Lucene search
K

53 matches found

OSV
OSV
added 2024/05/17 10:54 p.m.11 views

GHSA-9CW3-J7WG-JWJ8 Neos Flow Information disclosure in entity security

If you had used entity security and wanted to secure entities not just based on the user's role, but on some property of the user like the company he belongs to, entity security did not work properly together with the doctrine query cache. This could lead to other users re-using SQL queries from...

4.3CVSS7.5AI score
Exploits0References3
ClickHouse
ClickHouse
added 2024/01/30 12:0 a.m.28 views

Fixed in ClickHouse v24.1, 2024-01-30​

When toggling between user roles while using ClickHouse with query cache enabled, there is a risk of obtaining inaccurate data. ClickHouse advises users with vulnerable versions of ClickHouse not to use the query cache when their application dynamically switches between various roles...

7AI score
Exploits0Affected Software1
ClickHouse
ClickHouse
added 2024/01/30 12:0 a.m.12 views

CVE-2024-22412

When toggling between user roles while using ClickHouse with query cache enabled, there is a risk of obtaining inaccurate data. ClickHouse advises users with vulnerable versions of ClickHouse not to use the query cache when their application dynamically switches between various roles. Fix has bee...

4.9CVSS5.4AI score0.00587EPSS
Exploits1
Veracode
Veracode
added 2023/05/15 6:0 a.m.21 views

Race Condition

org.opensearch.plugin:opensearch-security is vulnerable to a Race Condition. Improper access authorization can occur from exceedingly rare race condition in the application which results in the failure to apply the fine-grained access control rules to queries. When the query cache eviction occurs...

5.9CVSS6.8AI score0.0046EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2023/05/09 9:25 p.m.23 views

GHSA-G8XC-6MF7-H28H OpenSearch issue with fine-grained access control during extremely rare race conditions

Impact There is an issue with the implementation of fine-grained access control rules document-level security, field-level security and field masking where they are not correctly applied to the queries during extremely rare race conditions potentially leading to incorrect access authorization. Fo...

4.8CVSS5.3AI score0.0046EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2023/05/09 9:25 p.m.39 views

OpenSearch issue with fine-grained access control during extremely rare race conditions

Impact There is an issue with the implementation of fine-grained access control rules document-level security, field-level security and field masking where they are not correctly applied to the queries during extremely rare race conditions potentially leading to incorrect access authorization. Fo...

5.9CVSS6.4AI score0.0046EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2023/05/08 9:15 p.m.45 views

CVE-2023-31141

OpenSearch is open-source software suite for search, analytics, and observability applications. Prior to versions 1.3.10 and 2.7.0, there is an issue with the implementation of fine-grained access control rules document-level security, field-level security and field masking where they are not...

5.9CVSS5.3AI score0.0046EPSS
Exploits0References1
OSV
OSV
added 2023/05/08 9:15 p.m.2 views

UBUNTU-CVE-2023-31141

OpenSearch is open-source software suite for search, analytics, and observability applications. Prior to versions 1.3.10 and 2.7.0, there is an issue with the implementation of fine-grained access control rules document-level security, field-level security and field masking where they are not...

5.9CVSS5.8AI score0.0046EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/05/08 8:33 p.m.49 views

CVE-2023-31141 OpenSearch issue with fine-grained access control during extremely rare race conditions

OpenSearch is open-source software suite for search, analytics, and observability applications. Prior to versions 1.3.10 and 2.7.0, there is an issue with the implementation of fine-grained access control rules document-level security, field-level security and field masking where they are not...

4.8CVSS5.9AI score0.0046EPSS
Exploits0References1
CVE
CVE
added 2023/05/08 8:33 p.m.140 views

CVE-2023-31141

OpenSearch vulnerability CVE-2023-31141 involves race-condition on access-control rules (document-level/field-level security and field masking) where queries may bypass correct authorization under extremely rare timing with concurrent requests and query-cache eviction. Affected are OpenSearch rel...

