CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

14 matches found

RedhatCVE•added 2025/02/13 8:41 p.m.•8 views

CVE-2024-24773

Improper parsing of nested SQL statements on SQLLab would allow authenticated users to surpass their data authorization scope. This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1. Users are recommended to upgrade to version 3.1.1, which fixes the issue...

6.5CVSS7.1AI score0.0015EPSS

Exploits0References1

OSV•added 2025/02/05 7:28 a.m.•10 views

BIT-SUPERSET-2023-32672 Apache Superset: SQL parser edge case bypasses data access authorization

An Incorrect authorisation check in SQLLab in Apache Superset versions up to and including 2.1.0. This vulnerability allows an authenticated user to query tables that they do not have proper access to within Superset. The vulnerability can be exploited by leveraging a SQL parsing vulnerability...

4.3CVSS4.5AI score0.00173EPSS

Exploits0References2

OSV•added 2024/12/21 12:0 a.m.•11 views

DLA-4000-1 sqlparse - security update

Bulletin has no description...

7.5CVSS6.6AI score0.10881EPSS

Exploits0

Snyk•added 2024/12/09 3:31 p.m.•1 views

SQL Injection

Overview apache-superset is a modern, enterprise-ready business intelligence web application. Affected versions of this package are vulnerable to SQL Injection due to improper handling of certain PostgreSQL functions in the SQL parsing and authorization process. An attacker can execute unauthoriz...

9.8CVSS8.2AI score0.60251EPSS

Exploits2References2

OSV•added 2024/02/28 12:15 p.m.•5 views

CVE-2024-24773

6.5CVSS6.6AI score

Exploits0References2

Prion•added 2024/02/28 12:15 p.m.•36 views

Input validation

3.3CVSS5.4AI score0.0015EPSS

Exploits0References2

Github Security Blog•added 2023/09/06 3:30 p.m.•18 views

Apache Superset has incorrect authorization check

4.3CVSS6.8AI score0.00173EPSS

Exploits0References3Affected Software1

OSV•added 2023/09/06 3:30 p.m.•12 views

GHSA-95CH-P3GW-23QG Apache Superset has incorrect authorization check

4.3CVSS4.5AI score0.00173EPSS

Exploits0References3

NVD•added 2023/09/06 2:15 p.m.•14 views

CVE-2023-32672

4.3CVSS4.6AI score0.00173EPSS

Exploits0References1

Prion•added 2023/09/06 2:15 p.m.•20 views

Design/Logic Flaw

4CVSS4.7AI score0.00173EPSS

Exploits0References1Affected Software1

Cvelist•added 2023/09/06 1:16 p.m.•15 views

CVE-2023-32672 Apache Superset: SQL parser edge case bypasses data access authorization

4.3CVSS5AI score0.00173EPSS

Exploits0References1

CVE•added 2023/09/06 1:16 p.m.•47 views

CVE-2023-32672

The CVE-2023-32672 entry concerns an incorrect authorization check in SQLLab of Apache Superset up to version 2.1.0. The vulnerability allows an authenticated user to query tables they should not access due to a SQL parsing vulnerability. The affected component is Apache Superset’s SQLLab feature...

4.3CVSS4.5AI score0.00173EPSS

Exploits0References1Affected Software1

Tenable Nessus•added 2022/02/11 12:0 a.m.•304 views

MariaDB 10.5.0 < 10.5.15 Multiple Vulnerabilities

The version of MariaDB installed on the remote host is prior to 10.5.15. It is, therefore, affected by multiple vulnerabilities as referenced in the 10.5.15 advisory. - MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with...

5.5CVSS6.9AI score0.00041EPSS

Exploits5References6

CNVD•added 2020/10/11 12:0 a.m.•75 views

Apache Calcite Clickjacking Vulnerability

Apache Calcite is a dynamic data management framework that has many of the features of a typical database management system, such as SQL parsing, SQL validation, SQL query optimization, SQL generation, and data connection queries. clickjacking vulnerability exists in versions of Apache Calcite...

5.9CVSS2.8AI score0.00784EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by