Privilege Escalation

kylin-server-base is vulnerable to privilege escalation. The vulnerability exists in the setParam function in QueryService.java, allowing an attacker to load any class through the Class.forName function...

org.apache.kylin:kylin-tool-assembly (=3.0.0) potentially affected by CVE-2020-1937 via org.apache.kylin:kylin-server-base (=3.0.0)

org.apache.kylin:kylin-server-base MAVEN version =3.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.kylin:kylin-server-base and may be impacted: - org.apache.kylin:kylin-tool-assembly =3.0.0 Source cves: CVE-2020-1937 Source advisory:...

org.apache.kylin:kylin-tool-assembly (>=2.1.0 <=2.6.4), org.apache.ranger:ranger-kylin-plugin (>=1.1.0 <=2.2.0) +1 more potentially affected by CVE-2020-1937 via org.apache.kylin:kylin-server-base (>=2.1.0 <=2.6.4)

org.apache.kylin:kylin-server-base MAVEN version =2.1.0, =2.1.0, =1.1.0, =1.1.0, =2.2.0 Source cves: CVE-2020-1937 Source advisory: OSV:GHSA-7HMH-8GWV-MFVQ...

org.apache.kylin:kylin-tool-assembly (>=2.1.0 <=3.0.2), org.apache.ranger:ranger-kylin-plugin (>=1.1.0 <=2.2.0) +1 more potentially affected by CVE-2020-13926 via org.apache.kylin:kylin-server-base (>=2.1.0 <=3.0.2)

org.apache.kylin:kylin-server-base MAVEN version =2.1.0, =2.1.0, =1.1.0, =1.1.0, =2.2.0 Source cves: CVE-2020-13926 Source advisory: OSV:GHSA-HX5G-8HQ2-8X4W...

org.apache.kylin:kylin-tool-assembly (>=2.1.0 <=3.0.2), org.apache.ranger:ranger-kylin-plugin (>=1.1.0 <=2.2.0) +1 more potentially affected by CVE-2020-13925 via org.apache.kylin:kylin-server-base (>=2.1.0 <=3.0.2)

org.apache.kylin:kylin-server-base MAVEN version =2.1.0, =2.1.0, =1.1.0, =1.1.0, =2.2.0 Source cves: CVE-2020-13925 Source advisory: OSV:GHSA-QWFW-GXX2-MMV2...

SQL Injection

kylin-server-base is vulnerable to SQL injection. SQL statements are concatenated and executed in the CLI or beeline when building new segments, allowing an attacker to inject and execute arbitrary SQL statements if system configurations are overwritten via rest APIs...

OS Command Injection

kylin-server-base is vulnerable to OS Command Injection. The vulnerability exists as the values of srcCfgUri, dstCfgUri, and projectName, in CubeService.java is not properly handled...

SQL Injection

kylin-server-base is vulnerable to SQL injection. User input to some RESTful APIs is not validated and sanitized before being concatenated to SQL queries. This allows an attacker to inject and execute arbitrary SQL statements in the database...

Fedora 19 : 389-ds-base-1.3.1.22-1.fc19 (2014-3936)

An important security bug was fixed. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 703...

Confluence does not respect HTTPS in Server Base URL when 301 redirecting

We have Confluence setup behind an Apache reverse proxy and our Server Base URL is set to "https://confluence...". However, when Confluence sends out a 301, it always sends the Location: http://confluence..., which then gets redirected by Apache to https://confluence... Confluence should respect...

Confluence does not respect HTTPS in Server Base URL when 301 redirecting

We have Confluence setup behind an Apache reverse proxy and our Server Base URL is set to "https://confluence...". However, when Confluence sends out a 301, it always sends the Location: http://confluence..., which then gets redirected by Apache to https://confluence... Confluence should respect...

Confluence does not respect HTTPS in Server Base URL when 301 redirecting

We have Confluence setup behind an Apache reverse proxy and our Server Base URL is set to "https://confluence...". However, when Confluence sends out a 301, it always sends the Location: http://confluence..., which then gets redirected by Apache to https://confluence... Confluence should respect...

Design/Logic Flaw

Unspecified vulnerability in Hitachi TP1/Server Base before 03-05-/P, 05-00-x before 05-00-/G, 05-01-x before 05-01-/A, and 05-02-x before 05-02-/C on HP-UX 11.0 through 11i v3 allows attackers to cause a denial of service by sending certain data to a port...

CVE-2007-3795

Unspecified vulnerability in Hitachi TP1/Server Base before 03-05-/P, 05-00-x before 05-00-/G, 05-01-x before 05-01-/A, and 05-02-x before 05-02-/C on HP-UX 11.0 through 11i v3 allows attackers to cause a denial of service by sending certain data to a port...

CVE-2007-3795

The CVE-2007-3795 entry describes an unspecified vulnerability in Hitachi TP1/Server Base (before 03-05-/P), 05-00-/G, 05-01-/A, and 05-02-/C on HP‑UX 11.0 through 11i v3 that allows a denial of service by sending certain data to a port. The connected records provide product/version scope but no ...

Design/Logic Flaw

Hitachi TP1/LiNK 05-00 through 05-03-/F, 03-04 through 03-06-/K, and 03-00 through 03-03-/H; and TP1/Server Base 05-00 through 05-00-/M, 03-01-E through 03-01-FD, 03-01 through 03-01-DB, and 05-03; allow attackers to cause a denial of service process crash via invalid data to an OpenTP1 port...

CVE-2007-0512

Hitachi TP1/LiNK 05-00 through 05-03-/F, 03-04 through 03-06-/K, and 03-00 through 03-03-/H; and TP1/Server Base 05-00 through 05-00-/M, 03-01-E through 03-01-FD, 03-01 through 03-01-DB, and 05-03; allow attackers to cause a denial of service process crash via invalid data to an OpenTP1 port...

CVE-2007-0512

Hitachi TP1/LiNK 05-00 through 05-03-/F, 03-04 through 03-06-/K, and 03-00 through 03-03-/H; and TP1/Server Base 05-00 through 05-00-/M, 03-01-E through 03-01-FD, 03-01 through 03-01-DB, and 05-03; allow attackers to cause a denial of service process crash via invalid data to an OpenTP1 port...

CVE-2007-0512

CVE-2007-0512 affects Hitachi TP1/LiNK versions 05-00 to 05-03-/F, 03-04 to 03-06-/K, 03-00 to 03-03-/H, and TP1/Server Base 05-00 to 05-00-/M, 03-01-E to 03-01-FD, 03-01 to 03-01-DB, and 05-03. The issue allows an attacker to cause a denial of service (process crash) by sending invalid data to a...

CVE-2005-4716

Hitachi TP1/Server Base and TP1/NET/Library 2 on IBM AIX are affected. The CVE describes remote attackers causing denial of service: (1) OpenTP1 system outage via invalid data to a port used by a system-server process, and (2) process failure via invalid data to a port used by certain other proce...