Lucene search
K

268 matches found

Github Security Blog
Github Security Blog
added 2026/05/14 1:9 p.m.11 views

Amazon Redshift Vulnerable to Remote Code Execution via Unsafe Class Loading

Summary Amazon Redshift JDBC Driver is a Type 4 JDBC driver that provides database connectivity through the standard JDBC application program interfaces APIs. An issue exists in versions prior to 2.2.2 where the driver could load arbitrary classes when processing certain connection URL parameters...

9.2CVSS6.4AI score0.00573EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.10 views

RedShift JDBC Driver < 2.2.2 Arbitrary Class Loading (CVE-2026-8178)

The Amazon Redshift JDBC Driver installed on the remote host is prior to 2.2.2. It is, therefore, affected by a flaw that could allow the driver to load and execute arbitrary classes when processing JDBC connection URL parameters. Under certain conditions, an actor able to influence the connectio...

9.2CVSS6.2AI score0.00573EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/08 8:25 p.m.14 views

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Overview Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' via the processing of JDBC connection URL parameters. An attacker can execute arbitrary code by supplying a crafted connection URL that causes the loading...

9.2CVSS6.3AI score0.00573EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/05/08 8:25 p.m.8 views

ai.starlake:spark-redshift_2.13 (>=6.5.0 <=6.5.1), ai.starlake:starlake-api_2.13 (>=1.5.8 <=1.5.15) +87 more potentially affected by CVE-2026-8178 via com.amazon.redshift:redshift-jdbc42 (>=2.0.0.3 <=2.2.1)

com.amazon.redshift:redshift-jdbc42 MAVEN version =2.0.0.3, =6.5.0, =1.5.8, =2025.34.3, =0.293, =0.293, =5.0.0, =5.1.0, =1.3.0, =1.19.1891, =0.1.15-alpha, =0.1.15-alpha, =0.1.15-alpha, =3.2.171, =6.0.0-spark3.3, =6.6.0-spark3.5 and more Source cves: CVE-2026-8178 Source advisory:...

9.2CVSS5.8AI score0.00573EPSS
Exploits0
NVD
NVD
added 2026/05/08 7:16 p.m.30 views

CVE-2026-8178

An issue exists in Amazon Redshift JDBC Driver versions prior to 2.2.2. Under certain conditions, the driver could load and execute arbitrary classes when processing JDBC connection URL parameters. An actor who can influence the connection URL could potentially execute code in the application...

9.2CVSS0.00573EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/08 6:36 p.m.7 views

CVE-2026-8178 Remote Code Execution via Unsafe Class Loading in Amazon Redshift JDBC Driver

An issue exists in Amazon Redshift JDBC Driver versions prior to 2.2.2. Under certain conditions, the driver could load and execute arbitrary classes when processing JDBC connection URL parameters. An actor who can influence the connection URL could potentially execute code in the application...

9.2CVSS6.1AI score0.00573EPSS
Exploits0References3
CVE
CVE
added 2026/05/08 6:36 p.m.20 views

CVE-2026-8178

The CVE concerns the Amazon Redshift JDBC Driver (versions prior to 2.2.2). Under certain conditions, processing JDBC connection URL parameters could trigger loading and execution of arbitrary classes, allowing an attacker who can influence the connection URL to run code in the application contex...

9.2CVSS6.1AI score0.00573EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/08 6:36 p.m.7 views

CVE-2026-8178

An issue exists in Amazon Redshift JDBC Driver versions prior to 2.2.2. Under certain conditions, the driver could load and execute arbitrary classes when processing JDBC connection URL parameters. An actor who can influence the connection URL could potentially execute code in the application...

9.2CVSS6.1AI score0.00573EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/08 6:36 p.m.52 views

CVE-2026-8178 Remote Code Execution via Unsafe Class Loading in Amazon Redshift JDBC Driver

An issue exists in Amazon Redshift JDBC Driver versions prior to 2.2.2. Under certain conditions, the driver could load and execute arbitrary classes when processing JDBC connection URL parameters. An actor who can influence the connection URL could potentially execute code in the application...

9.2CVSS0.00573EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.16 views

Magnitude Simba Amazon Redshift JDBC Driver 安全漏洞

The Magnitude Simba Amazon Redshift JDBC Driver is a JDBC driver provided by the American company Magnitude. It enables database connection through the standard JDBC Application Programming Interface API available in the Java Platform Enterprise Edition. Versions of the Magnitude Simba Amazon...