5.9CVSS5.3AI score0.0046EPSS
Exploits0References1Affected Software2
OSV
OSV
added 2023/05/08 8:33 p.m.38 views

CVE-2023-31141 OpenSearch issue with fine-grained access control during extremely rare race conditions

OpenSearch is open-source software suite for search, analytics, and observability applications. Prior to versions 1.3.10 and 2.7.0, there is an issue with the implementation of fine-grained access control rules document-level security, field-level security and field masking where they are not...

4.8CVSS5.7AI score0.0046EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/05/08 8:33 p.m.6 views

CVE-2023-31141 OpenSearch issue with fine-grained access control during extremely rare race conditions

OpenSearch is open-source software suite for search, analytics, and observability applications. Prior to versions 1.3.10 and 2.7.0, there is an issue with the implementation of fine-grained access control rules document-level security, field-level security and field masking where they are not...

4.8CVSS5.7AI score0.0046EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2023/05/08 8:33 p.m.15 views

CVE-2023-31141

OpenSearch is open-source software suite for search, analytics, and observability applications. Prior to versions 1.3.10 and 2.7.0, there is an issue with the implementation of fine-grained access control rules document-level security, field-level security and field masking where they are not...

5.9CVSS5.7AI score0.0046EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 5:45 a.m.4 views

SUSE CVE-2012-3817

ISC BIND 9.4.x, 9.5.x, 9.6.x, and 9.7.x before 9.7.6-P2; 9.8.x before 9.8.3-P2; 9.9.x before 9.9.1-P2; and 9.6-ESV before 9.6-ESV-R7-P2, when DNSSEC validation is enabled, does not properly initialize the failing-query cache, which allows remote attackers to cause a denial of service assertion...

7.8CVSS7.5AI score0.27383EPSS
Exploits1References8
SUSE CVE
SUSE CVE
added 2023/02/15 5:17 a.m.2 views

SUSE CVE-2015-4807

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier, when running on Windows, allows remote authenticated users to affect availability via unknown vectors related to Server : Query Cache...

3.5CVSS5.9AI score0.02729EPSS
Exploits0References13
SUSE CVE
SUSE CVE
added 2023/02/15 4:31 a.m.4 views

SUSE CVE-2018-5738

Change 4777 introduced in October 2017 introduced an unforeseen issue in releases which were issued after that date, affecting which clients are permitted to make recursive queries to a BIND nameserver. The intended and documented behavior is that if an operator has not specified a value for the...

5.3CVSS6.9AI score0.1107EPSS
Exploits0References3
Veracode
Veracode
added 2023/02/08 1:57 a.m.31 views

Information Disclosure

github.com/grafana/grafana is vulnerable to Information Disclosure. The vulnerability exists when the data source query cache is enabled, Grafana will cache all headers, including the grafanasession, resulting in any user querying a data source which allows an attacker to acquire another user's...

8.8CVSS8.2AI score0.01132EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2019/01/16 8:29 p.m.4 views

DEBIAN-CVE-2018-5738

Change 4777 introduced in October 2017 introduced an unforeseen issue in releases which were issued after that date, affecting which clients are permitted to make recursive queries to a BIND nameserver. The intended and documented behavior is that if an operator has not specified a value for the...

7.5CVSS6.9AI score0.1107EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/01/16 8:0 p.m.33 views

CVE-2018-5738 Some versions of BIND can improperly permit recursive query service to unauthorized clients

Change 4777 introduced in October 2017 introduced an unforeseen issue in releases which were issued after that date, affecting which clients are permitted to make recursive queries to a BIND nameserver. The intended and documented behavior is that if an operator has not specified a value for the...

5.3CVSS6.1AI score0.1107EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2016/05/13 12:0 a.m.43 views

MariaDB Server 10.0.x < 10.0.22 Multiple DoS Vulnerabilities

Binary data 9284.prm...

4CVSS7.1AI score0.30146EPSS
Exploits6References20
Rows per page
Query Builder