Lucene search
K

23 matches found

Tenable Nessus
Tenable Nessus
added 2023/11/28 12:0 a.m.20 views

Apache Kylin 2.3.x < 2.3.3 / 2.4.x < 2.4.2 / 2.5.x < 2.5.3 / 2.6.x < 2.6.6 / 3.x < 3.0.2 Command Injection (CVE-2020-1956)

The instance of Apache Kylin running on the remote host is 2.3.x prior to 2.3.3, 2.4.x prior to 2.4.2, 2.5.x prior to 2.5.3, 2.6.x prior to 2.6.6 or 3.x prior to 3.0.2. Therefore, it is affected by a command injection vulnerability due to some restful APIs concatenating OS commands with user inpu...

9CVSS8.2AI score0.9796EPSS
Exploits2References4
Wallarm Lab
Wallarm Lab
added 2023/11/06 2:0 p.m.30 views

Testing with OpenAPI Specifications

The 2023 SANS Survey on API Security Jun-2023 found that less than 50 percent of respondents have API security testing tools in place. Even fewer 29 percent have API discovery tools. Wallarm delivers both these capabilities via our single, integrated App and API Security platform. Wallarm has lon...

7.5AI score
Exploits0
Prion
Prion
added 2021/09/09 2:15 a.m.12 views

Remote code execution

Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control ABAC. In Keti a sandbox escape vulnerability may lead to post-authentication Remote Code execution. This vulnerability is known to exist in the latest commit at the time of writing this CVE...

6.5CVSS9.6AI score0.04583EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2020/07/27 10:51 p.m.63 views

SQL Injection in Kylin

Kylin has some restful apis which will concatenate SQLs with the user input string, a user is likely to be able to run malicious database queries...

8.8CVSS2.8AI score0.02667EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2020/07/27 10:51 p.m.60 views

Command Injection in Kylin

Kylin has some restful apis which will concatenate os command with the user input string, a user is likely to be able to execute any os command without any protection or validation...

9CVSS3.1AI score0.9796EPSS
Exploits2References18Affected Software1
Veeam
Veeam
added 2020/07/23 12:0 a.m.14 views

Veeam Service Provider Console v4 Patch 2

Challenge Veeam Service Provider Console v4 Patch 2. Cause Please confirm you are running version 4.0.0.4877 or later before installing this Patch 2. You can check this by logging in to the backup portal and navigating to Configuration Support Information tab. After upgrading, your server build...

7AI score
Exploits0Affected Software1
Veeam
Veeam
added 2020/07/03 12:0 a.m.14 views

Veeam Service Provider Console v4 Patch 1 (build 4911)

Challenge Veeam Service Provider Console v4 Patch 1. This patch is superseded by the Patch 2 Cause Please confirm you are running version 4.0.0.4877 before installing this Patch 1. You can check this under Windows Programs and features. After upgrading, your build will be version 4.0.0.4911. As a...

6.6AI score
Exploits0Affected Software1
OSV
OSV
added 2020/05/22 2:15 p.m.21 views

CVE-2020-1956

Apache Kylin 2.3.0, and releases up to 2.6.5 and 3.0.1 has some restful apis which will concatenate os command with the user input string, a user is likely to be able to execute any os command without any protection or validation...

8.8CVSS7AI score0.9796EPSS
Exploits2References9
Cvelist
Cvelist
added 2020/05/22 1:27 p.m.39 views

CVE-2020-1956

Apache Kylin 2.3.0, and releases up to 2.6.5 and 3.0.1 has some restful apis which will concatenate os command with the user input string, a user is likely to be able to execute any os command without any protection or validation...

9.3AI score0.9796EPSS
Exploits2References8
CVE
CVE
added 2020/05/22 1:27 p.m.1061 views

CVE-2020-1956

Apache Kylin CVE-2020-1956 affects 2.3.0 and releases up to 2.6.5 and 3.0.1, where REST APIs concatenate user input into OS commands, enabling likely remote code execution with high impact. Connected documents confirm vulnerable versions and the underlying command injection in the REST layer; som...

