Lucene search
K

9 matches found

OSV
OSV
added 2025/09/02 12:15 p.m.11 views

CVE-2025-5662

A deserialization vulnerability exists in the H2O-3 REST API POST /99/ImportSQLTable that affects all versions up to 3.46.0.7. This vulnerability allows remote code execution RCE due to improper validation of JDBC connection parameters when using a Key-Value format. The vulnerability is present i...

9.8CVSS9.5AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 9:12 p.m.10 views

CVE-2021-36774

Apache Kylin allows users to read data from other database systems using JDBC. The MySQL JDBC driver supports certain properties, which, if left unmitigated, can allow an attacker to execute arbitrary code from a hacker-controlled malicious MySQL server within Kylin server processes. This issue...

6.5CVSS7.6AI score0.01948EPSS
Exploits0References1
OSV
OSV
added 2022/11/14 4:15 p.m.11 views

CVE-2022-45136

Apache Jena SDB 3.17.0 and earlier is vulnerable to a JDBC Deserialisation attack if the attacker is able to control the JDBC URL used or cause the underlying database server to return malicious data. The mySQL JDBC driver in particular is known to be vulnerable to this class of attack. As a resu...

9.8CVSS9.3AI score
Exploits0References2
Prion
Prion
added 2022/11/14 4:15 p.m.13 views

Design/Logic Flaw

UNSUPPORTED WHEN ASSIGNED Apache Jena SDB 3.17.0 and earlier is vulnerable to a JDBC Deserialisation attack if the attacker is able to control the JDBC URL used or cause the underlying database server to return malicious data. The mySQL JDBC driver in particular is known to be vulnerable to this...

7.5CVSS9.3AI score0.01525EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2022/01/08 12:43 a.m.52 views

SQL Injection in Apache Kylin

Apache Kylin allows users to read data from other database systems using JDBC. The MySQL JDBC driver supports certain properties, which, if left unmitigated, can allow an attacker to execute arbitrary code from a hacker-controlled malicious MySQL server within Kylin server processes. This issue...

6.5CVSS6.8AI score0.01948EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2022/01/06 1:15 p.m.41 views

CVE-2021-36774

Apache Kylin allows users to read data from other database systems using JDBC. The MySQL JDBC driver supports certain properties, which, if left unmitigated, can allow an attacker to execute arbitrary code from a hacker-controlled malicious MySQL server within Kylin server processes. This issue...

6.5CVSS0.01948EPSS
Exploits0References2
Prion
Prion
added 2022/01/06 1:15 p.m.24 views

Code injection

Apache Kylin allows users to read data from other database systems using JDBC. The MySQL JDBC driver supports certain properties, which, if left unmitigated, can allow an attacker to execute arbitrary code from a hacker-controlled malicious MySQL server within Kylin server processes. This issue...

4CVSS6.7AI score0.01948EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/01/06 12:35 p.m.100 views

CVE-2021-36774

CVE-2021-36774 concerns Apache Kylin. The connected sources describe an issue where reading data from other databases via JDBC allows a hacker-controlled MySQL server to execute arbitrary code inside Kylin server processes, via certain properties in the MySQL JDBC driver. Affected are Apache Kyli...

6.5CVSS6.6AI score0.01948EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2021/03/31 2:58 a.m.25 views

Remote Code Execution

Apache Druid is vulnerable to remote code execution. Certain properties supported by the MySQL JDBC driver allows an attacker to execute arbitrary code from a hacker-controlled malicious MySQL server within Druid server processes...

8.8CVSS5.3AI score0.22588EPSS
Exploits1References18Affected Software3
Rows per page
Query Builder