Lucene search
+L

273 matches found

nvd
nvd
added yesterday4 views

CVE-2026-45534

DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase Redshift datasource connections can load attacker-controlled rsjdbc.ini configuration from System.getProperty"java.io.tmpdir", setting...

9CVSS0.00024EPSS
Exploits0References3
cve
cve
added yesterday10 views

CVE-2026-45534

DataEase prior to 2.10.23 is affected by an RCE in Redshift datasource connections. The issue arises when attacker-controlled rsjdbc.ini is loaded from System.getProperty("java.io.tmpdir"), with socketFactory set to org.springframework.context.support.FileSystemXmlApplicationContext, allowing com...

9CVSS6.5AI score0.00024EPSS
Exploits0References3
cvelist
cvelist
added yesterday35 views

CVE-2026-45534 DataEase: RCE Vulnerability

DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase Redshift datasource connections can load attacker-controlled rsjdbc.ini configuration from System.getProperty"java.io.tmpdir", setting...

9CVSS0.00024EPSS
Exploits0References3
osv
osv
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-521 amazon-redshift-python-driver vulnerable to Remote Code Execution via eval() Injection

Summary amazon-redshift-python-driver is the official Python connector for Amazon Redshift. In versions 2.1.13 and earlier, the driver insufficiently validates data received from the server during query result processing. A rogue server or man-in-the-middle could leverage this to execute arbitrar...

9.8CVSS6.5AI score0.00808EPSS
Exploits1References8
redhatcve
redhatcve
added 2026/06/05 7:11 p.m.9 views

CVE-2026-8838

Unsafe use of Python's eval on server-received data in the vectorin function in amazon-redshift-python-driver before 2.1.14 allows a rogue server or man-in-the-middle actor to execute arbitrary code on the client. To remediate this issue, users should upgrade to version 2.1.14...

9.8CVSS6AI score0.00808EPSS
Exploits1References1
redhatcve
redhatcve
added 2026/06/05 7:10 p.m.11 views

CVE-2026-8178

An issue exists in Amazon Redshift JDBC Driver versions prior to 2.2.2. Under certain conditions, the driver could load and execute arbitrary classes when processing JDBC connection URL parameters. An actor who can influence the connection URL could potentially execute code in the application...

9.2CVSS5.9AI score0.00573EPSS
Exploits0References1
osv
osv
added 2026/06/03 6:56 p.m.5 views

ROOT-APP-PYPI-CVE-2025-5279 CVE-2025-5279 in rootio-redshift-connector - Patched by Root

Root has patched CVE-2025-5279 in the rootio-redshift-connector package for Root:PyPI. Multiple fixed versions available...

7.5CVSS5.4AI score0.00251EPSS
Exploits0
vulnersosv
vulnersosv
added 2026/05/29 7:32 p.m.8 views

apache-airflow-providers-amazon (>=9.7.0 <=9.8.0rc1), arrow-pd-parser (>=1.0.0 <=1.0.4) +43 more potentially affected by CVE-2026-8838 via redshift-connector (>=2.0.888 <=2.1.13)

redshift-connector PYPI version =2.0.888, =9.7.0, =1.0.0, =0.1.1, =2.0.0, =0.1.7, =0.31.6, =0.1.17, =2.3.0.dev3, =1.0.0a2, =0.4.0, =0.0.1, =0.3.64, =6.1.2, =0.5.2, =1.5.0, =1.9.1 and more Source cves: CVE-2026-8838 Source advisory: OSV:GHSA-29H4-R29X-HCHV...

9.8CVSS5.4AI score0.00808EPSS
Exploits1
vulnersosv
vulnersosv
added 2026/05/29 7:32 p.m.7 views

apache-airflow-providers-amazon (>=9.7.0 <=9.8.0rc1), arrow-pd-parser (>=1.0.0 <=1.0.4) +43 more potentially affected by CVE-2026-8838 via redshift-connector (>=2.0.888 <=2.1.13)

redshift-connector PYPI version =2.0.888, =9.7.0, =1.0.0, =0.1.1, =2.0.0, =0.1.7, =0.31.6, =0.1.17, =2.3.0.dev3, =1.0.0a2, =0.4.0, =0.0.1, =0.3.64, =6.1.2, =0.5.2, =1.5.0, =1.9.1 and more Source cves: CVE-2026-8838 Source advisory: SNYK:PYTHON-REDSHIFTCONNECTOR-17111071...

9.8CVSS5.4AI score0.00808EPSS
Exploits1
snyk
snyk
added 2026/05/29 7:32 p.m.12 views

Arbitrary Code Injection

Overview redshift-connector is a Redshift interface library Affected versions of this package are vulnerable to Arbitrary Code Injection due to the use of eval on untrusted data received from the server, in the vectorin function. An attacker can execute arbitrary code on the client system by...