9CVSS8.6AI score0.9796EPSS
In wildExploits2References9Affected Software1
ATTACKERKB
ATTACKERKB
added 2020/05/22 12:0 a.m.27 views

CVE-2020-1956

Apache Kylin 2.3.0, and releases up to 2.6.5 and 3.0.1 has some restful apis which will concatenate os command with the user input string, a user is likely to be able to execute any os command without any protection or validation. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker...

10CVSS3.3AI score0.9796EPSS
In wildExploits2References14
Positive Technologies
Positive Technologies
added 2020/05/22 12:0 a.m.3 views

PT-2020-4073 · Apache · Apache Kylin

Name of the Vulnerable Software and Affected Versions: Apache Kylin versions 2.3.0 through 2.6.5 Apache Kylin version 3.0.1 Description: The issue is related to the RESTful APIs in Apache Kylin, which concatenate OS commands with user input strings without proper protection or validation, allowin...

10CVSS7.8AI score0.9796EPSS
Exploits2References28
NVD
NVD
added 2020/02/24 9:15 p.m.23 views

CVE-2020-1937

Kylin has some restful apis which will concatenate SQLs with the user input string, a user is likely to be able to run malicious database queries...

8.8CVSS8.6AI score0.02667EPSS
Exploits0References3
OSV
OSV
added 2020/02/24 9:15 p.m.18 views

CVE-2020-1937

Kylin has some restful apis which will concatenate SQLs with the user input string, a user is likely to be able to run malicious database queries...

8.8CVSS6.6AI score
Exploits0References3
Cvelist
Cvelist
added 2020/02/24 8:57 p.m.27 views

CVE-2020-1937

Kylin has some restful apis which will concatenate SQLs with the user input string, a user is likely to be able to run malicious database queries...

8.6AI score0.02667EPSS
Exploits0References3
Veeam
Veeam
added 2020/01/23 3:20 p.m.18 views

Veeam Availability Console v3 Patch 4 (build 2795)

Challenge Veeam Availability Console v3 Patch 4 build 2795. This update supersedes Veeam Availability Console v3 Patch 3 build 2762. Cause Please confirm you are running version 3.0.0.2647 or later prior to installing this Patch 4. You can check this under Windows Programs and features. After...

6.1AI score
Exploits0
Veeam
Veeam
added 2019/09/13 1:59 p.m.14 views

Veeam Availability Console v3 Patch 3 (build 2762)

Challenge Veeam Availability Console v3 Patch 3 build 2762. This update supersedes Veeam Availability Console v3 Patch 2 build 2725. Cause Please confirm you are running version 3.0.0.2647 or later prior to installing this Patch 3. You can check this under Windows Programs and features. After...

6.3AI score
Exploits0
Veeam
Veeam
added 2019/06/17 5:16 p.m.10 views

Veeam Availability Console v3 Patch 2 (build 2725)

Challenge Veeam Availability Console v3 Patch 2 build 2725. This update supersedes Veeam Availability Console v3 Patch 1 build 2703. Cause Please confirm you are running version 3.0.0.2647 or later prior to installing this Patch 2. You can check this under Windows Programs and features. After...

6.3AI score
Exploits0
Veeam
Veeam
added 2019/01/17 4:54 p.m.21 views

Veeam Backup Enterprise Manager RESTful APIs Upgrade Instructions

Challenge Veeam Backup & Replication 9.5 Update 4 RTM is not compatible with the previous versions of API. Some integration may not work as expected. Cause Update 4 has introduced new Product functionality that requires extended API and incremented the required request version to v14. Solution Th...

6.9AI score
Exploits0
Veeam
Veeam
added 2018/12/21 12:0 a.m.16 views

Veeam Availability Console U1 Cumulative Patch 1913

Challenge Veeam Availability Console U1 Cumulative Patch 1913. This update supersedes Veeam Availability Console U1 Cumulative Patch 1850. Cause Please confirm you are running version 2.0.2.1750 or later prior to installing this cumulative patch 1913. You can check this under Windows Programs and...

7AI score
Exploits0Affected Software1
Rows per page
Query Builder