection

Overview org.apache.kylin:kylin-core-common is a package part of Apache Kylin. Affected versions of this package are vulnerable to Arbitrary Code Injection via the alteration of the JDBC connection configuration. An attacker can execute arbitrary code by modifying the JDBC settings if they gain...

Apache Kylin Code Injection via JDBC Configuration Alteration

Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Kylin. If an attacker gets access to Kylin's system or project admin permission, the JDBC connection configuration maybe altered to execute arbitrary code from the remote. You are fine as long as the Kylin's system an...

GHSA-29M8-WH9P-5WC4 Apache Kylin Code Injection via JDBC Configuration Alteration

Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Kylin. If an attacker gets access to Kylin's system or project admin permission, the JDBC connection configuration maybe altered to execute arbitrary code from the remote. You are fine as long as the Kylin's system an...

Unwanted Access to File System via Import Pages Functionality

security vulnerability found in Confluence 2.5.6 Space administrator can use the "Import Pages from Disk" feature to browse the server file system by pointing the importer at "/" folder or any other folder. Because this folder doesn't contain expected files, an error message is displayed,...