9.8CVSS6.2AI score0.00808EPSS
Exploits1References2
euvd
euvd
added 2026/05/29 7:32 p.m.30 views

EUVD-2026-30803

amazon-redshift-python-driver vulnerable to Remote Code Execution via eval Injection...

9.8CVSS5.8AI score0.00808EPSS
Exploits1References4
osv
osv
added 2026/05/29 7:32 p.m.9 views

GHSA-29H4-R29X-HCHV amazon-redshift-python-driver vulnerable to Remote Code Execution via eval() Injection

Summary amazon-redshift-python-driver is the official Python connector for Amazon Redshift. In versions 2.1.13 and earlier, the driver insufficiently validates data received from the server during query result processing. A rogue server or man-in-the-middle could leverage this to execute arbitrar...

9.8CVSS6.5AI score0.00808EPSS
Exploits1References6
githubexploit
githubexploit
added 2026/05/19 12:41 p.m.87 views

Exploit for CVE-2026-8838

CVE-2026-8838 — Amazon Redshift Python Driver: Remote Code Exe...

9.8CVSS5.9AI score0.00808EPSS
Exploits1
nvd
nvd
added 2026/05/18 9:16 p.m.39 views

CVE-2026-8838

Unsafe use of Python's eval on server-received data in the vectorin function in amazon-redshift-python-driver before 2.1.14 allows a rogue server or man-in-the-middle actor to execute arbitrary code on the client. To remediate this issue, users should upgrade to version 2.1.14...

9.8CVSS0.00808EPSS
Exploits1References3
vulnrichment
vulnrichment
added 2026/05/18 8:15 p.m.7 views

CVE-2026-8838 Remote Code Execution via eval() Injection in amazon-redshift-python-driver

Unsafe use of Python's eval on server-received data in the vectorin function in amazon-redshift-python-driver before 2.1.14 allows a rogue server or man-in-the-middle actor to execute arbitrary code on the client. To remediate this issue, users should upgrade to version 2.1.14...

9.8CVSS6.2AI score0.00808EPSS
Exploits1References3
attackerkb
attackerkb
added 2026/05/18 8:15 p.m.10 views

CVE-2026-8838

Unsafe use of Python's eval on server-received data in the vectorin function in amazon-redshift-python-driver before 2.1.14 allows a rogue server or man-in-the-middle actor to execute arbitrary code on the client. To remediate this issue, users should upgrade to version 2.1.14...

9.8CVSS6.2AI score0.00808EPSS
Exploits1References4
cve
cve
added 2026/05/18 8:15 p.m.42 views

CVE-2026-8838

CVE-2026-8838 affects the amazon-redshift-python-driver prior to 2.1.14. The issue arises from unsafe use of Python’s eval() on server-received data in the vector_in() function, enabling a rogue server or man-in-the-middle actor to execute arbitrary code on the client. Affected component: amazon-...

9.8CVSS6.2AI score0.00808EPSS
Exploits1References3
cvelist
cvelist
added 2026/05/18 8:15 p.m.64 views

CVE-2026-8838 Remote Code Execution via eval() Injection in amazon-redshift-python-driver

Unsafe use of Python's eval on server-received data in the vectorin function in amazon-redshift-python-driver before 2.1.14 allows a rogue server or man-in-the-middle actor to execute arbitrary code on the client. To remediate this issue, users should upgrade to version 2.1.14...

9.8CVSS0.00808EPSS
Exploits1References3
osv
osv
added 2026/05/18 8:15 p.m.1 views

CVE-2026-8838 Remote Code Execution via eval() Injection in amazon-redshift-python-driver

Unsafe use of Python's eval on server-received data in the vectorin function in amazon-redshift-python-driver before 2.1.14 allows a rogue server or man-in-the-middle actor to execute arbitrary code on the client. To remediate this issue, users should upgrade to version 2.1.14...

9.3CVSS6.4AI score0.00808EPSS
Exploits1References5
cnnvd
cnnvd
added 2026/05/18 12:0 a.m.11 views

Amazon Redshift Python Connector 代码注入漏洞

The Amazon Redshift Python Connector is a Python-compatible connector for Amazon Redshift developed by Amazon, Inc. Versions of the Amazon Redshift Python Connector prior to version 2.1.14 contained a code injection vulnerability. This vulnerability stemmed from the unsafe use of the Python eval...

9.8CVSS6.1AI score0.00808EPSS
Exploits1References1
Rows per page
Query Builder