9.2CVSS6.1AI score0.00573EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.13 views

PT-2026-39186

Name of the Vulnerable Software and Affected Versions Amazon Redshift JDBC Driver versions prior to 2.2.2 Description An issue allows the driver to load and execute arbitrary classes when processing JDBC connection URL parameters. An actor capable of influencing the connection URL could potential...

9.2CVSS6.1AI score0.00573EPSS
Exploits0References17
vulnersOsv
vulnersOsv
added 2026/05/05 6:33 p.m.9 views

arthexis (>=0.2.6 <=0.8.0), cg-django-uaa (=2.1.9) +29 more potentially affected by CVE-2026-5766 via django (>=5.2.0 <=5.2.13)

django PYPI version =5.2.0, =0.2.6, =0.1.0, =0.1.0, =1.3.0, =1.92.0.5, =4.2.0, =0.0.7, =3.0.0, =0.1.0, =0.1.1 and more Source cves: CVE-2026-5766 Source advisory: OSV:GHSA-W26R-RMM8-9C29...

6.3CVSS7AI score0.00423EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/07 3:30 p.m.12 views

arthexis (>=0.2.6 <=0.8.0), cg-django-uaa (=2.1.9) +29 more potentially affected by CVE-2026-3902 via django (>=5.2.0 <=5.2.12)

django PYPI version =5.2.0, =0.2.6, =0.1.0, =0.1.0, =1.3.0, =1.92.0.5, =4.2.0, =0.0.7, =3.0.0, =0.1.0, =0.1.1 and more Source cves: CVE-2026-3902 Source advisory: OSV:GHSA-MVFQ-GGXM-9MC5...

7.5CVSS7AI score0.00436EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/26 3:2 p.m.5 views

CVE-2026-32140

Dataease is an open source data visualization analysis tool. Prior to 2.10.20, By controlling the IniFile parameter, an attacker can force the JDBC driver to load an attacker-controlled configuration file. This configuration file can inject dangerous JDBC properties, leading to remote code...

9.3CVSS6.4AI score0.00691EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/12 6:4 p.m.2 views

CVE-2026-32140 Dataease: Redshift JDBC RCE Bypass

Dataease is an open source data visualization analysis tool. Prior to 2.10.20, By controlling the IniFile parameter, an attacker can force the JDBC driver to load an attacker-controlled configuration file. This configuration file can inject dangerous JDBC properties, leading to remote code...

9.3CVSS6.4AI score0.00691EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/12 6:4 p.m.6 views

EUVD-2026-11651

Dataease is an open source data visualization analysis tool. Prior to 2.10.20, By controlling the IniFile parameter, an attacker can force the JDBC driver to load an attacker-controlled configuration file. This configuration file can inject dangerous JDBC properties, leading to remote code...

9.3CVSS6.2AI score0.00691EPSS
Exploits1References1
OSV
OSV
added 2026/03/12 6:4 p.m.5 views

CVE-2026-32140 Dataease: Redshift JDBC RCE Bypass

Dataease is an open source data visualization analysis tool. Prior to 2.10.20, By controlling the IniFile parameter, an attacker can force the JDBC driver to load an attacker-controlled configuration file. This configuration file can inject dangerous JDBC properties, leading to remote code...

9.3CVSS6.4AI score0.00691EPSS
Exploits1References3
CVE
CVE
added 2026/03/12 6:4 p.m.15 views

CVE-2026-32140

Dataease (open source data visualization tool) Before version 2.10.20 is vulnerable via the Redshift JDBC driver where the IniFile parameter can be exploited to load an attacker-controlled configuration file. The getJdbcIniFile discovery mechanism can, if not restricted, locate rsjdbc.ini and, in...

9.3CVSS6.2AI score0.00691EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/03/12 6:4 p.m.27 views

CVE-2026-32140 Dataease: Redshift JDBC RCE Bypass

Dataease is an open source data visualization analysis tool. Prior to 2.10.20, By controlling the IniFile parameter, an attacker can force the JDBC driver to load an attacker-controlled configuration file. This configuration file can inject dangerous JDBC properties, leading to remote code...

9.3CVSS0.00691EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.8 views

PT-2026-25036

Dataease is an open source data visualization analysis tool. Prior to 2.10.20, By controlling the IniFile parameter, an attacker can force the JDBC driver to load an attacker-controlled configuration file. This configuration file can inject dangerous JDBC properties, leading to remote code...

9.3CVSS6.2AI score0.00691EPSS
Exploits1References5
Rows per page
Query Builder